178344Sobrien#!/bin/sh 278344Sobrien# 398184Sgordon# $FreeBSD$ 478344Sobrien# 578344Sobrien 678344Sobrien# PROVIDE: ipsec 7168531Sdes# REQUIRE: FILESYSTEMS 8151272Spjd# BEFORE: DAEMON mountcritremote 9136224Smtm# KEYWORD: nojail 1078344Sobrien 1178344Sobrien. /etc/rc.subr 1278344Sobrien 1378344Sobrienname="ipsec" 14230099Sdougbrcvar="ipsec_enable" 1578344Sobrienstart_precmd="ipsec_prestart" 1678344Sobrienstart_cmd="ipsec_start" 17154770Spjdstop_precmd="test -f $ipsec_file" 1878344Sobrienstop_cmd="ipsec_stop" 1978344Sobrienreload_cmd="ipsec_reload" 2078344Sobrienextra_commands="reload" 21151270Spjdipsec_program="/sbin/setkey" 22124618Smtm# ipsec_file is set by rc.conf 2378344Sobrien 2478344Sobrienipsec_prestart() 2578344Sobrien{ 2698184Sgordon if [ ! -f "$ipsec_file" ]; then 2798184Sgordon warn "$ipsec_file not readable; ipsec start aborted." 28169668Smtm stop_boot 2978344Sobrien return 1 3078344Sobrien fi 3178344Sobrien return 0 3278344Sobrien} 3378344Sobrien 3478344Sobrienipsec_start() 3578344Sobrien{ 3678344Sobrien echo "Installing ipsec manual keys/policies." 37101085Sume ${ipsec_program} -f $ipsec_file 3878344Sobrien} 3978344Sobrien 4078344Sobrienipsec_stop() 4178344Sobrien{ 4278344Sobrien echo "Clearing ipsec manual keys/policies." 4378344Sobrien 44196439Sdougb # Still not 100% sure if we would like to do this. 45196439Sdougb # It is very questionable to do this during shutdown session 46196439Sdougb # since it can hang any of the remaining IPv4/v6 sessions. 4778344Sobrien # 48101085Sume ${ipsec_program} -F 49101085Sume ${ipsec_program} -FP 5078344Sobrien} 5178344Sobrien 5278344Sobrienipsec_reload() 5378344Sobrien{ 5478344Sobrien echo "Reloading ipsec manual keys/policies." 55101085Sume ${ipsec_program} -f "$ipsec_file" 5678344Sobrien} 5778344Sobrien 5878344Sobrienload_rc_config $name 5978344Sobrienrun_rc_command "$1" 60