trunk/ipsec-tools/racoon.rc

#!/bin/bash
# $Header: /root/magellan-cvs/src/ipsec-tools/racoon.rc,v 1.1 2007-05-08 19:49:03 niro Exp $

#%rlevels: 3:s 4:s 5:s 0:k 1:k 2:k 6:k
#%start: 30
#%stop: 30

#deps
#%needs:
#%before:
#%after:

source /etc/sysconfig/rc
source $rc_functions


checkconfig() {
	if [ ! -e ${SETKEY_CONF} ] ; then
		echo "You need to configure setkey before starting racoon."
		return 1
	fi
	if [ ! -e ${RACOON_CONF} ] ; then
		echo "You need a configuration file to start racoon."
		return 1
	fi
	if [ ! -z ${RACOON_PSK_FILE} ] ; then
		if [ ! -f ${RACOON_PSK_FILE} ] ; then
			echo "PSK file not found as specified."
			echo "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
			return 1
		fi
		case "`ls -Lldn ${RACOON_PSK_FILE}`" in
			-r--------*)
				;;
			*)
				eerror "Your defined PSK file should be mode 400 for security!"
				return 1
				;;
		esac
	fi
}

case "$1" in
	start)
		checkconfig || exit 1
		echo -e ${COLOREDSTAR}"Loading ipsec policies from ${SETKEY_CONF}."
		/usr/sbin/setkey -f ${SETKEY_CONF}
		if [ $? -eq 1 ] ; then
			echo "Error while loading ipsec policies"
		fi
		echo -e ${COLOREDSTAR}"Starting racoon ... "
		/usr/sbin/racoon -f ${RACOON_CONF} ${RACOON_OPTS}
		evaluate_retval

		update_svcstatus $1
		splash svc_started "$(basename $0)" 0
		;;

	stop)
		echo -e ${COLOREDSTAR}"Stopping racoon ... "
		kill `cat /var/run/racoon.pid`
		evaluate_retval
		if [ -n "${RACOON_RESET_TABLES}" ]; then
			echo -e ${COLOREDSTAR}"Flushing policy entries ... "
			/usr/sbin/setkey -F
			/usr/sbin/setkey -FP
			evaluate_retval
		fi

		update_svcstatus $1
		splash svc_stopped "$(basename $0)" 0
		;;

	restart)
		$0 stop
		sleep 1
		$0 start
		;;

	status)
		statusproc /usr/sbin/racoon
		;;

	*)
		echo "Usage: $0 {start|stop|restart|status}"
		exit 1
		;;
esac


stop() {
	ebegin "Stopping racoon"
	kill `cat /var/run/racoon.pid`
	eend $?
	if [ -n "${RACOON_RESET_TABLES}" ]; then
		ebegin "Flushing policy entries"
		/usr/sbin/setkey -F
		/usr/sbin/setkey -FP
		eend $?
	fi
}
1	#!/bin/bash
2	# $Header: /root/magellan-cvs/src/ipsec-tools/racoon.rc,v 1.1 2007-05-08 19:49:03 niro Exp $
3
4	#%rlevels: 3:s 4:s 5:s 0:k 1:k 2:k 6:k
5	#%start: 30
6	#%stop: 30
7
8	#deps
9	#%needs:
10	#%before:
11	#%after:
12
13	source /etc/sysconfig/rc
14	source $rc_functions
15
16
17
18	checkconfig() {
19	if [ ! -e ${SETKEY_CONF} ] ; then
20	echo "You need to configure setkey before starting racoon."
21	return 1
22	fi
23	if [ ! -e ${RACOON_CONF} ] ; then
24	echo "You need a configuration file to start racoon."
25	return 1
26	fi
27	if [ ! -z ${RACOON_PSK_FILE} ] ; then
28	if [ ! -f ${RACOON_PSK_FILE} ] ; then
29	echo "PSK file not found as specified."
30	echo "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
31	return 1
32	fi
33	case "`ls -Lldn ${RACOON_PSK_FILE}`" in
34	-r--------*)
35	;;
36	*)
37	eerror "Your defined PSK file should be mode 400 for security!"
38	return 1
39	;;
40	esac
41	fi
42	}
43
44	case "$1" in
45	start)
46	checkconfig \|\| exit 1
47	echo -e ${COLOREDSTAR}"Loading ipsec policies from ${SETKEY_CONF}."
48	/usr/sbin/setkey -f ${SETKEY_CONF}
49	if [ $? -eq 1 ] ; then
50	echo "Error while loading ipsec policies"
51	fi
52	echo -e ${COLOREDSTAR}"Starting racoon ... "
53	/usr/sbin/racoon -f ${RACOON_CONF} ${RACOON_OPTS}
54	evaluate_retval
55
56	update_svcstatus $1
57	splash svc_started "$(basename $0)" 0
58	;;
59
60	stop)
61	echo -e ${COLOREDSTAR}"Stopping racoon ... "
62	kill `cat /var/run/racoon.pid`
63	evaluate_retval
64	if [ -n "${RACOON_RESET_TABLES}" ]; then
65	echo -e ${COLOREDSTAR}"Flushing policy entries ... "
66	/usr/sbin/setkey -F
67	/usr/sbin/setkey -FP
68	evaluate_retval
69	fi
70
71	update_svcstatus $1
72	splash svc_stopped "$(basename $0)" 0
73	;;
74
75	restart)
76	$0 stop
77	sleep 1
78	$0 start
79	;;
80
81	status)
82	statusproc /usr/sbin/racoon
83	;;
84
85	*)
86	echo "Usage: $0 {start\|stop\|restart\|status}"
87	exit 1
88	;;
89	esac
90
91
92	stop() {
93	ebegin "Stopping racoon"
94	kill `cat /var/run/racoon.pid`
95	eend $?
96	if [ -n "${RACOON_RESET_TABLES}" ]; then
97	ebegin "Flushing policy entries"
98	/usr/sbin/setkey -F
99	/usr/sbin/setkey -FP
100	eend $?
101	fi
102	}