Merge pull request #5272 from dedeckeh/pr-strongswan-1
Fix ipsec reload and extend uci
This commit is contained in:
Stijn Tintel
GitHub
commit
8941bd7869
|
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=strongswan
|
||||
PKG_VERSION:=5.6.1
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
|
||||
PKG_HASH:=e0c282d8ad418609c5dfb5e8efa01b28b95ef3678070ed47bf2a229f55f4ab53
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ USE_PROCD=1
|
|||
PROG=/usr/lib/ipsec/starter
|
||||
|
||||
. $IPKG_INSTROOT/lib/functions.sh
|
||||
. $IPKG_INSTROOT/lib/functions/network.sh
|
||||
|
||||
IPSEC_SECRETS_FILE=/etc/ipsec.secrets
|
||||
IPSEC_CONN_FILE=/etc/ipsec.conf
|
||||
|
|
@ -16,6 +17,8 @@ IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets
|
|||
IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf
|
||||
STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
|
||||
|
||||
WAIT_FOR_INTF=0
|
||||
|
||||
file_reset() {
|
||||
: > "$1"
|
||||
}
|
||||
|
|
@ -290,11 +293,23 @@ config_ipsec() {
|
|||
[ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
|
||||
done
|
||||
|
||||
local interface_list=$(config_get "$1" "interface")
|
||||
if [ -z "$interface_list" ]; then
|
||||
WAIT_FOR_INTF=0
|
||||
else
|
||||
for interface in $interface_list; do
|
||||
network_get_device device $interface
|
||||
[ -n "$device" ] && append device_list "$device" ","
|
||||
done
|
||||
[ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1
|
||||
fi
|
||||
|
||||
swan_xappend "# generated by /etc/init.d/ipsec"
|
||||
swan_xappend "charon {"
|
||||
swan_xappend " load_modular = yes"
|
||||
swan_xappend " install_routes = $install_routes"
|
||||
[ -n "$routing_tables_ignored" ] && swan_xappend " ignore_routing_tables = $routing_tables_ignored"
|
||||
[ -n "$device_list" ] && swan_xappend " interfaces_use = $device_list"
|
||||
swan_xappend " plugins {"
|
||||
swan_xappend " include /etc/strongswan.d/charon/*.conf"
|
||||
swan_xappend " }"
|
||||
|
|
@ -318,23 +333,42 @@ prepare_env() {
|
|||
config_foreach config_remote remote
|
||||
}
|
||||
|
||||
service_running() {
|
||||
ipsec status > /dev/null 2>&1
|
||||
}
|
||||
|
||||
reload_service() {
|
||||
prepare_env
|
||||
if ipsec status > /dev/null 2>&1; then
|
||||
ipsec rereadall
|
||||
ipsec reload
|
||||
else
|
||||
ipsec start
|
||||
fi
|
||||
running && {
|
||||
prepare_env
|
||||
[ $WAIT_FOR_INTF -eq 0 ] && {
|
||||
ipsec rereadall
|
||||
ipsec reload
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
start
|
||||
}
|
||||
|
||||
check_ipsec_interface() {
|
||||
local intf
|
||||
|
||||
for intf in $(config_get "$1" interface); do
|
||||
procd_add_interface_trigger "interface.*" "$intf" /etc/init.d/ipsec reload
|
||||
done
|
||||
}
|
||||
|
||||
service_triggers() {
|
||||
procd_add_reload_trigger "ipsec"
|
||||
config load "ipsec"
|
||||
config_foreach check_ipsec_interface ipsec
|
||||
}
|
||||
|
||||
start_service() {
|
||||
prepare_env
|
||||
|
||||
[ $WAIT_FOR_INTF -eq 1 ] && return
|
||||
|
||||
procd_open_instance
|
||||
|
||||
procd_set_param command $PROG --daemon charon --nofork
|
||||
|
|
|
|||
Loading…
Reference in New Issue