racoon.initd 1.28 KB
Newer Older
Natanael Copa's avatar
Natanael Copa committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
#!/sbin/runscript
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

depend() {
	before netmount
	use net
}

checkconfig() {
	if [ ! -e ${SETKEY_CONF} ] ; then
		eerror "You need to configure setkey before starting racoon."
		return 1
	fi
	if [ ! -e ${RACOON_CONF} ] ; then
		eerror "You need a configuration file to start racoon."
		return 1
	fi
	if [ ! -z ${RACOON_PSK_FILE} ] ; then
		if [ ! -f ${RACOON_PSK_FILE} ] ; then
			eerror "PSK file not found as specified."
			eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
			return 1
		fi
		case "`ls -Lldn ${RACOON_PSK_FILE}`" in
			-r--------*)
				;;
			*)
				eerror "Your defined PSK file should be mode 400 for security!"
				return 1
				;;
		esac
	fi
}

start() {
	checkconfig || return 1
	einfo "Loading ipsec policies from ${SETKEY_CONF}."
	/usr/sbin/setkey -f ${SETKEY_CONF}
	if [ $? -eq 1 ] ; then
		eerror "Error while loading ipsec policies"
	fi
	ebegin "Starting racoon"
	start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}
	eend $?
}

stop() {
	ebegin "Stopping racoon"
	start-stop-daemon -K -p /var/run/racoon.pid
	eend $?
	if [ -n "${RACOON_RESET_TABLES}" ]; then
		ebegin "Flushing policy entries"
		/usr/sbin/setkey -F
		/usr/sbin/setkey -FP
		eend $?
	fi
}