Date: Sat, 9 Mar 2019 10:37:14 +0000 (UTC) From: Kurt Jaeger <pi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r495117 - in head/security/strongswan: . files Message-ID: <201903091037.x29AbEr0054518@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pi Date: Sat Mar 9 10:37:13 2019 New Revision: 495117 URL: https://svnweb.freebsd.org/changeset/ports/495117 Log: security/strongswan: add vici-based configuration for the rc script The rc script is modified to allow both a legacy (ipsec.conf-based) startup or a new (swanctl.conf-based) config. Default is the legacy. The new setup is based on vici, the Versatile IKE Configuration Interface. For more details, see: https://wiki.strongswan.org/projects/strongswan/wiki/Vici PR: 234648 Submitted by: Jose Luis Duran <jlduran@gmail.com> Reviewed by: Sam Chen <sc.gear@one.caeon.com> Approved by: strongswan@Nanoteq.com (maintainer) Differential Revision: D19367 Modified: head/security/strongswan/Makefile head/security/strongswan/files/strongswan.in Modified: head/security/strongswan/Makefile ============================================================================== --- head/security/strongswan/Makefile Sat Mar 9 10:23:44 2019 (r495116) +++ head/security/strongswan/Makefile Sat Mar 9 10:37:13 2019 (r495117) @@ -3,7 +3,7 @@ PORTNAME= strongswan PORTVERSION= 5.7.2 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= http://download.strongswan.org/ \ http://download2.strongswan.org/ Modified: head/security/strongswan/files/strongswan.in ============================================================================== --- head/security/strongswan/files/strongswan.in Sat Mar 9 10:23:44 2019 (r495116) +++ head/security/strongswan/files/strongswan.in Sat Mar 9 10:37:13 2019 (r495117) @@ -7,33 +7,91 @@ # BEFORE: LOGIN # KEYWORD: shutdown +# strongswan_enable (bool): +# Set it to "YES" to enable strongswan +# Default is "NO" +# strongswan_interface (string): +# Set the control interface to use. +# Valid options are: +# "stroke" for the old ipsec/startr interface +# "vici" for the newer swanctl intrface +# Default is "stroke" + . /etc/rc.subr name=strongswan +desc="Strongswan IPsec startup script" rcvar=strongswan_enable load_rc_config $name : ${strongswan_enable:=NO} +: ${strongswan_interface:="stroke"} extra_commands="reload statusall" -command="%%PREFIX%%/sbin/ipsec" +charon_command=%%PREFIX%%/libexec/ipsec/charon +charon_pidfile=/var/run/charon.pid +swanctl_command=%%PREFIX%%/sbin/swanctl -start_precmd="strongswan_precmd" -stop_cmd="strongswan_cmd" -status_cmd="strongswan_cmd" -reload_cmd="strongswan_cmd" -statusall_cmd="strongswan_cmd" +case $strongswan_interface in +[Ss][Tt][Rr][Oo][Kk][Ee]) + # "stroke" + command="%%PREFIX%%/sbin/ipsec" + start_precmd=command_args=start + stop_cmd="${command} stop" + status_cmd="${command} status" + reload_cmd="${command} reload" + statusall_cmd="${command} statusall" + ;; -strongswan_precmd() +[Vv][Ii][Cc][Ii]) + # "vici" + command=/usr/sbin/daemon + pidfile=/var/run/daemon-charon.pid + command_args="-S -P ${pidfile} ${charon_command} --use-syslog" + + required_files=${charon_command} + extra_commands="reload statusall" + + start_postcmd=${name}_swanctl_poststart + status_cmd="${swanctl_command} --stats" + reload_cmd=${name}_swanctl_reload + statusall_cmd=${name}_swanctl_statusall + ;; + + *) + # "default" + warn "\$strongswan_interface setting is invalid - options supported are \"stroke\" or \"vici\"." + exit 1 + ;; +esac + +strongswan_swanctl_poststart() { - command_args=${rc_arg} + local _waitmax=5 + + # Need to wait for charon to finish startup, + # else vici socket is unreadable + while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do + sleep 1 + _waitmax=$((_waitmax - 1)) + done + + ${swanctl_command} --load-all --noprompt } -strongswan_cmd() +strongswan_swanctl_reload() { - ${command} ${rc_arg} + ${swanctl_command} --reload-settings + ${swanctl_command} --load-all --noprompt +} + +strongswan_swanctl_statusall() +{ + ${swanctl_command} --stats + ${swanctl_command} --list-conns + ${swanctl_command} --list-sas } run_rc_command "$1"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903091037.x29AbEr0054518>