mirror of
https://git.freebsd.org/ports.git
synced 2025-06-02 03:16:28 -04:00
5319eeaae8
This is OpenBSD's OpenIKED with fixes and improvements and additional features. Original author: Reyk Floeter <reyk@openbsd.org> Author: Marcel Moolenaar <marcel@brkt.com> Reviewed by: mat@ Approved by: mat@ Obtained from: https://github.com/xcllnt/openiked Sponsored by: Bracket Computing, Inc. Differential Revision: https://reviews.freebsd.org/D8417
70 lines
1.8 KiB
Bash
70 lines
1.8 KiB
Bash
#!/bin/sh
|
|
|
|
# $FreeBSD$
|
|
#
|
|
# PROVIDE: iked
|
|
# REQUIRE: LOGIN
|
|
# KEYWORD: shutdown
|
|
#
|
|
# Add these lines to /etc/rc.conf.local or /etc/rc.conf
|
|
# to enable this service:
|
|
#
|
|
# iked_enable (bool): Set to NO by default.
|
|
# Set it to YES to enable iked.
|
|
# iked_ramdisk (bool): Set to NO by default. See below.
|
|
#
|
|
# When iked_ramdisk is set to YES, the rc.d script will make sure
|
|
# all directories exist, but will not generate a key pair if none
|
|
# exists. The daemon is not started when the key pair no config
|
|
# files are missing. It is assumed the ramdisk is not populated
|
|
# completely. When iked_ramdisk is NO, key pairs are created as
|
|
# needed and thr daemon is started unconditionally.
|
|
|
|
. /etc/rc.subr
|
|
|
|
name=iked
|
|
desc="IKEv2 daemon"
|
|
rcvar=iked_enable
|
|
|
|
load_rc_config $name
|
|
|
|
: ${iked_enable:=NO}
|
|
: ${iked_ramdisk=NO}
|
|
|
|
command=%%PREFIX%%/sbin/iked
|
|
start_precmd=iked_precmd
|
|
|
|
iked_config=%%PREFIX%%/etc/iked.conf
|
|
iked_rootdir=%%PREFIX%%/etc/iked
|
|
iked_privkey=${iked_rootdir}/private/local.key
|
|
iked_pubkey=${iked_rootdir}/local.pub
|
|
|
|
iked_precmd()
|
|
{
|
|
|
|
if checkyesno iked_ramdisk; then
|
|
# Make sure we have our directory hierarchy.
|
|
for D in ca certs crls export private pubkeys \
|
|
pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
|
|
mkdir -p %%PREFIX%%/etc/iked/$D
|
|
done
|
|
chmod 700 %%PREFIX%%/etc/iked/private
|
|
else
|
|
# Create a key pair if not already present.
|
|
if test ! -f $iked_privkey; then
|
|
/usr/bin/openssl genrsa -out $iked_privkey 2048
|
|
/bin/chmod 600 $iked_privkey
|
|
/usr/bin/openssl rsa -out $iked_pubkey \
|
|
-in $iked_privkey -pubout
|
|
fi
|
|
fi
|
|
|
|
# We must have a private key and a configuration file.
|
|
# Don't start iked when those are missing.
|
|
if test ! \( -f $iked_privkey -a -f $iked_config \); then
|
|
# Be quiet about it; it must be intentional.
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
run_rc_command "$1"
|