Package: ipsec-tools Version: 1:0.7.1-1.3 Severity: normal
I've been using the following script for a while, works well enough for
my use. Is there a chance that we could add value to the init process
by processing more than just /etc/ipsec-tools.conf? I distribute my vpn
parameters via version control and it's very nice to have separate
configuration files.
--- setkey 2009-03-15 10:45:17.000000000 -0800
+++ setkey.new 2009-03-15 10:37:38.000000000 -0800
@@ -10,6 +10,7 @@
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
SETKEY=/usr/sbin/setkey
SETKEY_CONF=/etc/ipsec-tools.conf
+SETKEY_CONF_DIR=/etc/ipsec-tools.d
NAME=setkey
test -x $SETKEY -a -f $SETKEY_CONF || exit 0
@@ -27,8 +28,15 @@
case "$1" in
start)
- echo -n "Loading IPsec SA/SP database from $SETKEY_CONF: "
- $SETKEY -f $SETKEY_CONF
+ echo "Loading IPsec SA/SP database: "
+
+ for file in $SETKEY_CONF $SETKEY_CONF_DIR/*.conf ; do
+ if [ -r "$file" ] ; then
+ echo " - ${file}"
+ $SETKEY -f $file
+ fi
+ done
+
echo "done."
;;
stop)
@@ -38,10 +46,8 @@
echo "done."
;;
restart|force-reload)
- echo -n "Reloading IPsec SA/SP database: "
- $SETKEY -F
- $SETKEY -FP
- $SETKEY -f $SETKEY_CONF
+ $0 stop
+ $0 start
echo "done."
;;
*)
signature.asc
Description: OpenPGP digital signature
