FIXME

#!/bin/sh
# IPsec startup and shutdown script
#
### BEGIN INIT INFO
# Provides:          ipsec
# Required-Start:    $network $remote_fs $syslog $named
# Required-Stop:     $syslog $remote_fs
# Default-Start:
# Default-Stop:      0 1 6
# Short-Description: Start Libreswan IPsec at boot time
# Description:       Enable automatic key management for IPsec (KLIPS and NETKEY)
### END INIT INFO
#
### see https://bugzilla.redhat.com/show_bug.cgi?id=636572
### Debian and Fedora interpret the LSB differently
### Default-Start:     2 3 4 5
#
# Copyright (C) 1998, 1999, 2001  Henry Spencer.
# Copyright (C) 2002              Michael Richardson <mcr@freeswan.org>
# Copyright (C) 2006              Michael Richardson <mcr@xelerance.com>
# Copyright (C) 2008              Michael Richardson <mcr@sandelman.ca>
# Copyright (C) 2008-2011, 2013   Tuomo Soini <tis@foobar.fi>
# Copyright (C) 2012              Paul Wouters <paul@libreswan.org>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.
#
#
# ipsec         init.d script for starting and stopping
#               the IPsec security subsystem (KLIPS and Pluto).
#
# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
# and is also accessible as "ipsec setup" (the preferred route for human
# invocation).
#
# The startup and shutdown times are a difficult compromise (in particular,
# it is almost impossible to reconcile them with the insanely early/late
# times of NFS filesystem startup/shutdown).  Startup is after startup of
# syslog and pcmcia support; shutdown is just before shutdown of syslog.
#
# chkconfig: - 47 76
# description: IPsec provides encrypted and authenticated communications; \
# NETKEY/KLIPS is the kernel half of it, Pluto is the user-level management daemon.

# Source function library.
. /etc/init.d/functions

# Check that networking is up.
[ "${NETWORKING}" = "no" ] && exit 6

if [ ! -f /etc/sysconfig/network ]; then
    exit 6
fi

if [ `id -u` -ne 0 ]
then
    echo "permission denied (must be superuser)" | \
      logger -s -p daemon.error -t ipsec_setup 2>&1
    exit 4
fi

# where the private directory and the config files are
IPSEC_CONF="${IPSEC_CONF:-@FINALCONFFILE@}"
IPSEC_EXECDIR="${IPSEC_EXECDIR:-@IPSEC_EXECDIR@}"
IPSEC_SBINDIR="${IPSEC_SBINDIR:-@IPSEC_SBINDIR@}"


# Does not make any sense at all to continue without the main binary
# But before we can quit we should check if we are on a Debian based
# system as their policy demands a graceful exit code
test -f /etc/debian_version && BINARY_ERROR=0 || BINARY_ERROR=5
test -x $IPSEC_SBINDIR/ipsec || exit $BINARY_ERROR

if [ -f /etc/sysconfig/ipsec ]; then
     . /etc/sysconfig/ipsec
elif [ -f /etc/default/ipsec ]; then
     . /etc/default/ipsec
fi

# misc setup
umask 022

mkdir -p /var/run/pluto
chmod 700 /var/run/pluto

if test `ip addr list|grep -c cipsec` -ne 0
then
	echo "Cisco IPSec client is already loaded, aborting! (cipsec# device found)"
	exit 1
fi

# which kernel are we using?
IPSECprotostack=`ipsec addconn --config $IPSEC_CONF --liststack`

verify_config() {
    test -f $IPSEC_CONF || exit 6

    config_error=`ipsec addconn --config $IPSEC_CONF --checkconfig 2>&1`
    RETVAL=$?
    if [ $RETVAL != 0 ]
    then
        echo "Configuration error - the following error occured:"
        echo $config_error
        echo "IKE daemon status was not modified"
        exit $RETVAL
    fi
}

start() {
	# starting a stack will unload any loaded stack first (same or different stack)
	case $IPSECprotostack in
	netkey)
		ipsec _startnetkey start
		;;
	none|nostack)
		ipsec _startklips stop
		ipsec _startnetkey stop
		;;
	mast|klips)
	   	ipsec _startklips start
		;;
	*)
		echo "unexpected stack $IPSECprotostack"
		exit
		;;
	esac
	echo -n "Starting pluto IKE daemon for IPsec: "

	ipsec _plutorun --config ${IPSEC_CONF} --nofork ${PLUTO_OPTIONS} &
	RETVAL=$?
	return $RETVAL
}


stop() {

}

restart() {
    verify_config
    stop
    start
}

condrestart() {
    verify_config
    /etc/init.d/ipsec status || exit 0
    restart
}

status() {

    RETVAL=$?
    return $RETVAL
}

version() {
    ipsec version
    RETVAL=$?
    return $RETVAL
}


# do it
case "$1" in
    start)
         start
         ;;
    stop)
         stop
         ;;
    restart)
         restart
 	 ;;
    reload|force-reload)
         restart
 	 ;;
    condrestart|try-restart)
         condrestart
         ;;
    status)
         status
         ;;
    version)
         version
         ;;
    *)
         echo "Usage: $0 {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version}"
         RETVAL=2
esac

exit $RETVAL