From 44ef6048e22a1614504ba5c9b9568d5e954ef0d0 Mon Sep 17 00:00:00 2001 From: Stijn Tintel Date: Tue, 1 Aug 2017 02:49:42 +0200 Subject: [PATCH] strongswan: remove checks for UCI config In commit 36e073d8201fe7cf133ef3eea41f8855c3344c71, some checks were added to see if the UCI config file exists and if there are any peers configured in it. Due to these checks, if /etc/config/ipsec exists, but contains no enabled peers, strongswan will not be started. This is not ideal, as a user might want to experiment with the UCI config while keeping existing connections in /etc/ipsec.conf operational. Signed-off-by: Stijn Tintel --- net/strongswan/files/ipsec.init | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/net/strongswan/files/ipsec.init b/net/strongswan/files/ipsec.init index 4635eae9c..af838a823 100644 --- a/net/strongswan/files/ipsec.init +++ b/net/strongswan/files/ipsec.init @@ -5,8 +5,6 @@ STOP=10 . $IPKG_INSTROOT/lib/functions.sh -UCI_IPSEC_CONFIG=/etc/config/ipsec - IPSEC_SECRETS_FILE=/etc/ipsec.secrets IPSEC_CONN_FILE=/etc/ipsec.conf STRONGSWAN_CONF_FILE=/etc/strongswan.conf @@ -15,8 +13,6 @@ IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf -ENABLED_REMOTE_PEERS=0 - file_reset() { : > "$1" } @@ -227,8 +223,6 @@ config_remote() { config_get_bool enabled "$1" enabled 0 [ "$enabled" = "0" ] && return - ENABLED_REMOTE_PEERS=$((ENABLED_REMOTE_PEERS + 1)) - config_get gateway "$1" gateway config_get pre_shared_key "$1" pre_shared_key config_get auth_method "$1" authentication_method @@ -323,7 +317,7 @@ prepare_env() { start() { prepare_env - [ $ENABLED_REMOTE_PEERS != 0 -o ! -f $UCI_IPSEC_CONFIG ] && ipsec start + ipsec start } stop() { @@ -332,17 +326,15 @@ stop() { restart() { prepare_env - [ $ENABLED_REMOTE_PEERS != 0 -o ! -f $UCI_IPSEC_CONFIG ] && ipsec restart || ipsec stop + ipsec restart } reload() { prepare_env - [ $ENABLED_REMOTE_PEERS != 0 -o ! -f $UCI_IPSEC_CONFIG ] && { - ipsec secrets - if [[ ! -z "$(ipsec status)" ]]; then - ipsec reload - else - ipsec start - fi - } || ipsec stop + ipsec secrets + if [[ ! -z "$(ipsec status)" ]]; then + ipsec reload + else + ipsec start + fi }