| Server IP : 172.67.134.114 / Your IP : 104.23.197.123 Web Server : Apache/2.4.37 System : Linux almalinux.duckdns.org 4.18.0-553.111.1.el8_10.x86_64 #1 SMP Sun Mar 8 20:06:07 EDT 2026 x86_64 User : ricodeal ( 1046) PHP Version : 7.4.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : ON Directory : /usr/libexec/ipsec/ |
Upload File : |
#!/usr/bin/sh
# -*- mode: sh; sh-shell: sh -*-
# user interface to automatic keying and Pluto in general
# Copyright (C) 1998, 1999, 2000 Henry Spencer.
# Copyright (C) 2014-2017 Paul Wouters <[email protected]>
# Copyright (C) 2015-2018 Tuomo Soini <[email protected]>
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <https://www.gnu.org/licenses/gpl2.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
IPSEC_RUNDIR="${IPSEC_RUNDIR:-/run/pluto}"
CTLSOCKET="${IPSEC_RUNDIR}/pluto.ctl"
me='ipsec auto'
usage="Usage:
${me} [--showonly] [--asynchronous] --up connectionname \\
[--remote-host ipaddr]
${me} [--showonly] [--asynchronous] --down connectionname
${me} [--showonly] --{add|delete|replace|start} connectionname
${me} [--showonly] --{route|unroute|ondemand} connectionname
${me} [--showonly] --{ready|status}
${me} [--showonly] --{fetchcrls|rereadcerts|rereadall|rereadsecrets}
${me} [--showonly] [--utc] --{listpubkeys|listcerts|listcacerts}
${me} [--showonly] [--utc] --{listcrls|listall}
${me} [--showonly] [--utc] --checkpubkeys
${me} [--showonly] [--utc] --purgeocsp
other options: [--config ipsecconfigfile] [--verbose] \\
[--ctlsocket <file>]"
config=
async=
op=
argc=
utc=
verbose=
remote=
while [ $# != 0 ]
do
case "$1" in
--help)
echo "${usage}"
exit 0
;;
--version)
echo "${me} $IPSEC_VERSION"
exit 0
;;
--show)
;;
--showonly)
showonly='echo '
;;
--utc)
utc="$1"
;;
--config)
config="--config $2"
shift
;;
--ctlsocket)
CTLSOCKET="$2"
shift
;;
--remote-host)
remote="--remote-host $2"
shift
;;
--asynchronous)
async="--asynchronous"
;;
--verbose)
verbose=" --verbose "
;;
--up|--down|--add|--delete|--replace|--route|--unroute|\
--start|--ondemand|--rotatecert)
if [ " ${op}" != " " ]; then
echo "${usage}" >&2
exit 2
fi
op="$1"
argc=1
;;
--checkpubkeys|--fetchcrls|\
--listall|--listcacerts|--listcerts|--listcrls|--listpubkeys|\
--purgeocsp|--ready|\
--rereadall|--rereadcerts|--rereadcrls|--rereadsecrets|\
--status)
if [ " ${op}" != " " ]; then
echo "${usage}" >&2
exit 2
fi
op="$1"
argc=0
;;
--)
shift
break
;;
-*)
echo "${me}: unknown option \"$1\"" >&2
exit 2
;;
*)
break
;;
esac
shift
done
names=
case "${op}$#:$1:$2" in
2:*:up|2:*:down|2:*:add|2:*:delete|2:*:replace|2:*:start|\
2:*:route|2:*:unroute|2:*:rotatecert)
echo "${me}: warning: obsolete command syntax used" >&2
names="$1"
op="--$2"
;;
1:ready:|1:status:|1:rereadsecrets:|\
1:rereadcacerts:|1:rereadcrls:|1:rereadcerts:|1:rereadall:|\
1:listpubkeys:|1:listcerts:|\
1:listcacerts:|\
1:listcrls:|1:listall:)
echo "${me}: warning: obsolete command syntax used" >&2
op="--$1"
;;
--*)
if [ " $argc" -ne $# ]; then
echo "${usage}" >&2
exit 2
fi
names="$*"
;;
*)
echo "${usage}" >&2
exit 2
;;
esac
case "${op}" in
--ready)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --listen
exit
;;
--rereadsecrets)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --rereadsecrets
exit
;;
--rereadgroups)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --listen
exit
;;
--rereadcacerts)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --rereadcacerts
exit
;;
--rereadcrls)
echo "ipsec auto --rereadcrls has been obsoleted - please see: ipsec crls"
exit 1
;;
--rereadcerts)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --rereadcerts
exit
;;
--rereadall)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --rereadall
exit
;;
--listpubkeys)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" ${utc} --listpubkeys
exit
;;
--checkpubkeys)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" ${utc} --checkpubkeys
exit
;;
--listcerts)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" ${utc} --listcerts
exit
;;
--listcacerts)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" ${utc} --listcacerts
exit
;;
--listcrls)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" ${utc} --listcrls
exit
;;
--listall)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" ${utc} --listall
exit
;;
--purgeocsp)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" ${utc} --listall --purgeocsp
exit
;;
--up)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" ${async} --name ${names} --initiate ${remote}
exit
;;
--start)
${showonly} ipsec addconn --ctlsocket "${CTLSOCKET}" ${verbose} ${config} ${names}
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" ${async} --name ${names} --initiate ${remote}
exit
;;
--down)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --name ${names} --terminate
exit
;;
--delete)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --name ${names} --delete
exit
;;
--route)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --name ${names} --route
exit
;;
--ondemand)
${showonly} ipsec addconn --ctlsocket "${CTLSOCKET}" ${verbose} ${config} ${names}
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --name ${names} --route
exit
;;
--unroute)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --name ${names} --unroute
exit
;;
--status)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --status
exit
;;
--replace)
${showonly} ipsec whack --ctlsocket "${CTLSOCKET}" --name ${names} --delete
${showonly} ipsec addconn --ctlsocket "${CTLSOCKET}" ${verbose} ${config} ${names}
exit
;;
esac
${showonly} ipsec addconn --ctlsocket "${CTLSOCKET}" ${verbose} ${config} ${names}