|
|
@@ -16,17 +16,38 @@ strongswan_deploy() {
|
|
|
_cca="$4"
|
|
|
_cfullchain="$5"
|
|
|
|
|
|
+ _info "Using strongswan"
|
|
|
+
|
|
|
+ if [ -x /usr/sbin/ipsec ]; then
|
|
|
+ _ipsec=/usr/sbin/ipsec
|
|
|
+ elif [ -x /usr/sbin/strongswan ]; then
|
|
|
+ _ipsec=/usr/sbin/strongswan
|
|
|
+ else
|
|
|
+ _err "no strongswan or ipsec command is detected"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+
|
|
|
+ _info _ipsec "$_ipsec"
|
|
|
+
|
|
|
+ _confdir=$($_ipsec --confdir)
|
|
|
+ if [ $? -ne 0 ] || [ -z "$_confdir" ]; then
|
|
|
+ _err "no strongswan --confdir is detected"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
+
|
|
|
+ _info _confdir "$_confdir"
|
|
|
+
|
|
|
_debug _cdomain "$_cdomain"
|
|
|
_debug _ckey "$_ckey"
|
|
|
_debug _ccert "$_ccert"
|
|
|
_debug _cca "$_cca"
|
|
|
_debug _cfullchain "$_cfullchain"
|
|
|
|
|
|
- cat "$_ckey" >"/etc/ipsec.d/private/$(basename "$_ckey")"
|
|
|
- cat "$_ccert" >"/etc/ipsec.d/certs/$(basename "$_ccert")"
|
|
|
- cat "$_cca" >"/etc/ipsec.d/cacerts/$(basename "$_cca")"
|
|
|
- cat "$_cfullchain" >"/etc/ipsec.d/cacerts/$(basename "$_cfullchain")"
|
|
|
+ cat "$_ckey" >"${_confdir}/ipsec.d/private/$(basename "$_ckey")"
|
|
|
+ cat "$_ccert" >"${_confdir}/ipsec.d/certs/$(basename "$_ccert")"
|
|
|
+ cat "$_cca" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cca")"
|
|
|
+ cat "$_cfullchain" >"${_confdir}/ipsec.d/cacerts/$(basename "$_cfullchain")"
|
|
|
|
|
|
- ipsec reload
|
|
|
+ $_ipsec reload
|
|
|
|
|
|
}
|
neil