#!/bin/sh

FSC='/etc/swanctl/swanctl.conf'
FIC='/etc/ipsec.conf'
FIS='/etc/ipsec.secrets'
FRC='/etc/racoon/racoon.conf'

# Exit if manually added executable startup script is present
if [ -x "/etc/init.d/S83strongswan" ]; then
    logger -s -p "user.info" -t "$0" "S83strongswan is present"
    exit 0
fi

# Exit if no setup
[ -e "${FRC}" ] || [ -e "${FSC}" ] || [ -e "${FIC}" ] || exit 0

start_Stroke() {
    logger -s -p "user.info" -t "$0" "Start Stroke"
    ipsec start
}

swanctl_load3x() {
    sleep 2; swanctl --load-all --noprompt 2>/dev/null && return
    sleep 3; swanctl --load-all --noprompt 2>/dev/null && return
    sleep 4; swanctl --load-all --noprompt 2>/dev/null
    logger -s -p "user.info" -t "$0" "swanctl failed"
}

start_VICI() {
    logger -s -p "user.info" -t "$0" "Start VICI"
    /usr/libexec/ipsec/charon --use-syslog &
    swanctl_load3x &
}

bypassLAN() {
cat > /etc/strongswan.d/charon/bypass-lan.conf << EOL
bypass-lan {
    load = ${1:-no}
}
EOL
}

start() {
    chmod 0600 "${FSC}" "${FIC}" "${FIS}" &> /dev/null

    bypassLAN no
    if [ -e "${FIC}" ]; then
        start_Stroke
    elif [ -e "${FSC}" ]; then
        start_VICI
    else
        /usr/local/bin/ipsec/StartIPSec &> /dev/null &
    fi
}	
stop() {
    logger -s -p "user.info" -t "$0" "Stop"
    if [ -e "${FIC}" ] || [ -e "${FSC}" ]; then
        ipsec stop
        busybox killall charon
    else    
        /usr/sbin/racoonctl flush-sa ipsec
        /usr/sbin/racoonctl flush-sa isakmp    
        busybox killall -9 StartIPSec
        busybox killall -9 racoon
        busybox killall -9 phase1_l2tp
        busybox killall -9 phase1_tun
        busybox killall -9 ipsec-ip-up
        busybox killall -9 ipsec-ip-down
    fi
}
restart() {
    stop
    sleep 1
    start
}

case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart|reload)
        restart
        ;;
  *)
        echo "Usage: $0 {start|stop|restart}"
        exit 1
esac

exit $?
