Remove ipsec server

2025-02-15 03:51:51 +00:00 · 2020-02-01 08:52:51 +01:00 · 2020-02-01 08:52:51 +01:00 · d085393ed1
commit d085393ed1
parent 299ca28e4d
12 changed files with 0 additions and 688 deletions
--- a/luci-app-ipsec-vpnd/Makefile
+++ b/luci-app-ipsec-vpnd/Makefile
@ -1,19 +0,0 @@
-# Copyright (C) 2016 Openwrt.org
-#
-# This is free software, licensed under the Apache License, Version 2.0 .
-#
-
-include $(TOPDIR)/rules.mk
-
-LUCI_TITLE:=LuCI support for IPSec VPN Server
-LUCI_DEPENDS:=+strongswan +strongswan-minimal +strongswan-mod-xauth-generic +iptables-mod-filter +iptables-mod-nat-extra
-LUCI_PKGARCH:=all
-PKG_NAME:=luci-app-ipsec-vpnd
-PKG_VERSION:=1.0
-PKG_RELEASE:=7
-
-include $(TOPDIR)/feeds/luci/luci.mk
-
-# call BuildPackage - OpenWrt buildroot signature
-
-
--- a/luci-app-ipsec-vpnd/README.md
+++ b/luci-app-ipsec-vpnd/README.md
@ -1 +0,0 @@
-# luci-app-ipsec-vpnd
--- a/luci-app-ipsec-vpnd/luasrc/controller/ipsec-server.lua
+++ b/luci-app-ipsec-vpnd/luasrc/controller/ipsec-server.lua
@ -1,20 +0,0 @@
-
-module("luci.controller.ipsec-server", package.seeall)
-
-function index()
-	if not nixio.fs.access("/etc/config/ipsec") then
-		return
-	end
-
-	entry({"admin", "vpn", "ipsec-server"},alias("admin", "vpn", "ipsec-server", "basic"),_("IPSec VPN Server"), 10).dependent = false
-	entry({"admin", "vpn", "ipsec-server", "basic"},cbi("ipsec-server/ipsec-server"),_("Basic"), 10).leaf = true
-	entry({"admin", "vpn", "ipsec-server", "user"},form("ipsec-server/userlist"),_("User"), 20).leaf = true
-	entry({"admin", "vpn", "ipsec-server","status"},call("act_status")).leaf=true
-end
-
-function act_status()
-  local e={}
-  e.running=luci.sys.call("pgrep ipsec >/dev/null")==0
-  luci.http.prepare_content("application/json")
-  luci.http.write_json(e)
-end
--- a/luci-app-ipsec-vpnd/luasrc/model/cbi/ipsec-server/ipsec-server.lua
+++ b/luci-app-ipsec-vpnd/luasrc/model/cbi/ipsec-server/ipsec-server.lua
@ -1,41 +0,0 @@
-
-mp = Map("ipsec", translate("IPSec VPN Server"))
-mp.description = translate("IPSec VPN connectivity using the native built-in VPN Client on iOS or Andriod (IKEv1 with PSK and Xauth)")
-
-mp:section(SimpleSection).template  = "ipsec/ipsec_status"
-
-s = mp:section(NamedSection, "ipsec", "service")
-s.anonymouse = true
-
-enabled = s:option(Flag, "enabled", translate("Enable"))
-enabled.default = 0
-enabled.rmempty = false
-
-clientip = s:option(Value, "clientip", translate("VPN Client IP"))
-clientip.datatype = "ip4addr"
-clientip.description = translate("LAN DHCP reserved started IP addresses with the same subnet mask")
-clientip.optional = false
-clientip.rmempty = false
-
-clientdns = s:option(Value, "clientdns", translate("VPN Client DNS"))
-clientdns.datatype = "ip4addr"
-clientdns.description = translate("DNS using in VPN tunnel.Set to the router's LAN IP is recommended")
-clientdns.optional = false
-clientdns.rmempty = false
-
-
-secret = s:option(Value, "secret", translate("Secret Pre-Shared Key"))
-secret.password = true
-
-local apply = luci.http.formvalue("cbi.apply")
-if apply then
-	local bbrbox = luci.http.formvalue("cbid.ipsec.ipsec.enabled")
-	if bbrbox then
-		luci.sys.exec("ipsec reload")
-		luci.sys.exec("ipsec start")
-	else
-		luci.sys.exec("ipsec stop")
-	end
-end
-
-return mp
--- a/luci-app-ipsec-vpnd/luasrc/model/cbi/ipsec-server/userlist.lua
+++ b/luci-app-ipsec-vpnd/luasrc/model/cbi/ipsec-server/userlist.lua
@ -1,24 +0,0 @@
-local fs = require "nixio.fs"
-local conffile = "/etc/config/ipsec.users"
-
-f = SimpleForm("custom", translate("IPSec VPN User List"), translate("Please refer to the following writing.account:password"))
-
-t = f:field(TextValue, "conf")
-t.rmempty = true
-t.rows = 13
-function t.cfgvalue()
-	return fs.readfile(conffile) or ""
-end
-
-function f.handle(self, state, data)
-	if state == FORM_VALID then
-		if data.conf then
-			fs.writefile(conffile, data.conf:gsub("\r\n", "\n"))
-			luci.sys.call("/etc/init.d/ipsec reload")
-			luci.sys.call("/etc/init.d/ipsec restart")
-		end
-	end
-	return true
-end
-
-return f
--- a/luci-app-ipsec-vpnd/luasrc/view/ipsec/ipsec_status.htm
+++ b/luci-app-ipsec-vpnd/luasrc/view/ipsec/ipsec_status.htm
@ -1,22 +0,0 @@
-<script type="text/javascript">//<![CDATA[
-XHR.poll(3, '<%=url([[admin]], [[vpn]], [[ipsec-server]], [[status]])%>', null,
-	function(x, data) {
-		var tb = document.getElementById('ipsec_status');
-		if (data && tb) {
-			if (data.running) {
-				var links = '<em><b><font color=green>IPSec VPN <%:RUNNING%></font></b></em>';
-				tb.innerHTML = links;
-			} else {
-				tb.innerHTML = '<em><b><font color=red>IPSec VPN <%:NOT RUNNING%></font></b></em>';
-			}
-		}
-	}
-);
-//]]>
-</script>
-<style>.mar-10 {margin-left: 50px; margin-right: 10px;}</style>
-<fieldset class="cbi-section">
-	<p id="ipsec_status">
-		<em><%:Collecting data...%></em>
-	</p>
-</fieldset>
--- a/luci-app-ipsec-vpnd/po/zh-cn/ipsec.po
+++ b/luci-app-ipsec-vpnd/po/zh-cn/ipsec.po
@ -1,38 +0,0 @@
-msgid "IPSec VPN Server"
-msgstr "IPSec VPN 服务器"
-
-msgid "IPSec VPN User List"
-msgstr "IPSec VPN 用户列表"
-
-msgid "IPSec VPN connectivity using the native built-in VPN Client on iOS or Andriod (IKEv1 with PSK and Xauth)"
-msgstr "使用iOS 或者 Andriod (IKEv1 with PSK and Xauth) 原生内置 IPSec VPN 客户端进行连接"
-
-msgid "VPN Client IP"
-msgstr "VPN客户端地址段"
-
-msgid "LAN DHCP reserved started IP addresses with the same subnet mask"
-msgstr "VPN客户端使用DHCP保留空余IP的起始地址，必须和路由器LAN同一个子网掩码，例如 192.168.8.100/24"
-
-msgid "Please refer to the following writing.account:password"
-msgstr "请按照格式填写。账号:密码"
-
-msgid "VPN Client DNS"
-msgstr "VPN客户端DNS服务器"
-
-msgid "DNS using in VPN tunnel.Set to the router's LAN IP is recommended"
-msgstr "指定VPN客户端的DNS地址。推荐设置为路由器的LAN IP，例如 192.168.8.1"
-
-msgid "Secret Pre-Shared Key"
-msgstr "PSK密钥"
-
-msgid "IPSec VPN Server status"
-msgstr "IPSec VPN 服务器运行状态"
-
-msgid "Enable"
-msgstr "启用"
-
-msgid "Basic"
-msgstr "基本设置"
-
-msgid "User"
-msgstr "用户设置"
--- a/luci-app-ipsec-vpnd/root/etc/config/ipsec
+++ b/luci-app-ipsec-vpnd/root/etc/config/ipsec
@ -1,9 +0,0 @@
-
-config service 'ipsec'
-	option clientdns '192.168.8.1'
-	option account 'myvpn'
-	option secret 'myvpn'
-	option enabled '1'
-	option password 'myvpn'
-	option clientip '192.168.8.150/24'
-
--- a/luci-app-ipsec-vpnd/root/etc/config/ipsec.users
+++ b/luci-app-ipsec-vpnd/root/etc/config/ipsec.users
@ -1,7 +0,0 @@
-# account:password
-myvpn:myvpn
-myvpn1:myvpn1
-myvpn2:myvpn2
-myvpn3:myvpn3
-myvpn4:myvpn4
-myvpn5:myvpn5
--- a/luci-app-ipsec-vpnd/root/etc/init.d/ipsec
+++ b/luci-app-ipsec-vpnd/root/etc/init.d/ipsec
@ -1,442 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-START=90
-STOP=10
-
-USE_PROCD=1
-PROG=/usr/lib/ipsec/starter
-
-. $IPKG_INSTROOT/lib/functions.sh
-. $IPKG_INSTROOT/lib/functions/network.sh
-
-IPSEC_SECRETS_FILE=/etc/ipsec.secrets
-IPSEC_CONN_FILE=/etc/ipsec.conf
-STRONGSWAN_CONF_FILE=/etc/strongswan.conf
-
-IPSEC_VAR_SECRETS_FILE=/var/ipsec/ipsec.secrets
-IPSEC_VAR_CONN_FILE=/var/ipsec/ipsec.conf
-STRONGSWAN_VAR_CONF_FILE=/var/ipsec/strongswan.conf
-
-WAIT_FOR_INTF=0
-
-file_reset() {
-	: > "$1"
-}
-
-xappend() {
-	local file="$1"
-	shift
-
-	echo "${@}" >> "${file}"
-}
-
-remove_include() {
-	local file="$1"
-	local include="$2"
-
-	sed -i "\_${include}_d" "${file}"
-}
-
-remove_includes() {
-	remove_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}"
-	remove_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}"
-	remove_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}"
-}
-
-do_include() {
-	local conf="$1"
-	local uciconf="$2"
-	local backup=`mktemp -t -p /tmp/ ipsec-init-XXXXXX`
-
-	[ ! -f "${conf}" ] && rm -rf "${conf}"
-	touch "${conf}"
-
-	cat "${conf}" | grep -v "${uciconf}" > "${backup}"
-	mv "${backup}" "${conf}"
-	xappend "${conf}" "include ${uciconf}"
-	file_reset "${uciconf}"
-}
-
-ipsec_reset() {
-	do_include "${IPSEC_CONN_FILE}" "${IPSEC_VAR_CONN_FILE}"
-}
-
-ipsec_xappend() {
-	xappend "${IPSEC_VAR_CONN_FILE}" "$@"
-}
-
-swan_reset() {
-	do_include "${STRONGSWAN_CONF_FILE}" "${STRONGSWAN_VAR_CONF_FILE}"
-}
-
-swan_xappend() {
-	xappend "${STRONGSWAN_VAR_CONF_FILE}" "$@"
-}
-
-secret_reset() {
-	do_include "${IPSEC_SECRETS_FILE}" "${IPSEC_VAR_SECRETS_FILE}"
-}
-
-secret_xappend() {
-	xappend "${IPSEC_VAR_SECRETS_FILE}" "$@"
-}
-
-warning() {
-	echo "WARNING: $@" >&2
-}
-
-add_crypto_proposal() {
-	local encryption_algorithm
-	local hash_algorithm
-	local dh_group
-
-	config_get encryption_algorithm  "$1" encryption_algorithm
-	config_get hash_algorithm        "$1" hash_algorithm
-	config_get dh_group              "$1" dh_group
-
-	[ -n "${encryption_algorithm}" ] && \
-		crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${dh_group:+-${dh_group}}"
-}
-
-set_crypto_proposal() {
-	local conf="$1"
-	local proposal
-
-	crypto=""
-
-	config_get crypto_proposal "$conf" crypto_proposal ""
-	for proposal in $crypto_proposal; do
-		add_crypto_proposal "$proposal"
-	done
-
-	[ -n "${crypto}" ] && {
-		local force_crypto_proposal
-
-		config_get_bool force_crypto_proposal "$conf" force_crypto_proposal
-
-		[ "${force_crypto_proposal}" = "1" ] && crypto="${crypto}!"
-	}
-
-	crypto_proposal="${crypto}"
-}
-
-config_conn() {
-	# Generic ipsec conn section shared by tunnel and transport
-	local mode
-	local local_subnet
-	local local_nat
-	local local_sourceip
-	local local_updown
-	local local_firewall
-	local remote_subnet
-	local remote_sourceip
-	local remote_updown
-	local remote_firewall
-	local ikelifetime
-	local lifetime
-	local margintime
-	local keyingtries
-	local dpdaction
-	local dpddelay
-	local inactivity
-	local keyexchange
-
-	config_get mode                     "$1"           mode "route"
-	config_get local_subnet             "$1"           local_subnet ""
-	config_get local_nat                "$1"           local_nat ""
-	config_get local_sourceip           "$1"           local_sourceip ""
-	config_get local_updown             "$1"           local_updown ""
-	config_get local_firewall           "$1"           local_firewall ""
-	config_get remote_subnet            "$1"           remote_subnet ""
-	config_get remote_sourceip          "$1"           remote_sourceip ""
-	config_get remote_updown            "$1"           remote_updown ""
-	config_get remote_firewall          "$1"           remote_firewall ""
-	config_get ikelifetime              "$1"           ikelifetime "3h"
-	config_get lifetime                 "$1"           lifetime "1h"
-	config_get margintime               "$1"           margintime "9m"
-	config_get keyingtries              "$1"           keyingtries "3"
-	config_get dpdaction                "$1"           dpdaction "none"
-	config_get dpddelay                 "$1"           dpddelay "30s"
-	config_get inactivity               "$1"           inactivity
-	config_get keyexchange              "$1"           keyexchange "ikev2"
-
-	[ -n "$local_nat" ] && local_subnet=$local_nat
-
-	ipsec_xappend "conn $config_name-$1"
-	ipsec_xappend "  left=%any"
-	ipsec_xappend "  right=$remote_gateway"
-
-	[ -n "$local_sourceip" ] && ipsec_xappend "  leftsourceip=$local_sourceip"
-	[ -n "$local_subnet" ] && ipsec_xappend "  leftsubnet=$local_subnet"
-
-	[ -n "$local_firewall" ] && ipsec_xappend "  leftfirewall=$local_firewall"
-	[ -n "$remote_firewall" ] && ipsec_xappend "  rightfirewall=$remote_firewall"
-
-	ipsec_xappend "  ikelifetime=$ikelifetime"
-	ipsec_xappend "  lifetime=$lifetime"
-	ipsec_xappend "  margintime=$margintime"
-	ipsec_xappend "  keyingtries=$keyingtries"
-	ipsec_xappend "  dpdaction=$dpdaction"
-	ipsec_xappend "  dpddelay=$dpddelay"
-
-	[ -n "$inactivity" ] && ipsec_xappend "  inactivity=$inactivity"
-
-	if [ "$auth_method" = "psk" ]; then
-		ipsec_xappend "  leftauth=psk"
-		ipsec_xappend "  rightauth=psk"
-
-		[ "$remote_sourceip" != "" ] && ipsec_xappend "  rightsourceip=$remote_sourceip"
-		[ "$remote_subnet" != "" ] && ipsec_xappend "  rightsubnet=$remote_subnet"
-
-		ipsec_xappend "  auto=$mode"
-	else
-		warning "AuthenticationMethod $auth_method not supported"
-	fi
-
-	[ -n "$local_identifier" ] && ipsec_xappend "  leftid=$local_identifier"
-	[ -n "$remote_identifier" ] && ipsec_xappend "  rightid=$remote_identifier"
-	[ -n "$local_updown" ] && ipsec_xappend "  leftupdown=$local_updown"
-	[ -n "$remote_updown" ] && ipsec_xappend "  rightupdown=$remote_updown"
-	ipsec_xappend "  keyexchange=$keyexchange"
-
-	set_crypto_proposal "$1"
-	[ -n "${crypto_proposal}" ] && ipsec_xappend "  esp=$crypto_proposal"
-	[ -n "${ike_proposal}" ] && ipsec_xappend "  ike=$ike_proposal"
-}
-
-config_tunnel() {
-	config_conn "$1"
-
-	# Specific for the tunnel part
-	ipsec_xappend "  type=tunnel"
-}
-
-config_transport() {
-	config_conn "$1"
-
-	# Specific for the transport part
-	ipsec_xappend "  type=transport"
-}
-
-config_remote() {
-	local enabled
-	local gateway
-	local pre_shared_key
-	local auth_method
-
-	config_name=$1
-
-	config_get_bool enabled "$1" enabled 0
-	[ $enabled -eq 0 ] && return
-
-	config_get gateway           "$1" gateway
-	config_get pre_shared_key    "$1" pre_shared_key
-	config_get auth_method       "$1" authentication_method
-	config_get local_identifier  "$1" local_identifier ""
-	config_get remote_identifier "$1" remote_identifier ""
-
-	[ "$gateway" = "any" ] && remote_gateway="%any" || remote_gateway="$gateway"
-
-	[ -z "$local_identifier" ] && {
-		local ipdest
-
-		[ "$remote_gateway" = "%any" ] && ipdest="1.1.1.1" || ipdest="$remote_gateway"
-		local_gateway=`ip route get $ipdest | awk -F"src" '/src/{gsub(/ /,"");print $2}'`
-	}
-
-	[ -n "$local_identifier" ] && secret_xappend -n "$local_identifier " || secret_xappend -n "$local_gateway "
-	[ -n "$remote_identifier" ] && secret_xappend -n "$remote_identifier " || secret_xappend -n "$remote_gateway "
-
-	secret_xappend ": PSK \"$pre_shared_key\""
-
-	set_crypto_proposal "$1"
-	ike_proposal="$crypto_proposal"
-
-	config_list_foreach "$1" tunnel config_tunnel
-
-	config_list_foreach "$1" transport config_transport
-
-	ipsec_xappend ""
-}
-
-config_ipsec() {
-	local debug
-	local rtinstall_enabled
-	local routing_tables_ignored
-	local routing_table
-	local routing_table_id
-	local interface
-	local device_list
-
-	ipsec_reset
-	secret_reset
-	swan_reset
-
-	ipsec_xappend "# generated by /etc/init.d/ipsec"
-	ipsec_xappend "version 2"
-	ipsec_xappend ""
-
-	secret_xappend "# generated by /etc/init.d/ipsec"
-
-	config_get debug "$1" debug 0
-	config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1
-	[ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no
-
-	# prepare extra charon config option ignore_routing_tables
-	for routing_table in $(config_get "$1" "ignore_routing_tables"); do
-		if [ "$routing_table" -ge 0 ] 2>/dev/null; then
-			routing_table_id=$routing_table
-		else
-			routing_table_id=$(sed -n '/[ \t]*[0-9]\+[ \t]\+'$routing_table'[ \t]*$/s/[ \t]*\([0-9]\+\).*/\1/p' /etc/iproute2/rt_tables)
-		fi
-
-		[ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
-	done
-
-	local interface_list=$(config_get "$1" "interface")
-	if [ -z "$interface_list" ]; then
-		WAIT_FOR_INTF=0
-	else
-		for interface in $interface_list; do
-			network_get_device device $interface
-			[ -n "$device" ] && append device_list "$device" ","
-		done
-		[ -n "$device_list" ] && WAIT_FOR_INTF=0 || WAIT_FOR_INTF=1
-	fi
-
-	swan_xappend "# generated by /etc/init.d/ipsec"
-	swan_xappend "charon {"
-	swan_xappend "  load_modular = yes"
-	swan_xappend "  install_routes = $install_routes"
-	[ -n "$routing_tables_ignored" ] && swan_xappend "  ignore_routing_tables = $routing_tables_ignored"
-	[ -n "$device_list" ] && swan_xappend "  interfaces_use = $device_list"
-	swan_xappend "    plugins {"
-	swan_xappend "      include /etc/strongswan.d/charon/*.conf"
-	swan_xappend "    }"
-	swan_xappend "  syslog {"
-	swan_xappend "    identifier = ipsec"
-	swan_xappend "    daemon {"
-	swan_xappend "      default = $debug"
-	swan_xappend "    }"
-	swan_xappend "    auth {"
-	swan_xappend "      default = $debug"
-	swan_xappend "    }"
-	swan_xappend "  }"
-	swan_xappend "}"
-}
-
-prepare_env() {
-	mkdir -p /var/ipsec
-	remove_includes
-	config_load ipsec
-	config_foreach config_ipsec ipsec
-	config_foreach config_remote remote
-}
-
-service_running() {
-	ipsec status > /dev/null 2>&1
-}
-
-reload_service() {
-  local bool vt_enabled=`uci get ipsec.@service[0].enabled 2>/dev/null`
-  [ "$vt_enabled" = 0 ] && /etc/init.d/ipsec stop && return
-	running && {
-		prepare_env
-		[ $WAIT_FOR_INTF -eq 0 ] && {
-			ipsec rereadall
-			ipsec reload
-			return
-		}
-	}
-	[ "$vt_enabled" = 1 ] && start
-}
-
-check_ipsec_interface() {
-	local intf
-
-	for intf in $(config_get "$1" interface); do
-		procd_add_interface_trigger "interface.*" "$intf" /etc/init.d/ipsec reload
-	done
-}
-
-service_triggers() {
-	procd_add_reload_trigger "ipsec"
-	config load "ipsec"
-	config_foreach check_ipsec_interface ipsec
-}
-
-start_service() {
-  local vt_enabled=`uci get ipsec.@service[0].enabled 2>/dev/null`
-	local vt_clientip=`uci get ipsec.@service[0].clientip`
-	local vt_clientdns=`uci get ipsec.@service[0].clientdns`
-	local vt_account=`uci get ipsec.@service[0].account`
-	local vt_password=`uci get ipsec.@service[0].password 2>/dev/null`
-	local vt_secret=`uci get ipsec.@service[0].secret 2>/dev/null`
-	
-	[ "$vt_enabled" = 0 ] && /etc/init.d/ipsec stop && return
-	
-	cat > /etc/ipsec.conf <<EOF
-# ipsec.conf - strongSwan IPsec configuration file
-
-# basic configuration
-
-config setup
-    # strictcrlpolicy=yes
-    uniqueids=never
-
-# Add connections here.
-
-conn xauth_psk
-	keyexchange=ikev1
-	ike=aes128-sha1-modp2048,aes128-sha1-modp1024,3des-sha1-modp1024,3des-sha1-modp1536
-  esp=aes128-sha1,3des-sha1
-	left=%defaultroute
-	leftauth=psk
-	leftsubnet=0.0.0.0/0
-	right=%any
-	rightauth=psk
-	rightauth2=xauth
-	rightsourceip=$vt_clientip
-	rightdns=$vt_clientdns
-	auto=add
-EOF
-
-
-
-title='/etc/config/'
-title1='/etc/'
-file=$title'ipsec.users'
-file1=$title1'ipsec.secrets'
-temp=$(sed '/^$/d;/^\#/d;/:/d;s/-----//g' $file)
-sed -n  -i -e '/^$/d;/^\#/d;s@[a-z]@&@g;/:/p' $file
-
-sed -i '1,$d' $file1
-sed -n  -e '/^$/d;/^\#/d;s@[a-z]@&@g;/:/p' $file >>$file1
-sed -i 's/:/ :/g;s/:/& XAUTH "/g;s/$/&"/g' $file1
-sed -i '1i: PSK "'$vt_secret'"' $file1
-sed -i '1i# /etc/ipsec.secrets - strongSwan IPsec secrets file'  $file1
-sed -i '1i#---account:password---'  $file
-if [ "$temp" == "" ]; then 
-	temp='-----'$temp'-----'
-else
-	temp='-----'$temp'-----'
-	echo $temp >> $file
-fi
-	prepare_env
-
-	[ $WAIT_FOR_INTF -eq 1 ] && return
-
-	procd_open_instance
-
-	procd_set_param command $PROG --daemon charon --nofork
-
-	procd_set_param file $IPSEC_CONN_FILE
-	procd_append_param file $IPSEC_SECRETS_FILE
-	procd_append_param file $STRONGSWAN_CONF_FILE
-	procd_append_param file /etc/strongswan.d/*.conf
-	procd_append_param file /etc/strongswan.d/charon/*.conf
-
-	procd_set_param respawn
-
-	procd_close_instance
-}
--- a/luci-app-ipsec-vpnd/root/etc/ipsec.include
+++ b/luci-app-ipsec-vpnd/root/etc/ipsec.include
@ -1,11 +0,0 @@
-iptables -D FORWARD  -m policy --dir in --pol ipsec --proto esp -j ACCEPT 2>/dev/null
-iptables -D FORWARD  -m policy --dir out --pol ipsec --proto esp -j ACCEPT 2>/dev/null
-iptables -D INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT 2>/dev/null
-iptables -D OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT 2>/dev/null
-
-iptables -I FORWARD  -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-iptables -I FORWARD  -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-iptables -I INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-iptables -I OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-
-echo 1 > /proc/sys/net/ipv4/conf/br-lan/proxy_arp
--- a/luci-app-ipsec-vpnd/root/etc/uci-defaults/ipsec
+++ b/luci-app-ipsec-vpnd/root/etc/uci-defaults/ipsec
@ -1,54 +0,0 @@
-#!/bin/sh
-
-uci -q batch <<-EOF >/dev/null
-	delete firewall.ipsecd
-	set firewall.ipsecd=include
-	set firewall.ipsecd.type=script
-	set firewall.ipsecd.path=/etc/ipsec.include
-	set firewall.ipsecd.reload=1
-	commit firewall
-EOF
-
-uci -q batch <<-EOF >/dev/null
-  delete firewall.ike
-  add firewall rule
-  rename firewall.@rule[-1]="ike"
-  set firewall.@rule[-1].name="ike"
-  set firewall.@rule[-1].target="ACCEPT"
-  set firewall.@rule[-1].src="vpn"
-  set firewall.@rule[-1].proto="udp"
-  set firewall.@rule[-1].dest_port="500"
-  delete firewall.ipsec
-  add firewall rule
-  rename firewall.@rule[-1]="ipsec"
-  set firewall.@rule[-1].name="ipsec"
-  set firewall.@rule[-1].target="ACCEPT"
-  set firewall.@rule[-1].src="vpn"
-  set firewall.@rule[-1].proto="udp"
-  set firewall.@rule[-1].dest_port="4500"
-  delete firewall.ah
-  add firewall rule
-  rename firewall.@rule[-1]="ah"
-  set firewall.@rule[-1].name="ah"
-  set firewall.@rule[-1].target="ACCEPT"
-  set firewall.@rule[-1].src="vpn"
-  set firewall.@rule[-1].proto="ah"
-  delete firewall.esp
-  add firewall rule
-  rename firewall.@rule[-1]="esp"
-  set firewall.@rule[-1].name="esp"
-  set firewall.@rule[-1].target="ACCEPT"
-  set firewall.@rule[-1].src="vpn"
-  set firewall.@rule[-1].proto="esp"
-  commit firewall
-EOF
-
-uci -q batch <<-EOF >/dev/null
-	delete ucitrack.@ipsec[-1]
-	add ucitrack ipsec
-	set ucitrack.@ipsec[-1].init=ipsec
-	commit ucitrack
-EOF
-
-rm -f /tmp/luci-indexcache
-exit 0