#!/bin/bash
ln -s /home/system/ipsec.d /etc 2>/dev/null

#for some ipsec tools
ln -s /usr/bin/mktemp /bin 2>/dev/null

#neccesary the first time, see https://libreswan.org/wiki/3.14_X509
ipsec checknss


KEY=/etc/ipsec.d/ipsec.pub
if ! egrep '(ckaid|CKA_ID)' $KEY >/dev/null; then
    rm $KEY 2>/dev/null
    echo Generating ipsec key
    ipsec newhostkey --bits 2192 --output $KEY || exit 1
    #previous command can fail without proper exit code, so check it:
    egrep '(ckaid|CKA_ID)' $KEY >/dev/null || exit 1
fi
depmod -a

#deze werd niet geroteerd en dus veel te groot.
#logging gaat nu via syslog naar /var/log/secure.
rm /var/log/ipsec.log

#VPN monitoring check script wordt vanuit hier in de crontab gezet 
if ! crontab -l | grep syn3-ipseccheck; then
        crontab -l > /tmp/$$.cron || exit 1
        echo '* * * * * /sbin/syn3-ipseccheck > /dev/null' >> /tmp/$$.cron || exit 1
        cat /tmp/$$.cron | crontab - || exit 1
        rm /tmp/$$.cron
fi



exit 0