<?xml version="1.0" ?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!-- NOTE: While this manifest supports instances, their functionality may be
     limited by the vpnc implementation itself: it binds to 0.0.0.0:500 by
     default, and another daemon can not start with the same settings.
     To use several VPNs at once, you may need to bind to different local
     addresses or ports (via command line options or configuration file
     fields), and/or provide multiple config files on the same command line,
     by customizing your setup (svccfg -s vpnc editprop). Most VPN policies
     insist on exclusivity for security, so this limitation may be not an issue
     at all.
-->
<service_bundle type="manifest" name="vpnc">
    <service name="network/vpnc" type="service" version="1">
        <dependency name="network" grouping="require_all" restart_on="error" type="service">
            <service_fmri value="svc:/milestone/network:default"/>
        </dependency>

        <dependency name="filesystem" grouping="require_all" restart_on="error" type="service">
            <service_fmri value="svc:/system/filesystem/local"/>
        </dependency>

        <method_context working_directory='/etc/vpnc'>
            <!-- Some setups might need extra permissions for their vpnc
                 service, especially if reduced to run as a non-root -->
            <method_credential group='root' limit_privileges=':default'
                privileges='basic,sys_iptun_config,sys_net_config,sys_devices,net_privaddr,net_rawaccess,net_icmpaccess,file_chown,file_owner,file_dac_write,proc_setid,proc_chroot'
                supp_groups=':default' user='root'/>
            <method_environment>
                <envvar name="PATH" value="/usr/bin:/usr/sbin"/>
            </method_environment>
        </method_context>

        <exec_method type="method" name="start"
            exec="/usr/sbin/vpnc --pid-file '/var/run/vpnc-%i.pid' --non-inter '/etc/vpnc/%i.conf'"
            timeout_seconds="60"/>

        <exec_method type="method" name="stop" exec=":kill" timeout_seconds="60"/>

        <property_group name='general' type='framework'>
            <propval name='action_authorization' type='astring' value='solaris.smf.manage.vpnc'/>
            <propval name='value_authorization' type='astring' value='solaris.smf.value.vpnc'/>
        </property_group>

        <property_group name="startd" type="framework">
            <propval name="duration" type="astring" value="contract"/>
            <propval name="ignore_error" type="astring" value="core,signal"/>
        </property_group>

        <stability value="Evolving"/>

        <template>
            <common_name>
                <loctext xml:lang="C">VPNC</loctext>
            </common_name>
            <documentation>
                <manpage title="vpnc" section="1m" manpath="/usr/share/man"/>
                <doc_link name="vpnc.net" uri="https://www.unix-ag.uni-kl.de/~massar/vpnc/"/>
            </documentation>
        </template>
    </service>
</service_bundle>