| [ff36f5e] | 1 | #!/bin/sh |
|---|
| 2 | |
|---|
| 3 | # |
|---|
| 4 | # sa-up.sh local configuration for a new SA |
|---|
| 5 | # |
|---|
| 6 | PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin |
|---|
| 7 | |
|---|
| 8 | case `uname -s` in |
|---|
| 9 | NetBSD) |
|---|
| 10 | DEFAULT_GW=`netstat -finet -rn | awk '($1 == "default"){print $2; exit}'` |
|---|
| 11 | ;; |
|---|
| 12 | Linux) |
|---|
| 13 | DEFAULT_GW=`netstat --inet -rn | awk '($1 == "0.0.0.0"){print $2; exit}'` |
|---|
| 14 | ;; |
|---|
| 15 | esac |
|---|
| 16 | |
|---|
| 17 | echo $@ |
|---|
| 18 | echo "LOCAL_ADDR = ${LOCAL_ADDR}" |
|---|
| 19 | echo "LOCAL_PORT = ${LOCAL_PORT}" |
|---|
| 20 | echo "REMOTE_ADDR = ${REMOTE_ADDR}" |
|---|
| 21 | echo "REMOTE_PORT = ${REMOTE_PORT}" |
|---|
| 22 | echo "DEFAULT_GW = ${DEFAULT_GW}" |
|---|
| 23 | echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}" |
|---|
| 24 | echo "INTERNAL_NETMASK4 = ${INTERNAL_NETMASK4}" |
|---|
| 25 | echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}" |
|---|
| 26 | |
|---|
| 27 | echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0 |
|---|
| 28 | echo ${INTERNAL_NETMASK4} | grep '[0-9]' > /dev/null || exit 0 |
|---|
| 29 | echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0 |
|---|
| 30 | |
|---|
| 31 | mv /etc/resolv.conf /etc/resolv.conf.bak |
|---|
| 32 | ( umask 22; touch /etc/resolv.conf ) |
|---|
| 33 | echo "# Generated by racoon on `date`" >> /etc/resolv.conf |
|---|
| 34 | echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf |
|---|
| 35 | |
|---|
| 36 | case `uname -s` in |
|---|
| 37 | NetBSD) |
|---|
| 38 | if=`netstat -finet -rn|awk '($1 == "default"){print $7; exit}'` |
|---|
| 39 | ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4} |
|---|
| 40 | route delete default |
|---|
| 41 | route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4} |
|---|
| 42 | route add ${REMOTE_ADDR} ${DEFAULT_GW} |
|---|
| 43 | ;; |
|---|
| 44 | Linux) |
|---|
| 45 | if=`netstat --inet -rn|awk '($1 == "0.0.0.0"){print $8; exit}'` |
|---|
| 46 | ifconfig ${if}:1 ${INTERNAL_ADDR4} |
|---|
| 47 | route delete default |
|---|
| 48 | route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if} |
|---|
| 49 | route add default gw ${DEFAULT_GW} dev ${if}:1 |
|---|
| 50 | ;; |
|---|
| 51 | esac |
|---|
| 52 | |
|---|
| 53 | LOCAL="${LOCAL_ADDR}" |
|---|
| 54 | REMOTE="${REMOTE_ADDR}" |
|---|
| 55 | if [ "x${LOCAL_PORT}" != "x500" ]; then |
|---|
| 56 | # NAT-T setup |
|---|
| 57 | LOCAL="${LOCAL}[${LOCAL_PORT}]" |
|---|
| 58 | REMOTE="${REMOTE}[${REMOTE_PORT}]" |
|---|
| 59 | fi |
|---|
| 60 | |
|---|
| 61 | |
|---|
| 62 | echo " |
|---|
| 63 | spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any |
|---|
| 64 | -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require; |
|---|
| 65 | spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any |
|---|
| 66 | -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require; |
|---|
| 67 | " | setkey -c |
|---|
| 68 | |
|---|
| 69 | # |
|---|
| 70 | # XXX This is a workaround for Linux forward policies problem. |
|---|
| 71 | # Someone familiar with forward policies please fix this properly. |
|---|
| 72 | # |
|---|
| 73 | case `uname -s` in |
|---|
| 74 | Linux) |
|---|
| 75 | echo " |
|---|
| 76 | spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any |
|---|
| 77 | -P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require; |
|---|
| 78 | " | setkey -c |
|---|
| 79 | ;; |
|---|
| 80 | esac |
|---|
![[RTEMS Logo]](/images/logo.png){kind=logo}
