source: rtems-libbsd/ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-up.sh @ ff36f5e

5-freebsd-12
Last change on this file since ff36f5e was ff36f5e, checked in by Christian Mauderer <christian.mauderer@…>, on May 30, 2018 at 12:27:35 PM

Import ipsec-tools 0.8.2.

Import unchanged ipsec-tools sources in the release version 0.8.2. The
homepage of ipsec-tools is http://ipsec-tools.sourceforge.net/. The
sources can be obtained from there.

  • Property mode set to 100755
File size: 2.2 KB
Line 
1#!/bin/sh
2
3#
4# sa-up.sh local configuration for a new SA
5#
6PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
7
8case `uname -s` in
9NetBSD)
10        DEFAULT_GW=`netstat -finet -rn | awk '($1 == "default"){print $2; exit}'`
11        ;;
12Linux)
13        DEFAULT_GW=`netstat --inet -rn | awk '($1 == "0.0.0.0"){print $2; exit}'`
14        ;;
15esac
16
17echo $@
18echo "LOCAL_ADDR = ${LOCAL_ADDR}"
19echo "LOCAL_PORT = ${LOCAL_PORT}"
20echo "REMOTE_ADDR = ${REMOTE_ADDR}"
21echo "REMOTE_PORT = ${REMOTE_PORT}"
22echo "DEFAULT_GW = ${DEFAULT_GW}"
23echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
24echo "INTERNAL_NETMASK4 = ${INTERNAL_NETMASK4}"
25echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
26
27echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
28echo ${INTERNAL_NETMASK4} | grep '[0-9]' > /dev/null || exit 0
29echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
30
31mv /etc/resolv.conf /etc/resolv.conf.bak
32( umask 22; touch /etc/resolv.conf )
33echo "# Generated by racoon on `date`" >> /etc/resolv.conf
34echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
35
36case `uname -s` in
37NetBSD)
38        if=`netstat -finet -rn|awk '($1 == "default"){print $7; exit}'`
39        ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4}
40        route delete default
41        route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
42        route add ${REMOTE_ADDR} ${DEFAULT_GW}
43        ;;
44Linux)
45        if=`netstat --inet -rn|awk '($1 == "0.0.0.0"){print $8; exit}'`
46        ifconfig ${if}:1 ${INTERNAL_ADDR4}     
47        route delete default
48        route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
49        route add default gw ${DEFAULT_GW} dev ${if}:1
50        ;;
51esac
52
53LOCAL="${LOCAL_ADDR}"
54REMOTE="${REMOTE_ADDR}"
55if [ "x${LOCAL_PORT}" != "x500" ]; then
56        # NAT-T setup
57        LOCAL="${LOCAL}[${LOCAL_PORT}]"
58        REMOTE="${REMOTE}[${REMOTE_PORT}]"
59fi
60
61
62echo "
63spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
64       -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
65spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
66       -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
67" | setkey -c
68
69#
70# XXX This is a workaround for Linux forward policies problem.
71# Someone familiar with forward policies please fix this properly.
72#
73case `uname -s` in
74Linux)
75        echo "
76        spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
77                -P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
78        " | setkey -c
79        ;;
80esac
Note: See TracBrowser for help on using the repository browser.