source: rtems-libbsd/testsuite/ipsec01/setup_FreeBSD_as_communication_partner.sh @ baffbf3

55-freebsd-126-freebsd-12
Last change on this file since baffbf3 was baffbf3, checked in by Christian Mauderer <christian.mauderer@…>, on 08/02/18 at 08:22:11

testsuite/ipsec01: Add.
  • Property mode set to 100644
File size: 2.1 KB
RevLine 
[baffbf3]1#!/bin/sh -x
2
3if ! which racoon >/dev/null 2>&1
4then
5        echo "You have to install security/ipsec-tools from ports collection!"
6        exit 1
7fi
8
9IPSEC_REM_INT="10.10.1.1"
10IPSEC_REM_NET="10.10.1.0/24"
11IPSEC_REM_EXT="192.168.10.1"
12IPSEC_LOC_INT="172.24.0.1"
13IPSEC_LOC_NET="172.24.0.0/24"
14IPSEC_LOC_EXT="192.168.10.10"
15RACOON_PSK_FILE="/etc/racoon_psk.txt"
16RACOON_CONFIG_FILE="/etc/racoon.conf"
17SETKEY_CONF="/etc/setkey.conf"
18GIF="gif0"
19
20ifconfig $GIF create
21ifconfig $GIF $IPSEC_LOC_INT $IPSEC_REM_INT
22ifconfig $GIF tunnel $IPSEC_LOC_EXT $IPSEC_REM_EXT
23route add $IPSEC_REM_NET $IPSEC_REM_INT
24
25cat <<EOF > $RACOON_CONFIG_FILE
26path   pre_shared_key "$RACOON_PSK_FILE";
27log    debug;
28
29padding # options are not to be changed
30{
31        maximum_length  20;
32        randomize       off;
33        strict_check    off;
34        exclusive_tail  off;
35}
36
37listen  # address [port] that racoon will listen on
38{
39        isakmp          $IPSEC_LOC_EXT [500];
40}
41
42remote $IPSEC_REM_EXT [500]
43{
44       exchange_mode                   main;
45       my_identifier                   address $IPSEC_LOC_EXT;
46       peers_identifier                address $IPSEC_REM_EXT;
47       proposal_check                  obey;
48
49       proposal {
50               encryption_algorithm    3des;
51               hash_algorithm          md5;
52               authentication_method   pre_shared_key;
53               lifetime time           3600 sec;
54               dh_group                2;
55       }
56}
57
58sainfo (address $IPSEC_LOC_NET any address $IPSEC_REM_NET any)
59{
60       pfs_group                       2;
61       lifetime                        time 28800 sec;
62       encryption_algorithm            3des;
63       authentication_algorithm        hmac_md5;
64       compression_algorithm           deflate;
65}
66EOF
67
68cat <<EOF > $RACOON_PSK_FILE
69$IPSEC_REM_EXT mysecretkey
70EOF
71
72chmod 600 $RACOON_PSK_FILE
73
74cat <<EOF > $SETKEY_CONF
75flush;
76spdflush;
77spdadd $IPSEC_LOC_NET $IPSEC_REM_NET any -P out ipsec esp/tunnel/$IPSEC_LOC_EXT-$IPSEC_REM_EXT/use;
78spdadd $IPSEC_REM_NET $IPSEC_LOC_NET any -P in  ipsec esp/tunnel/$IPSEC_REM_EXT-$IPSEC_LOC_EXT/use;
79EOF
80
81setkey -f /etc/setkey.conf
82racoon -F -f /etc/racoon.conf
Note: See TracBrowser for help on using the repository browser.