Annotation of elwix/config/etc/default/racoon/roadwarrior/client/phase1-down.sh, revision 1.1
1.1 ! misho 1: #!/bin/sh
! 2:
! 3: #
! 4: # sa-down.sh local configuration for a new SA
! 5: #
! 6:
! 7: PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
! 8:
! 9: case `uname -s` in
! 10: NetBSD)
! 11: DEFAULT_GW=`netstat -rn | awk '($1 == "default"){print $2}'`
! 12: ;;
! 13: Linux)
! 14: DEFAULT_GW=`netstat -rn | awk '($1 == "0.0.0.0"){print $2}'`
! 15: ;;
! 16: esac
! 17:
! 18: echo $@
! 19: echo "LOCAL_ADDR = ${LOCAL_ADDR}"
! 20: echo "LOCAL_PORT = ${LOCAL_PORT}"
! 21: echo "REMOTE_ADDR = ${REMOTE_ADDR}"
! 22: echo "REMOTE_PORT = ${REMOTE_PORT}"
! 23: echo "DEFAULT_GW = ${DEFAULT_GW}"
! 24: echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
! 25: echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
! 26:
! 27: echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
! 28: echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
! 29:
! 30: test -f /etc/resolv.conf.bak && cp /etc/resolv.conf.bak /etc/resolv.conf
! 31:
! 32: case `uname -s` in
! 33: NetBSD)
! 34: if=`netstat -rn|awk '($1 == "default"){print $7}'`
! 35: ifconfig ${if} delete ${INTERNAL_ADDR4}
! 36: route delete default
! 37: route delete ${REMOTE_ADDR}
! 38: route add default ${DEFAULT_GW} -ifa ${LOCAL_ADDR}
! 39: ;;
! 40: Linux)
! 41: if=`netstat -rn|awk '($1 == "0.0.0.0"){print $8}'`
! 42: route delete default
! 43: route delete ${REMOTE_ADDR}
! 44: ifconfig ${if}:1 del ${INTERNAL_ADDR4}
! 45: route add default gw ${DEFAULT_GW}
! 46:
! 47: #
! 48: # XXX This is a workaround because Linux seems to ignore
! 49: # the deleteall commands below. This is bad because it flushes
! 50: # any SAD instead of flushing what needs to be flushed.
! 51: # Someone using Linux please fix it
! 52: #
! 53: setkey -F
! 54: ;;
! 55: esac
! 56:
! 57: # Use this for a NAT-T setup
! 58: LOCAL="${LOCAL_ADDR}[${LOCAL_PORT}]"
! 59: REMOTE="${REMOTE_ADDR}[${REMOTE_PORT}]"
! 60:
! 61: # Use this for a non NAT-T setup
! 62: #LOCAL="${LOCAL_ADDR}"
! 63: #REMOTE="${REMOTE_ADDR}"
! 64:
! 65: echo "
! 66: deleteall ${REMOTE_ADDR} ${LOCAL_ADDR} esp;
! 67: deleteall ${LOCAL_ADDR} ${REMOTE_ADDR} esp;
! 68: spddelete ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
! 69: -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
! 70: spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
! 71: -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
! 72: " | setkey -c
! 73:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>