Annotation of elwix/config/etc/default/racoon/roadwarrior/client/phase1-up.sh, revision 1.1.1.1
1.1 misho 1: #!/bin/sh
2:
3: #
4: # sa-up.sh local configuration for a new SA
5: #
6: PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
7:
8: case `uname -s` in
9: NetBSD)
10: DEFAULT_GW=`netstat -rn | awk '($1 == "default"){print $2}'`
11: ;;
12: Linux)
13: DEFAULT_GW=`netstat -rn | awk '($1 == "0.0.0.0"){print $2}'`
14: ;;
15: esac
16:
17: echo $@
18: echo "LOCAL_ADDR = ${LOCAL_ADDR}"
19: echo "LOCAL_PORT = ${LOCAL_PORT}"
20: echo "REMOTE_ADDR = ${REMOTE_ADDR}"
21: echo "REMOTE_PORT = ${REMOTE_PORT}"
22: echo "DEFAULT_GW = ${DEFAULT_GW}"
23: echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
24: echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
25:
26: echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
27: echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
28:
29: test -f /etc/resolv.conf.bak || cp /etc/resolv.conf /etc/resolv.conf.bak
30: echo "# Generated by racoon on `date`" > /etc/resolv.conf
31: echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
32:
33: case `uname -s` in
34: NetBSD)
35: if=`netstat -rn|awk '($1 == "default"){print $7}'`
36: ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4}
37: route delete default
38: route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
39: route add ${REMOTE_ADDR} ${DEFAULT_GW}
40: ;;
41: Linux)
42: if=`netstat -rn|awk '($1 == "0.0.0.0"){print $8}'`
43: ifconfig ${if}:1 ${INTERNAL_ADDR4}
44: route delete default
45: route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
46: route add default gw ${DEFAULT_GW} dev ${if}:1
47: ;;
48: esac
49:
50: # Use this for a NAT-T setup
51: LOCAL="${LOCAL_ADDR}[${LOCAL_PORT}]"
52: REMOTE="${REMOTE_ADDR}[${REMOTE_PORT}]"
53:
54: # Use this for a non NAT-T setup
55: #LOCAL="${LOCAL_ADDR}"
56: #REMOTE="${REMOTE_ADDR}"
57:
58:
59: echo "
60: spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
61: -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
62: spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
63: -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
64: " | setkey -c
65:
66: #
67: # XXX This is a workaround for Linux forward policies problem.
68: # Someone familiar with forward policies please fix this properly.
69: #
70: case `uname -s` in
71: Linux)
72: echo "
73: spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
74: -P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
75: " | setkey -c
76: ;;
77: esac
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>