[BACK]Return to phase1-up.sh CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default / racoon / roadwarrior / client
File:  [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default / racoon / roadwarrior / client / phase1-up.sh
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Tue Jul 5 23:43:00 2011 UTC (13 years, 1 month ago) by misho
Branches: misho, MAIN
CVS tags: start, elwix2_3, elwix2_2, elwix2_1, elwix2_0, elwix1_9_mips, elwix1_9, elwix1_8, elwix1_7, elwix1_6, elwix1_5, elwix1_4, Patch1, HEAD, ELWIX2_2p0, ELWIX2_1, ELWIX2_0, ELWIX1_9, ELWIX1_8, ELWIX1_7, ELWIX1_6, ELWIX1_5
ELWIX project

    1: #!/bin/sh
    2: 
    3: #
    4: # sa-up.sh local configuration for a new SA
    5: #
    6: PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
    7: 
    8: case `uname -s` in
    9: NetBSD)
   10: 	DEFAULT_GW=`netstat -rn | awk '($1 == "default"){print $2}'`
   11: 	;;
   12: Linux)
   13: 	DEFAULT_GW=`netstat -rn | awk '($1 == "0.0.0.0"){print $2}'`
   14: 	;;
   15: esac
   16: 
   17: echo $@
   18: echo "LOCAL_ADDR = ${LOCAL_ADDR}"
   19: echo "LOCAL_PORT = ${LOCAL_PORT}"
   20: echo "REMOTE_ADDR = ${REMOTE_ADDR}"
   21: echo "REMOTE_PORT = ${REMOTE_PORT}"
   22: echo "DEFAULT_GW = ${DEFAULT_GW}"
   23: echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
   24: echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
   25: 
   26: echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
   27: echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
   28: 
   29: test -f /etc/resolv.conf.bak || cp /etc/resolv.conf /etc/resolv.conf.bak
   30: echo "# Generated by racoon on `date`" > /etc/resolv.conf
   31: echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
   32: 
   33: case `uname -s` in
   34: NetBSD)
   35: 	if=`netstat -rn|awk '($1 == "default"){print $7}'`
   36: 	ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4}
   37: 	route delete default
   38: 	route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
   39: 	route add ${REMOTE_ADDR} ${DEFAULT_GW}
   40: 	;;
   41: Linux)
   42: 	if=`netstat -rn|awk '($1 == "0.0.0.0"){print $8}'`
   43: 	ifconfig ${if}:1 ${INTERNAL_ADDR4}      
   44: 	route delete default
   45: 	route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
   46: 	route add default gw ${DEFAULT_GW} dev ${if}:1
   47: 	;;
   48: esac
   49: 
   50: # Use this for a NAT-T setup
   51: LOCAL="${LOCAL_ADDR}[${LOCAL_PORT}]"
   52: REMOTE="${REMOTE_ADDR}[${REMOTE_PORT}]"
   53: 
   54: # Use this for a non NAT-T setup
   55: #LOCAL="${LOCAL_ADDR}"
   56: #REMOTE="${REMOTE_ADDR}"
   57: 
   58: 
   59: echo "
   60: spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
   61:        -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
   62: spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
   63:        -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
   64: " | setkey -c
   65: 
   66: #
   67: # XXX This is a workaround for Linux forward policies problem. 
   68: # Someone familiar with forward policies please fix this properly.
   69: #
   70: case `uname -s` in
   71: Linux)
   72: 	echo "
   73: 	spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
   74: 		-P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
   75: 	" | setkey -c
   76: 	;;
   77: esac
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>