Annotation of embedaddon/ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-down.sh, revision 1.1.1.1
1.1 misho 1: #!/bin/sh
2:
3: #
4: # sa-down.sh local configuration for a new SA
5: #
6:
7: PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
8:
9: case `uname -s` in
10: NetBSD)
11: DEFAULT_GW=`netstat -finet -rn | awk '($1 == "default"){print $2; exit}'`
12: ;;
13: Linux)
14: DEFAULT_GW=`netstat --inet -rn | awk '($1 == "0.0.0.0"){print $2; exit}'`
15: ;;
16: esac
17:
18: echo $@
19: echo "LOCAL_ADDR = ${LOCAL_ADDR}"
20: echo "LOCAL_PORT = ${LOCAL_PORT}"
21: echo "REMOTE_ADDR = ${REMOTE_ADDR}"
22: echo "REMOTE_PORT = ${REMOTE_PORT}"
23: echo "DEFAULT_GW = ${DEFAULT_GW}"
24: echo "INTERNAL_NETMASK4 = ${INTERNAL_NETMASK4}"
25: echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
26: echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
27:
28: echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
29: echo ${INTERNAL_NETMASK4} | grep '[0-9]' > /dev/null || exit 0
30: echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
31:
32: if [ -f /etc/resolv.conf.bak ]; then
33: rm -f /etc/resolv.conf
34: mv /etc/resolv.conf.bak /etc/resolv.conf
35: fi
36:
37: case `uname -s` in
38: NetBSD)
39: if=`netstat -finet -rn|awk '($1 == "default"){print $7; exit}'`
40: route delete default
41: route delete ${REMOTE_ADDR}
42: ifconfig ${if} delete ${INTERNAL_ADDR4}
43: route add default ${DEFAULT_GW} -ifa ${LOCAL_ADDR}
44: ;;
45: Linux)
46: if=`netstat --inet -rn|awk '($1 == "0.0.0.0"){print $8; exit}'`
47: route delete default
48: route delete ${REMOTE_ADDR}
49: ifconfig ${if}:1 del ${INTERNAL_ADDR4}
50: route add default gw ${DEFAULT_GW}
51:
52: #
53: # XXX This is a workaround because Linux seems to ignore
54: # the deleteall commands below. This is bad because it flushes
55: # any SAD instead of flushing what needs to be flushed.
56: # Someone using Linux please fix it
57: #
58: setkey -F
59: ;;
60: esac
61:
62: LOCAL="${LOCAL_ADDR}"
63: REMOTE="${REMOTE_ADDR}"
64: if [ "x${LOCAL_PORT}" != "x500" ]; then
65: # NAT-T setup
66: LOCAL="${LOCAL}[${LOCAL_PORT}]"
67: REMOTE="${REMOTE}[${REMOTE_PORT}]"
68: fi
69:
70: echo "
71: deleteall ${REMOTE_ADDR} ${LOCAL_ADDR} esp;
72: deleteall ${LOCAL_ADDR} ${REMOTE_ADDR} esp;
73: spddelete ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
74: -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
75: spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
76: -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
77: " | setkey -c
78:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>