Annotation of embedaddon/ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-up.sh, revision 1.1
1.1 ! misho 1: #!/bin/sh
! 2:
! 3: #
! 4: # sa-up.sh local configuration for a new SA
! 5: #
! 6: PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
! 7:
! 8: case `uname -s` in
! 9: NetBSD)
! 10: DEFAULT_GW=`netstat -finet -rn | awk '($1 == "default"){print $2; exit}'`
! 11: ;;
! 12: Linux)
! 13: DEFAULT_GW=`netstat --inet -rn | awk '($1 == "0.0.0.0"){print $2; exit}'`
! 14: ;;
! 15: esac
! 16:
! 17: echo $@
! 18: echo "LOCAL_ADDR = ${LOCAL_ADDR}"
! 19: echo "LOCAL_PORT = ${LOCAL_PORT}"
! 20: echo "REMOTE_ADDR = ${REMOTE_ADDR}"
! 21: echo "REMOTE_PORT = ${REMOTE_PORT}"
! 22: echo "DEFAULT_GW = ${DEFAULT_GW}"
! 23: echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
! 24: echo "INTERNAL_NETMASK4 = ${INTERNAL_NETMASK4}"
! 25: echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
! 26:
! 27: echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
! 28: echo ${INTERNAL_NETMASK4} | grep '[0-9]' > /dev/null || exit 0
! 29: echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
! 30:
! 31: mv /etc/resolv.conf /etc/resolv.conf.bak
! 32: ( umask 22; touch /etc/resolv.conf )
! 33: echo "# Generated by racoon on `date`" >> /etc/resolv.conf
! 34: echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
! 35:
! 36: case `uname -s` in
! 37: NetBSD)
! 38: if=`netstat -finet -rn|awk '($1 == "default"){print $7; exit}'`
! 39: ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4}
! 40: route delete default
! 41: route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
! 42: route add ${REMOTE_ADDR} ${DEFAULT_GW}
! 43: ;;
! 44: Linux)
! 45: if=`netstat --inet -rn|awk '($1 == "0.0.0.0"){print $8; exit}'`
! 46: ifconfig ${if}:1 ${INTERNAL_ADDR4}
! 47: route delete default
! 48: route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
! 49: route add default gw ${DEFAULT_GW} dev ${if}:1
! 50: ;;
! 51: esac
! 52:
! 53: LOCAL="${LOCAL_ADDR}"
! 54: REMOTE="${REMOTE_ADDR}"
! 55: if [ "x${LOCAL_PORT}" != "x500" ]; then
! 56: # NAT-T setup
! 57: LOCAL="${LOCAL}[${LOCAL_PORT}]"
! 58: REMOTE="${REMOTE}[${REMOTE_PORT}]"
! 59: fi
! 60:
! 61:
! 62: echo "
! 63: spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
! 64: -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
! 65: spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
! 66: -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
! 67: " | setkey -c
! 68:
! 69: #
! 70: # XXX This is a workaround for Linux forward policies problem.
! 71: # Someone familiar with forward policies please fix this properly.
! 72: #
! 73: case `uname -s` in
! 74: Linux)
! 75: echo "
! 76: spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
! 77: -P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
! 78: " | setkey -c
! 79: ;;
! 80: esac
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to phase1-up.sh CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ipsec-tools / src / racoon / samples / roadwarrior / client