Annotation of embedaddon/ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-up.sh, revision 1.1.1.1
1.1 misho 1: #!/bin/sh
2:
3: #
4: # sa-up.sh local configuration for a new SA
5: #
6: PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
7:
8: case `uname -s` in
9: NetBSD)
10: DEFAULT_GW=`netstat -finet -rn | awk '($1 == "default"){print $2; exit}'`
11: ;;
12: Linux)
13: DEFAULT_GW=`netstat --inet -rn | awk '($1 == "0.0.0.0"){print $2; exit}'`
14: ;;
15: esac
16:
17: echo $@
18: echo "LOCAL_ADDR = ${LOCAL_ADDR}"
19: echo "LOCAL_PORT = ${LOCAL_PORT}"
20: echo "REMOTE_ADDR = ${REMOTE_ADDR}"
21: echo "REMOTE_PORT = ${REMOTE_PORT}"
22: echo "DEFAULT_GW = ${DEFAULT_GW}"
23: echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
24: echo "INTERNAL_NETMASK4 = ${INTERNAL_NETMASK4}"
25: echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
26:
27: echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
28: echo ${INTERNAL_NETMASK4} | grep '[0-9]' > /dev/null || exit 0
29: echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
30:
31: mv /etc/resolv.conf /etc/resolv.conf.bak
32: ( umask 22; touch /etc/resolv.conf )
33: echo "# Generated by racoon on `date`" >> /etc/resolv.conf
34: echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
35:
36: case `uname -s` in
37: NetBSD)
38: if=`netstat -finet -rn|awk '($1 == "default"){print $7; exit}'`
39: ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4}
40: route delete default
41: route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
42: route add ${REMOTE_ADDR} ${DEFAULT_GW}
43: ;;
44: Linux)
45: if=`netstat --inet -rn|awk '($1 == "0.0.0.0"){print $8; exit}'`
46: ifconfig ${if}:1 ${INTERNAL_ADDR4}
47: route delete default
48: route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
49: route add default gw ${DEFAULT_GW} dev ${if}:1
50: ;;
51: esac
52:
53: LOCAL="${LOCAL_ADDR}"
54: REMOTE="${REMOTE_ADDR}"
55: if [ "x${LOCAL_PORT}" != "x500" ]; then
56: # NAT-T setup
57: LOCAL="${LOCAL}[${LOCAL_PORT}]"
58: REMOTE="${REMOTE}[${REMOTE_PORT}]"
59: fi
60:
61:
62: echo "
63: spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
64: -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
65: spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
66: -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
67: " | setkey -c
68:
69: #
70: # XXX This is a workaround for Linux forward policies problem.
71: # Someone familiar with forward policies please fix this properly.
72: #
73: case `uname -s` in
74: Linux)
75: echo "
76: spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
77: -P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
78: " | setkey -c
79: ;;
80: esac
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>