• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/sh
2
3#
4# sa-up.sh local configuration for a new SA
5#
6PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
7
8case `uname -s` in
9NetBSD)
10	DEFAULT_GW=`netstat -rn | awk '($1 == "default"){print $2}'`
11	;;
12Linux)
13	DEFAULT_GW=`netstat -rn | awk '($1 == "0.0.0.0"){print $2}'`
14	;;
15esac
16
17echo $@
18echo "LOCAL_ADDR = ${LOCAL_ADDR}"
19echo "LOCAL_PORT = ${LOCAL_PORT}"
20echo "REMOTE_ADDR = ${REMOTE_ADDR}"
21echo "REMOTE_PORT = ${REMOTE_PORT}"
22echo "DEFAULT_GW = ${DEFAULT_GW}"
23echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
24echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
25
26echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
27echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
28
29test -f /etc/resolv.conf.bak || cp /etc/resolv.conf /etc/resolv.conf.bak
30echo "# Generated by racoon on `date`" > /etc/resolv.conf
31echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
32
33case `uname -s` in
34NetBSD)
35	if=`netstat -rn|awk '($1 == "default"){print $7}'`
36	ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4}
37	route delete default
38	route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
39	route add ${REMOTE_ADDR} ${DEFAULT_GW}
40	;;
41Linux)
42	if=`netstat -rn|awk '($1 == "0.0.0.0"){print $8}'`
43	ifconfig ${if}:1 ${INTERNAL_ADDR4}
44	route delete default
45	route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
46	route add default gw ${DEFAULT_GW} dev ${if}:1
47	;;
48esac
49
50# Use this for a NAT-T setup
51LOCAL="${LOCAL_ADDR}[${LOCAL_PORT}]"
52REMOTE="${REMOTE_ADDR}[${REMOTE_PORT}]"
53
54# Use this for a non NAT-T setup
55#LOCAL="${LOCAL_ADDR}"
56#REMOTE="${REMOTE_ADDR}"
57
58
59echo "
60spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
61       -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
62spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
63       -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
64" | setkey -c
65
66#
67# XXX This is a workaround for Linux forward policies problem.
68# Someone familiar with forward policies please fix this properly.
69#
70case `uname -s` in
71Linux)
72	echo "
73	spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
74		-P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
75	" | setkey -c
76	;;
77esac
78