Sync usage with man page.
[netbsd-mini2440.git] / crypto / dist / ipsec-tools / src / racoon / samples / roadwarrior / client / phase1-up.sh
blob9275811a0cd6f8f32f8db9256c1bb6612f852f58
1 #!/bin/sh
4 # sa-up.sh local configuration for a new SA
6 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
8 case `uname -s` in
9 NetBSD)
10 DEFAULT_GW=`netstat -finet -rn | awk '($1 == "default"){print $2; exit}'`
12 Linux)
13 DEFAULT_GW=`netstat --inet -rn | awk '($1 == "0.0.0.0"){print $2; exit}'`
15 esac
17 echo $@
18 echo "LOCAL_ADDR = ${LOCAL_ADDR}"
19 echo "LOCAL_PORT = ${LOCAL_PORT}"
20 echo "REMOTE_ADDR = ${REMOTE_ADDR}"
21 echo "REMOTE_PORT = ${REMOTE_PORT}"
22 echo "DEFAULT_GW = ${DEFAULT_GW}"
23 echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
24 echo "INTERNAL_NETMASK4 = ${INTERNAL_NETMASK4}"
25 echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
27 echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
28 echo ${INTERNAL_NETMASK4} | grep '[0-9]' > /dev/null || exit 0
29 echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
31 mv /etc/resolv.conf /etc/resolv.conf.bak
32 ( umask 22; touch /etc/resolv.conf )
33 echo "# Generated by racoon on `date`" >> /etc/resolv.conf
34 echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
36 case `uname -s` in
37 NetBSD)
38 if=`netstat -finet -rn|awk '($1 == "default"){print $7; exit}'`
39 ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4}
40 route delete default
41 route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
42 route add ${REMOTE_ADDR} ${DEFAULT_GW}
44 Linux)
45 if=`netstat --inet -rn|awk '($1 == "0.0.0.0"){print $8; exit}'`
46 ifconfig ${if}:1 ${INTERNAL_ADDR4}
47 route delete default
48 route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
49 route add default gw ${DEFAULT_GW} dev ${if}:1
51 esac
53 LOCAL="${LOCAL_ADDR}"
54 REMOTE="${REMOTE_ADDR}"
55 if [ "x${LOCAL_PORT}" != "x500" ]; then
56 # NAT-T setup
57 LOCAL="${LOCAL}[${LOCAL_PORT}]"
58 REMOTE="${REMOTE}[${REMOTE_PORT}]"
62 echo "
63 spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
64 -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
65 spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
66 -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
67 " | setkey -c
70 # XXX This is a workaround for Linux forward policies problem.
71 # Someone familiar with forward policies please fix this properly.
73 case `uname -s` in
74 Linux)
75 echo "
76 spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
77 -P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
78 " | setkey -c
80 esac