crypto/dist/ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-up.sh

   1 #!/bin/sh
   2
   3 #
   4 # sa-up.sh local configuration for a new SA
   5 #
   6 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
   7
   8 case `uname -s` in
   9 NetBSD)
  10         DEFAULT_GW=`netstat -finet -rn | awk '($1 == "default"){print $2; exit}'`
  11         ;;
  12 Linux)
  13         DEFAULT_GW=`netstat --inet -rn | awk '($1 == "0.0.0.0"){print $2; exit}'`
  14         ;;
  15 esac
  16
  17 echo $@
  18 echo "LOCAL_ADDR = ${LOCAL_ADDR}"
  19 echo "LOCAL_PORT = ${LOCAL_PORT}"
  20 echo "REMOTE_ADDR = ${REMOTE_ADDR}"
  21 echo "REMOTE_PORT = ${REMOTE_PORT}"
  22 echo "DEFAULT_GW = ${DEFAULT_GW}"
  23 echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
  24 echo "INTERNAL_NETMASK4 = ${INTERNAL_NETMASK4}"
  25 echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
  26
  27 echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
  28 echo ${INTERNAL_NETMASK4} | grep '[0-9]' > /dev/null || exit 0
  29 echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
  30
  31 mv /etc/resolv.conf /etc/resolv.conf.bak
  32 ( umask 22; touch /etc/resolv.conf )
  33 echo "# Generated by racoon on `date`" >> /etc/resolv.conf
  34 echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
  35
  36 case `uname -s` in
  37 NetBSD)
  38         if=`netstat -finet -rn|awk '($1 == "default"){print $7; exit}'`
  39         ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4}
  40         route delete default
  41         route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
  42         route add ${REMOTE_ADDR} ${DEFAULT_GW}
  43         ;;
  44 Linux)
  45         if=`netstat --inet -rn|awk '($1 == "0.0.0.0"){print $8; exit}'`
  46         ifconfig ${if}:1 ${INTERNAL_ADDR4}
  47         route delete default
  48         route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
  49         route add default gw ${DEFAULT_GW} dev ${if}:1
  50         ;;
  51 esac
  52
  53 LOCAL="${LOCAL_ADDR}"
  54 REMOTE="${REMOTE_ADDR}"
  55 if [ "x${LOCAL_PORT}" != "x500" ]; then
  56         # NAT-T setup
  57         LOCAL="${LOCAL}[${LOCAL_PORT}]"
  58         REMOTE="${REMOTE}[${REMOTE_PORT}]"
  59 fi
  60
  61
  62 echo "
  63 spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
  64        -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
  65 spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
  66        -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
  67 " | setkey -c
  68
  69 #
  70 # XXX This is a workaround for Linux forward policies problem.
  71 # Someone familiar with forward policies please fix this properly.
  72 #
  73 case `uname -s` in
  74 Linux)
  75         echo "
  76         spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
  77                 -P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
  78         " | setkey -c
  79         ;;
  80 esac