Home | History | Annotate | Download | only in client 
      1 #!/bin/sh
      2 
      3 #
      4 # sa-up.sh local configuration for a new SA
      5 #
      6 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
      7 
      8 case `uname -s` in
      9 NetBSD)
     10 	DEFAULT_GW=`netstat -finet -rn | awk '($1 == "default"){print $2; exit}'`
     11 	;;
     12 Linux)
     13 	DEFAULT_GW=`netstat --inet -rn | awk '($1 == "0.0.0.0"){print $2; exit}'`
     14 	;;
     15 esac
     16 
     17 echo $@
     18 echo "LOCAL_ADDR = ${LOCAL_ADDR}"
     19 echo "LOCAL_PORT = ${LOCAL_PORT}"
     20 echo "REMOTE_ADDR = ${REMOTE_ADDR}"
     21 echo "REMOTE_PORT = ${REMOTE_PORT}"
     22 echo "DEFAULT_GW = ${DEFAULT_GW}"
     23 echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
     24 echo "INTERNAL_NETMASK4 = ${INTERNAL_NETMASK4}"
     25 echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
     26 
     27 echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
     28 echo ${INTERNAL_NETMASK4} | grep '[0-9]' > /dev/null || exit 0
     29 echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
     30 
     31 mv /etc/resolv.conf /etc/resolv.conf.bak
     32 ( umask 22; touch /etc/resolv.conf )
     33 echo "# Generated by racoon on `date`" >> /etc/resolv.conf
     34 echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
     35 
     36 case `uname -s` in
     37 NetBSD)
     38 	if=`netstat -finet -rn|awk '($1 == "default"){print $7; exit}'`
     39 	ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4}
     40 	route delete default
     41 	route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
     42 	route add ${REMOTE_ADDR} ${DEFAULT_GW}
     43 	;;
     44 Linux)
     45 	if=`netstat --inet -rn|awk '($1 == "0.0.0.0"){print $8; exit}'`
     46 	ifconfig ${if}:1 ${INTERNAL_ADDR4}      
     47 	route delete default
     48 	route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
     49 	route add default gw ${DEFAULT_GW} dev ${if}:1
     50 	;;
     51 esac
     52 
     53 LOCAL="${LOCAL_ADDR}"
     54 REMOTE="${REMOTE_ADDR}"
     55 if [ "x${LOCAL_PORT}" != "x500" ]; then
     56 	# NAT-T setup
     57 	LOCAL="${LOCAL}[${LOCAL_PORT}]"
     58 	REMOTE="${REMOTE}[${REMOTE_PORT}]"
     59 fi
     60 
     61 
     62 echo "
     63 spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
     64        -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
     65 spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
     66        -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
     67 " | setkey -c
     68 
     69 #
     70 # XXX This is a workaround for Linux forward policies problem. 
     71 # Someone familiar with forward policies please fix this properly.
     72 #
     73 case `uname -s` in
     74 Linux)
     75 	echo "
     76 	spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
     77 		-P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
     78 	" | setkey -c
     79 	;;
     80 esac
     81