Home | History | Annotate | Download | only in client 
      1 #!/bin/sh
      2 
      3 #
      4 # sa-up.sh local configuration for a new SA
      5 #
      6 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
      7 
      8 case `uname -s` in
      9 NetBSD)
     10 	DEFAULT_GW=`netstat -rn | awk '($1 == "default"){print $2}'`
     11 	;;
     12 Linux)
     13 	DEFAULT_GW=`netstat -rn | awk '($1 == "0.0.0.0"){print $2}'`
     14 	;;
     15 esac
     16 
     17 echo $@
     18 echo "LOCAL_ADDR = ${LOCAL_ADDR}"
     19 echo "LOCAL_PORT = ${LOCAL_PORT}"
     20 echo "REMOTE_ADDR = ${REMOTE_ADDR}"
     21 echo "REMOTE_PORT = ${REMOTE_PORT}"
     22 echo "DEFAULT_GW = ${DEFAULT_GW}"
     23 echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
     24 echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
     25 
     26 echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
     27 echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
     28 
     29 test -f /etc/resolv.conf.bak || cp /etc/resolv.conf /etc/resolv.conf.bak
     30 echo "# Generated by racoon on `date`" > /etc/resolv.conf
     31 echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
     32 
     33 case `uname -s` in
     34 NetBSD)
     35 	if=`netstat -rn|awk '($1 == "default"){print $7}'`
     36 	ifconfig ${if} alias ${INTERNAL_ADDR4} netmask ${INTERNAL_NETMASK4}
     37 	route delete default
     38 	route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
     39 	route add ${REMOTE_ADDR} ${DEFAULT_GW}
     40 	;;
     41 Linux)
     42 	if=`netstat -rn|awk '($1 == "0.0.0.0"){print $8}'`
     43 	ifconfig ${if}:1 ${INTERNAL_ADDR4}      
     44 	route delete default
     45 	route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
     46 	route add default gw ${DEFAULT_GW} dev ${if}:1
     47 	;;
     48 esac
     49 
     50 # Use this for a NAT-T setup
     51 LOCAL="${LOCAL_ADDR}[${LOCAL_PORT}]"
     52 REMOTE="${REMOTE_ADDR}[${REMOTE_PORT}]"
     53 
     54 # Use this for a non NAT-T setup
     55 #LOCAL="${LOCAL_ADDR}"
     56 #REMOTE="${REMOTE_ADDR}"
     57 
     58 
     59 echo "
     60 spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
     61        -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
     62 spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
     63        -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
     64 " | setkey -c
     65 
     66 #
     67 # XXX This is a workaround for Linux forward policies problem. 
     68 # Someone familiar with forward policies please fix this properly.
     69 #
     70 case `uname -s` in
     71 Linux)
     72 	echo "
     73 	spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
     74 		-P fwd ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
     75 	" | setkey -c
     76 	;;
     77 esac
     78