4 # sa-up.sh local configuration for a new SA
6 PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
10 DEFAULT_GW=`netstat -rn | awk '($1 == "default"){print $2}'`
13 DEFAULT_GW=`netstat -rn | awk '($1 == "0.0.0.0"){print $2}'`
18 echo "LOCAL_ADDR = ${LOCAL_ADDR}"
19 echo "REMOTE_ADDR = ${REMOTE_ADDR}"
20 echo "DEFAULT_GW = ${DEFAULT_GW}"
21 echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
22 echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"
24 echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
25 echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0
27 test -f /etc/resolv.conf.bak || cp /etc/resolv.conf /etc/resolv.conf.bak
28 echo "# Generated by racoon on `date`" > /etc/resolv.conf
29 echo "nameserver ${INTERNAL_DNS4}" >> /etc/resolv.conf
33 if=`netstat -rn|awk '($1 == "default"){print $7}'`
34 ifconfig ${if} alias ${INTERNAL_ADDR4}
36 route add default ${DEFAULT_GW} -ifa ${INTERNAL_ADDR4}
39 if=`netstat -rn|awk '($1 == "0.0.0.0"){print $8}'`
40 ifconfig ${if}:1 ${INTERNAL_ADDR4}
42 route add ${REMOTE_ADDR} gw ${DEFAULT_GW} dev ${if}
43 route add default gw ${DEFAULT_GW} dev ${if}:1
48 spdadd ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
49 -P out ipsec esp/tunnel/${LOCAL_ADDR}-${REMOTE_ADDR}/require;
50 spdadd 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
51 -P in ipsec esp/tunnel/${REMOTE_ADDR}-${LOCAL_ADDR}/require;
55 # XXX This is a workaround for Linux forward policies problem.
56 # Someone familiar with forward policies please fix this properly.
61 spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
62 -P fwd ipsec esp/tunnel/${REMOTE_ADDR}-${LOCAL_ADDR}/require;