diff options
Diffstat (limited to 'ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-down.sh')
| -rwxr-xr-x | ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-down.sh | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-down.sh b/ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-down.sh new file mode 100755 index 00000000..92f2ba80 --- /dev/null +++ b/ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-down.sh @@ -0,0 +1,78 @@ +#!/bin/sh + +# +# sa-down.sh local configuration for a new SA +# + +PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin + +case `uname -s` in +NetBSD) + DEFAULT_GW=`netstat -finet -rn | awk '($1 == "default"){print $2; exit}'` + ;; +Linux) + DEFAULT_GW=`netstat --inet -rn | awk '($1 == "0.0.0.0"){print $2; exit}'` + ;; +esac + +echo $@ +echo "LOCAL_ADDR = ${LOCAL_ADDR}" +echo "LOCAL_PORT = ${LOCAL_PORT}" +echo "REMOTE_ADDR = ${REMOTE_ADDR}" +echo "REMOTE_PORT = ${REMOTE_PORT}" +echo "DEFAULT_GW = ${DEFAULT_GW}" +echo "INTERNAL_NETMASK4 = ${INTERNAL_NETMASK4}" +echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}" +echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}" + +echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0 +echo ${INTERNAL_NETMASK4} | grep '[0-9]' > /dev/null || exit 0 +echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0 + +if [ -f /etc/resolv.conf.bak ]; then + rm -f /etc/resolv.conf + mv /etc/resolv.conf.bak /etc/resolv.conf +fi + +case `uname -s` in +NetBSD) + if=`netstat -finet -rn|awk '($1 == "default"){print $7; exit}'` + route delete default + route delete ${REMOTE_ADDR} + ifconfig ${if} delete ${INTERNAL_ADDR4} + route add default ${DEFAULT_GW} -ifa ${LOCAL_ADDR} + ;; +Linux) + if=`netstat --inet -rn|awk '($1 == "0.0.0.0"){print $8; exit}'` + route delete default + route delete ${REMOTE_ADDR} + ifconfig ${if}:1 del ${INTERNAL_ADDR4} + route add default gw ${DEFAULT_GW} + + # + # XXX This is a workaround because Linux seems to ignore + # the deleteall commands below. This is bad because it flushes + # any SAD instead of flushing what needs to be flushed. + # Someone using Linux please fix it + # + setkey -F + ;; +esac + +LOCAL="${LOCAL_ADDR}" +REMOTE="${REMOTE_ADDR}" +if [ "x${LOCAL_PORT}" != "x500" ]; then + # NAT-T setup + LOCAL="${LOCAL}[${LOCAL_PORT}]" + REMOTE="${REMOTE}[${REMOTE_PORT}]" +fi + +echo " +deleteall ${REMOTE_ADDR} ${LOCAL_ADDR} esp; +deleteall ${LOCAL_ADDR} ${REMOTE_ADDR} esp; +spddelete ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any + -P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require; +spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any + -P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require; +" | setkey -c + |