summaryrefslogtreecommitdiffstats
path: root/ipsec-tools/src/racoon/samples/roadwarrior/client/phase1-down.sh
blob: 92f2ba8014d40ea3bf931654671e978fa621c3a4 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

#!/bin/sh

#
# sa-down.sh local configuration for a new SA
#

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

case `uname -s` in
NetBSD)
	DEFAULT_GW=`netstat -finet -rn | awk '($1 == "default"){print $2; exit}'`
	;;
Linux)
	DEFAULT_GW=`netstat --inet -rn | awk '($1 == "0.0.0.0"){print $2; exit}'`
	;;
esac

echo $@
echo "LOCAL_ADDR = ${LOCAL_ADDR}"
echo "LOCAL_PORT = ${LOCAL_PORT}"
echo "REMOTE_ADDR = ${REMOTE_ADDR}"
echo "REMOTE_PORT = ${REMOTE_PORT}"
echo "DEFAULT_GW = ${DEFAULT_GW}"
echo "INTERNAL_NETMASK4 = ${INTERNAL_NETMASK4}"
echo "INTERNAL_ADDR4 = ${INTERNAL_ADDR4}"
echo "INTERNAL_DNS4 = ${INTERNAL_DNS4}"

echo ${INTERNAL_ADDR4} | grep '[0-9]' > /dev/null || exit 0
echo ${INTERNAL_NETMASK4} | grep '[0-9]' > /dev/null || exit 0
echo ${DEFAULT_GW} | grep '[0-9]' > /dev/null || exit 0

if [ -f /etc/resolv.conf.bak ]; then
	rm -f /etc/resolv.conf
	mv /etc/resolv.conf.bak /etc/resolv.conf
fi

case `uname -s` in
NetBSD)
	if=`netstat -finet -rn|awk '($1 == "default"){print $7; exit}'`
	route delete default
	route delete ${REMOTE_ADDR}
	ifconfig ${if} delete ${INTERNAL_ADDR4}
	route add default ${DEFAULT_GW} -ifa ${LOCAL_ADDR}
	;;
Linux)
	if=`netstat --inet -rn|awk '($1 == "0.0.0.0"){print $8; exit}'`
	route delete default
	route delete ${REMOTE_ADDR}
	ifconfig ${if}:1 del ${INTERNAL_ADDR4}
	route add default gw ${DEFAULT_GW}

	#
	# XXX This is a workaround because Linux seems to ignore
	# the deleteall commands below. This is bad because it flushes
	# any SAD instead of flushing what needs to be flushed.
	# Someone using Linux please fix it
	#
	setkey -F
	;;
esac

LOCAL="${LOCAL_ADDR}"
REMOTE="${REMOTE_ADDR}"
if [ "x${LOCAL_PORT}" != "x500" ]; then
	# NAT-T setup
	LOCAL="${LOCAL}[${LOCAL_PORT}]"
	REMOTE="${REMOTE}[${REMOTE_PORT}]"
fi

echo "
deleteall ${REMOTE_ADDR} ${LOCAL_ADDR} esp;
deleteall ${LOCAL_ADDR} ${REMOTE_ADDR} esp; 
spddelete ${INTERNAL_ADDR4}/32[any] 0.0.0.0/0[any] any
	-P out ipsec esp/tunnel/${LOCAL}-${REMOTE}/require;
spddelete 0.0.0.0/0[any] ${INTERNAL_ADDR4}[any] any
	-P in ipsec esp/tunnel/${REMOTE}-${LOCAL}/require;
" | setkey -c
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-03 19:19:56 +0000