diff options
author | Bill Nottingham <notting@redhat.com> | 2003-09-11 16:09:48 +0000 |
---|---|---|
committer | Bill Nottingham <notting@redhat.com> | 2003-09-11 16:09:48 +0000 |
commit | d187d779cfae24833dc5b62b5b7d8dc68d23082b (patch) | |
tree | 91426732dd8923b4678b85bf25882baf54f6293d | |
parent | aeb9c7a09fbfa009b4b490af6f146f813d6e1eea (diff) | |
download | initscripts-d187d779cfae24833dc5b62b5b7d8dc68d23082b.tar initscripts-d187d779cfae24833dc5b62b5b7d8dc68d23082b.tar.gz initscripts-d187d779cfae24833dc5b62b5b7d8dc68d23082b.tar.bz2 initscripts-d187d779cfae24833dc5b62b5b7d8dc68d23082b.tar.xz initscripts-d187d779cfae24833dc5b62b5b7d8dc68d23082b.zip |
more ipsec fixes (#104227, <harald@redhat.com>)r7-31-2-EL
-rwxr-xr-x | sysconfig/network-scripts/ifdown-ipsec | 17 | ||||
-rwxr-xr-x | sysconfig/network-scripts/ifup-ipsec | 8 |
2 files changed, 18 insertions, 7 deletions
diff --git a/sysconfig/network-scripts/ifdown-ipsec b/sysconfig/network-scripts/ifdown-ipsec index 60480cdb..37e5f76f 100755 --- a/sysconfig/network-scripts/ifdown-ipsec +++ b/sysconfig/network-scripts/ifdown-ipsec @@ -47,10 +47,21 @@ delete $DST $SRC esp $SPI_ESP_IN; EOF fi -setkey -c << EOF -spddelete $SRC $DST any -P out; -spddelete $DST $SRC any -P in; +if [ "$MODE" = "host" ]; then + setkey -c << EOF + spddelete $SRC $DST any -P out; + spddelete $DST $SRC any -P in; EOF +else + [ -z "$SRCNET" ] && SRCNET="$SRC/32" + [ -z "$DSTNET" ] && DSTNET="$DST/32" + + /sbin/setkey -c >/dev/null 2>&1 << EOF + spddelete $SRCNET $DSTNET any -P out; + spddelete $DSTNET $SRCNET any -P in; +EOF +fi + if [ "$KEYING" = "automatic" ]; then racoontmp=`mktemp /etc/racoon/racoon.XXXXXX` diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec index 5de55bc8..3ea68768 100755 --- a/sysconfig/network-scripts/ifup-ipsec +++ b/sysconfig/network-scripts/ifup-ipsec @@ -134,8 +134,8 @@ spdadd $DST $SRC any -P in ipsec ; EOF else - [ -n "$SRCNET" ] && SRCNET="$SRC/32" - [ -n "$DSTNET" ] && DSTNET="$DST/32" + [ -z "$SRCNET" ] && SRCNET="$SRC/32" + [ -z "$DSTNET" ] && DSTNET="$DST/32" /sbin/setkey -c >/dev/null 2>&1 << EOF delete $SRC $DST ah $SPI_AH_OUT; @@ -186,8 +186,8 @@ spdadd $DST $SRC any -P in ipsec ; EOF else - [ -n "$SRCNET" ] && SRCNET="$SRC/32" - [ -n "$DSTNET" ] && DSTNET="$DST/32" + [ -z "$SRCNET" ] && SRCNET="$SRC/32" + [ -z "$DSTNET" ] && DSTNET="$DST/32" /sbin/setkey -c >/dev/null 2>&1 << EOF spddelete $SRCNET $DSTNET any -P out; |