diff options
| author | Miloslav Trmac <mitr@volny.cz> | 2006-07-09 00:06:38 +0000 |
|---|---|---|
| committer | Miloslav Trmac <mitr@volny.cz> | 2006-07-09 00:06:38 +0000 |
| commit | 775f15b4e6a7cc0612cb3b9c8900c20909dcdd6a (patch) | |
| tree | cd8848c115d927cb20dc89568e1b69185af06ce0 /sysconfig | |
| parent | 2f1ee09e22df968185dc56b674f8a1e30240b248 (diff) | |
| download | initscripts-775f15b4e6a7cc0612cb3b9c8900c20909dcdd6a.tar initscripts-775f15b4e6a7cc0612cb3b9c8900c20909dcdd6a.tar.gz initscripts-775f15b4e6a7cc0612cb3b9c8900c20909dcdd6a.tar.bz2 initscripts-775f15b4e6a7cc0612cb3b9c8900c20909dcdd6a.tar.xz initscripts-775f15b4e6a7cc0612cb3b9c8900c20909dcdd6a.zip | |
- Add ESP authentication support (last part of #168972, based on a patch by
Aleksandar Milivojevic <alex@milivojevic.org>)
- Beautify up handle_keys() a bit.
Diffstat (limited to 'sysconfig')
| -rwxr-xr-x | sysconfig/network-scripts/ifup-ipsec | 54 |
1 files changed, 28 insertions, 26 deletions
diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec index a2901218..ab10237c 100755 --- a/sysconfig/network-scripts/ifup-ipsec +++ b/sysconfig/network-scripts/ifup-ipsec @@ -5,30 +5,25 @@ # Brings up ipsec interfaces handle_keys() { - if [ -z "$KEY_AH_IN" -a -n "$KEY_AH" ]; then - KEY_AH_IN=$KEY_AH - fi - - if [ -z "$KEY_AH_OUT" -a -n "$KEY_AH" ]; then - KEY_AH_OUT=$KEY_AH - fi - - if [ -z "$KEY_ESP_IN" -a -n "$KEY_ESP" ]; then - KEY_ESP_IN=$KEY_ESP - fi - - if [ -z "$KEY_ESP_OUT" -a -n "$KEY_ESP" ]; then - KEY_ESP_OUT=$KEY_ESP - fi - - [ -n "$KEY_AH_IN" -a "$KEY_AH_IN" = "${KEY_AH_IN##0x}" ] \ - && KEY_AH_IN=\"$KEY_AH_IN\" - [ -n "$KEY_AH_OUT" -a "$KEY_AH_OUT" = "${KEY_AH_OUT##0x}" ] \ - && KEY_AH_OUT=\"$KEY_AH_OUT\" - [ -n "$KEY_ESP_IN" -a "$KEY_ESP_IN" = "${KEY_ESP_IN##0x}" ] \ - && KEY_ESP_IN=\"$KEY_ESP_IN\" - [ -n "$KEY_ESP_OUT" -a "$KEY_ESP_OUT" = "${KEY_ESP_OUT##0x}" ] \ - && KEY_ESP_OUT=\"$KEY_ESP_OUT\" + [ -z "$KEY_AH_IN" -a -n "$KEY_AH" ] && KEY_AH_IN=$KEY_AH + [ -z "$KEY_AH_OUT" -a -n "$KEY_AH" ] && KEY_AH_OUT=$KEY_AH + [ -z "$KEY_ESP_IN" -a -n "$KEY_ESP" ] && KEY_ESP_IN=$KEY_ESP + [ -z "$KEY_ESP_OUT" -a -n "$KEY_ESP" ] && KEY_ESP_OUT=$KEY_ESP + [ -z "$KEY_AESP_IN" -a -n "$KEY_AESP" ] && KEY_AESP_IN=$KEY_AESP + [ -z "$KEY_AESP_OUT" -a -n "$KEY_AESP" ] && KEY_AESP_OUT=$KEY_AESP + + [ -n "$KEY_AH_IN" -a "$KEY_AH_IN" = "${KEY_AH_IN##0x}" ] \ + && KEY_AH_IN=\"$KEY_AH_IN\" + [ -n "$KEY_AH_OUT" -a "$KEY_AH_OUT" = "${KEY_AH_OUT##0x}" ] \ + && KEY_AH_OUT=\"$KEY_AH_OUT\" + [ -n "$KEY_ESP_IN" -a "$KEY_ESP_IN" = "${KEY_ESP_IN##0x}" ] \ + && KEY_ESP_IN=\"$KEY_ESP_IN\" + [ -n "$KEY_ESP_OUT" -a "$KEY_ESP_OUT" = "${KEY_ESP_OUT##0x}" ] \ + && KEY_ESP_OUT=\"$KEY_ESP_OUT\" + [ -n "$KEY_AESP_IN" -a "$KEY_AESP_IN" = "${KEY_AESP_IN##0x}" ] \ + && KEY_AESP_IN=\"$KEY_AESP_IN\" + [ -n "$KEY_AESP_OUT" -a "$KEY_AESP_OUT" = "${KEY_AESP_OUT##0x}" ] \ + && KEY_AESP_OUT=\"$KEY_AESP_OUT\" } . /etc/init.d/functions @@ -100,6 +95,7 @@ unset SPD_AH_IN SPD_AH_OUT SPD_ESP_IN SPD_ESP_OUT if [ "$KEYING" = "manual" ]; then [ -z "$AH_PROTO" ] && AH_PROTO=hmac-sha1 [ -z "$ESP_PROTO" ] && ESP_PROTO=3des-cbc + [ -z "$AESP_PROTO" ] && AESP_PROTO=hmac-sha1 [ -n "$KEY_AH_IN" ] && SPD_AH_IN=yes [ -n "$KEY_AH_OUT" ] && SPD_AH_OUT=yes @@ -135,8 +131,14 @@ ${EXCLUDE_SRCNET:+spddelete $SPD_SRC $SPD_SRC any -P out;} ${EXCLUDE_SRCNET:+spddelete $SPD_SRC $SPD_SRC any -P in;} # ESP -${KEY_ESP_IN:+add $DST $SRC esp $SPI_ESP_IN ${TUNNEL_MODE:+-m tunnel} -E ${ESP_PROTO_IN:-$ESP_PROTO} $KEY_ESP_IN;} -${KEY_ESP_OUT:+add $SRC $DST esp $SPI_ESP_OUT ${TUNNEL_MODE:+-m tunnel} -E ${ESP_PROTO_OUT:-$ESP_PROTO} $KEY_ESP_OUT;} +${KEY_ESP_IN:+add $DST $SRC esp $SPI_ESP_IN ${TUNNEL_MODE:+-m tunnel} \ +-E ${ESP_PROTO_IN:-$ESP_PROTO} $KEY_ESP_IN \ +${KEY_AESP_IN:+-A ${AESP_PROTO_IN:-$AESP_PROTO} $KEY_AESP_IN} +;} +${KEY_ESP_OUT:+add $SRC $DST esp $SPI_ESP_OUT ${TUNNEL_MODE:+-m tunnel} \ +-E ${ESP_PROTO_OUT:-$ESP_PROTO} $KEY_ESP_OUT \ +${KEY_AESP_OUT:+-A ${AESP_PROTO_OUT:-$AESP_PROTO} $KEY_AESP_OUT} +;} # AH ${KEY_AH_IN:+add $DST $SRC ah $SPI_AH_IN ${TUNNEL_MODE:+-m tunnel} -A ${AH_PROTO_IN:-$AH_PROTO} $KEY_AH_IN;} |