aboutsummaryrefslogtreecommitdiffstats
path: root/sysconfig/network-scripts
diff options
context:
space:
mode:
Diffstat (limited to 'sysconfig/network-scripts')
-rwxr-xr-xsysconfig/network-scripts/ifup-ipsec48
1 files changed, 28 insertions, 20 deletions
diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec
index 0aec13e7..2eb38e60 100755
--- a/sysconfig/network-scripts/ifup-ipsec
+++ b/sysconfig/network-scripts/ifup-ipsec
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/sh -x
#
# ifup-ipsec
#
@@ -38,6 +38,14 @@
# IKE_RSA_KEY = RSA key for RSA IKE
#
+. /etc/init.d/functions
+cd /etc/sysconfig/network-scripts
+. network-functions
+
+CONFIG=$1
+[ -f "${CONFIG}" ] || CONFIG=ifcfg-${1}
+source_config
+
if [ -n "$KEY_AH" -o -n "$KEY_ESP" ]; then
KEYING=manual
fi
@@ -94,7 +102,7 @@ fi
if [ "$KEYING" = "manual" ]; then
# Get source address
- if [ -n "$SRC" ]; then
+ if [ -z "$SRC" ]; then
SRC=`ip -o route get to $DST | sed "s|.*src \([^ ]*\).*|\1|"`
fi
@@ -103,21 +111,21 @@ if [ "$KEYING" = "manual" ]; then
if [ "$MODE" = "host" ]; then
- /sbin/setkey -c << EOF
-deleteall $SRC $DST ah;
-deleteall $DST $SRC ah;
-deleteall $SRC $DST esp;
-deleteall $DST $SRC esp;
+ setkey -c << EOF
+delete $SRC $DST ah $SPI_AH_OUT;
+delete $DST $SRC ah $SPI_AH_IN;
+delete $SRC $DST esp $SPI_ESP_OUT;
+delete $DST $SRC esp $SPI_ESP_IN;
spddelete $SRC $DST any -P out;
spddelete $DST $SRC any -P in;
# ESP
-${KEY_ESP_IN:+add $DST $SRC esp $SPI_ESP_IN -E ${ESP_PROTO_IN:-$ESP_PROTO} $KEY_ESP_IN;}
-${KEY_ESP_OUT:+add $SRC $DST esp $SPI_ESP_OUT -E ${ESP_PROTO_OUT:-$ESP_PROTO} $KEY_ESP_OUT;}
+${KEY_ESP_IN:+add $DST $SRC esp $SPI_ESP_IN -E ${ESP_PROTO_IN:-$ESP_PROTO} $(echo '"')$KEY_ESP_IN$(echo '"');}
+${KEY_ESP_OUT:+add $SRC $DST esp $SPI_ESP_OUT -E ${ESP_PROTO_OUT:-$ESP_PROTO} $(echo '"')$KEY_ESP_OUT$(echo '"');}
# AH
-${KEY_AH_IN:+add $DST $SRC ah $SPI1 -A ${AH_PROTO_IN:-$AH_PROTO} $KEY_AH_IN;}
-${KEY_AH_OUT:+add $SRC $DST ah $SPI_AH_OUT -A ${AH_PROTO_OUT:-$AH_PROTO} $KEY_AH_OUT;}
+${KEY_AH_IN:+add $DST $SRC ah $SPI_AH_IN -A ${AH_PROTO_IN:-$AH_PROTO} $(echo '"')$KEY_AH_IN$(echo '"');}
+${KEY_AH_OUT:+add $SRC $DST ah $SPI_AH_OUT -A ${AH_PROTO_OUT:-$AH_PROTO} $(echo '"')$KEY_AH_OUT$(echo '"');}
spdadd $SRC $DST any -P out ipsec
${KEY_ESP_OUT:+esp/transport//require}
@@ -128,26 +136,26 @@ spdadd $DST $SRC any -P in ipsec
${KEY_ESP_IN:+esp/transport//require}
${KEY_AH_IN:+ah/transport//require}
;
-EOF
+EOF
else
[ -n "$SRCNET" ] && SRCNET="$SRC/32"
[ -n "$DSTNET" ] && DSTNET="$DST/32"
/sbin/setkey -c << EOF
-deleteall $SRC $DST ah;
-deleteall $DST $SRC ah;
-deleteall $SRC $DST esp;
-deleteall $DST $SRC esp;
+delete $SRC $DST ah $SPI_AH_OUT;
+delete $DST $SRC ah $SPI_AH_IN;
+delete $SRC $DST esp $SPI_ESP_OUT;
+delete $DST $SRC esp $SPI_ESP_IN;
spddelete $SRCNET $DSTNET any -P out;
spddelete $DSTNET $SRCNET any -P in;
# ESP
-${KEY_ESP_IN:+add $DST $SRC esp $SPI_ESP_IN -m tunnel -E ${ESP_PROTO_IN:-$ESP_PROTO} $KEY_ESP_IN;}
-${KEY_ESP_OUT:+add $SRC $DST esp $SPI_ESP_OUT -m tunnel -E ${ESP_PROTO_OUT:-$ESP_PROTO} $KEY_ESP_OUT;}
+${KEY_ESP_IN:+add $DST $SRC esp $SPI_ESP_IN -m tunnel -E ${ESP_PROTO_IN:-$ESP_PROTO} $(echo '"')$KEY_ESP_IN$(echo '"');}
+${KEY_ESP_OUT:+add $SRC $DST esp $SPI_ESP_OUT -m tunnel -E ${ESP_PROTO_OUT:-$ESP_PROTO} $(echo '"')$KEY_ESP_OUT$(echo '"');}
# AH
-${KEY_AH_IN:+add $DST $SRC ah $SPI_AH_IN -m tunnel -A ${AH_PROTO_IN:-$AH_PROTO} $KEY_AH_IN;}
-${KEY_AH_OUT:+add $SRC $DST ah $SPI_AH_OUT -m tunnel -A ${AH_PROTO_OUT:-$AH_PROTO} $KEY_AH_OUT;}
+${KEY_AH_IN:+add $DST $SRC ah $SPI_AH_IN -m tunnel -A ${AH_PROTO_IN:-$AH_PROTO} $(echo '"')$KEY_AH_IN$(echo '"');}
+${KEY_AH_OUT:+add $SRC $DST ah $SPI_AH_OUT -m tunnel -A ${AH_PROTO_OUT:-$AH_PROTO} $(echo '"')$KEY_AH_OUT$(echo '"');}
spdadd $SRCNET $DSTNET any -P out ipsec
${KEY_ESP_OUT:+esp/tunnel/$SRC-$DEST/require}