From 5c546c016732370d99adff1565b7dc7d002fd056 Mon Sep 17 00:00:00 2001
From: Bill Nottingham <notting@redhat.com>
Date: Tue, 1 Jul 2003 20:38:04 +0000
Subject: allow different in/out encryption protocols, too

---
 sysconfig/network-scripts/ifup-ipsec | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'sysconfig/network-scripts')

diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec
index 8a311afe..4cdade86 100755
--- a/sysconfig/network-scripts/ifup-ipsec
+++ b/sysconfig/network-scripts/ifup-ipsec
@@ -82,12 +82,12 @@ spddelete $SRC $DST any -P out;
 spddelete $DST $SRC any -P in;
 
 # ESP
-${KEY_ESP_IN:+add $DST $SRC esp $SPI3 -E $ESP_PROTO $KEY_ESP_IN;}
-${KEY_ESP_OUT:+add $SRC $DST esp $SPI4 -E $ESP_PROTO $KEY_ESP_OUT;}
+${KEY_ESP_IN:+add $DST $SRC esp $SPI3 -E ${ESP_PROTO_IN:-$ESP_PROTO} $KEY_ESP_IN;}
+${KEY_ESP_OUT:+add $SRC $DST esp $SPI4 -E ${ESP_PROTO_OUT:-$ESP_PROTO} $KEY_ESP_OUT;}
 
 # AH
-${KEY_AH_IN:+add $DST $SRC ah $SPI1 -A $AH_PROTO $KEY_AH_IN;}
-${KEY_AH_OUT:+add $SRC $DST ah $SPI2 -A $AH_PROTO $KEY_AH_OUT;}
+${KEY_AH_IN:+add $DST $SRC ah $SPI1 -A ${AH_PROTO_IN:-$AH_PROTO} $KEY_AH_IN;}
+${KEY_AH_OUT:+add $SRC $DST ah $SPI2 -A ${AH_PROTO_OUT:-$AH_PROTO} $KEY_AH_OUT;}
 
 spdadd $SRC $DST any -P out ipsec
             ${KEY_ESP_OUT:+esp/transport//require}
@@ -112,12 +112,12 @@ spddelete $SRCNET $DSTNET any -P out;
 spddelete $DSTNET $SRCNET any -P in;
 
 # ESP
-${KEY_ESP_IN:+add $DST $SRC esp $SPI3 -m tunnel -E $ESP_PROTO $KEY_ESP_IN;}
-${KEY_ESP_OUT:+add $SRC $DST esp $SPI4 -m tunnel -E $ESP_PROTO $KEY_ESP_OUT;}
+${KEY_ESP_IN:+add $DST $SRC esp $SPI3 -m tunnel -E ${ESP_PROTO_IN:-$ESP_PROTO} $KEY_ESP_IN;}
+${KEY_ESP_OUT:+add $SRC $DST esp $SPI4 -m tunnel -E ${ESP_PROTO_OUT:-$ESP_PROTO} $KEY_ESP_OUT;}
 
 # AH
-${KEY_AH_IN:+add $DST $SRC ah $SPI1 -m tunnel -A $AH_PROTO $KEY_AH_IN;}
-${KEY_AH_OUT:+add $SRC $DST ah $SPI2 -m tunnel -A $AH_PROTO $KEY_AH_OUT;}
+${KEY_AH_IN:+add $DST $SRC ah $SPI1 -m tunnel -A ${AH_PROTO_IN:-$AH_PROTO} $KEY_AH_IN;}
+${KEY_AH_OUT:+add $SRC $DST ah $SPI2 -m tunnel -A ${AH_PROTO_OUT:-$AH_PROTO} $KEY_AH_OUT;}
 
 spdadd $SRCNET $DSTNET any -P out ipsec
             ${KEY_ESP_OUT:+esp/tunnel/$SRC-$DEST/require}
-- 
cgit v1.2.1