diff options
Diffstat (limited to 'keyexchange/isakmpd-20041012/samples/singlehost-setup.sh')
| -rw-r--r-- | keyexchange/isakmpd-20041012/samples/singlehost-setup.sh | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/keyexchange/isakmpd-20041012/samples/singlehost-setup.sh b/keyexchange/isakmpd-20041012/samples/singlehost-setup.sh new file mode 100644 index 0000000..818ce2d --- /dev/null +++ b/keyexchange/isakmpd-20041012/samples/singlehost-setup.sh @@ -0,0 +1,84 @@ +#!/bin/sh +# $OpenBSD: singlehost-setup.sh,v 1.5 2003/08/18 09:41:40 markus Exp $ +# $EOM: singlehost-setup.sh,v 1.3 2000/11/23 12:24:43 niklas Exp $ + +# A script to test single-host VPNs + +# For the 'pf' variable +. /etc/rc.conf + +# Default paths +PFCTL=/sbin/pfctl +ISAKMPD=/sbin/isakmpd + +do_routes() +{ + /sbin/route $1 -net 192.168.11.0/24 192.168.11.1 -iface >/dev/null + /sbin/route $1 -net 192.168.12.0/24 192.168.12.1 -iface >/dev/null + /sbin/route $1 -net 10.1.0.0/16 10.1.0.11 -iface >/dev/null +} + +# Called on script exit +cleanup () { + if [ "x${pf}" = "xYES" -a -f ${pf_rules} ]; then + ${PFCTL} -R -f ${pf_rules} + else + ${PFCTL} -qd + fi + + USER=`id -p | grep ^login | cut -f2` + chown $USER singlehost-east.conf singlehost-west.conf policy + chmod 644 singlehost-east.conf singlehost-west.conf policy + + [ -p east.fifo ] && echo "Q" >> east.fifo + [ -p west.fifo ] && echo "Q" >> west.fifo + rm -f east.fifo west.fifo + + do_routes delete +} + +# Start by initializing interfaces +/sbin/ifconfig lo2 192.168.11.1 netmask 0xffffff00 up +/sbin/ifconfig lo3 192.168.12.1 netmask 0xffffff00 up +/sbin/ifconfig lo4 10.1.0.11 netmask 0xffff0000 up +/sbin/ifconfig lo5 10.1.0.12 netmask 0xffff0000 up +# ... and by adding the required routes +do_routes add + +# Add rules +( + cat <<EOF +pass out quick on lo2 proto 50 all +pass out quick on lo2 from 192.168.11.0/24 to any +pass out quick on lo3 proto 50 all +pass out quick on lo3 from 192.168.12.0/24 to any +block out on lo2 all +block out on lo3 all +EOF + if [ "x${pf}" = "xYES" -a -f ${pf_rules} ]; then + cat ${pf_rules} | egrep -v '^(scrub|rdr|binat|nat)' + else + pfctl -qe >/dev/null + fi +) | pfctl -R -f - + +trap cleanup 1 2 3 15 + +# The configuration files needs proper owners and modes +USER=`id -p | grep ^uid | cut -f2` +chown $USER singlehost-east.conf singlehost-west.conf policy +chmod 600 singlehost-east.conf singlehost-west.conf policy + +# Start the daemons +rm -f east.fifo west.fifo +${ISAKMPD} -c singlehost-east.conf -f east.fifo "$@" +${ISAKMPD} -c singlehost-west.conf -f west.fifo "$@" + +# Give them some time to negotiate their stuff... +SECS=3 +echo "Waiting $SECS seconds..." +sleep $SECS +echo "Running 'ping', using the tunnel..." +ping -I 192.168.11.1 -c 5 192.168.12.1 + +cleanup |