1#!/bin/sh 2 3################################################################################ 4## ## 5## Copyright (c) International Business Machines Corp., 2005 ## 6## ## 7## This program is free software; you can redistribute it and#or modify ## 8## it under the terms of the GNU General Public License as published by ## 9## the Free Software Foundation; either version 2 of the License, or ## 10## (at your option) any later version. ## 11## ## 12## This program is distributed in the hope that it will be useful, but ## 13## WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY ## 14## or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ## 15## for more details. ## 16## ## 17## You should have received a copy of the GNU General Public License ## 18## along with this program; if not, write to the Free Software ## 19## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ## 20## ## 21## ## 22################################################################################ 23# 24# File: 25# output_ipsec_conf 26# 27# Description: 28# Output IPsec configuration 29# 30# Author: 31# Mitsuru Chinen <mitch@jp.ibm.com> 32# 33# Exit Value: 34# 0: Exit normally 35# >0: Exit abnormally 36# 37# History: 38# Oct 19 2005 - Created (Mitsuru Chinen) 39# 40#----------------------------------------------------------------------- 41#Uncomment line below for debug output. 42$trace_logic 43 44# Encryption algorithm 45EALGO="3des-cbc" 46EALGO_KEY="_I_want_to_have_chicken_" 47 48# Authentication algorithm 49AALGO="hmac-sha1" 50AALGO_KEY="beef_fish_pork_salad" 51 52# Compression algorithm 53CALGO="deflate" 54 55 56#----------------------------------------------------------------------- 57# 58# Function: usage 59# 60# Description: 61# Print the usage of this script, then exit 62# 63#----------------------------------------------------------------------- 64usage(){ 65 cat << EOD >&2 66output_ipsec_conf flush 67 Flush the SAD and SPD entries. 68 69output_ipsec_conf target protocol mode first_spi src_addr dst_addr 70 target: target of the configuration file ( src / dst ) 71 protocol: ah / esp / ipcomp 72 mode: transport / tunnel 73 first_spi: the first spi value 74 src_addr: source IP address 75 dst_addr: destination IP address 76EOD 77 78 exit 1 79} 80 81 82 83#----------------------------------------------------------------------- 84# 85# Main 86# 87# 88 89# When argument is `flush', flush the SAD and SPD 90if [ x$1 = x"flush" ]; then 91 echo "spdflush ;" 92 echo "flush ;" 93 exit 0 94fi 95 96# source/destination IP addresses 97if [ $# -ne 6 ]; then 98 usage 99fi 100target=$1 101protocol=$2 102mode=$3 103first_spi=$4 104src_ipaddr=$5 105dst_ipaddr=$6 106 107# Algorithm options for each protocol 108case $protocol in 109 ah) 110 algo_line="-A $AALGO \"$AALGO_KEY\"" 111 ;; 112 esp) 113 algo_line="-E $EALGO \"$EALGO_KEY\" -A $AALGO \"$AALGO_KEY\"" 114 ;; 115 ipcomp) 116 algo_line="-C $CALGO" 117 ;; 118 *) 119 usage 120 ;; 121esac 122 123# Write lines for adding an SAD entry 124cat << EOD 125add $src_ipaddr $dst_ipaddr $protocol $first_spi 126 -m $mode 127 $algo_line ; 128 129add $dst_ipaddr $src_ipaddr $protocol `expr $first_spi + 1` 130 -m $mode 131 $algo_line ; 132 133EOD 134 135# Write lines for adding an SPD entry 136case $target in 137 src) 138 direct1=out 139 direct2=in 140 ;; 141 dst) 142 direct1=in 143 direct2=out 144 ;; 145 *) 146 usage 147 ;; 148esac 149 150case $mode in 151 transport) 152 cat << EOD 153spdadd $src_ipaddr $dst_ipaddr any 154 -P $direct1 ipsec $protocol/transport//use ; 155 156spdadd $dst_ipaddr $src_ipaddr any 157 -P $direct2 ipsec $protocol/transport//use ; 158EOD 159 ;; 160 161 tunnel) 162 cat << EOD 163spdadd $src_ipaddr $dst_ipaddr any 164 -P $direct1 ipsec $protocol/tunnel/${src_ipaddr}-${dst_ipaddr}/use ; 165 166spdadd $dst_ipaddr $src_ipaddr any 167 -P $direct2 ipsec $protocol/tunnel/${dst_ipaddr}-${src_ipaddr}/use ; 168EOD 169 ;; 170esac 171 172exit 0 173