3 # ipsec.func This file contains functions for use by klips/test
7 # Author: Richard Guy Briggs, <rgb@conscoop.ottawa.on.ca>
10 export PATH="/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin"
12 # The following (environment) variables are expected to be set before
13 # calling these functions as apropriate.
42 # Setup module and interface
48 # Attach and configure the interface
49 tncfg attach $ipsecdev $physdev
50 ifconfig $ipsecdev $gw1
53 # Clean up and unload the module
60 # Display configuration from /proc/net/ipsec* filesystem.
63 echo /proc/net/ipsec-spi
64 cat /proc/net/ipsec-spi
66 echo /proc/net/ipsec-route
67 cat /proc/net/ipsec-route
70 # Setup a secure connection
76 spi $gw1 $spi1a esp $xform1a i \
80 route add -host $gw2 dev ipsec0
82 eroute add $gw1 $hmask \
85 spi $gw2 $spi2a esp $xform2a i \
93 eroute del $gw1 $hmask $gw2 $hmask
98 spi $gw1 $spi1a ah $xform1a $ah_key
101 route add -host $gw2 dev ipsec0
103 eroute add $gw1 $hmask \
106 spi $gw2 $spi2a ah $xform2a $ah_key
109 spi $gw1 $spi1a esp $xform1a $iv $esp_key
112 route add -host $gw2 dev ipsec0
114 eroute add $gw1 $hmask \
117 spi $gw2 $spi2a esp $xform2a $iv $esp_key
122 spi $gw1 $spi1b esp $xform1b $iv $esp_key
123 spi $gw1 $spi1c ah $xform1c $ah_key
126 route add -net $net2 dev ipsec0 gw $gw2
129 eroute add $net1 $nmask \
133 spi $gw2 $spi2a $xform2a \
135 spi $gw2 $spi2b esp $xform2b $iv $esp_key
136 spi $gw2 $spi2c ah $xform2c $ah_key
144 spi $gw1 $spi1b esp $xform1b $iv $esp_key
145 spi $gw1 $spi1c ah $xform1c $ah_key
148 route add -host $gw2 dev ipsec0 gw $gw2a
151 eroute add $net1 $nmask \
155 spi $gw2 $spi2a $xform2a \
157 spi $gw2 $spi2b esp $xform2b $iv $esp_key
158 spi $gw2 $spi2c ah $xform2c $ah_key
166 spi $gw1 $spi1b esp $xform1b $iv $esp_key
167 spi $gw1 $spi1c ah $xform1c $ah_key
170 route add -net $net2 dev ipsec0 gw $gw2
173 eroute add $gw1 $hmask \
177 spi $gw2 $spi2a $xform2a \
179 spi $gw2 $spi2b esp $xform2b $iv $esp_key
180 spi $gw2 $spi2c ah $xform2c $ah_key
188 spi $gw1 $spi1b esp $xform1b $iv $esp_key
189 spi $gw1 $spi1c ah $xform1c $ah_key
192 route add -host $gw2 dev ipsec0
195 eroute add $gw1 $hmask \
199 spi $gw2 $spi2a $xform2a \
201 spi $gw2 $spi2b esp $xform2b $iv $esp_key
202 spi $gw2 $spi2c ah $xform2c $ah_key