2 # default updown script
3 # Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
5 # This program is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License as published by the
7 # Free Software Foundation; either version 2 of the License, or (at your
8 # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 # This program is distributed in the hope that it will be useful, but
11 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 # RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $
19 # CAUTION: Installing a new version of FreeS/WAN will install a new
20 # copy of this script, wiping out any custom changes you make. If
21 # you need changes, make a copy of this under another name, and customize
22 # that, and use the (left/right)updown parameters in ipsec.conf to make
23 # FreeS/WAN use yours instead of this default one.
27 # check interface version
28 case "$PLUTO_VERSION" in
29 1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
30 echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
31 echo "$0: called by obsolete Pluto?" >&2
35 *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
44 ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
46 custom:*) # custom parameters (see above CAUTION comment)
48 *) echo "$0: unknown parameters \`$*'" >&2
53 # utility functions for route manipulation
54 # Meddling with this stuff should not be necessary and requires great care.
62 parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
63 parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
64 case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
66 # horrible kludge for obscure routing bug with opportunistic
67 it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
68 route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
70 *) it="route $1 $parms $parms2"
77 # route has already given its own cryptic message
78 echo "$0: \`$it' failed" >&2
79 if test " $1 $st" = " add 7"
81 # another totally undocumented interface -- 7 and
82 # "SIOCADDRT: Network is unreachable" means that
83 # the gateway isn't reachable.
84 echo "$0: (incorrect or missing nexthop setting??)" >&2
93 case "$PLUTO_VERB:$1" in
94 prepare-host:*|prepare-client:*)
95 # delete possibly-existing route (preliminary to adding a route)
96 case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
98 # horrible kludge for obscure routing bug with opportunistic
99 it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
100 route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
103 it="route del -net $PLUTO_PEER_CLIENT_NET \
104 netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
109 if test " $oops" = " " -a " $status" != " 0"
111 oops="silent error, exit status $status"
114 'SIOCDELRT: No such process'*)
115 # This is what route (currently -- not documented!) gives
116 # for "could not find such a route".
121 if test " $oops" != " " -o " $status" != " 0"
123 echo "$0: \`$it' failed ($oops)" >&2
127 route-host:*|route-client:*)
128 # connection to me or my client subnet being routed
131 unroute-host:*|unroute-client:*)
132 # connection to me or my client subnet being unrouted
136 # connection to me coming up
137 # If you are doing a custom version, firewall commands go here.
140 # connection to me going down
141 # If you are doing a custom version, firewall commands go here.
144 # connection to my client subnet coming up
145 # If you are doing a custom version, firewall commands go here.
148 # connection to my client subnet going down
149 # If you are doing a custom version, firewall commands go here.
152 # connection to client subnet, with (left/right)firewall=yes, coming up
153 # This is used only by the default updown script, not by your custom
154 # ones, so do not mess with it; see CAUTION comment up at top.
155 ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
156 -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
159 # connection to client subnet, with (left/right)firewall=yes, going down
160 # This is used only by the default updown script, not by your custom
161 # ones, so do not mess with it; see CAUTION comment up at top.
162 ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
163 -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
165 *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2