![(trac.ini の [header_logo] セクションを設定してください)](/chrome/site/trac-header.png)
| Revision 2576, 2.2 KB checked in by daisuke, 13 years ago (diff) |
|---|
| Line | |
|---|---|
| 1 | #!/bin/bash |
| 2 | PATH=/sbin:/usr/sbin/:/bin:/usr/bin |
| 3 | |
| 4 | cd /etc/sysconfig/network-scripts |
| 5 | . /etc/sysconfig/network-scripts/network-functions |
| 6 | |
| 7 | CONFIG=$1 |
| 8 | [ -f "${CONFIG}" ] || CONFIG=ifcfg-${1} |
| 9 | source_config |
| 10 | |
| 11 | if [ -n "$KEY_AH" -o -n "$KEY_ESP" ]; then |
| 12 | KEYING=manual |
| 13 | fi |
| 14 | |
| 15 | |
| 16 | if [ -n "$IKE_PSK" ]; then |
| 17 | KEYING=automatic |
| 18 | IKE_METHOD=PSK |
| 19 | fi |
| 20 | |
| 21 | if [ -n "$IKE_CERTFILE" ]; then |
| 22 | KEYING=automatic |
| 23 | IKE_METHOD=X509 |
| 24 | fi |
| 25 | |
| 26 | if [ -n "$IKE_PEER_CERTFILE" ]; then |
| 27 | KEYING=automatic |
| 28 | IKE_METHOD=X509 |
| 29 | fi |
| 30 | |
| 31 | if [ -n "$IKE_DNSSEC" ]; then |
| 32 | KEYING=automatic |
| 33 | IKE_METHOD=X509 |
| 34 | fi |
| 35 | if [ -n "$RSA_KEY" ]; then |
| 36 | KEYING=automatic |
| 37 | IKE_METHOD=RSA |
| 38 | fi |
| 39 | |
| 40 | [ -n "$IKE_METHOD" ] && KEYING=automatic |
| 41 | [ -z "$KEYING" ] && KEYING=manual |
| 42 | |
| 43 | if [ -z "$SRC" ]; then |
| 44 | SRC=`ip -o route get to $DST | sed "s|.*src \([^ ]*\).*|\1|"` |
| 45 | fi |
| 46 | |
| 47 | if [ -n "$SRCNET" -o -n "$DSTNET" ]; then |
| 48 | MODE=tunnel |
| 49 | [ -z "$SRCNET" ] && SRCNET="$SRC/32" |
| 50 | [ -z "$DSTNET" ] && DSTNET="$DST/32" |
| 51 | SPD_SRC=$SRCNET |
| 52 | SPD_DST=$DSTNET |
| 53 | # If SRCNET is a subnet of DSTNET, exclude SRCNET<->SRCNET communication |
| 54 | if [ "${SRCNET##*/}" -gt "${DSTNET##*/}" ] \ |
| 55 | && [ "$(ipcalc -n "${SRCNET%%/*}/${DSTNET##*/}")" \ |
| 56 | = "NETWORK=${DSTNET%%/*}" ]; then |
| 57 | EXCLUDE_SRCNET=yes |
| 58 | fi |
| 59 | [ -z "$SRCGW" ] && SRCGW=`ip -o route get to $SRCNET | sed "s|.*src \([^ ]*\).*|\1|"` |
| 60 | ip route del to $DSTNET via $SRCGW src $SRCGW |
| 61 | else |
| 62 | MODE=transport |
| 63 | SPD_SRC=$SRC |
| 64 | SPD_DST=$DST |
| 65 | unset EXCLUDE_SRCNET |
| 66 | fi |
| 67 | |
| 68 | setkey -c << EOF |
| 69 | ${SPI_AH_OUT:+delete $SRC $DST ah $SPI_AH_OUT;} |
| 70 | ${SPI_AH_IN:+delete $DST $SRC ah $SPI_AH_IN;} |
| 71 | ${SPI_ESP_OUT:+delete $SRC $DST esp $SPI_ESP_OUT;} |
| 72 | ${SPI_ESP_IN:+delete $DST $SRC esp $SPI_ESP_IN;} |
| 73 | spddelete $SPD_SRC $SPD_DST any -P out; |
| 74 | spddelete $SPD_DST $SPD_SRC any -P in; |
| 75 | ${EXCLUDE_SRCNET:+spddelete $SPD_SRC $SPD_SRC any -P out;} |
| 76 | ${EXCLUDE_SRCNET:+spddelete $SPD_SRC $SPD_SRC any -P in;} |
| 77 | EOF |
| 78 | |
| 79 | if [ "$KEYING" = "automatic" -a -n "$IKE_METHOD" ]; then |
| 80 | racoontmp=`mktemp /etc/racoon/racoon.XXXXXX` |
| 81 | grep -v "^include \"/etc/racoon/$DST.conf\";" /etc/racoon/racoon.conf >> $racoontmp |
| 82 | mv -f $racoontmp /etc/racoon/racoon.conf |
| 83 | pidof -x /usr/sbin/racoon > /dev/null 2>&1 && killall -HUP /usr/sbin/racoon |
| 84 | fi |
| 85 | |
| 86 | /etc/sysconfig/network-scripts/ifdown-post $CONFIG |
Powered by Trac 0.12.6.ja0.1
By Edgewall Software.
Re-distributed by インタアクト株式会社
Visit the Trac open source project at
http://trac.edgewall.org/