rtems/rtems-libbsd
1
0
Fork 0
mirror of https://git.rtems.org/rtems-libbsd/ synced 2025-06-05 14:06:20 +08:00
Code Issues Packages Projects Releases Wiki Activity
rtems-libbsd/testsuite/ipsec01/setup_FreeBSD_as_communication_partner.sh
Christian Mauderer baffbf3e64 testsuite/ipsec01: Add.
2018-08-02 10:32:24 +02:00

83 lines
2.1 KiB
Bash
Raw Blame History

#!/bin/sh -x
if ! which racoon >/dev/null 2>&1
then
echo "You have to install security/ipsec-tools from ports collection!"
exit 1
fi
IPSEC_REM_INT="10.10.1.1"
IPSEC_REM_NET="10.10.1.0/24"
IPSEC_REM_EXT="192.168.10.1"
IPSEC_LOC_INT="172.24.0.1"
IPSEC_LOC_NET="172.24.0.0/24"
IPSEC_LOC_EXT="192.168.10.10"
RACOON_PSK_FILE="/etc/racoon_psk.txt"
RACOON_CONFIG_FILE="/etc/racoon.conf"
SETKEY_CONF="/etc/setkey.conf"
GIF="gif0"
ifconfig $GIF create
ifconfig $GIF $IPSEC_LOC_INT $IPSEC_REM_INT
ifconfig $GIF tunnel $IPSEC_LOC_EXT $IPSEC_REM_EXT
route add $IPSEC_REM_NET $IPSEC_REM_INT
cat <<EOF > $RACOON_CONFIG_FILE
path pre_shared_key "$RACOON_PSK_FILE";
log debug;
padding # options are not to be changed
{
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
}
listen # address [port] that racoon will listen on
{
isakmp $IPSEC_LOC_EXT [500];
}
remote $IPSEC_REM_EXT [500]
{
exchange_mode main;
my_identifier address $IPSEC_LOC_EXT;
peers_identifier address $IPSEC_REM_EXT;
proposal_check obey;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
authentication_method pre_shared_key;
lifetime time 3600 sec;
dh_group 2;
}
}
sainfo (address $IPSEC_LOC_NET any address $IPSEC_REM_NET any)
{
pfs_group 2;
lifetime time 28800 sec;
encryption_algorithm 3des;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
EOF
cat <<EOF > $RACOON_PSK_FILE
$IPSEC_REM_EXT mysecretkey
EOF
chmod 600 $RACOON_PSK_FILE
cat <<EOF > $SETKEY_CONF
flush;
spdflush;
spdadd $IPSEC_LOC_NET $IPSEC_REM_NET any -P out ipsec esp/tunnel/$IPSEC_LOC_EXT-$IPSEC_REM_EXT/use;
spdadd $IPSEC_REM_NET $IPSEC_LOC_NET any -P in ipsec esp/tunnel/$IPSEC_REM_EXT-$IPSEC_LOC_EXT/use;
EOF
setkey -f /etc/setkey.conf
racoon -F -f /etc/racoon.conf
Reference in New Issue View Git Blame Copy Permalink