version 1.13, 2000/09/27 04:36:55 |
version 1.14, 2000/09/29 19:11:43 |
|
|
# |
# |
|
|
# Gateway to gateway (both egress and ingress flows) |
# Gateway to gateway (both egress and ingress flows) |
$DEBUG $ipsecadm flow -proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_OUT \ |
$DEBUG $ipsecadm flow -proto esp -src $GW_LOCAL -dst $GW_PEER \ |
-addr $GW_LOCAL 255.255.255.255 $GW_PEER 255.255.255.255 -out -require |
-addr $GW_LOCAL 255.255.255.255 $GW_PEER 255.255.255.255 -out -require |
$DEBUG $ipsecadm flow -proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_IN \ |
$DEBUG $ipsecadm flow -proto esp -src $GW_LOCAL -dst $GW_PEER \ |
-addr $GW_PEER 255.255.255.255 $GW_LOCAL 255.255.255.255 -in -require |
-addr $GW_PEER 255.255.255.255 $GW_LOCAL 255.255.255.255 -in -require |
|
|
# Flows from each local to each remote subnet, and vice versa for |
# Flows from each local to each remote subnet, and vice versa for |
|
|
remote_mask=$2 |
remote_mask=$2 |
if [ "${remote_net}" != "0x0" ]; then |
if [ "${remote_net}" != "0x0" ]; then |
$DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
-proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_OUT \ |
-proto esp -src $GW_LOCAL -dst $GW_PEER \ |
-addr $local_net $local_mask $remote_net $remote_mask \ |
-addr $local_net $local_mask $remote_net $remote_mask \ |
-out -require |
-out -require |
|
|
$DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
-proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_IN \ |
-proto esp -src $GW_LOCAL -dst $GW_PEER \ |
-in -require \ |
-in -require \ |
-addr $remote_net $remote_mask $local_net $local_mask |
-addr $remote_net $remote_mask $local_net $local_mask |
peercount=$(($peercount + 1)) |
peercount=$(($peercount + 1)) |
|
|
remote_mask=$2 |
remote_mask=$2 |
if [ "${remote_net}" != "0x0" ]; then |
if [ "${remote_net}" != "0x0" ]; then |
$DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
-proto esp -dst $GW_PEER -spi $SPI_OUT -out -require \ |
-proto esp -dst $GW_PEER -out -require \ |
-src $GW_LOCAL \ |
-src $GW_LOCAL \ |
-addr $GW_LOCAL 255.255.255.255 $remote_net $remote_mask \ |
-addr $GW_LOCAL 255.255.255.255 $remote_net $remote_mask \ |
|
|
$DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
-proto esp -dst $GW_PEER -spi $SPI_IN -in -require \ |
-proto esp -dst $GW_PEER -in -require \ |
-src $GW_LOCAL \ |
-src $GW_LOCAL \ |
-addr $remote_net $remote_mask $GW_LOCAL 255.255.255.255 |
-addr $remote_net $remote_mask $GW_LOCAL 255.255.255.255 |
peercount=$(($peercount + 1)) |
peercount=$(($peercount + 1)) |
|
|
local_mask=$2 |
local_mask=$2 |
if [ "${local_net}" != "0x0" ]; then |
if [ "${local_net}" != "0x0" ]; then |
$DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
-proto esp -dst $GW_PEER -spi $SPI_OUT -out -require \ |
-proto esp -dst $GW_PEER -out -require \ |
-src $GW_LOCAL \ |
-src $GW_LOCAL \ |
-addr $local_net $local_mask $GW_PEER 255.255.255.255 |
-addr $local_net $local_mask $GW_PEER 255.255.255.255 |
|
|
$DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
-proto esp -dst $GW_PEER -spi $SPI_IN -in -require \ |
-proto esp -dst $GW_PEER -in -require \ |
-src $GW_LOCAL \ |
-src $GW_LOCAL \ |
-addr $GW_PEER 255.255.255.255 $local_net $local_mask |
-addr $GW_PEER 255.255.255.255 $local_net $local_mask |
mycount=$(($mycount + 1)) |
mycount=$(($mycount + 1)) |