| version 1.13, 2000/09/27 04:36:55 |
version 1.14, 2000/09/29 19:11:43 |
|
|
| # |
# |
| |
|
| # Gateway to gateway (both egress and ingress flows) |
# Gateway to gateway (both egress and ingress flows) |
| $DEBUG $ipsecadm flow -proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_OUT \ |
$DEBUG $ipsecadm flow -proto esp -src $GW_LOCAL -dst $GW_PEER \ |
| -addr $GW_LOCAL 255.255.255.255 $GW_PEER 255.255.255.255 -out -require |
-addr $GW_LOCAL 255.255.255.255 $GW_PEER 255.255.255.255 -out -require |
| $DEBUG $ipsecadm flow -proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_IN \ |
$DEBUG $ipsecadm flow -proto esp -src $GW_LOCAL -dst $GW_PEER \ |
| -addr $GW_PEER 255.255.255.255 $GW_LOCAL 255.255.255.255 -in -require |
-addr $GW_PEER 255.255.255.255 $GW_LOCAL 255.255.255.255 -in -require |
| |
|
| # Flows from each local to each remote subnet, and vice versa for |
# Flows from each local to each remote subnet, and vice versa for |
|
|
| remote_mask=$2 |
remote_mask=$2 |
| if [ "${remote_net}" != "0x0" ]; then |
if [ "${remote_net}" != "0x0" ]; then |
| $DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
| -proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_OUT \ |
-proto esp -src $GW_LOCAL -dst $GW_PEER \ |
| -addr $local_net $local_mask $remote_net $remote_mask \ |
-addr $local_net $local_mask $remote_net $remote_mask \ |
| -out -require |
-out -require |
| |
|
| $DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
| -proto esp -src $GW_LOCAL -dst $GW_PEER -spi $SPI_IN \ |
-proto esp -src $GW_LOCAL -dst $GW_PEER \ |
| -in -require \ |
-in -require \ |
| -addr $remote_net $remote_mask $local_net $local_mask |
-addr $remote_net $remote_mask $local_net $local_mask |
| peercount=$(($peercount + 1)) |
peercount=$(($peercount + 1)) |
|
|
| remote_mask=$2 |
remote_mask=$2 |
| if [ "${remote_net}" != "0x0" ]; then |
if [ "${remote_net}" != "0x0" ]; then |
| $DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
| -proto esp -dst $GW_PEER -spi $SPI_OUT -out -require \ |
-proto esp -dst $GW_PEER -out -require \ |
| -src $GW_LOCAL \ |
-src $GW_LOCAL \ |
| -addr $GW_LOCAL 255.255.255.255 $remote_net $remote_mask \ |
-addr $GW_LOCAL 255.255.255.255 $remote_net $remote_mask \ |
| |
|
| $DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
| -proto esp -dst $GW_PEER -spi $SPI_IN -in -require \ |
-proto esp -dst $GW_PEER -in -require \ |
| -src $GW_LOCAL \ |
-src $GW_LOCAL \ |
| -addr $remote_net $remote_mask $GW_LOCAL 255.255.255.255 |
-addr $remote_net $remote_mask $GW_LOCAL 255.255.255.255 |
| peercount=$(($peercount + 1)) |
peercount=$(($peercount + 1)) |
|
|
| local_mask=$2 |
local_mask=$2 |
| if [ "${local_net}" != "0x0" ]; then |
if [ "${local_net}" != "0x0" ]; then |
| $DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
| -proto esp -dst $GW_PEER -spi $SPI_OUT -out -require \ |
-proto esp -dst $GW_PEER -out -require \ |
| -src $GW_LOCAL \ |
-src $GW_LOCAL \ |
| -addr $local_net $local_mask $GW_PEER 255.255.255.255 |
-addr $local_net $local_mask $GW_PEER 255.255.255.255 |
| |
|
| $DEBUG $ipsecadm flow \ |
$DEBUG $ipsecadm flow \ |
| -proto esp -dst $GW_PEER -spi $SPI_IN -in -require \ |
-proto esp -dst $GW_PEER -in -require \ |
| -src $GW_LOCAL \ |
-src $GW_LOCAL \ |
| -addr $GW_PEER 255.255.255.255 $local_net $local_mask |
-addr $GW_PEER 255.255.255.255 $local_net $local_mask |
| mycount=$(($mycount + 1)) |
mycount=$(($mycount + 1)) |
![[BACK]](/icons/back.gif){kind=icon}
Return to rc.vpn CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / share / ipsec