#!/bin/sh # net1=192.168.1.0 net2=192.168.4.0 gw1=192.168.2.103 gw2=192.168.2.110 hmask=255.255.255.255 nmask=255.255.255.0 depmod -a modprobe ipsec tncfg attach ipsec0 eth1 ifconfig ipsec0 $gw1 # # Transport mode # #route del $gw2 #route add -net $gw2 dev ipsec0 # #addrt $gw1 $hmask \ # $gw $hmask \ # $gw 135 #setsa $gw 135 esp 3des-md5-96 i \ # 1000000000000001 6630663066303133 #setsa $gw1 125 esp 3des-md5-96 r \ # 1000000000000001 6630663066303132 # # Tunnel mode # route del $net2 route add -net $net2 dev ipsec0 gw $gw2 # # forward path # #addrt $net1 $nmask \ # $net2 $nmask \ # $gw2 213 echo sleeping after addrt sleep 1 # setsa $gw2 213 ip4 \ $gw1 $gw2 setsa $gw2 215 esp des-cbc 66306630 6630663066303143 setsa $gw2 216 ah md5 66306630663031326630663066303143 # spigrp $gw2 213 \ $gw2 215 \ $gw2 216 # # return path # setsa $gw1 205 esp des-cbc 66306630 6630663066303142 setsa $gw1 206 ah md5 66306630663031326630663066303142 cat /proc/net/ipsec-spi echo cat /proc/net/ipsec-route