#!/bin/sh net1=192.168.4.0 net2=192.168.1.0 gw1=192.168.2.110 gw2=192.168.2.103 hmask=255.255.255.255 nmask=255.255.255.0 #depmod -a #modprobe ipsec #tncfg attach ipsec0 eth1 #ifconfig ipsec0 $gw1 # # Transport mode # #route del $gw2 #route add -host $gw2 dev ipsec0 # #addrt $gw1 $hmask \ # 192.168.2.100 $hmask \ # 192.168.2.100 135 #setsa 192.168.2.100 135 esp 3des-md5-96 i \ # 1000000000000001 6630663066303133 #setsa $gw1 125 esp 3des-md5-96 i \ # 1000000000000001 6630663066303132 # # Tunnel mode # route del $net2 route add -net $net2 dev ipsec0 gw $gw2 # # forward path # eroute add $net1 $nmask \ $net2 $nmask \ $gw2 203 #echo sleeping after addrt #sleep 1 # spi $gw2 203 ip4 \ $gw1 $gw2 spi $gw2 205 esp des-cbc 66306630 6630663066303142 spi $gw2 206 ah hmac-md5 66306630663031326630663066303142 # spigrp $gw2 203 \ $gw2 205 \ $gw2 206 # # return path # spi $gw1 215 esp des-cbc 66306630 6630663066303143 spi $gw1 216 ah hmac-md5 66306630663031326630663066303143 cat /proc/net/ipsec-spi echo cat /proc/net/ipsec-eroute