#!/bin/sh

net1=192.168.4.0
net2=192.168.1.0
gw1=192.168.2.110
gw2=192.168.2.103
hmask=255.255.255.255
nmask=255.255.255.0

#depmod -a
#modprobe ipsec

#tncfg attach ipsec0 eth1
#ifconfig ipsec0 $gw1 

#
# Transport mode
#
#route del $gw2
#route add -host $gw2 dev ipsec0
#
#addrt $gw1 $hmask \
#		192.168.2.100 $hmask \
#		192.168.2.100 135
#setsa 192.168.2.100 135 esp 3des-md5-96 i \
#		1000000000000001 6630663066303133
#setsa $gw1 125 esp 3des-md5-96 i \
#		1000000000000001 6630663066303132

#
# Tunnel mode
#
route del $net2
route add -net $net2 dev ipsec0 gw $gw2
#
# forward path
#
eroute add $net1 $nmask \
		$net2 $nmask \
		$gw2 203
#echo sleeping after addrt
#sleep 1
#
spi $gw2 203 ip4 \
		$gw1 $gw2
spi $gw2 205 esp des-cbc 66306630 6630663066303142
spi $gw2 206 ah hmac-md5 66306630663031326630663066303142
#
spigrp $gw2 203 \
		$gw2 205 \
		$gw2 206
#
# return path
#
spi $gw1 215 esp des-cbc 66306630 6630663066303143
spi $gw1 216 ah hmac-md5 66306630663031326630663066303143

cat /proc/net/ipsec-spi
echo
cat /proc/net/ipsec-eroute