#!/bin/sh # net1=192.168.3.0 net2=192.168.1.0 gw1=192.168.2.100 gw2=192.168.2.103 hmask=255.255.255.255 nmask=255.255.255.0 depmod -a modprobe ipsec tncfg attach ipsec0 eth0 ifconfig ipsec0 $gw1 # # Transport mode # #route del $gw2 #route add -net $gw2 dev ipsec0 # #addrt $gw1 $hmask \ # $gw2 $hmask \ # $gw2 125 # #setsa $gw1 135 esp 3des-md5-96 r \ # 1000000000000001 6630663066303133 #setsa $gw2 125 esp 3des-md5-96 i \ # 1000000000000001 6630663066303132 # # Tunnel mode # route del $net2 route add -net $net2 dev ipsec0 gw $gw2 # forward path addrt $net1 $nmask $net2 $nmask $gw2 103 echo sleeping after addrt sleep 1 setsa $gw2 103 ip4 $gw1 $gw2 setsa $gw2 105 esp des-cbc 66306630 6630663066303132 setsa $gw2 106 ah md5 66306630663031326630663066303132 spigrp $gw2 103 $gw2 105 $gw2 106 # return path setsa $gw1 115 esp des-cbc 66306630 6630663066303132 setsa $gw1 116 ah md5 66306630663031326630663066303132 cat /proc/net/ipsec-spi echo cat /proc/net/ipsec-route