#!/bin/sh # net1=192.168.1.0 net2=192.168.3.0 gw1=192.168.2.103 gw2=192.168.2.100 hmask=255.255.255.255 nmask=255.255.255.0 depmod -a modprobe ipsec tncfg attach ipsec0 eth1 ifconfig ipsec0 $gw1 # # Transport mode # route del $gw2 route add -host $gw2 dev ipsec0 # addrt $gw1 $hmask \ $gw2 $hmask \ $gw2 135 setsa $gw2 135 esp 3des-md5-96 i \ 1000000000000001 6630663066303133 setsa $gw1 125 esp 3des-md5-96 r \ 1000000000000001 6630663066303132 # # Tunnel mode # route del $net2 route add -net $net2 dev ipsec0 gw $gw2 # # forward path # addrt $net1 $nmask \ $net2 $nmask \ $gw2 113 echo sleeping after addrt sleep 1 # setsa $gw2 113 ip4 \ $gw1 $gw2 setsa $gw2 115 esp des-cbc 66306630 6630663066303132 setsa $gw2 116 ah md5 66306630663031326630663066303132 # spigrp $gw2 113 \ $gw2 115 \ $gw2 116 # # return path # setsa $gw1 105 esp des-cbc 66306630 6630663066303132 setsa $gw1 106 ah md5 66306630663031326630663066303132 cat /proc/net/ipsec-spi echo cat /proc/net/ipsec-route