]> git.ipfire.org Git - people/ms/network.git/blob - src/helpers/ipsec-updown
projects / people / ms / network.git / blob
? search:


e4d704d33785e7ceb14dca10da77af04ce69f62b
[people/ms/network.git] / src / helpers / ipsec-updown
1 #!/bin/bash
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2017 IPFire Network Development Team #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 LOG_DISABLE_STDOUT="true"
23
24 . /usr/lib/network/functions
25
26 # Read network settings
27 network_settings_read
28
29 # Make sure we are called by strongSwan
30 assert isset PLUTO_VERSION
31
32 CONNECTION="${PLUTO_CONNECTION}"
33
34 if ! ipsec_connection_read_config "${CONNECTION}"; then
35 log ERROR "Could not read configuration for ${CONNECTION}"
36 exit ${EXIT_ERROR}
37 fi
38
39 # Interface name for this IPsec connection
40 case "${MODE}" in
41 gre-*|vti)
42 INTERFACE="ipsec-${CONNECTION}"
43 ;;
44 esac
45
46 log DEBUG "${0} called for ${CONNECTION}: ${PLUTO_VERB}"
47
48 case "${PLUTO_VERB}" in
49 up-client|up-client-v6|up-host|up-host-v6)
50 case "${MODE}" in
51 gre-*)
52 if ! device_exists "${INTERFACE}"; then
53 ip_tunnel_add "${INTERFACE}" \
54 --mode="gre" \
55 --local-address="${PLUTO_ME}" \
56 --remote-address="${PLUTO_PEER}"
57
58 device_set_up "${INTERFACE}"
59 fi
60 ;;
61 vti)
62 if device_exists "${INTERFACE}"; then
63 ip_tunnel_change_keys "${INTERFACE}" \
64 --ikey="${PLUTO_MARK_IN%/*}" \
65 --okey="${PLUTO_MARK_OUT%/*}"
66
67 else
68 if ! ip_tunnel_add "${INTERFACE}" \
69 --mode="vti" \
70 --local-address="${PLUTO_ME}" \
71 --remote-address="${PLUTO_PEER}" \
72 --ikey="${PLUTO_MARK_IN%/*}" \
73 --okey="${PLUTO_MARK_OUT%/*}"; then
74 log ERROR "Could not create VTI device for ${CONNECTION}"
75 fi
76 fi
77
78 device_set_up "${INTERFACE}"
79 ;;
80 esac
81
82 # Set routes
83 if isset INTERFACE; then
84 cmd ip route add "${PLUTO_PEER_CLIENT}" \
85 dev "${INTERFACE}"
86 else
87 cmd ip route add "${PLUTO_PEER_CLIENT}" \
88 via "${PLUTO_PEER}"
89 fi
90 ;;
91
92 down-client|down-client-v6|down-host|down-host-v6)
93 # Remove routes
94 cmd ip route del "${PLUTO_PEER_CLIENT}"
95
96 # Remove interfaces
97 case "${MODE}" in
98 gre-*|vti)
99 if device_exists "${INTERFACE}"; then
100 device_set_down "${INTERFACE}"
101
102 ip_tunnel_del "${INTERFACE}"
103 fi
104 ;;
105 esac
106 ;;
107 esac
108
109 exit ${EXIT_OK}
Networking code of IPFire 3.x.