diff options
-rwxr-xr-x | etc/opennhrp-script | 45 |
1 files changed, 41 insertions, 4 deletions
diff --git a/etc/opennhrp-script b/etc/opennhrp-script index 8d5e2d3..e3902e7 100755 --- a/etc/opennhrp-script +++ b/etc/opennhrp-script @@ -1,5 +1,15 @@ #!/bin/sh +_nhrp_config="/etc/opennhrp/opennhrp.conf" +_nhrp_ipsec="/etc/opennhrp/opennhrp.ipsec" +_strongswan_pid="/var/run/pluto.pid" +_connection="${NHRP_SRCADDR}-to-${NHRP_DESTADDR}" +_type="hub" + +if ! grep "$NHRP_INTERFACE" $_nhrp_config | grep "hub"> /dev/null 2>&1; then + _type="spoke" +fi + case $1 in interface-up) ip route flush proto 42 dev $NHRP_INTERFACE @@ -13,13 +23,40 @@ peer-up) ip route add $ARGS proto 42 mtu $NHRP_DESTMTU fi echo "Create link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)" - racoonctl establish-sa -w isakmp inet $NHRP_SRCNBMA $NHRP_DESTNBMA || exit 1 - racoonctl establish-sa -w esp inet $NHRP_SRCNBMA $NHRP_DESTNBMA gre || exit 1 + if [[ ( ${_type} == "spoke" ) && ( -e ${_strongswan_pid} ) ]]; then + x=0 + while read line;do + if [[ $x == 0 ]]; then + if [[ "${line%/*}" == "${NHRP_SRCADDR}" ]]; then + x=1 + continue; + else + continue; + fi + fi + if [[ -z "${line}" ]]; then + break; + else + _ipsec_args="${_ipsec_args} ${line}" + fi + done < "${_nhrp_ipsec}" + if [[ ( "${_ipsec_args}" =~ "modp" ) || ( "${_ipsec_args}" =~ "ecp" ) ]]; then + _pfs=" --pfs " + else + _pfs="" + fi + if grep "${NHRP_SRCADDR}" "${_nhrp_ipsec}"; then + ipsec whack --delete --name $_connection > /dev/null 2>&1 + ipsec whack --name $_connection --host $NHRP_SRCNBMA --clientprotoport gre --to --host $NHRP_DESTNBMA --clientprotoport gre --psk $_pfs --encrypt $_ipsec_args || exit 1 + ipsec up $_connection || exit 1 + fi + fi ;; peer-down) echo "Delete link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)" - if [ "$NHRP_PEER_DOWN_REASON" != "lower-down" ]; then - racoonctl delete-sa isakmp inet $NHRP_SRCNBMA $NHRP_DESTNBMA + if [[ ( ${_type} == "spoke" ) && ( -e ${_strongswan_pid} ) ]]; then + ipsec down $_connection || exit 1 + ipsec whack --delete --name $_connection || exit 1 fi ip route del $NHRP_DESTNBMA src $NHRP_SRCNBMA proto 42 ;; |