#!/bin/sh _nhrp_config="/etc/opennhrp/opennhrp.conf" _nhrp_ipsec="/etc/opennhrp/opennhrp.ipsec" _strongswan_pid="/var/run/pluto.pid" _connection="${NHRP_SRCADDR}-to-${NHRP_DESTADDR}" _type="hub" if ! grep "$NHRP_INTERFACE" $_nhrp_config | grep "hub"> /dev/null 2>&1; then _type="spoke" fi case $1 in interface-up) ip route flush proto 42 dev $NHRP_INTERFACE ip neigh flush dev $NHRP_INTERFACE ;; peer-register) ;; peer-up) if [ -n "$NHRP_DESTMTU" ]; then ARGS=`ip route get $NHRP_DESTNBMA from $NHRP_SRCNBMA | head -1` ip route add $ARGS proto 42 mtu $NHRP_DESTMTU fi echo "Create link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)" if [[ ( ${_type} == "spoke" ) && ( -e ${_strongswan_pid} ) ]]; then x=0 while read line;do if [[ $x == 0 ]]; then if [[ "${line%/*}" == "${NHRP_SRCADDR}" ]]; then x=1 continue; else continue; fi fi if [[ -z "${line}" ]]; then break; else _ipsec_args="${_ipsec_args} ${line}" fi done < "${_nhrp_ipsec}" if [[ ( "${_ipsec_args}" =~ "modp" ) || ( "${_ipsec_args}" =~ "ecp" ) ]]; then _pfs=" --pfs " else _pfs="" fi if grep "${NHRP_SRCADDR}" "${_nhrp_ipsec}"; then ipsec whack --delete --name $_connection > /dev/null 2>&1 ipsec whack --name $_connection --host $NHRP_SRCNBMA --clientprotoport gre --to --host $NHRP_DESTNBMA --clientprotoport gre --psk $_pfs --encrypt $_ipsec_args || exit 1 ipsec up $_connection || exit 1 fi fi ;; peer-down) echo "Delete link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)" if [[ ( ${_type} == "spoke" ) && ( -e ${_strongswan_pid} ) ]]; then ipsec down $_connection || exit 1 ipsec whack --delete --name $_connection || exit 1 fi ip route del $NHRP_DESTNBMA src $NHRP_SRCNBMA proto 42 ;; route-up) echo "Route $NHRP_DESTADDR/$NHRP_DESTPREFIX is up" ip route replace $NHRP_DESTADDR/$NHRP_DESTPREFIX proto 42 via $NHRP_NEXTHOP dev $NHRP_INTERFACE ip route flush cache ;; route-down) echo "Route $NHRP_DESTADDR/$NHRP_DESTPREFIX is down" ip route del $NHRP_DESTADDR/$NHRP_DESTPREFIX proto 42 ip route flush cache ;; esac exit 0