blob: ab27a30b6cb738d490bbe9c629fe4ec0b4d3014c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
#!/bin/sh
_nhrp_config="/etc/opennhrp/opennhrp.conf"
_nhrp_ipsec="/etc/opennhrp/opennhrp.ipsec"
_strongswan_pid="/var/run/pluto.pid"
_connection="${NHRP_SRCADDR}-to-${NHRP_DESTADDR}"
_type="hub"
if ! grep "$NHRP_INTERFACE" $_nhrp_config | grep "hub"> /dev/null 2>&1; then
_type="spoke"
fi
case $1 in
interface-up)
ip route flush proto 42 dev $NHRP_INTERFACE
ip neigh flush dev $NHRP_INTERFACE
;;
peer-register)
;;
peer-up)
if [ -n "$NHRP_DESTMTU" ]; then
ARGS=`ip route get $NHRP_DESTNBMA from $NHRP_SRCNBMA | head -1`
ip route add $ARGS proto 42 mtu $NHRP_DESTMTU
fi
echo "Create link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)"
if [[ ( ${_type} == "spoke" ) && ( -e ${_strongswan_pid} ) ]]; then
x=0
while read line;do
if [[ $x == 0 ]]; then
if [[ "${line%/*}" == "${NHRP_SRCADDR}" ]]; then
x=1
continue;
else
continue;
fi
fi
if [[ -z "${line}" ]]; then
break;
else
_ipsec_args="${_ipsec_args} ${line}"
fi
done < "${_nhrp_ipsec}"
if [[ ( "${_ipsec_args}" =~ "modp" ) || ( "${_ipsec_args}" =~ "ecp" ) ]]; then
_pfs=" --pfs "
else
_pfs=""
fi
if grep "${NHRP_SRCADDR}" "${_nhrp_ipsec}"; then
ipsec whack --delete --name $_connection > /dev/null 2>&1
ipsec whack --name $_connection --host $NHRP_SRCNBMA --clientprotoport gre --to --host $NHRP_DESTNBMA --client $NHRP_SRCNBMA/32 --clientprotoport gre --psk $_pfs --encrypt $_ipsec_args || exit 1
ipsec up $_connection || exit 1
fi
fi
;;
peer-down)
echo "Delete link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)"
if [[ ( ${_type} == "spoke" ) && ( -e ${_strongswan_pid} ) ]]; then
ipsec down $_connection || exit 1
ipsec whack --delete --name $_connection || exit 1
fi
ip route del $NHRP_DESTNBMA src $NHRP_SRCNBMA proto 42
;;
route-up)
echo "Route $NHRP_DESTADDR/$NHRP_DESTPREFIX is up"
ip route replace $NHRP_DESTADDR/$NHRP_DESTPREFIX proto 42 via $NHRP_NEXTHOP dev $NHRP_INTERFACE
ip route flush cache
;;
route-down)
echo "Route $NHRP_DESTADDR/$NHRP_DESTPREFIX is down"
ip route del $NHRP_DESTADDR/$NHRP_DESTPREFIX proto 42
ip route flush cache
;;
esac
exit 0
|
