diff options
| author |   angelos <angelos@openbsd.org> | 2000-01-13 05:19:10 +0000 |
|---|---|---|
| committer | angelos <angelos@openbsd.org> | 2000-01-13 05:19:10 +0000 |
| commit | e556233bcbb9c247ebcc214b34392f7a96f2ab4b (patch) | |
| tree | 7d8592e95f2335fe254fdfb5d51accfa66076da9 | |
| parent | Mention ingress flows. (diff) | |
| download | wireguard-openbsd-e556233bcbb9c247ebcc214b34392f7a96f2ab4b.tar.xz wireguard-openbsd-e556233bcbb9c247ebcc214b34392f7a96f2ab4b.zip | |
Update to establish ingress flows as well.
| -rw-r--r-- | share/ipsec/rc.vpn | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/share/ipsec/rc.vpn b/share/ipsec/rc.vpn index 4652922a9de..f8b15cb945f 100644 --- a/share/ipsec/rc.vpn +++ b/share/ipsec/rc.vpn @@ -1,7 +1,7 @@ #!/bin/sh # -# $OpenBSD: rc.vpn,v 1.8 2000/01/10 08:32:03 angelos Exp $ +# $OpenBSD: rc.vpn,v 1.9 2000/01/13 05:19:10 angelos Exp $ # # Richard Reiner, Ph.D., FSC Internet Corp. # rreiner@fscinternet.com @@ -84,11 +84,14 @@ $DEBUG $ipsecadm new esp -src $GW_PEER -dst $GW_LOCAL \ # Create the flows # -# Gateway to gateway +# Gateway to gateway (both egress and ingress flows) $DEBUG $ipsecadm flow -proto esp -dst $GW_PEER -spi $SPI_OUT \ -addr $GW_LOCAL 255.255.255.255 $GW_PEER 255.255.255.255 +$DEBUG $ipsecadm flow -proto esp -dst $GW_LOCAL -spi $SPI_IN \ + -addr $GW_PEER 255.255.255.255 $GW_LOCAL 255.255.255.255 -ingress -# Flows from each local, to each remote, subnet +# Flows from each local to each remote subnet, and vice versa for +# ACL entries mycount=0 while : do @@ -108,6 +111,10 @@ do $DEBUG $ipsecadm flow \ -proto esp -dst $GW_PEER -spi $SPI_OUT \ -addr $local_net $local_mask $remote_net $remote_mask + + $DEBUG $ipsecadm flow \ + -proto esp -dst $GW_LOCAL -spi $SPI_IN -ingress \ + -addr $remote_net $remote_mask $local_net $local_mask peercount=$(($peercount + 1)) else break; @@ -121,7 +128,7 @@ done # XXX Stuff below is mainly for testing, may be removed later. -# Flows from local gw to each remote subnet +# Flows from local gw to each remote subnet, and vice versa peercount=0 while : do @@ -133,13 +140,17 @@ do $DEBUG $ipsecadm flow \ -proto esp -dst $GW_PEER -spi $SPI_OUT \ -addr $GW_LOCAL 255.255.255.255 $remote_net $remote_mask + + $DEBUG $ipsecadm flow \ + -proto esp -dst $GW_LOCAL -spi $SPI_IN -ingress\ + -addr $remote_net $remote_mask $GW_LOCAL 255.255.255.255 peercount=$(($peercount + 1)) else break; fi done -# Flows from local subnets to the remote gw +# Flows from local subnets to the remote gw and vice versa mycount=0 while : do @@ -151,6 +162,10 @@ do $DEBUG $ipsecadm flow \ -proto esp -dst $GW_PEER -spi $SPI_OUT \ -addr $local_net $local_mask $GW_PEER 255.255.255.255 + + $DEBUG $ipsecadm flow \ + -proto esp -dst $GW_LOCAL -spi $SPI_IN -ingress\ + -addr $GW_PEER 255.255.255.255 $local_net $local_mask mycount=$(($mycount + 1)) else break; |