blob: 28fe3a276de8fbc7fc98f860b76bd6cb4f61188d [file] [log] [blame]
# This is an example how to setup the network interfaces in order to run IPSec routing
ifconfig eth0 hw ether 00:00:00:00:61:92 netmask
ifconfig eth1 hw ether 00:00:00:00:62:81 netmask
echo 1 > /proc/sys/net/ipv4/ip_forward
arp -s 00:00:00:00:00:12
arp -s 00:00:00:00:00:11
#IPSec Configuration
insmod /ipsec.ko
#SmartBit Configuration
#eth0 - -->
# 00:00:00:00:00:12 --> 00:00:00:00:61:92
#eth1 - -->
# 00:00:00:00:00:11 -> 00:00:00:00:62:81
# unmark this to disble flow control for Yukon/E1000 NICs
#ethtool -A eth0 tx off
#ethtool -A eth0 rx off
#ethtool -A eth2 tx off
#ethtool -A eth2 rx off
# Here we build static SA database since it is not supported anymore from OpenSWAN 2.6.18 and on
# This is example setup for ESP 3DES/SHA1
ipsec spi --clear
ipsec eroute --clear
ipsec spi --af inet --edst --spi 0x12345678 --proto esp --src --esp 3des-sha1 --enckey $enckey --authkey $authkey
ipsec spi --af inet --edst --spi 0x12345678 --proto tun --src --dst --ip4
ipsec spigrp inet 0x12345678 tun inet 0x12345678 esp
ipsec eroute --add --eraf inet --src --dst --said tun0x12345678@
ipsec tncfg --attach --virtual ipsec0 --physical eth0
ifconfig ipsec0 inet netmask broadcast up
route add -host gw dev ipsec0