summaryrefslogtreecommitdiff
path: root/share
diff options
context:
space:
mode:
Diffstat (limited to 'share')
-rw-r--r--share/ipsec/rc.vpn21
1 files changed, 11 insertions, 10 deletions
diff --git a/share/ipsec/rc.vpn b/share/ipsec/rc.vpn
index 30ed6b9153a..c4764a7d9c6 100644
--- a/share/ipsec/rc.vpn
+++ b/share/ipsec/rc.vpn
@@ -1,7 +1,7 @@
#!/bin/sh
#
-# $OpenBSD: rc.vpn,v 1.10 2000/04/22 01:57:17 angelos Exp $
+# $OpenBSD: rc.vpn,v 1.11 2000/09/19 03:35:08 angelos Exp $
#
# Richard Reiner, Ph.D., FSC Internet Corp.
# rreiner@fscinternet.com
@@ -85,9 +85,9 @@ $DEBUG $ipsecadm new esp -src $GW_PEER -dst $GW_LOCAL \
# Gateway to gateway (both egress and ingress flows)
$DEBUG $ipsecadm flow -proto esp -dst $GW_PEER -spi $SPI_OUT \
- -addr $GW_LOCAL 255.255.255.255 $GW_PEER 255.255.255.255
+ -addr $GW_LOCAL 255.255.255.255 $GW_PEER 255.255.255.255 -out -require
$DEBUG $ipsecadm flow -proto esp -dst $GW_LOCAL -spi $SPI_IN \
- -addr $GW_PEER 255.255.255.255 $GW_LOCAL 255.255.255.255 -ingress
+ -addr $GW_PEER 255.255.255.255 $GW_LOCAL 255.255.255.255 -in -require
# Flows from each local to each remote subnet, and vice versa for
# ACL entries
@@ -109,10 +109,11 @@ do
if [ "${remote_net}" != "0x0" ]; then
$DEBUG $ipsecadm flow \
-proto esp -dst $GW_PEER -spi $SPI_OUT \
- -addr $local_net $local_mask $remote_net $remote_mask
+ -addr $local_net $local_mask $remote_net $remote_mask \
+ -out -require
$DEBUG $ipsecadm flow \
- -proto esp -dst $GW_LOCAL -spi $SPI_IN -ingress \
+ -proto esp -dst $GW_LOCAL -spi $SPI_IN -in -require \
-addr $remote_net $remote_mask $local_net $local_mask
peercount=$(($peercount + 1))
else
@@ -137,11 +138,11 @@ do
remote_mask=$2
if [ "${remote_net}" != "0x0" ]; then
$DEBUG $ipsecadm flow \
- -proto esp -dst $GW_PEER -spi $SPI_OUT \
- -addr $GW_LOCAL 255.255.255.255 $remote_net $remote_mask
+ -proto esp -dst $GW_PEER -spi $SPI_OUT -out -require \
+ -addr $GW_LOCAL 255.255.255.255 $remote_net $remote_mask \
$DEBUG $ipsecadm flow \
- -proto esp -dst $GW_LOCAL -spi $SPI_IN -ingress\
+ -proto esp -dst $GW_LOCAL -spi $SPI_IN -in -require \
-addr $remote_net $remote_mask $GW_LOCAL 255.255.255.255
peercount=$(($peercount + 1))
else
@@ -159,11 +160,11 @@ do
local_mask=$2
if [ "${local_net}" != "0x0" ]; then
$DEBUG $ipsecadm flow \
- -proto esp -dst $GW_PEER -spi $SPI_OUT \
+ -proto esp -dst $GW_PEER -spi $SPI_OUT -out -require \
-addr $local_net $local_mask $GW_PEER 255.255.255.255
$DEBUG $ipsecadm flow \
- -proto esp -dst $GW_LOCAL -spi $SPI_IN -ingress\
+ -proto esp -dst $GW_LOCAL -spi $SPI_IN -in -require \
-addr $GW_PEER 255.255.255.255 $local_net $local_mask
mycount=$(($mycount + 1))
else