diff options
Diffstat (limited to 'share')
-rw-r--r-- | share/ipsec/rc.vpn | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/share/ipsec/rc.vpn b/share/ipsec/rc.vpn index 30ed6b9153a..c4764a7d9c6 100644 --- a/share/ipsec/rc.vpn +++ b/share/ipsec/rc.vpn @@ -1,7 +1,7 @@ #!/bin/sh # -# $OpenBSD: rc.vpn,v 1.10 2000/04/22 01:57:17 angelos Exp $ +# $OpenBSD: rc.vpn,v 1.11 2000/09/19 03:35:08 angelos Exp $ # # Richard Reiner, Ph.D., FSC Internet Corp. # rreiner@fscinternet.com @@ -85,9 +85,9 @@ $DEBUG $ipsecadm new esp -src $GW_PEER -dst $GW_LOCAL \ # Gateway to gateway (both egress and ingress flows) $DEBUG $ipsecadm flow -proto esp -dst $GW_PEER -spi $SPI_OUT \ - -addr $GW_LOCAL 255.255.255.255 $GW_PEER 255.255.255.255 + -addr $GW_LOCAL 255.255.255.255 $GW_PEER 255.255.255.255 -out -require $DEBUG $ipsecadm flow -proto esp -dst $GW_LOCAL -spi $SPI_IN \ - -addr $GW_PEER 255.255.255.255 $GW_LOCAL 255.255.255.255 -ingress + -addr $GW_PEER 255.255.255.255 $GW_LOCAL 255.255.255.255 -in -require # Flows from each local to each remote subnet, and vice versa for # ACL entries @@ -109,10 +109,11 @@ do if [ "${remote_net}" != "0x0" ]; then $DEBUG $ipsecadm flow \ -proto esp -dst $GW_PEER -spi $SPI_OUT \ - -addr $local_net $local_mask $remote_net $remote_mask + -addr $local_net $local_mask $remote_net $remote_mask \ + -out -require $DEBUG $ipsecadm flow \ - -proto esp -dst $GW_LOCAL -spi $SPI_IN -ingress \ + -proto esp -dst $GW_LOCAL -spi $SPI_IN -in -require \ -addr $remote_net $remote_mask $local_net $local_mask peercount=$(($peercount + 1)) else @@ -137,11 +138,11 @@ do remote_mask=$2 if [ "${remote_net}" != "0x0" ]; then $DEBUG $ipsecadm flow \ - -proto esp -dst $GW_PEER -spi $SPI_OUT \ - -addr $GW_LOCAL 255.255.255.255 $remote_net $remote_mask + -proto esp -dst $GW_PEER -spi $SPI_OUT -out -require \ + -addr $GW_LOCAL 255.255.255.255 $remote_net $remote_mask \ $DEBUG $ipsecadm flow \ - -proto esp -dst $GW_LOCAL -spi $SPI_IN -ingress\ + -proto esp -dst $GW_LOCAL -spi $SPI_IN -in -require \ -addr $remote_net $remote_mask $GW_LOCAL 255.255.255.255 peercount=$(($peercount + 1)) else @@ -159,11 +160,11 @@ do local_mask=$2 if [ "${local_net}" != "0x0" ]; then $DEBUG $ipsecadm flow \ - -proto esp -dst $GW_PEER -spi $SPI_OUT \ + -proto esp -dst $GW_PEER -spi $SPI_OUT -out -require \ -addr $local_net $local_mask $GW_PEER 255.255.255.255 $DEBUG $ipsecadm flow \ - -proto esp -dst $GW_LOCAL -spi $SPI_IN -ingress\ + -proto esp -dst $GW_LOCAL -spi $SPI_IN -in -require \ -addr $GW_PEER 255.255.255.255 $local_net $local_mask mycount=$(($mycount + 1)) else |