====== Skript ipsec-policies ======

Skript je určen k nastavení IPsec politik. Více informací o použití naleznete v dokumentu [[cs:spravce:pripojovani:ipsec:linux#Definice IPsec politik]].


<code bash>
#!/bin/bash
# Version: 2006.04.03
#
# 2006.04.03 - Pridan prepinac -4 protoze ipsec provozujeme jen po IPv4

. /etc/ipsec-policies.conf

setPolicy () {
  echo "spdadd -4 $1 $2 any -P out ipsec esp/transport//require;" | $SETKEY -c
  echo "spdadd -4 $2 $1 any -P in  ipsec esp/transport//require;" | $SETKEY -c
}

start () {
  echo "Setting ipsec policies: "
  for PEER in $PEERS
  do
    echo "   $LOCAL <-> $PEER";
    setPolicy $LOCAL $PEER
  done
}

stop () {
  echo "Clearing ipsec policies: unsuported."
};

force-stop () {
  $SETKEY -F; $SETKEY -FP
}

case "$1" in
  start)
    force-stop
    start
    ;;
  stop)
    stop
    ;;
  force-stop)
    force-stop
    ;;
  restart)
    force-stop
    start
    ;;
  *)
    echo "Usage: " `basename $0` "{start|stop|restart}"
esac
</code>

======  ======
 --- // [[http://staff.cesnet.cz/~semik|Jan Tomášek]] 11.09.2006 11:46// dokument převeden z www.eduroam.cz