On Mon, Oct 16, 2000 at 06:15:52AM -0400, Cokey de Percin wrote:
> "Michael H. Warfield" wrote:
> [snip]
> > I can't argue with you because I'm also using dhcpcd, but for
> > a totally different reason. I have to restart some IPSec VPN's when
> > ever things change and the .info file that dhcpcd generates is ideal
> > for sourcing into the scripts that reconfigure freeswan. I guess pump
> > could be beat into submission with some scripting, but why bother. So
> > I am also on dhcpcd.
> >
> [snip]
> Would it be possible for you to share those scripts? I'm just getting
> starting with VPN over cable here at home and was looking at automating
> some of that, but if you've already hammered it into submission, I'd
> greatly appreciate seeing them.
The scripts for updating DNS and FreeSWAN from dhcpcd? I'll
post in a couple of days after I finish testing out the DNS end. I've
gotta wait for the next address change to make sure it correctly updates
DNS and pushes the results out.
For just updating FreeSWAN for IPSec, I've attached my current
/etc/dhcpc/dhcpcd-eth2.exe script below. My ipsec.conf file includes
a number of files from /etc/ipsec.d and so I just update two files
specific for the cable modem interface (eth2). One file is actually
read by freeswan (/etc/ipsec.d/eth2.left) while the other is a sourcible
reference file with "LEFT" and "LEFTNEXTHOP" defined for the current values
from dhcpcd. That's used by other scripts.
It also has the code for removing the cable modem default route
if dhcpcd adds one in. I actually need to change that to duplicate the
route in routing table 4 (IP Policy routing) and then delete it. What
I'm doing now is rather ad-hoc.
I'll posted the finished scripts later once DNS has been tested and
added, but this will give you an idea of what I've done...
> Best
> Cokey
> --
> ------------------------------------------------------------------
> Cokey de Percin, DBA Email:
> Mynd Corp. (Soon to be CSC) Work - [EMAIL PROTECTED]
> Columbia, South Carolina Home - [EMAIL PROTECTED]
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
===== dhcpcd-${IFACE}.exe =====
#!/bin/sh -
IFACE=eth2
RESTARTIPSEC=no
if [ -f /etc/dhcpc/dhcpcd-$IFACE.info~ ]; then
. /etc/dhcpc/dhcpcd-$IFACE.info~
OIPADDR=$IPADDR
ONETMASK=$NETMASK
ONETWORK=$NETWORK
OBROADCAST=$BROADCAST
OGATEWAY=$GATEWAY
else
OIPADDR=
ONETMASK=
ONETWORK=
OBROADCAST=
OGATEWAY=
fi
. /etc/dhcpc/dhcpcd-$IFACE.info
if [ "$OIPADDR" != "$IPADDR" -o \
"$ONETMASK" != "$NETMASK" -o \
"$ONETWORK" != "$NETWORK" -o \
"$OBROADCAST" != "$BROADCAST" -o \
"$OGATEWAY" != "$GATEWAY" ]; then
cp -a /etc/dhcpc/dhcpcd-$IFACE.info /etc/dhcpc/dhcpcd-$IFACE.info~
echo "\
conn left-$IFACE
left=$IPADDR
leftnexthop=$GATEWAY
" > /etc/ipsec.d/$IFACE.left
echo "LEFT=$IPADDR
LEFTNEXTHOP=$GATEWAY" > /etc/ipsec.d/$IFACE.left.conf
RESTARTIPSEC=yes
fi
# Check to see if our dain bramaged cable modem has dumped a default route
# on us. If so, delete it!
DROUTE=`netstat -nr | grep "^0.0.0.0[ ]*24.163.*$DEVICE\$"`
if [ "$DROUTE" != "" ]; then
DGATEWAY=`expr "$DROUTE" : '0.0.0.0[ ]*\(24\.163\.[0-9]*\.[0-9]*\)'`
route del default gw $DGATEWAY
fi
ip route add default via $GATEWAY table 4
ip rule add from $IPADDR table 4
if [ $RESTARTIPSEC = yes -a -f /var/run/pluto.pid ]; then
/usr/local/sbin/ipsec setup --restart
done
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
