Gitiles
Code Review Sign In
gerrit.opencord.org / ansible / role / strongswan / a5c3f64f254b26fafbab5465657851fb946ce159 / . / files / ipsec-vti.sh
blob: 0d9022ef4efa7df72cc0166fd9076be1e830e676 [file] [log] [blame]
Hyunsun Moona5c3f642020-11-11 02:53:03 -0800[diff] [blame^]1#!/bin/bash
2#
3# strongswan files/ipsec-vti.sh - Ansible managed: Do NOT edit this file manually!
4#
5# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
6# SPDX-License-Identifier: Apache-2.0
7
8set -o nounset
9set -o errexit
10
11echo "${PLUTO_VERB}" >> /tmp/yoyo
12while [[ $# -gt 1 ]]; do
13 case ${1} in
14 -ln|--link-name)
15 TUNNEL_NAME="${2}"
16 TUNNEL_PHY_INTERFACE="${PLUTO_INTERFACE}"
17 shift
18 ;;
19 -ll|--link-local)
20 TUNNEL_LOCAL_ADDRESS="${2}"
21 TUNNEL_LOCAL_ENDPOINT="${PLUTO_ME}"
22 shift
23 ;;
24 -lr|--link-remote)
25 TUNNEL_REMOTE_ADDRESS="${2}"
26 TUNNEL_REMOTE_ENDPOINT="${PLUTO_PEER}"
27 shift
28 ;;
29 -m|--mark)
30 TUNNEL_MARK="${2}"
31 shift
32 ;;
33 -r|--static-route)
34 TUNNEL_STATIC_ROUTE="${2}"
35 shift
36 ;;
37 *)
38 echo "${0}: Unknown argument \"${1}\"" >&2
39 ;;
40 esac
41 shift
42done
43
44command_exists() {
45 type "$1" >&2 2>&2
46}
47
48create_interface() {
49 {
50 echo "ip link add ${TUNNEL_NAME} type vti local ${TUNNEL_LOCAL_ENDPOINT} remote ${TUNNEL_REMOTE_ENDPOINT} key ${TUNNEL_MARK}"
51 echo "ip addr add ${TUNNEL_LOCAL_ADDRESS} remote ${TUNNEL_REMOTE_ADDRESS} dev ${TUNNEL_NAME}"
52 echo "ip link set ${TUNNEL_NAME} up mtu 1387"
53 } >> /tmp/yoyo
54 ip link add "${TUNNEL_NAME}" type vti local "${TUNNEL_LOCAL_ENDPOINT}" remote "${TUNNEL_REMOTE_ENDPOINT}" key "${TUNNEL_MARK}"
55 ip addr add "${TUNNEL_LOCAL_ADDRESS}" remote "${TUNNEL_REMOTE_ADDRESS}" dev "${TUNNEL_NAME}"
56 ip link set "${TUNNEL_NAME}" up mtu 1387
57}
58
59configure_sysctl() {
60 sysctl -w net.ipv4.ip_forward=1
61 sysctl -w net.ipv4.conf."${TUNNEL_NAME}".rp_filter=2
62 sysctl -w net.ipv4.conf."${TUNNEL_NAME}".disable_policy=1
63 sysctl -w net.ipv4.conf."${TUNNEL_PHY_INTERFACE}".disable_xfrm=1
64 sysctl -w net.ipv4.conf."${TUNNEL_PHY_INTERFACE}".disable_policy=1
65}
66
67add_route() {
68 IFS=',' read -ra route <<< "${TUNNEL_STATIC_ROUTE}"
69 for i in "${route[@]}"; do
70 ip route add "${i}" dev "${TUNNEL_NAME}" metric "${TUNNEL_MARK}"
71 done
72}
73
74cleanup() {
75 IFS=',' read -ra route <<< "${TUNNEL_STATIC_ROUTE}"
76 for i in "${route[@]}"; do
77 ip route del "${i}" dev "${TUNNEL_NAME}" metric "${TUNNEL_MARK}"
78 done
79}
80
81delete_interface() {
82 ip link set "${TUNNEL_NAME}" down
83 ip link del "${TUNNEL_NAME}"
84}
85
86# main execution starts here
87
88command_exists ip || echo "ERROR: ip command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2
89command_exists iptables || echo "ERROR: iptables command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2
90command_exists sysctl || echo "ERROR: sysctl command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2
91
92case "${PLUTO_VERB}" in
93 up-client)
94 create_interface
95 configure_sysctl
96 add_route
97 echo "A"
98 ;;
99 down-client)
100 cleanup
101 delete_interface
102 ;;
103esac