#!/bin/sh

# Script for setting up KAME based system for IPsec over wireless.
#
# Created by mcr@sandelman.ottawa.on.ca
#
# $Id: ipsec-ietf53.txt,v 1.1 2002/03/20 18:35:45 mcr Exp $
#

PATH=/usr/sbin:/sbin:$PATH export PATH
set -x

myip=$1
mydefault=166.63.184.1
inner=166.63.179.19
innergate=166.63.179.1
ciphergate=166.63.177.44

. /etc/racoon/ipsec-noprivate.sh

ifconfig wi0 inet $inner netmask 255.255.255.0 alias

# following avoids actually deleting your default route
route add -net 0.0.0.0 -netmask 128.0.0.0 -ifa $inner $innergate
route add -net 128.0.0.0 -netmask 128.0.0.0 -ifa $inner $innergate

# next make sure that the path to the gateway is clear:
route add -host $ciphergate -ifa $myip $mydefault

echo MYIP: "]$myip["

(
	echo "spdadd $inner/32 0.0.0.0/0 any -P out ipsec esp/tunnel/${myip}-${ciphergate}/require;"
	echo "spdadd 0.0.0.0/0 $inner/32 any -P in ipsec  esp/tunnel/${ciphergate}-${myip}/require;"
) | tee /var/run/ipsec-ietf53.boot | setkey -c