#!/bin/sh
# post-ipsec.ini
#
# IPSec between SGW and onicwall
# Create by Yoshimasa Takami
# 2002/01/09
# y-takami@r2i.co.jp

. /etc/config

#
# Build secret file
#
echo "${SGW1_WAN} ${SGW2_WAN} : PSK \"himitsu\"" > /etc/ipsec.secrets

#
# Build config file
#
echo "config setup" > /etc/ipsec.conf
echo "	interfaces=%defaultroute" >> /etc/ipsec.conf
echo "	klipsdebug=none" >> /etc/ipsec.conf
echo "	plutodebug=none" >> /etc/ipsec.conf
echo "	plutoload=%search" >> /etc/ipsec.conf
echo "	plutostart=%search" >> /etc/ipsec.conf

echo "conn ${ASSOCIATION}" >> /etc/ipsec.conf
echo "	keyingtries=0" >> /etc/ipsec.conf
echo "	authby=secret" >> /etc/ipsec.conf
echo "	esp=3des-hmac-md5" >> /etc/ipsec.conf

echo "	left=${SGW1_WAN}" >> /etc/ipsec.conf
echo "	leftsubnet=${SGW1_LAN}/24" >> /etc/ipsec.conf
echo "	leftnexthop=${SGW1_GWY}" >> /etc/ipsec.conf
echo "	right=${SGW2_WAN}" >> /etc/ipsec.conf
echo "	rightsubnet=${SGW2_LAN}/24" >> /etc/ipsec.conf
echo "	rightnexthop=${SGW2_GWY}" >> /etc/ipsec.conf
echo "	pfs=no" >> /etc/ipsec.conf
echo "	auto=start" >> /etc/ipsec.conf

/etc/rc.d/init.d/ipsec start &