#!/bin/sh

A_EXTERNAL_IP=63.199.136.126
A_INTERNAL_IP=192.168.1.46
A_INTERNAL_NET=192.168.1.0
B_INTERNAL_IP=192.168.2.1
B_EXTERNAL_IP=63.218.191.98
B_INTERNAL_NET=192.168.2.0

#echo Create the encryption and authentication keys
#openssl rand 24 | hexdump -e '24/1 "%02x"' > enc_key
#openssl rand 20 | hexdump -e '20/1 "%02x"' > auth_key

#scp enc_key auth_key root@$B_EXTERNAL_IP:/etc/isakmpd/.

echo Create the Security Associations
/sbin/ipsecadm new esp -src $B_EXTERNAL_IP -dst $A_EXTERNAL_IP \
   -forcetunnel -spi 1000 -enc 3des -auth sha1 \
   -keyfile enc_key -authkeyfile auth_key

exit 0
/sbin/ipsecadm new esp -src $A_EXTERNAL_IP -dst $B_EXTERNAL_IP  \
   -forcetunnel -spi 1001 -enc 3des -auth sha1 \
   -keyfile enc_key -authkeyfile auth_key

echo Create the IPsec flows outbound
/sbin/ipsecadm flow -dst $B_EXTERNAL_IP -spi 1001 -proto esp \
  -addr $A_EXTERNAL_IP 255.255.255.255 \
  $B_EXTERNAL_IP 255.255.255.255

/sbin/ipsecadm flow -dst $B_EXTERNAL_IP -spi 1001 -proto esp \
  -addr $A_INTERNAL_NET 255.255.255.0 $B_INTERNAL_NET 255.255.255.0

/sbin/ipsecadm flow -dst $B_EXTERNAL_IP -spi 1001 -proto esp \
  -addr $A_EXTERNAL_IP 255.255.255.255 \
  $B_INTERNAL_NET 255.255.255.0

/sbin/ipsecadm flow -dst $B_EXTERNAL_IP -spi 1001 -proto esp \
  -addr $A_INTERNAL_NET 255.255.255.0 $B_EXTERNAL_IP 255.255.255.255

echo Create the IPsec flows inbound
/sbin/ipsecadm flow -dst $A_EXTERNAL_IP -spi 1000 -proto esp \
  -addr $B_EXTERNAL_IP 255.255.255.255 \
  $A_EXTERNAL_IP 255.255.255.255 -ingress

/sbin/ipsecadm flow -dst $A_EXTERNAL_IP -spi 1000 -proto esp \
  -addr $B_INTERNAL_NET 255.255.255.0 $A_INTERNAL_NET 255.255.255.0 -ingress

/sbin/ipsecadm flow -dst $A_EXTERNAL_IP -spi 1000 -proto esp \
  -addr $B_EXTERNAL_IP 255.255.255.255 \
  $A_INTERNAL_NET 255.255.255.0 -ingress

/sbin/ipsecadm flow -dst $A_EXTERNAL_IP -spi 1000 -proto esp \
  -addr $B_INTERNAL_NET 255.255.255.0 \
  $A_EXTERNAL_IP 255.255.255.255 -ingress