#! /usr/pkg/bin/perl
|
|
die "insufficient arguments" if (scalar(@ARGV) < 2);
|
$src = $ARGV[0];
|
$dst = $ARGV[1];
|
$mode = 'transport';
|
if (scalar(@ARGV) > 2) {
|
$mode = $ARGV[2];
|
}
|
|
open(OUT, "|setkey -c");
|
if ($mode eq 'transport') {
|
print STDERR "install esp transport mode: $src -> $dst\n";
|
print OUT "spdadd $src $dst any -P out ipsec esp/transport//require;\n";
|
print OUT "spdadd $dst $src any -P in ipsec esp/transport//require;\n";
|
} elsif ($mode eq 'delete') {
|
print STDERR "delete policy: $src -> $dst\n";
|
print OUT "spddelete $src $dst any -P out;\n";
|
print OUT "spddelete $dst $src any -P in;\n";
|
}
|
close(OUT);
|
