#!/bin/sh # use: ipset_setup.sh \ # $LOC_IP $LOC_PORT_C $LOC_SPI_C $LOC_PORT_S $LOC_SPI_S \ # $REM_IP $REM_PORT_C $REM_SPI_C $REM_PORT_S $REM_SPI_S \ # $AUTH_KEY LOC_IP="${1}" LOC_PORT_C="${2}" LOC_SPI_C="${3}" LOC_PORT_S="${4}" LOC_SPI_S="${5}" REM_IP="${6}" REM_PORT_C="${7}" REM_SPI_C="${8}" REM_PORT_S="${9}" REM_SPI_S="${10}" AUTH_KEY="${11}" set -x # Clean up state from previous tests: ip xfrm policy flush ip xfrm state flush # use: ip_xfrm ip_xfrm_state() { ip xfrm state add \ src "${1}" dst "${3}" proto esp spi "${5}" reqid "${5}" mode transport \ replay-window 32 \ auth-trunc sha1 "${AUTH_KEY}" 96 \ enc cipher_null "" \ sel src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}" } # TTCN3(Srv) -> Asterisk(Cli): REM_SPI_C ip_xfrm_state "${LOC_IP}" "${LOC_PORT_S}" "${REM_IP}" "${REM_PORT_C}" "${REM_SPI_C}" # TTCN3(Cli) -> Asterisk(Srv): REM_SPI_S ip_xfrm_state "${LOC_IP}" "${LOC_PORT_C}" "${REM_IP}" "${REM_PORT_S}" "${REM_SPI_S}" # Asterisk(Cli) -> TTCN3(Srv): LOC_SPI_S ip_xfrm_state "${REM_IP}" "${REM_PORT_C}" "${LOC_IP}" "${LOC_PORT_S}" "${LOC_SPI_S}" # Asterisk(Srv) -> TTCN3(Cli): LOC_SPI_C ip_xfrm_state "${REM_IP}" "${REM_PORT_S}" "${LOC_IP}" "${LOC_PORT_C}" "${LOC_SPI_C}" # use: ip_xfrm ip_xfrm_policy() { ip xfrm policy add \ src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}" \ dir "${6}" \ tmpl src "${1}" dst "${3}" \ proto esp reqid "${5}" mode transport } # TTCN3(Srv) -> Asterisk(Cli): REM_SPI_C out ip_xfrm_policy "${LOC_IP}" "${LOC_PORT_S}" "${REM_IP}" "${REM_PORT_C}" "${REM_SPI_C}" "out" # TTCN3(Cli) -> Asterisk(Srv): REM_SPI_S out ip_xfrm_policy "${LOC_IP}" "${LOC_PORT_C}" "${REM_IP}" "${REM_PORT_S}" "${REM_SPI_S}" "out" # Asterisk(Cli) -> TTCN3(Srv): LOC_SPI_S in ip_xfrm_policy "${REM_IP}" "${REM_PORT_C}" "${LOC_IP}" "${LOC_PORT_S}" "${LOC_SPI_S}" "in" # Asterisk(Srv) -> TTCN3(Cli): LOC_SPI_C in ip_xfrm_policy "${REM_IP}" "${REM_PORT_S}" "${LOC_IP}" "${LOC_PORT_C}" "${LOC_SPI_C}" "in" #ip xfrm state #ip xfrm policy