Tfe

Projects/fortinet_ipsec_vpn_linux_configuration_files/_updown

#!/bin/sh
 
case "${PLUTO_VERB}" in
    up-client)
        /usr/bin/logger "vpn up Interface: ${PLUTO_CONNECTION} IP: ${PLUTO_MY_CLIENT} Route: ${PLUTO_PEER_CLIENT} IF_ID: ${PLUTO_IF_ID_IN} ON: ${PLUTO_INTERFACE}"
        /sbin/ip link add ${PLUTO_CONNECTION} type xfrm dev ${PLUTO_INTERFACE} if_id ${PLUTO_IF_ID_IN}
        /sbin/ip link set ${PLUTO_CONNECTION} up
        /sbin/ip address add ${PLUTO_MY_CLIENT} dev ${PLUTO_CONNECTION}
        /sbin/ip address del ${PLUTO_MY_CLIENT} dev ${PLUTO_INTERFACE}
        /sbin/route add -net ${PLUTO_PEER_CLIENT} dev ${PLUTO_CONNECTION}
        /usr/sbin/iptables -t nat -I POSTROUTING -d ${PLUTO_PEER_CLIENT} -o ${PLUTO_CONNECTION} -j SNAT --to ${PLUTO_MY_SOURCEIP}
        ;;
    down-client)
        /usr/bin/logger "vpn down Interface: ${PLUTO_CONNECTION} IP: ${PLUTO_MY_CLIENT} Route: ${PLUTO_PEER_CLIENT} IF_ID: ${PLUTO_IF_ID_IN} ON: ${PLUTO_INTERFACE}"
        /usr/sbin/iptables -t nat -D POSTROUTING -d ${PLUTO_PEER_CLIENT} -o ${PLUTO_CONNECTION} -j SNAT --to ${PLUTO_MY_SOURCEIP}
        /sbin/ip link del ${PLUTO_CONNECTION}
        ;;
esac