The bos.net.ipsec.keymgt.post_i.sh script
The bos.net.ipsec.keymgt.post_i.sh script loads the contents of the tunnel database on to a migrated system running the AIX operating system.
#!/usr/bin/ksh
function PrintDot {
echo "echo \c"
echo "\".\c"
echo "\\\c\c"
echo "\"\c"
echo
}
function P1PropRestore {
while :
do
read NAME
read MODE
if [[ $? = 0 ]]; then
echo "ikegui 1 1 0 $NAME $MODE \c"
MORE=1
while [[ $MORE = 1 ]];
do
read AUTH
read HASH
read ENCRYPT
read GROUP
read TIME
read SIZE
read MORE
echo "$AUTH $HASH $ENCRYPT $GROUP $TIME $SIZE $MORE \c"
done
echo " > /dev/null 2>&1"
PrintDot
else
return 0
fi
done
}
function P2PropRestore {
while :
do
read NAME
FIRST=yes
MORE=1
while [[ $MORE = 1 ]];
do
read PROT
if [[ $? = 0 ]]; then
read AH_AUTH
read ESP_ENCR
read ESP_AUTH
read ENCAP
read TIME
read SIZE
read MORE
if [[ $FIRST = "yes" ]]; then
echo "ikegui 1 2 0 $NAME $MODE \c"
fi
echo "$PROT $AH_AUTH $ESP_ENCR $ESP_AUTH $ENCAP $TIME $SIZE $MORE \c"
FIRST=no
else
return 0
fi
done
echo " > /dev/null 2>&1"
PrintDot
done
}
function P1PolRestore {
while :
do
read NAME
read ROLE
if [[ $? = 0 ]]; then
read TIME
read SIZE
read OVERLAP
read TTIME
read TSIZE
read MIN
read MAX
read PROPOSAL
echo "ikegui 1 1 1 $NAME $ROLE $OVERLAP $TTIME $TSIZE $MIN $MAX 1 0 0 $PROPOSAL > \
/dev/null 2>&1"
PrintDot
else
return 0
fi
done
}
function P2PolRestore {
while :
do
read NAME
read ROLE
if [[ $? = 0 ]]; then
read IPFS
read RPFS
read TIME
read SIZE
read OVERLAP
read TTIME
read TSIZE
read MIN
read MAX
echo "ikegui 1 2 1 $NAME $ROLE $IPFS $RPFS $OVERLAP $TTIME $TSIZE $MIN $MAX 1 0 0 \c"
MORE=1
while [[ $MORE = 1 ]];
do
read PROPOSAL
read MORE
echo "$PROPOSAL $MORE \c"
FIRST=no
done
else
return 0
fi
echo " > /dev/null 2>&1"
PrintDot
done
}
function P1TunRestore {
while :
do
read TUNID
read NAME
if [[ $? = 0 ]]; then
read LID_TYPE
read LID
if [[ $LPPLEVEL = "4.3.3" ]]; then
read LIP
fi
read RID_TYPE
read RID
read RIP
read POLICY
read KEY
read AUTOSTART
echo "ikegui 1 1 2 0 $NAME $LID_TYPE \"$LID\" $LIP $RID_TYPE \"$RID\" \
$RIP $POLICY $KEY $AUTOSTART > /dev/null 2>&1"
PrintDot
else
return 0
fi
done
}
function P2TunRestore {
while :
do
read TUNID
read NAME
if [[ $? = 0 ]]; then
read P1TUN
read LTYPE
read LID
read LMASK
read LPROT
read LPORT
read RTYPE
read RID
read RMASK
read RPROT
read RPORT
read POLICY
read AUTOSTART
echo "ikegui 1 2 2 0 $NAME $P1TUN $LTYPE $LID $LMASK $LPROT $LPORT $RTYPE
\$RID $RMASK $RPROT $RPORT $POLICY $AUTOSTART > /dev/null 2>&1"
PrintDot
else
return 0
fi
done
}
function allRestoreWithIkedb {
ERRORS=/tmp/ikedb_msgs.bos.net.ipsec.keymgt
echo > $ERRORS
$IKEDB -p $XMLFILE 2>> $ERRORS
if [ -f $PSKXMLFILE ]
then
$IKEDB -p $PSKXMLFILE 2>> $ERRORS
fi
}
P1PROPFILE=/tmp/p1proposal.bos.net.ipsec.keymgt
P2PROPFILE=/tmp/p2proposal.bos.net.ipsec.keymgt
P1POLFILE=/tmp/p1policy.bos.net.ipsec.keymgt
P2POLFILE=/tmp/p2policy.bos.net.ipsec.keymgt
P1TUNFILE=/tmp/p1tunnel.bos.net.ipsec.keymgt
P2TUNFILE=/tmp/p2tunnel.bos.net.ipsec.keymgt
XMLFILE=/tmp/full_ike_database.bos.net.ipsec.keymgt
PSKXMLFILE=/tmp/psk_ike_database.bos.net.ipsec.keymgt
CMD_FILE=/tmp/commands
IKEDB=$(which ikedb) || IKEDB=/usr/sbin/ikedb
echo "building ISAKMP database \n"
$IKEDB -x || exit $?
if [ -f $XMLFILE ]; then
echo "\nRestoring database entries\c"
allRestoreWithIkedb
echo "\ndone\n"
elif [ -f /tmp/*.bos.net.ipsec.keymgt ]; then
echo "\nRestoring database entries\c"
LPPLEVEL=`cat /tmp/lpplevel`
echo > $CMD_FILE
touch $P1PROPFILE; P1PropRestore < $P1PROPFILE >> $CMD_FILE
touch $P2PROPFILE; P2PropRestore < $P2PROPFILE >> $CMD_FILE
touch $P1POLFILE; P1PolRestore < $P1POLFILE >> $CMD_FILE
touch $P2POLFILE; P2PolRestore < $P2POLFILE >> $CMD_FILE
touch $P1TUNFILE; P1TunRestore < $P1TUNFILE >> $CMD_FILE
touch $P2TUNFILE; P2TunRestore < $P2TUNFILE >> $CMD_FILE
mv $P1PROPFILE ${P1PROPFILE}.loaded
mv $P2PROPFILE ${P2PROPFILE}.loaded
mv $P1POLFILE ${P1POLFILE}.loaded
mv $P2POLFILE ${P2POLFILE}.loaded
mv $P1TUNFILE ${P1TUNFILE}.loaded
mv $P2TUNFILE ${P2TUNFILE}.loaded
ksh $CMD_FILE
echo "done\n"
fi