Creatica Wiki: ipseckeysgen

#!/usr/bin/bash

if [[ $# != 5 ]]; then
  echo ""
  echo "ipseckeygen generates ipseckey file ipseckeys.gen in /etc/inet/secret/"
  echo "You need to rename it to ipseckeys and load with ipseckey -f"
  echo ""
  echo "Usage: ipseckeysgen <enc_alg> <auth_alg> <client_ip> <server_ip> <server_port>"
  echo ""
  echo "where <enc_alg> are 3des or aes and <auth_alg> is sha"
  exit 2
fi

if [[ $1 != "3des" ]] && [[ $1 != "aes" ]]; then
 echo "error: incorrect encryption algorithm. Only 3des or aes are supported"
 exit 1
fi
if [[ $2 != "sha" ]]; then
 echo "error: incorrect authentication algorithm. Only sha is supported"
 exit 1
fi

FILE="/etc/inet/secret/ipseckeys.gen"
ENC_ALG=$1"-cbc"
AUTH_ALG="hmac-"$2"1"
SRC=$3
DST=$4
PORT=$5

echo "--Generating the $FILE file..."
echo "# Automatically generated by $0" > $FILE
echo "" >> $FILE
echo "# begin assoc" >> $FILE
echo 'add esp \' >> $FILE
RN=`/usr/local/bin/qrng -n 4|tr -d '[:space:]'`
echo "  spi 0x$RN encr_alg $ENC_ALG auth_alg $AUTH_ALG \\" >> $FILE
echo '  proto 6 \' >> $FILE
echo "  src $SRC \\" >> $FILE
echo "  dst $DST dport $PORT \\" >> $FILE
RN=`/usr/local/bin/qrng -n 20|tr -d '[:space:]'`
echo "          authkey $RN/160 \\" >> $FILE
if [[ $ENC_ALG == "3des-cbc" ]]; then
 RN=`/usr/local/bin/qrng -n 24|tr -d '[:space:]'`
 echo "         encrkey $RN/192 \\" >> $FILE
fi
if [[ $ENC_ALG == "aes-cbc" ]]; then
 RN=`/usr/local/bin/qrng -n 32|tr -d '[:space:]'`
 echo "         encrkey $RN/256 \\" >> $FILE
fi
echo "" >> $FILE
echo "# end assoc" >> $FILE
echo "" >> $FILE

echo "# begin assoc" >> $FILE
echo 'add esp \' >> $FILE
RN=`/usr/local/bin/qrng -n 4|tr -d '[:space:]'`
echo "  spi 0x$RN encr_alg $ENC_ALG auth_alg $AUTH_ALG \\" >> $FILE
echo '  proto 6 \' >> $FILE
echo "  src $DST sport $PORT \\" >> $FILE
echo "  dst $SRC \\" >> $FILE
RN=`/usr/local/bin/qrng -n 20|tr -d '[:space:]'`
echo "          authkey $RN/160 \\" >> $FILE
if [[ $ENC_ALG == "3des-cbc" ]]; then
 RN=`/usr/local/bin/qrng -n 24|tr -d '[:space:]'`
 echo "         encrkey $RN/192 \\" >> $FILE
fi
if [[ $ENC_ALG == "aes-cbc" ]]; then
 RN=`/usr/local/bin/qrng -n 32|tr -d '[:space:]'`
 echo "         encrkey $RN/256 \\" >> $FILE
fi
echo "" >> $FILE
echo "# end assoc" >> $FILE
echo "" >> $FILE
echo "Done."
echo "--Modifying the permission of the file to 600..."
chmod 600 $FILE
echo "Done."
echo "--Verifying the generated $FILE file with ipseckey -c ..."
/usr/sbin/ipseckey -c $FILE
if [[ $? == 0 ]]; then
 echo "The file is ok"
fi