asterisk/IMS_ipsec_setup.sh - osmo-ttcn3-hacks - Gitiles

 #!/bin/sh

 # use: ipset_setup.sh \
 # $LOC_IP $LOC_PORT_C $LOC_SPI_C $LOC_PORT_S $LOC_SPI_S \
 # $REM_IP $REM_PORT_C $REM_SPI_C $REM_PORT_S $REM_SPI_S \
 # $AUTH_KEY

 LOC_IP="${1}"
 LOC_PORT_C="${2}"
 LOC_SPI_C="${3}"
 LOC_PORT_S="${4}"
 LOC_SPI_S="${5}"
 REM_IP="${6}"
 REM_PORT_C="${7}"
 REM_SPI_C="${8}"
 REM_PORT_S="${9}"
 REM_SPI_S="${10}"
 AUTH_KEY="${11}"

 set -x

 # Clean up state from previous tests:
 ip xfrm policy flush
 ip xfrm state flush

 # use: ip_xfrm <src_ip> <src_port> <dst_ip> <dst_port> <spi>
 ip_xfrm_state() {
         ip xfrm state add \
                 src "${1}" dst "${3}" proto esp spi "${5}" reqid "${5}" mode transport \
                 replay-window 32 \
                 auth-trunc sha1 "${AUTH_KEY}" 96 \
                 enc cipher_null "" \
                 sel src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}"
 }

 # TTCN3(Srv) -> Asterisk(Cli): REM_SPI_C
 ip_xfrm_state "${LOC_IP}" "${LOC_PORT_S}" "${REM_IP}" "${REM_PORT_C}" "${REM_SPI_C}"

 # TTCN3(Cli) -> Asterisk(Srv): REM_SPI_S
 ip_xfrm_state "${LOC_IP}" "${LOC_PORT_C}" "${REM_IP}" "${REM_PORT_S}" "${REM_SPI_S}"

 # Asterisk(Cli) -> TTCN3(Srv): LOC_SPI_S
 ip_xfrm_state "${REM_IP}" "${REM_PORT_C}" "${LOC_IP}" "${LOC_PORT_S}" "${LOC_SPI_S}"

 # Asterisk(Srv) -> TTCN3(Cli): LOC_SPI_C
 ip_xfrm_state "${REM_IP}" "${REM_PORT_S}" "${LOC_IP}" "${LOC_PORT_C}" "${LOC_SPI_C}"

 # use: ip_xfrm <src_ip> <src_port> <dst_ip> <dst_port> <req_id> <dir>
 ip_xfrm_policy() {
         ip xfrm policy add \
                 src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}" \
                 dir "${6}" \
                 tmpl src "${1}" dst "${3}" \
                 proto esp reqid "${5}" mode transport
 }

 # TTCN3(Srv) -> Asterisk(Cli): REM_SPI_C out
 ip_xfrm_policy "${LOC_IP}" "${LOC_PORT_S}" "${REM_IP}" "${REM_PORT_C}" "${REM_SPI_C}" "out"

 # TTCN3(Cli) -> Asterisk(Srv): REM_SPI_S out
 ip_xfrm_policy "${LOC_IP}" "${LOC_PORT_C}" "${REM_IP}" "${REM_PORT_S}" "${REM_SPI_S}" "out"

 # Asterisk(Cli) -> TTCN3(Srv): LOC_SPI_S in
 ip_xfrm_policy "${REM_IP}" "${REM_PORT_C}" "${LOC_IP}" "${LOC_PORT_S}" "${LOC_SPI_S}" "in"

 # Asterisk(Srv) -> TTCN3(Cli): LOC_SPI_C in
 ip_xfrm_policy "${REM_IP}" "${REM_PORT_S}" "${LOC_IP}" "${LOC_PORT_C}" "${LOC_SPI_C}" "in"

 #ip xfrm state
 #ip xfrm policy
	#!/bin/sh

	# use: ipset_setup.sh \
	# $LOC_IP $LOC_PORT_C $LOC_SPI_C $LOC_PORT_S $LOC_SPI_S \
	# $REM_IP $REM_PORT_C $REM_SPI_C $REM_PORT_S $REM_SPI_S \
	# $AUTH_KEY

	LOC_IP="${1}"
	LOC_PORT_C="${2}"
	LOC_SPI_C="${3}"
	LOC_PORT_S="${4}"
	LOC_SPI_S="${5}"
	REM_IP="${6}"
	REM_PORT_C="${7}"
	REM_SPI_C="${8}"
	REM_PORT_S="${9}"
	REM_SPI_S="${10}"
	AUTH_KEY="${11}"

	set -x

	# Clean up state from previous tests:
	ip xfrm policy flush
	ip xfrm state flush

	# use: ip_xfrm <src_ip> <src_port> <dst_ip> <dst_port> <spi>
	ip_xfrm_state() {
	ip xfrm state add \
	src "${1}" dst "${3}" proto esp spi "${5}" reqid "${5}" mode transport \
	replay-window 32 \
	auth-trunc sha1 "${AUTH_KEY}" 96 \
	enc cipher_null "" \
	sel src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}"
	}

	# TTCN3(Srv) -> Asterisk(Cli): REM_SPI_C
	ip_xfrm_state "${LOC_IP}" "${LOC_PORT_S}" "${REM_IP}" "${REM_PORT_C}" "${REM_SPI_C}"

	# TTCN3(Cli) -> Asterisk(Srv): REM_SPI_S
	ip_xfrm_state "${LOC_IP}" "${LOC_PORT_C}" "${REM_IP}" "${REM_PORT_S}" "${REM_SPI_S}"

	# Asterisk(Cli) -> TTCN3(Srv): LOC_SPI_S
	ip_xfrm_state "${REM_IP}" "${REM_PORT_C}" "${LOC_IP}" "${LOC_PORT_S}" "${LOC_SPI_S}"

	# Asterisk(Srv) -> TTCN3(Cli): LOC_SPI_C
	ip_xfrm_state "${REM_IP}" "${REM_PORT_S}" "${LOC_IP}" "${LOC_PORT_C}" "${LOC_SPI_C}"

	# use: ip_xfrm <src_ip> <src_port> <dst_ip> <dst_port> <req_id> <dir>
	ip_xfrm_policy() {
	ip xfrm policy add \
	src "${1}/32" dst "${3}/32" sport "${2}" dport "${4}" \
	dir "${6}" \
	tmpl src "${1}" dst "${3}" \
	proto esp reqid "${5}" mode transport
	}

	# TTCN3(Srv) -> Asterisk(Cli): REM_SPI_C out
	ip_xfrm_policy "${LOC_IP}" "${LOC_PORT_S}" "${REM_IP}" "${REM_PORT_C}" "${REM_SPI_C}" "out"

	# TTCN3(Cli) -> Asterisk(Srv): REM_SPI_S out
	ip_xfrm_policy "${LOC_IP}" "${LOC_PORT_C}" "${REM_IP}" "${REM_PORT_S}" "${REM_SPI_S}" "out"

	# Asterisk(Cli) -> TTCN3(Srv): LOC_SPI_S in
	ip_xfrm_policy "${REM_IP}" "${REM_PORT_C}" "${LOC_IP}" "${LOC_PORT_S}" "${LOC_SPI_S}" "in"

	# Asterisk(Srv) -> TTCN3(Cli): LOC_SPI_C in
	ip_xfrm_policy "${REM_IP}" "${REM_PORT_S}" "${LOC_IP}" "${LOC_PORT_C}" "${LOC_SPI_C}" "in"

	#ip xfrm state
	#ip xfrm policy