#!/bin/sh

##
# IPSec Network Security
##

. /etc/rc.common

# The interface that is being secured

IF=en1

any=0.0.0.0/0 
gateway=`route get default | grep gateway | cut -d : -f 2`
gateway=192.168.1.1
my_addr=`ifconfig $IF | grep "inet " | cut -d " " -f 2`

ConsoleMessage "Securing default route $my_addr <-> $gateway"

setkey -c << EOF
flush;
spdflush;

spdadd $my_addr $any any -P out ipsec esp/tunnel/$my_addr-$gateway/require;
spdadd $any $my_addr any -P in ipsec esp/tunnel/$gateway-$my_addr/require;
EOF

ifconfig en1 mtu 1350

pid=`cat /var/run/racoon.pid`
racoon_alive=`ps -p $pid | grep racoon | wc -l`
if [ ! racoon_alive  ]; then
	ConsoleMessage "Starting racoon"
	racoon
fi

ConsoleMessage "IPSec enabled!"