156706Sarchie#!/bin/sh 256706Sarchie# $FreeBSD$ 356706Sarchie 456706Sarchie# This script sets up a virtual point-to-point WAN link between 556706Sarchie# two subnets, using UDP packets as the ``WAN connection.'' 656706Sarchie# The two subnets might be non-routable addresses behind a 756706Sarchie# firewall. 856706Sarchie# 956706Sarchie 1056706Sarchie# Here define the local and remote inside networks as well 1156706Sarchie# as the local and remote outside IP addresses and UDP port 1256706Sarchie# number that will be used for the tunnel. 1356706Sarchie# 1456706SarchieLOC_INTERIOR_IP=192.168.1.1 1556706SarchieLOC_EXTERIOR_IP=1.1.1.1 1656706SarchieREM_INTERIOR_IP=192.168.2.1 1756706SarchieREM_EXTERIOR_IP=2.2.2.2 1856706SarchieREM_INSIDE_NET=192.168.2.0 1956706SarchieUDP_TUNNEL_PORT=4028 2056706Sarchie 2156706Sarchie# Create the interface node ``ng0'' if it doesn't exist already, 2256706Sarchie# otherwise just make sure it's not connected to anything. 2356706Sarchie# In FreeBSD, interfaces cannot be removed so it might already 2456706Sarchie# be there from before. 2556706Sarchie# 2656706Sarchieif ifconfig ng0 >/dev/null 2>&1; then 2756706Sarchie ifconfig ng0 inet down delete >/dev/null 2>&1 2856706Sarchie ngctl shutdown ng0: 2956706Sarchieelse 3056706Sarchie ngctl mkpeer iface dummy inet 3156706Sarchiefi 3256706Sarchie 3356706Sarchie# Attach a UDP socket to the ``inet'' hook of the interface node 34120612Sjulian# using the ng_ksocket(4) node type. 3556706Sarchie# 3656706Sarchiengctl mkpeer ng0: ksocket inet inet/dgram/udp 3756706Sarchie 3856706Sarchie# Bind the UDP socket to the local external IP address and port 3956706Sarchie# 4056706Sarchiengctl msg ng0:inet bind inet/${LOC_EXTERIOR_IP}:${UDP_TUNNEL_PORT} 4156706Sarchie 4256706Sarchie# Connect the UDP socket to the peer's external IP address and port 4356706Sarchie# 4456706Sarchiengctl msg ng0:inet connect inet/${REM_EXTERIOR_IP}:${UDP_TUNNEL_PORT} 4556706Sarchie 4656706Sarchie# Configure the point-to-point interface 4756706Sarchie# 4856706Sarchieifconfig ng0 ${LOC_INTERIOR_IP} ${REM_INTERIOR_IP} 4956706Sarchie 5056706Sarchie# Add a route to the peer's interior network via the tunnel 5156706Sarchie# 5256706Sarchieroute add ${REM_INSIDE_NET} ${REM_INTERIOR_IP} 5356706Sarchie 54