Add the ipcp scripts for pppd and racoon configuration for ipsec-tools.

1. add ip-up/ip-down script
2. add /etc/ppp/peers/common
3. add /etc/racoon/racoon.conf

4 files changed, 73 insertions, 32 deletions

diff --git a/rootdir/etc/ppp/ip-down b/rootdir/etc/ppp/ip-down
index 672fa1e..58d21e5 100755
--- a/rootdir/etc/ppp/ip-down
+++ b/rootdir/etc/ppp/ip-down
@@ -1,14 +1 @@
 #!/system/bin/sh
-case $1 in
-    ppp1)
-	echo 0 > /proc/sys/net/ipv4/ip_forward;
-	;;
-esac
-
-# Use interface name if linkname is not available
-NAME=${LINKNAME:-"$1"}
-
-/system/bin/setprop "net.$NAME.dns1" "$DNS1"
-/system/bin/setprop "net.$NAME.dns2" "$DNS2" 
-/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL" 
-/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE" 
diff --git a/rootdir/etc/ppp/ip-up b/rootdir/etc/ppp/ip-up
index cb2d577..8c8f12c 100755
--- a/rootdir/etc/ppp/ip-up
+++ b/rootdir/etc/ppp/ip-up
@@ -1,24 +1,33 @@
 #!/system/bin/sh
-case $1 in
-    ppp1)
-	/android/bin/iptables --flush;
-	/android/bin/iptables --table nat --flush;
-	/android/bin/iptables --delete-chain;
-	/android/bin/iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE;
-	/android/bin/iptables --append FORWARD --in-interface ppp1 -j ACCEPT;
-	echo 0 > /proc/sys/net/ipv4/ip_forward;
-	echo 1 > /proc/sys/net/ipv4/ip_forward;
-	;;
-    ppp0)
-        /system/bin/setprop "net.interfaces.defaultroute" "gprs"
-        ;;
-esac
 
 # Use interface name if linkname is not available
-NAME=${LINKNAME:-"$1"}
 
-/system/bin/setprop "net.$NAME.dns1" "$DNS1"
-/system/bin/setprop "net.$NAME.dns2" "$DNS2" 
-/system/bin/setprop "net.$NAME.local-ip" "$IPLOCAL" 
-/system/bin/setprop "net.$NAME.remote-ip" "$IPREMOTE" 
+/system/bin/setprop "net.dns1" "$DNS1"
+/system/bin/setprop "net.dns2" "$DNS2"
+
+# Retrieve the default gateway from /proc/net/route
+RTAB=`cat /proc/net/route`
+flag=-1; i=0;
+for l in $RTAB; do
+    if (exp flag==1) then DGW=$l; flag=0; fi;
+    if (exp i%11 == 1) then
+        if (exp $l=="00000000") then flag=1; fi;
+    fi;
+    i=`exp i+1`;
+done
+FH=${DGW%????}
+LH=${DGW#????}
+A=`exp 0x${LH#??}`
+B=`exp 0x${LH%??}`
+C=`exp 0x${FH#??}`
+D=`exp 0x${FH%??}`
+GATEWAY="$A.$B.$C.$D"
+VPNSERVER=`getprop "net.vpn.server_ip"`
+
+# Protect the route to vpn server
+/system/bin/route add -net $VPNSERVER netmask 255.255.255.255 gw $GATEWAY
+
+# Route all traffic to vpn connection
+/system/bin/route add -net 0.0.0.0 netmask 128.0.0.0 gw $IPREMOTE
+/system/bin/route add -net 128.0.0.0 netmask 128.0.0.0 gw $IPREMOTE
 
diff --git a/rootdir/etc/ppp/peers/common b/rootdir/etc/ppp/peers/common
new file mode 100755
index 0000000..4183841
--- /dev/null
+++ b/rootdir/etc/ppp/peers/common
@@ -0,0 +1,10 @@
+ipcp-accept-local
+ipcp-accept-remote
+refuse-eap
+noccp
+noauth
+idle 1800
+mtu 1400
+mru 1400
+nodefaultroute
+usepeerdns
diff --git a/rootdir/etc/racoon/racoon.conf b/rootdir/etc/racoon/racoon.conf
new file mode 100644
index 0000000..eb50a2d
--- /dev/null
+++ b/rootdir/etc/racoon/racoon.conf
@@ -0,0 +1,35 @@
+#path certificate "";
+path certificate "/";
+
+sainfo anonymous {
+   encryption_algorithm aes, 3des;
+   authentication_algorithm hmac_sha1, hmac_md5;
+   compression_algorithm deflate;
+   lifetime time 3600 sec;
+}
+
+remote anonymous {
+   exchange_mode main;
+   doi ipsec_doi;
+   situation identity_only;
+   ike_frag on;
+   generate_policy on;
+   my_identifier asn1dn;
+   nat_traversal on; # always use NAT-T
+   ca_type x509 "ca.crt";
+   certificate_type x509 "user.crt" "user.key";
+   verify_identifier off;
+   verify_cert on;
+   nonce_size 16;
+   initial_contact on;
+   proposal_check obey;
+
+   proposal {
+      authentication_method rsasig;
+      hash_algorithm sha1;
+      encryption_algorithm 3des;
+      lifetime time 3600 sec;
+      dh_group 2;
+   }
+}
+