#!/bin/sh

encrypt_local=no
    
iptables -t nat --flush
iptables -t nat -A POSTROUTING --destination 192.35.169.252 -j ACCEPT
if test $encrypt_local = "no" ; then
	# When not encrypting local traffic, don't SNAT the packet
	iptables -t nat -A POSTROUTING --destination 192.35.164.0/22 -j ACCEPT
fi
iptables -t nat -A POSTROUTING -p ! 50  -j SNAT --to-source 192.35.169.ZZZ

route add 192.35.169.252 gw 192.35.164.1
/usr/sbin/ipsec setup --start

if test $encrypt_local = "yes" ; then
	# When encrypting local traffic, make sure it goes though the ipsec
	# interface
	sleep 5
	route delete -net 192.35.164.0/22 eth0
fi