ipsec-interfaces: Uses local IP address from connection first, then default

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-09 18:45:54 +02:00 · 2019-01-21 16:41:16 +00:00
parent c32fc72e36
commit 1ca2f88a74
1 changed files with 14 additions and 13 deletions
--- a/src/scripts/ipsec-interfaces
+++ b/src/scripts/ipsec-interfaces
@@ -27,10 +27,10 @@ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings)

 VARS=(
-	id status name lefthost type ctype x1 x2 x3 leftsubnets
-	remote righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12
-	x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24
-	route x26 mode interface_mode interface_address interface_mtu rest
+	id status name lefthost type ctype psk local x1 leftsubnets
+	x2 remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
+	x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
+	route x23 mode interface_mode interface_address interface_mtu rest
 )

 log() {
@@ -43,19 +43,20 @@ main() {
 	local action

 	local interfaces=()
-	local vpn_ip
+
+	# Compat for older connections
+	if [ "${local}" = "off" ]; then
+		local=""
+	fi

 	# Handle %defaultroute
-	if [ "${VPN_IP}" = "%defaultroute" ]; then
+	if [ -z "${local}" ]; then
 		if [ -r "/var/ipfire/red/local-ipaddress" ]; then
-			vpn_ip="$(</var/ipfire/red/local-ipaddress)"
+			local="$(</var/ipfire/red/local-ipaddress)"

 		elif [ "${RED_TYPE}" = "STATIC" -a -n "${RED_ADDRESS}" ]; then
-			vpn_ip="${RED_ADDRESS}"
-
+			local="${RED_ADDRESS}"
 		fi
-	else
-		vpn_ip="${VPN_IP}"
 	fi

 	# We are done when IPsec is not enabled
@@ -81,8 +82,8 @@ main() {
 			interfaces+=( "${intf}" )

 			local args=(
-				"local" "${vpn_ip}"
-				"remote" "${righthost}"
+				"local" "${local}"
+				"remote" "${remote}"
 			)

 			case "${interface_mode}" in