mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-20 07:53:01 +02:00
Patch to make ipsec peers reachable from the ipfire.
This commit is contained in:
Arne Fitzenreiter
24
src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch
Normal file
24
src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch
Normal file
@@ -0,0 +1,24 @@
|
||||
--- /usr/lib/ipsec/_updown 2009-10-08 01:43:58.000000000 +0200
|
||||
+++ /usr/lib/ipsec/_updown 2009-12-20 23:13:24.000000000 +0100
|
||||
@@ -128,6 +128,21 @@
|
||||
2.*) ;;
|
||||
esac
|
||||
|
||||
+# add/remove rules to reach vpn-peers from ipfire
|
||||
+src=$(/sbin/ip route|grep $PLUTO_MY_CLIENT|(read net key_dev dev key_proto key_kernel key_scope key_link key_src src; echo $src))
|
||||
+
|
||||
+case "$PLUTO_VERB" in
|
||||
+"route-client")
|
||||
+ logger -t "ipsec_updown" "iptables -t nat -A CUSTOMPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src"
|
||||
+ /sbin/iptables -t nat -A CUSTOMPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
|
||||
+ ;;
|
||||
+
|
||||
+"unroute-client")
|
||||
+ logger -t "ipsec_updown" "iptables -t nat -D CUSTOMPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src"
|
||||
+ /sbin/iptables -t nat -D CUSTOMPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
|
||||
+ ;;
|
||||
+esac
|
||||
+
|
||||
if [ -x /usr/lib/ipsec/_updown.${PLUTO_STACK} ]
|
||||
then
|
||||
exec /usr/lib/ipsec/_updown.${PLUTO_STACK} $*
|
||||
Reference in New Issue
Block a user