mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-28 03:33:25 +02:00
Patch to make ipsec peers reachable from the ipfire.
This commit is contained in:
Arne Fitzenreiter
@@ -17,3 +17,4 @@ var/ipfire/langs/list
|
|||||||
var/ipfire/outgoing/bin/outgoingfw.pl
|
var/ipfire/outgoing/bin/outgoingfw.pl
|
||||||
var/ipfire/snort/oinkmaster.conf
|
var/ipfire/snort/oinkmaster.conf
|
||||||
usr/local/sbin/setup
|
usr/local/sbin/setup
|
||||||
|
usr/lib/ipsec/_updown
|
||||||
|
|||||||
@@ -36,17 +36,17 @@
|
|||||||
* Unix-Syslog-0.100
|
* Unix-Syslog-0.100
|
||||||
* XML-Parser-2.34
|
* XML-Parser-2.34
|
||||||
* alsa-lib-1.0.21a
|
* alsa-lib-1.0.21a
|
||||||
* alsa-lib-1.0.21a-kmod-2.6.27.41-ipfire
|
* alsa-lib-1.0.21a-kmod-2.6.27.42-ipfire
|
||||||
* amavisd-new-2.5.2
|
* amavisd-new-2.5.2
|
||||||
* apcupsd-3.14.4
|
* apcupsd-3.14.4
|
||||||
* applejuice-0.31
|
* applejuice-0.31
|
||||||
* arping-2.05
|
* arping-2.05
|
||||||
* as86-0.16.17
|
* as86-0.16.17
|
||||||
* asterisk-1.4.26.3
|
* asterisk-1.4.26.3
|
||||||
* atl1c-kmod-2.6.27.41-ipfire
|
* atl1c-kmod-2.6.27.42-ipfire
|
||||||
* atl1c-kmod-2.6.27.41-ipfire-xen
|
* atl1c-kmod-2.6.27.42-ipfire-xen
|
||||||
* atl2-2.0.5-kmod-2.6.27.41-ipfire
|
* atl2-2.0.5-kmod-2.6.27.42-ipfire
|
||||||
* atl2-2.0.5-kmod-2.6.27.41-ipfire-xen
|
* atl2-2.0.5-kmod-2.6.27.42-ipfire-xen
|
||||||
* autoconf-2.59
|
* autoconf-2.59
|
||||||
* automake-1.9.6
|
* automake-1.9.6
|
||||||
* backup-ipfire
|
* backup-ipfire
|
||||||
@@ -71,8 +71,8 @@
|
|||||||
* clamav-0.95.3
|
* clamav-0.95.3
|
||||||
* cmake-2.4.8
|
* cmake-2.4.8
|
||||||
* collectd-4.5.3
|
* collectd-4.5.3
|
||||||
* compat-wireless-2.6.32-rc7-kmod-2.6.27.41-ipfire
|
* compat-wireless-2.6.32.2-kmod-2.6.27.42-ipfire
|
||||||
* compat-wireless-2.6.32-rc7-kmod-2.6.27.41-ipfire-xen
|
* compat-wireless-2.6.32.2-kmod-2.6.27.42-ipfire-xen
|
||||||
* coreutils-5.96
|
* coreutils-5.96
|
||||||
* cpio-2.6
|
* cpio-2.6
|
||||||
* cpufrequtils-005
|
* cpufrequtils-005
|
||||||
@@ -81,8 +81,8 @@
|
|||||||
* cyrus-imapd-2.2.12
|
* cyrus-imapd-2.2.12
|
||||||
* cyrus-sasl-2.1.21
|
* cyrus-sasl-2.1.21
|
||||||
* dahdi-2.2.0.2
|
* dahdi-2.2.0.2
|
||||||
* dahdi-2.2.0.2-kmod-2.6.27.41-ipfire
|
* dahdi-2.2.0.2-kmod-2.6.27.42-ipfire
|
||||||
* dahdi-2.2.0.2-kmod-2.6.27.41-ipfire-xen
|
* dahdi-2.2.0.2-kmod-2.6.27.42-ipfire-xen
|
||||||
* db-4.4.20
|
* db-4.4.20
|
||||||
* dbus-1.0.3
|
* dbus-1.0.3
|
||||||
* dhcp-3.1.0
|
* dhcp-3.1.0
|
||||||
@@ -90,8 +90,8 @@
|
|||||||
* diffutils-2.8.1
|
* diffutils-2.8.1
|
||||||
* dnsmasq-2.45
|
* dnsmasq-2.45
|
||||||
* dosfstools-2.11
|
* dosfstools-2.11
|
||||||
* e1000e-1.0.2.5-kmod-2.6.27.41-ipfire
|
* e1000e-1.0.2.5-kmod-2.6.27.42-ipfire
|
||||||
* e1000e-1.0.2.5-kmod-2.6.27.41-ipfire-xen
|
* e1000e-1.0.2.5-kmod-2.6.27.42-ipfire-xen
|
||||||
* e2fsprogs-1.39
|
* e2fsprogs-1.39
|
||||||
* ebtables-v2.0.8-2
|
* ebtables-v2.0.8-2
|
||||||
* ed-0.2
|
* ed-0.2
|
||||||
@@ -137,8 +137,8 @@
|
|||||||
* hdparm-8.9
|
* hdparm-8.9
|
||||||
* hostapd-0.6.9
|
* hostapd-0.6.9
|
||||||
* hplip-2.7.10
|
* hplip-2.7.10
|
||||||
* hso-1.9-kmod-2.6.27.41-ipfire
|
* hso-1.9-kmod-2.6.27.42-ipfire
|
||||||
* hso-1.9-kmod-2.6.27.41-ipfire-xen
|
* hso-1.9-kmod-2.6.27.42-ipfire-xen
|
||||||
* htop-0.8.1
|
* htop-0.8.1
|
||||||
* httpd-2.2.11
|
* httpd-2.2.11
|
||||||
* hwdata
|
* hwdata
|
||||||
@@ -162,10 +162,10 @@
|
|||||||
* jpegsrc.v6b
|
* jpegsrc.v6b
|
||||||
* kbd-1.12
|
* kbd-1.12
|
||||||
* klibc-1.5.14
|
* klibc-1.5.14
|
||||||
* kqemu-1.4.0pre1-kmod-2.6.27.41-ipfire
|
* kqemu-1.4.0pre1-kmod-2.6.27.42-ipfire
|
||||||
* kqemu-1.4.0pre1-kmod-2.6.27.41-ipfire-xen
|
* kqemu-1.4.0pre1-kmod-2.6.27.42-ipfire-xen
|
||||||
* kudzu-1.2.64
|
* kudzu-1.2.64
|
||||||
* kvm-kmod-2.6.31.5-kmod-2.6.27.41-ipfire
|
* kvm-kmod-2.6.31.5-kmod-2.6.27.42-ipfire
|
||||||
* l7-protocols-2009-05-10
|
* l7-protocols-2009-05-10
|
||||||
* lame-3.97
|
* lame-3.97
|
||||||
* lcd4linux-0.10.1-RC2
|
* lcd4linux-0.10.1-RC2
|
||||||
@@ -195,8 +195,8 @@
|
|||||||
* libwww-perl-5.803
|
* libwww-perl-5.803
|
||||||
* libxml2-2.6.26
|
* libxml2-2.6.26
|
||||||
* libxslt-1.1.17
|
* libxslt-1.1.17
|
||||||
* linux-2.6.27.41-ipfire
|
* linux-2.6.27.42-ipfire
|
||||||
* linux-2.6.27.41-ipfire-xen
|
* linux-2.6.27.42-ipfire-xen
|
||||||
* linux-atm-2.4.1
|
* linux-atm-2.4.1
|
||||||
* linux-libc-headers-2.6.12.0
|
* linux-libc-headers-2.6.12.0
|
||||||
* lm_sensors-3.0.3
|
* lm_sensors-3.0.3
|
||||||
@@ -206,11 +206,11 @@
|
|||||||
* lynis-1.2.6
|
* lynis-1.2.6
|
||||||
* lzo-2.02
|
* lzo-2.02
|
||||||
* m4-1.4.4
|
* m4-1.4.4
|
||||||
* mISDN.git-9bf7deaa4b8829ab8fbccb34529a17aab2ddea93-kmod-2.6.27.41-ipfire
|
* mISDN.git-9bf7deaa4b8829ab8fbccb34529a17aab2ddea93-kmod-2.6.27.42-ipfire
|
||||||
* mISDN.git-9bf7deaa4b8829ab8fbccb34529a17aab2ddea93-kmod-2.6.27.41-ipfire-xen
|
* mISDN.git-9bf7deaa4b8829ab8fbccb34529a17aab2ddea93-kmod-2.6.27.42-ipfire-xen
|
||||||
* mISDNuser.git-54928dec57bc846f2c2186f3640e69a053cd3641
|
* mISDNuser.git-54928dec57bc846f2c2186f3640e69a053cd3641
|
||||||
* madwifi-hal-0.10.5.6-r4031-20090529-kmod-2.6.27.41-ipfire
|
* madwifi-hal-0.10.5.6-r4031-20090529-kmod-2.6.27.42-ipfire
|
||||||
* madwifi-hal-0.10.5.6-r4031-20090529-kmod-2.6.27.41-ipfire-xen
|
* madwifi-hal-0.10.5.6-r4031-20090529-kmod-2.6.27.42-ipfire-xen
|
||||||
* make-3.81
|
* make-3.81
|
||||||
* man-db-2.4.3
|
* man-db-2.4.3
|
||||||
* man-pages-2.34
|
* man-pages-2.34
|
||||||
@@ -258,8 +258,8 @@
|
|||||||
* openssh-5.2p1
|
* openssh-5.2p1
|
||||||
* openssl-0.9.8k
|
* openssl-0.9.8k
|
||||||
* openswan-2.6.23
|
* openswan-2.6.23
|
||||||
* openswan-2.6.23-kmod-2.6.27.41-ipfire
|
* openswan-2.6.23-kmod-2.6.27.42-ipfire
|
||||||
* openswan-2.6.23-kmod-2.6.27.41-ipfire-xen
|
* openswan-2.6.23-kmod-2.6.27.42-ipfire-xen
|
||||||
* openvpn-2.1_rc20
|
* openvpn-2.1_rc20
|
||||||
* p7zip_4.65
|
* p7zip_4.65
|
||||||
* pam_mysql-0.7RC1
|
* pam_mysql-0.7RC1
|
||||||
@@ -280,12 +280,12 @@
|
|||||||
* procps-3.2.6
|
* procps-3.2.6
|
||||||
* psmisc-22.2
|
* psmisc-22.2
|
||||||
* qemu-0.11.0
|
* qemu-0.11.0
|
||||||
* r8101-kmod-2.6.27.41-ipfire
|
* r8101-kmod-2.6.27.42-ipfire
|
||||||
* r8101-kmod-2.6.27.41-ipfire-xen
|
* r8101-kmod-2.6.27.42-ipfire-xen
|
||||||
* r8168-8.014.00-kmod-2.6.27.41-ipfire
|
* r8168-8.014.00-kmod-2.6.27.42-ipfire
|
||||||
* r8168-8.014.00-kmod-2.6.27.41-ipfire-xen
|
* r8168-8.014.00-kmod-2.6.27.42-ipfire-xen
|
||||||
* r8169-6.011.00-kmod-2.6.27.41-ipfire
|
* r8169-6.011.00-kmod-2.6.27.42-ipfire
|
||||||
* r8169-6.011.00-kmod-2.6.27.41-ipfire-xen
|
* r8169-6.011.00-kmod-2.6.27.42-ipfire-xen
|
||||||
* readline-5.1
|
* readline-5.1
|
||||||
* reiser4progs-1.0.5
|
* reiser4progs-1.0.5
|
||||||
* reiserfsprogs-3.6.19
|
* reiserfsprogs-3.6.19
|
||||||
@@ -341,8 +341,8 @@
|
|||||||
* usb_modeswitch-1.0.5
|
* usb_modeswitch-1.0.5
|
||||||
* usbutils-0.72
|
* usbutils-0.72
|
||||||
* util-linux-2.12r
|
* util-linux-2.12r
|
||||||
* v4l-dvb-aba823ecaea6-kmod-2.6.27.41-ipfire
|
* v4l-dvb-aba823ecaea6-kmod-2.6.27.42-ipfire
|
||||||
* v4l-dvb-aba823ecaea6-kmod-2.6.27.41-ipfire-xen
|
* v4l-dvb-aba823ecaea6-kmod-2.6.27.42-ipfire-xen
|
||||||
* vdr-1.6.0
|
* vdr-1.6.0
|
||||||
* vdradmin-am-3.6.4
|
* vdradmin-am-3.6.4
|
||||||
* vim-7.0
|
* vim-7.0
|
||||||
|
|||||||
@@ -115,6 +115,7 @@ else
|
|||||||
|
|
||||||
cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-startklips-1.patch
|
cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-startklips-1.patch
|
||||||
cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-updown.klips-1.patch
|
cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-updown.klips-1.patch
|
||||||
|
cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch
|
||||||
cd /etc/ipsec.d/policies && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-clear-1.patch
|
cd /etc/ipsec.d/policies && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-clear-1.patch
|
||||||
endif
|
endif
|
||||||
#@rm -rf $(DIR_APP)
|
#@rm -rf $(DIR_APP)
|
||||||
|
|||||||
24
src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch
Normal file
24
src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
--- /usr/lib/ipsec/_updown 2009-10-08 01:43:58.000000000 +0200
|
||||||
|
+++ /usr/lib/ipsec/_updown 2009-12-20 23:13:24.000000000 +0100
|
||||||
|
@@ -128,6 +128,21 @@
|
||||||
|
2.*) ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
+# add/remove rules to reach vpn-peers from ipfire
|
||||||
|
+src=$(/sbin/ip route|grep $PLUTO_MY_CLIENT|(read net key_dev dev key_proto key_kernel key_scope key_link key_src src; echo $src))
|
||||||
|
+
|
||||||
|
+case "$PLUTO_VERB" in
|
||||||
|
+"route-client")
|
||||||
|
+ logger -t "ipsec_updown" "iptables -t nat -A CUSTOMPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src"
|
||||||
|
+ /sbin/iptables -t nat -A CUSTOMPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
|
||||||
|
+ ;;
|
||||||
|
+
|
||||||
|
+"unroute-client")
|
||||||
|
+ logger -t "ipsec_updown" "iptables -t nat -D CUSTOMPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src"
|
||||||
|
+ /sbin/iptables -t nat -D CUSTOMPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
|
||||||
|
+ ;;
|
||||||
|
+esac
|
||||||
|
+
|
||||||
|
if [ -x /usr/lib/ipsec/_updown.${PLUTO_STACK} ]
|
||||||
|
then
|
||||||
|
exec /usr/lib/ipsec/_updown.${PLUTO_STACK} $*
|
||||||
Reference in New Issue
Block a user