]> git.ipfire.org Git - ipfire-2.x.git/blame - src/patches/strongswan-ipfire-revert.patch
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
findutils: Update to 4.8.0
[ipfire-2.x.git] / src / patches / strongswan-ipfire-revert.patch
CommitLineData
918ee4a4
MT		 1--- strongswan-5.7.2/src/_updown/_updown.in.bak 2019-04-08 16:27:08.549214441 +0100
2+++ strongswan-5.7.2/src/_updown/_updown.in 2019-04-08 16:30:30.195868788 +0100
3@@ -130,36 +130,6 @@
4 # address family.
5 #
6
7-VARS=(
8- id status name lefthost type ctype psk local local_id leftsubnets
9- remote_id remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
10- x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
11- route x23 mode interface_mode interface_address interface_mtu rest
12-)
13-
14-function ip_encode() {
15- local IFS=.
16-
17- local int=0
18- for field in $1; do
19- int=$(( $(( $int << 8 )) | $field ))
20- done
21-
22- echo $int
23-}
24-
25-function ip_in_subnet() {
26- local netmask
27- netmask=$(_netmask $2)
28- [ $(( $(ip_encode $1) & $netmask)) = $(( $(ip_encode ${2%/*}) & $netmask )) ]
29-}
30-
31-function _netmask() {
32- local vlsm
33- vlsm=${1#*/}
34- [ $vlsm -eq 0 ] && echo 0 || echo $(( -1 << $(( 32 - $vlsm )) ))
35-}
36-
37 # define a minimum PATH environment in case it is not set
38 PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/sbin"
39 export PATH
40@@ -326,13 +296,6 @@
41 fi
42 ;;
43 up-client:iptables)
44- # Read IPsec configuration
45- while IFS="," read -r "${VARS[@]}"; do
46- if [ "${PLUTO_CONNECTION}" = "${name}" ]; then
47- break
48- fi
49- done < /var/ipfire/vpn/config
50-
51 # connection to client subnet, with (left/right)firewall=yes, coming up
52 # This is used only by the default updown script, not by your custom
53 # ones, so do not mess with it; see CAUTION comment up at top.
54@@ -396,30 +359,6 @@
55 logger -t $TAG -p $FAC_PRIO \
56 "tunnel+ $PLUTO_PEER -- $PLUTO_ME"
57 fi
58-
59- if [ -z "${interface_mode}" ]; then
60- # Add source nat so also the gateway can access the other nets
61- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
62- for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
63- ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}"
64- if [ $? -eq 0 ]; then
65- src=${_src}
66- break
67- fi
68- done
69-
70- if [ -n "${src}" ]; then
71- iptables --wait -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
72- logger -t $TAG -p $FAC_PRIO \
73- "snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
74- else
75- logger -t $TAG -p $FAC_PRIO \
76- "Cannot create NAT rule because no IP of the IPFire does match the subnet. $PLUTO_MY_CLIENT"
77- fi
78- fi
79-
80- # Flush routing cache
81- ip route flush cache
82 ;;
83 down-client:iptables)
84 # connection to client subnet, with (left/right)firewall=yes, going down
85@@ -487,28 +426,6 @@
86 logger -t $TAG -p $FAC_PRIO \
87 "tunnel- $PLUTO_PEER -- $PLUTO_ME"
88 fi
89-
90- # remove source nat
91- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
92- for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
93- ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}"
94- if [ $? -eq 0 ]; then
95- src=${_src}
96- break
97- fi
98- done
99-
100- if [ -n "${src}" ]; then
101- iptables --wait -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
102- logger -t $TAG -p $FAC_PRIO \
103- "snat- $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
104- else
105- logger -t $TAG -p $FAC_PRIO \
106- "Cannot remove NAT rule because no IP of the IPFire does match the subnet."
107- fi
108-
109- # Flush routing cache
110- ip route flush cache
111 ;;
112 #
113 # IPv6
IPFire 2.x development tree