+++ /dev/null
---- strongswan-5.7.2/src/_updown/_updown.in.bak 2019-04-08 16:27:08.549214441 +0100
-+++ strongswan-5.7.2/src/_updown/_updown.in 2019-04-08 16:30:30.195868788 +0100
-@@ -130,36 +130,6 @@
- # address family.
- #
-
--VARS=(
-- id status name lefthost type ctype psk local local_id leftsubnets
-- remote_id remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
-- x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
-- route x23 mode interface_mode interface_address interface_mtu rest
--)
--
--function ip_encode() {
-- local IFS=.
--
-- local int=0
-- for field in $1; do
-- int=$(( $(( $int << 8 )) | $field ))
-- done
--
-- echo $int
--}
--
--function ip_in_subnet() {
-- local netmask
-- netmask=$(_netmask $2)
-- [ $(( $(ip_encode $1) & $netmask)) = $(( $(ip_encode ${2%/*}) & $netmask )) ]
--}
--
--function _netmask() {
-- local vlsm
-- vlsm=${1#*/}
-- [ $vlsm -eq 0 ] && echo 0 || echo $(( -1 << $(( 32 - $vlsm )) ))
--}
--
- # define a minimum PATH environment in case it is not set
- PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/sbin"
- export PATH
-@@ -326,13 +296,6 @@
- fi
- ;;
- up-client:iptables)
-- # Read IPsec configuration
-- while IFS="," read -r "${VARS[@]}"; do
-- if [ "${PLUTO_CONNECTION}" = "${name}" ]; then
-- break
-- fi
-- done < /var/ipfire/vpn/config
--
- # connection to client subnet, with (left/right)firewall=yes, coming up
- # This is used only by the default updown script, not by your custom
- # ones, so do not mess with it; see CAUTION comment up at top.
-@@ -396,30 +359,6 @@
- logger -t $TAG -p $FAC_PRIO \
- "tunnel+ $PLUTO_PEER -- $PLUTO_ME"
- fi
--
-- if [ -z "${interface_mode}" ]; then
-- # Add source nat so also the gateway can access the other nets
-- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
-- for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
-- ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}"
-- if [ $? -eq 0 ]; then
-- src=${_src}
-- break
-- fi
-- done
--
-- if [ -n "${src}" ]; then
-- iptables --wait -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
-- logger -t $TAG -p $FAC_PRIO \
-- "snat+ $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
-- else
-- logger -t $TAG -p $FAC_PRIO \
-- "Cannot create NAT rule because no IP of the IPFire does match the subnet. $PLUTO_MY_CLIENT"
-- fi
-- fi
--
-- # Flush routing cache
-- ip route flush cache
- ;;
- down-client:iptables)
- # connection to client subnet, with (left/right)firewall=yes, going down
-@@ -487,28 +426,6 @@
- logger -t $TAG -p $FAC_PRIO \
- "tunnel- $PLUTO_PEER -- $PLUTO_ME"
- fi
--
-- # remove source nat
-- eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
-- for _src in ${GREEN_ADDRESS} ${BLUE_ADDRESS} ${ORANGE_ADDRESS}; do
-- ip_in_subnet "${_src}" "${PLUTO_MY_CLIENT}"
-- if [ $? -eq 0 ]; then
-- src=${_src}
-- break
-- fi
-- done
--
-- if [ -n "${src}" ]; then
-- iptables --wait -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
-- logger -t $TAG -p $FAC_PRIO \
-- "snat- $PLUTO_INTERFACE-$PLUTO_ME : $PLUTO_PEER_CLIENT - $src"
-- else
-- logger -t $TAG -p $FAC_PRIO \
-- "Cannot remove NAT rule because no IP of the IPFire does match the subnet."
-- fi
--
-- # Flush routing cache
-- ip route flush cache
- ;;
- #
- # IPv6