+++ /dev/null
---- /usr/lib/ipsec/_updown 2009-10-08 01:43:58.000000000 +0200
-+++ /usr/lib/ipsec/_updown 2009-12-20 23:13:24.000000000 +0100
-@@ -128,6 +128,21 @@
- 2.*) ;;
- esac
-
-+# add/remove rules to reach vpn-peers from ipfire
-+src=$(/sbin/ip route|grep $PLUTO_MY_CLIENT|(read net key_dev dev key_proto key_kernel key_scope key_link key_src src; echo $src))
-+
-+case "$PLUTO_VERB" in
-+"route-client")
-+ logger -t "ipsec_updown" "iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src"
-+ /sbin/iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
-+ ;;
-+
-+"unroute-client")
-+ logger -t "ipsec_updown" "iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src"
-+ /sbin/iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
-+ ;;
-+esac
-+
- if [ -x /usr/lib/ipsec/_updown.${PLUTO_STACK} ]
- then
- exec /usr/lib/ipsec/_updown.${PLUTO_STACK} $*