From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 4 Aug 2017 19:31:20 +0000 (+0000)
Subject: ipsec: Set routes to peered networks
X-Git-Tag: 009~54
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=202aa3092be4310493c276f07987a95a5f9c3ad9;p=network.git

ipsec: Set routes to peered networks

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/helpers/ipsec-updown b/src/helpers/ipsec-updown
index 4ef3e88f..e4d704d3 100644
--- a/src/helpers/ipsec-updown
+++ b/src/helpers/ipsec-updown
@@ -31,14 +31,18 @@ assert isset PLUTO_VERSION
 
 CONNECTION="${PLUTO_CONNECTION}"
 
-# Interface name for this IPsec connection
-INTERFACE="ipsec-${CONNECTION}"
-
 if ! ipsec_connection_read_config "${CONNECTION}"; then
 	log ERROR "Could not read configuration for ${CONNECTION}"
 	exit ${EXIT_ERROR}
 fi
 
+# Interface name for this IPsec connection
+case "${MODE}" in
+	gre-*|vti)
+		INTERFACE="ipsec-${CONNECTION}"
+		;;
+esac
+
 log DEBUG "${0} called for ${CONNECTION}: ${PLUTO_VERB}"
 
 case "${PLUTO_VERB}" in
@@ -74,9 +78,22 @@ case "${PLUTO_VERB}" in
 				device_set_up "${INTERFACE}"
 				;;
 		esac
+
+		# Set routes
+		if isset INTERFACE; then
+			cmd ip route add "${PLUTO_PEER_CLIENT}" \
+				dev "${INTERFACE}"
+		else
+			cmd ip route add "${PLUTO_PEER_CLIENT}" \
+				via "${PLUTO_PEER}"
+		fi
 		;;
 
 	down-client|down-client-v6|down-host|down-host-v6)
+		# Remove routes
+		cmd ip route del "${PLUTO_PEER_CLIENT}"
+
+		# Remove interfaces
 		case "${MODE}" in
 			gre-*|vti)
 				if device_exists "${INTERFACE}"; then