# Make sure we are called by strongSwan
assert isset PLUTO_VERSION
-CONNECTION="${PLUTO_CONNECTION}"
+if enabled DEBUG; then
+ while read line; do
+ [[ ${line} =~ ^PLUTO_ ]] || continue
+ log DEBUG " ${line}"
+ done <<< "$(printenv | sort)"
+fi
-# Interface name for this IPsec connection
-INTERFACE="ipsec-${CONNECTION}"
+CONNECTION="${PLUTO_CONNECTION}"
if ! ipsec_connection_read_config "${CONNECTION}"; then
log ERROR "Could not read configuration for ${CONNECTION}"
exit ${EXIT_ERROR}
fi
+# Interface name for this IPsec connection
+case "${MODE}" in
+ gre-*|vti)
+ INTERFACE="ipsec-${CONNECTION}"
+ ;;
+esac
+
log DEBUG "${0} called for ${CONNECTION}: ${PLUTO_VERB}"
case "${PLUTO_VERB}" in
- up-client)
+ up-client|up-client-v6|up-host|up-host-v6)
case "${MODE}" in
+ gre-*)
+ if ! device_exists "${INTERFACE}"; then
+ ip_tunnel_add "${INTERFACE}" \
+ --mode="gre" \
+ --local-address="${PLUTO_ME}" \
+ --remote-address="${PLUTO_PEER}"
+
+ device_set_up "${INTERFACE}"
+ fi
+ ;;
vti)
if device_exists "${INTERFACE}"; then
ip_tunnel_change_keys "${INTERFACE}" \
device_set_up "${INTERFACE}"
;;
esac
+
+ #Get sources IP for routes
+ SRC_IP=($(ip_get_assigned_addresses_from_net \
+ "${PLUTO_MY_CLIENT}" "permanent"))
+
+ # Set routes if we have a source IP.
+ # If not the machine does not has a leg on the net
+ # and we can go on without routes.
+ if isset SRC_IP; then
+ # We take the lowest source IP we found,
+ # which is ugly because the value is unpredictable.
+ SRC_IP=${SRC_IP[0]}
+
+ if isset INTERFACE; then
+ if ! cmd ip route add \
+ "${PLUTO_PEER_CLIENT}" \
+ dev "${INTERFACE}" \
+ src "${SRC_IP}"; then
+ log ERROR \
+ "Could not set routes for ${PLUTO_PEER_CLIENT}"
+ fi
+ else
+ # Get the device which we use to peer with the other site.
+ ME_DEVICE = "$(device_get_by_ip_address "${PLUTO_ME}")"
+
+ # We can only go on if we found a device.
+ if isset ME_DEVICE; then
+ if ! cmd ip route add \
+ "${PLUTO_PEER_CLIENT}" \
+ dev "${ME_DEVICE}" \
+ proto static \
+ src "${SRC_IP}" \
+ table 220; then
+ log ERROR \
+ "Could not set routes for ${PLUTO_PEER_CLIENT}"
+ fi
+ else
+ log ERROR "Could not get device for ${PLUTO_ME}"
+ fi
+ fi
+ fi
;;
- down-client)
+ down-client|down-client-v6|down-host|down-host-v6)
+ # Remove routes
+ cmd ip route del "${PLUTO_PEER_CLIENT}"
+
+ # Remove interfaces
case "${MODE}" in
- vti)
+ gre-*|vti)
if device_exists "${INTERFACE}"; then
device_set_down "${INTERFACE}"
projects / network.git / blobdiff