]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - src/patches/openswan-2.6.23-updown-add_ipfire-snat.patch
projects / people / pmueller / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Bump vdradmin package version.
[people/pmueller/ipfire-2.x.git] / src / patches / openswan-2.6.23-updown-add_ipfire-snat.patch
CommitLineData
72c63a15
AF		 1--- /usr/lib/ipsec/_updown 2009-10-08 01:43:58.000000000 +0200
2+++ /usr/lib/ipsec/_updown 2009-12-20 23:13:24.000000000 +0100
3@@ -128,6 +128,21 @@
4 2.*) ;;
5 esac
6
7+# add/remove rules to reach vpn-peers from ipfire
8+src=$(/sbin/ip route|grep $PLUTO_MY_CLIENT|(read net key_dev dev key_proto key_kernel key_scope key_link key_src src; echo $src))
9+
10+case "$PLUTO_VERB" in
11+"route-client")
507954d9
AF		 12+ logger -t "ipsec_updown" "iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src"
13+ /sbin/iptables -t nat -A IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
72c63a15
AF		 14+ ;;
15+
16+"unroute-client")
507954d9
AF		 17+ logger -t "ipsec_updown" "iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src"
18+ /sbin/iptables -t nat -D IPSECNAT -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src
72c63a15
AF		 19+ ;;
20+esac
21+
22 if [ -x /usr/lib/ipsec/_updown.${PLUTO_STACK} ]
23 then
24 exec /usr/lib/ipsec/_updown.${PLUTO_STACK} $*
Peter's tree of IPFire 2.x