]>
Commit | Line | Data |
---|---|---|
1 | --- /usr/lib/ipsec/_updown 2009-10-08 01:43:58.000000000 +0200 | |
2 | +++ /usr/lib/ipsec/_updown 2009-12-20 23:13:24.000000000 +0100 | |
3 | @@ -128,6 +128,21 @@ | |
4 | 2.*) ;; | |
5 | esac | |
6 | ||
7 | +# add/remove rules to reach vpn-peers from ipfire | |
8 | +src=$(/sbin/ip route|grep $PLUTO_MY_CLIENT|(read net key_dev dev key_proto key_kernel key_scope key_link key_src src; echo $src)) | |
9 | + | |
10 | +case "$PLUTO_VERB" in | |
11 | +"route-client") | |
12 | + logger -t "ipsec_updown" "iptables -t nat -A IPSECPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src" | |
13 | + /sbin/iptables -t nat -A IPSECPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src | |
14 | + ;; | |
15 | + | |
16 | +"unroute-client") | |
17 | + logger -t "ipsec_updown" "iptables -t nat -D IPSECPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src" | |
18 | + /sbin/iptables -t nat -D IPSECPOSTROUTING -o $PLUTO_INTERFACE -s $PLUTO_ME -d $PLUTO_PEER_CLIENT -j SNAT --to $src | |
19 | + ;; | |
20 | +esac | |
21 | + | |
22 | if [ -x /usr/lib/ipsec/_updown.${PLUTO_STACK} ] | |
23 | then | |
24 | exec /usr/lib/ipsec/_updown.${PLUTO_STACK} $* |