ipsec-interfaces: Apply static routes (again) after creating IPsec interfaces

[people/pmueller/ipfire-2.x.git] / src / scripts / ipsec-interfaces

diff --git a/src/scripts/ipsec-interfaces b/src/scripts/ipsec-interfaces
index 79f5e7d72cb6144d4487cf6a6923572372be8f2c..cb55fdf795411f79543ef2b661ab143766b993df 100644 (file)
--- a/src/scripts/ipsec-interfaces
+++ b/src/scripts/ipsec-interfaces
@@ -27,36 +27,28 @@ eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 eval $(/usr/local/bin/readhash /var/ipfire/vpn/settings)
 
 VARS=(
-       id status name lefthost type ctype x1 x2 x3 leftsubnets
-       remote righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12
-       x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24
-       route x26 mode interface_mode interface_address interface_mtu rest
+       id status name lefthost type ctype psk local local_id leftsubnets
+       remote_id remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
+       x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
+       route x23 mode interface_mode interface_address interface_mtu rest
 )
 
 log() {
        logger -t ipsec "$@"
 }
 
+resolve_hostname() {
+       local hostname="${1}"
+
+       dig +short A "${hostname}" | tail -n1
+}
+
 main() {
        # Register local variables
        local "${VARS[@]}"
        local action
 
        local interfaces=()
-       local vpn_ip
-
-       # Handle %defaultroute
-       if [ "${VPN_IP}" = "%defaultroute" ]; then
-               if [ -r "/var/ipfire/red/local-ipaddress" ]; then
-                       vpn_ip="$(</var/ipfire/red/local-ipaddress)"
-
-               elif [ "${RED_TYPE}" = "STATIC" -a -n "${RED_ADDRESS}" ]; then
-                       vpn_ip="${RED_ADDRESS}"
-
-               fi
-       else
-               vpn_ip="${VPM_IP}"
-       fi
 
        # We are done when IPsec is not enabled
        if [ "${ENABLED}" = "on" ]; then
@@ -80,9 +72,33 @@ main() {
                        # Add the interface to the list of all interfaces
                        interfaces+=( "${intf}" )
 
+                       # Compat for older connections
+                       if [ "${local}" = "off" ]; then
+                               if [ "${VPN_IP}" = "%defaultroute" ]; then
+                                       local=""
+                               else
+                                       local="${VPN_IP}"
+                               fi
+                       fi
+
+                       # Handle %defaultroute
+                       if [ -z "${local}" ]; then
+                               if [ -r "/var/ipfire/red/local-ipaddress" ]; then
+                                       local="$(</var/ipfire/red/local-ipaddress)"
+
+                               elif [ "${RED_TYPE}" = "STATIC" -a -n "${RED_ADDRESS}" ]; then
+                                       local="${RED_ADDRESS}"
+                               fi
+                       fi
+
+                       # Resolve any hostnames
+                       if [[ ! ${remote} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+                               remote="$(resolve_hostname "${remote}")"
+                       fi
+
                        local args=(
-                               "local" "${vpn_ip}"
-                               "remote" "${righthost}"
+                               "local" "${local}"
+                               "remote" "${remote}"
                        )
 
                        case "${interface_mode}" in
@@ -125,7 +141,7 @@ main() {
 
        # Delete all other interfaces
        local intf
-       for intf in /sys/class/net/gre* /sys/class/net/vti*; do
+       for intf in /sys/class/net/gre[0-9]* /sys/class/net/vti[0-9]*; do
                intf="$(basename "${intf}")"
 
                # Ignore a couple of interfaces that cannot be deleted
@@ -151,6 +167,9 @@ main() {
                log "Deleting interface ${intf}"
                ip link del "${intf}" &>/dev/null
        done
+
+       # (Re-)Apply all static routes
+       /etc/init.d/static-routes start
 }
 
 main || exit $?