ipsec-policy: Permit GRE traffic for GRE connections

author Michael Tremer <michael.tremer@ipfire.org>

Thu, 29 Nov 2018 15:58:55 +0000 (15:58 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Mon, 4 Feb 2019 18:20:36 +0000 (18:20 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Thu, 29 Nov 2018 15:58:55 +0000 (15:58 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Mon, 4 Feb 2019 18:20:36 +0000 (18:20 +0000)
diff --git a/config/firewall/ipsec-policy b/config/firewall/ipsec-policy

index 53384fc5de104efedffb844fb7c1775f71d09852..32d171f353e48f23add9c659eb530bb01b6a19c6 100644 (file)
--- a/config/firewall/ipsec-policy
+++ b/config/firewall/ipsec-policy
@@ -82,6 +82,19 @@ install_policy() {
                 # Check if this a net-to-net connection
                 [ "${type}" = "net" ] || continue
  
                 # Check if this a net-to-net connection
                 [ "${type}" = "net" ] || continue
  
+               # Install permissions for GRE traffic
+               case "${interface_mode}" in
+                       gre)
+                               if [ -n "${remote}" ]; then
+                                       iptables -A IPSECINPUT -p gre \
+                                               -s "${remote}" -j ACCEPT
+
+                                       iptables -A IPSECOUTPUT -p gre \
+                                               -d "${remote}" -j ACCEPT
+                               fi
+                               ;;
+               esac
+
                 # Split multiple subnets
                 rightsubnets="${rightsubnets//\|/ }"
  
                 # Split multiple subnets
                 rightsubnets="${rightsubnets//\|/ }"
author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 29 Nov 2018 15:58:55 +0000 (15:58 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Mon, 4 Feb 2019 18:20:36 +0000 (18:20 +0000)