From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 9 Jan 2019 18:56:01 +0000 (+0100)
Subject: ipsec: TTL only applies for GRE interfaces and not VTI
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=6a45a1f1015ff1d23de0f5b7510b00835243c107

ipsec: TTL only applies for GRE interfaces and not VTI

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/scripts/ipsec-interfaces b/src/scripts/ipsec-interfaces
index 521bf54eb1..79f5e7d72c 100644
--- a/src/scripts/ipsec-interfaces
+++ b/src/scripts/ipsec-interfaces
@@ -83,13 +83,19 @@ main() {
 			local args=(
 				"local" "${vpn_ip}"
 				"remote" "${righthost}"
-				"ttl" "255"
 			)
 
-			# Add key for VTI
-			if [ "${interface_mode}" = "vti" ]; then
-				args+=( key "${id}" )
-			fi
+			case "${interface_mode}" in
+				gre)
+					# Add TTL
+					args+=( "ttl" "255" )
+					;;
+
+				vti)
+					# Add key for VTI
+					args+=( "key" "${id}" )
+					;;
+			esac
 
 			# Update the settings when the interface already exists
 			if [ -d "/sys/class/net/${intf}" ]; then