ipsec: Add prototype-level support for GRE tunnels

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec
index fc160159cec38e66e59066be860a20e3fefebc6b..f324369c92bea5662f40d03a10e04ec53d76bed7 100644 (file)
--- a/src/functions/functions.ipsec
+++ b/src/functions/functions.ipsec
@@ -1074,19 +1074,27 @@ _ipsec_connection_to_strongswan_connection() {
 
        # Traffic Selectors
 
-       # Local Prefixes
-       if isset LOCAL_PREFIX; then
-               print_indent 4 "local_ts = $(list_join LOCAL_PREFIX ,)"
-       else
-               print_indent 4 "local_ts = dynamic"
-       fi
+       case "${MODE}" in
+               gre-*)
+                       print_indent 4 "local_ts = dynamic[gre]"
+                       print_indent 4 "remote_ts = dynamic[gre]"
+                       ;;
+               *)
+                       # Local Prefixes
+                       if isset LOCAL_PREFIX; then
+                               print_indent 4 "local_ts = $(list_join LOCAL_PREFIX ,)"
+                       else
+                               print_indent 4 "local_ts = dynamic"
+                       fi
 
-       # Remote Prefixes
-       if isset REMOTE_PREFIX; then
-               print_indent 4 "remote_ts = $(list_join REMOTE_PREFIX ,)"
-       else
-               print_indent 4 "remote_ts = dynamic"
-       fi
+                       # Remote Prefixes
+                       if isset REMOTE_PREFIX; then
+                               print_indent 4 "remote_ts = $(list_join REMOTE_PREFIX ,)"
+                       else
+                               print_indent 4 "remote_ts = dynamic"
+                       fi
+                       ;;
+       esac
        print
 
        # Netfilter Marks

diff --git a/src/helpers/ipsec-updown b/src/helpers/ipsec-updown
index 2be4e0cbda6927104fbab4b00eaab5ae0505faac..a2430ee008a48cf208b2f16a2a2200f53ff74206 100644 (file)
--- a/src/helpers/ipsec-updown
+++ b/src/helpers/ipsec-updown
@@ -44,6 +44,16 @@ log DEBUG "${0} called for ${CONNECTION}: ${PLUTO_VERB}"
 case "${PLUTO_VERB}" in
        up-client)
                case "${MODE}" in
+                       gre-*)
+                               if ! device_exists "${INTERFACE}"; then
+                                       ip_tunnel_add "${INTERFACE}" \
+                                               --mode="gre" \
+                                               --local-address="${TUNNEL_ADDRESS}" \
+                                               --remote-address="${TUNNEL_PEER}"
+
+                                       device_set_up "${INTERFACE}"
+                               fi
+                               ;;
                        vti)
                                if device_exists "${INTERFACE}"; then
                                        ip_tunnel_change_keys "${INTERFACE}" \