From: Michael Tremer Date: Fri, 4 Aug 2017 12:51:35 +0000 (+0000) Subject: ipsec: Add prototype-level support for GRE tunnels X-Git-Tag: 009~66 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95835d23f3eab6408594d872c94088599febe4d4;p=network.git ipsec: Add prototype-level support for GRE tunnels Signed-off-by: Michael Tremer --- diff --git a/src/functions/functions.ipsec b/src/functions/functions.ipsec index fc160159..f324369c 100644 --- a/src/functions/functions.ipsec +++ b/src/functions/functions.ipsec @@ -1074,19 +1074,27 @@ _ipsec_connection_to_strongswan_connection() { # Traffic Selectors - # Local Prefixes - if isset LOCAL_PREFIX; then - print_indent 4 "local_ts = $(list_join LOCAL_PREFIX ,)" - else - print_indent 4 "local_ts = dynamic" - fi + case "${MODE}" in + gre-*) + print_indent 4 "local_ts = dynamic[gre]" + print_indent 4 "remote_ts = dynamic[gre]" + ;; + *) + # Local Prefixes + if isset LOCAL_PREFIX; then + print_indent 4 "local_ts = $(list_join LOCAL_PREFIX ,)" + else + print_indent 4 "local_ts = dynamic" + fi - # Remote Prefixes - if isset REMOTE_PREFIX; then - print_indent 4 "remote_ts = $(list_join REMOTE_PREFIX ,)" - else - print_indent 4 "remote_ts = dynamic" - fi + # Remote Prefixes + if isset REMOTE_PREFIX; then + print_indent 4 "remote_ts = $(list_join REMOTE_PREFIX ,)" + else + print_indent 4 "remote_ts = dynamic" + fi + ;; + esac print # Netfilter Marks diff --git a/src/helpers/ipsec-updown b/src/helpers/ipsec-updown index 2be4e0cb..a2430ee0 100644 --- a/src/helpers/ipsec-updown +++ b/src/helpers/ipsec-updown @@ -44,6 +44,16 @@ log DEBUG "${0} called for ${CONNECTION}: ${PLUTO_VERB}" case "${PLUTO_VERB}" in up-client) case "${MODE}" in + gre-*) + if ! device_exists "${INTERFACE}"; then + ip_tunnel_add "${INTERFACE}" \ + --mode="gre" \ + --local-address="${TUNNEL_ADDRESS}" \ + --remote-address="${TUNNEL_PEER}" + + device_set_up "${INTERFACE}" + fi + ;; vti) if device_exists "${INTERFACE}"; then ip_tunnel_change_keys "${INTERFACE}" \