use table 100 for source routing

diff --git a/src/_updown/_updown b/src/_updown/_updown
index 795b6f3..4cf2717 100755 (executable)
--- a/src/_updown/_updown
+++ b/src/_updown/_updown
@@ -131,7 +131,16 @@ FAC_PRIO=local0.notice
 # the syslog configuration file /etc/syslog.conf:
 #
 # local0.notice                   -/var/log/vpn
+
+# in order to use source IP routing the Linux kernel options
+# CONFIG_IP_ADVANCED_ROUTER and CONFIG_IP_MULTIPLE_TABLES
+# must be enabled
+#
+# special routing table for sourceip routes
+SOURCEIP_ROUTING_TABLE=100
 #
+# priority of the sourceip routing table
+SOURCEIP_ROUTING_TABLE_PRIO=100
 
 # check interface version
 case "$PLUTO_VERSION" in
@@ -218,23 +227,26 @@ doroute() {
 
        parms1="$PLUTO_PEER_CLIENT"
 
-       parms2=
-       if [ -n "$KLIPS" ]
+       if [ -n "$PLUTO_NEXT_HOP" ]
        then
-           if [ -n "$PLUTO_NEXT_HOP" ]
-           then
-               parms2="via $PLUTO_NEXT_HOP"
-           fi
+           parms2="via $PLUTO_NEXT_HOP"
        else
-           parms2="via $PLUTO_ME"
+           parms2="via $PLUTO_PEER"
        fi      
        parms2="$parms2 dev $PLUTO_INTERFACE"
 
        parms3=
-       if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
+       if [ -n "$PLUTO_MY_SOURCEIP" ]
        then
-           addsource
-           parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
+           if test "$1" = "add"
+           then
+               addsource
+               if [ `ip rule list | grep "lookup ${SOURCEIP_ROUTING_TABLE}" | wc -l` -eq 0 ]
+               then
+                   ip rule add pref ${SOURCEIP_ROUTING_TABLE_PRIO} table ${SOURCEIP_ROUTING_TABLE}
+               fi
+           fi
+           parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*} table ${SOURCEIP_ROUTING_TABLE}"
        fi
 
        case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in