# the syslog configuration file /etc/syslog.conf:
#
# local0.notice -/var/log/vpn
+
+# in order to use source IP routing the Linux kernel options
+# CONFIG_IP_ADVANCED_ROUTER and CONFIG_IP_MULTIPLE_TABLES
+# must be enabled
+#
+# special routing table for sourceip routes
+SOURCEIP_ROUTING_TABLE=100
#
+# priority of the sourceip routing table
+SOURCEIP_ROUTING_TABLE_PRIO=100
# check interface version
case "$PLUTO_VERSION" in
parms1="$PLUTO_PEER_CLIENT"
- parms2=
- if [ -n "$KLIPS" ]
+ if [ -n "$PLUTO_NEXT_HOP" ]
then
- if [ -n "$PLUTO_NEXT_HOP" ]
- then
- parms2="via $PLUTO_NEXT_HOP"
- fi
+ parms2="via $PLUTO_NEXT_HOP"
else
- parms2="via $PLUTO_ME"
+ parms2="via $PLUTO_PEER"
fi
parms2="$parms2 dev $PLUTO_INTERFACE"
parms3=
- if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
+ if [ -n "$PLUTO_MY_SOURCEIP" ]
then
- addsource
- parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
+ if test "$1" = "add"
+ then
+ addsource
+ if [ `ip rule list | grep "lookup ${SOURCEIP_ROUTING_TABLE}" | wc -l` -eq 0 ]
+ then
+ ip rule add pref ${SOURCEIP_ROUTING_TABLE_PRIO} table ${SOURCEIP_ROUTING_TABLE}
+ fi
+ fi
+ parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*} table ${SOURCEIP_ROUTING_TABLE}"
fi
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in