projects / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 404d3ba)
use table 100 for source routing
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 3 Aug 2007 10:05:15 +0000 (10:05 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 3 Aug 2007 10:05:15 +0000 (10:05 -0000)
src/_updown/_updown patch | blob | history

diff --git a/src/_updown/_updown b/src/_updown/_updown
index 795b6f3..4cf2717 100755 (executable)
--- a/src/_updown/_updown
+++ b/src/_updown/_updown
@@ -131,7 +131,16 @@ FAC_PRIO=local0.notice
 # the syslog configuration file /etc/syslog.conf:
 #
 # local0.notice                   -/var/log/vpn
 # the syslog configuration file /etc/syslog.conf:
 #
 # local0.notice                   -/var/log/vpn
+
+# in order to use source IP routing the Linux kernel options
+# CONFIG_IP_ADVANCED_ROUTER and CONFIG_IP_MULTIPLE_TABLES
+# must be enabled
+#
+# special routing table for sourceip routes
+SOURCEIP_ROUTING_TABLE=100
 #
 #
+# priority of the sourceip routing table
+SOURCEIP_ROUTING_TABLE_PRIO=100
 
 # check interface version
 case "$PLUTO_VERSION" in
 
 # check interface version
 case "$PLUTO_VERSION" in
@@ -218,23 +227,26 @@ doroute() {
 
        parms1="$PLUTO_PEER_CLIENT"
 
 
        parms1="$PLUTO_PEER_CLIENT"
 
-       parms2=
-       if [ -n "$KLIPS" ]
+       if [ -n "$PLUTO_NEXT_HOP" ]
        then
        then
-           if [ -n "$PLUTO_NEXT_HOP" ]
-           then
-               parms2="via $PLUTO_NEXT_HOP"
-           fi
+           parms2="via $PLUTO_NEXT_HOP"
        else
        else
-           parms2="via $PLUTO_ME"
+           parms2="via $PLUTO_PEER"
        fi      
        parms2="$parms2 dev $PLUTO_INTERFACE"
 
        parms3=
        fi      
        parms2="$parms2 dev $PLUTO_INTERFACE"
 
        parms3=
-       if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
+       if [ -n "$PLUTO_MY_SOURCEIP" ]
        then
        then
-           addsource
-           parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
+           if test "$1" = "add"
+           then
+               addsource
+               if [ `ip rule list | grep "lookup ${SOURCEIP_ROUTING_TABLE}" | wc -l` -eq 0 ]
+               then
+                   ip rule add pref ${SOURCEIP_ROUTING_TABLE_PRIO} table ${SOURCEIP_ROUTING_TABLE}
+               fi
+           fi
+           parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*} table ${SOURCEIP_ROUTING_TABLE}"
        fi
 
        case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
        fi
 
        case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
strongSwan - IPsec VPN