From: Andreas Steffen Date: Fri, 3 Aug 2007 10:05:15 +0000 (-0000) Subject: use table 100 for source routing X-Git-Tag: 4.1.5~21 X-Git-Url: https://git.strongswan.org/?p=strongswan.git;a=commitdiff_plain;h=f6f55adb3a2a2e92d9237a7586dc6fa1eaa55f17 use table 100 for source routing --- diff --git a/src/_updown/_updown b/src/_updown/_updown index 795b6f3..4cf2717 100755 --- a/src/_updown/_updown +++ b/src/_updown/_updown @@ -131,7 +131,16 @@ FAC_PRIO=local0.notice # the syslog configuration file /etc/syslog.conf: # # local0.notice -/var/log/vpn + +# in order to use source IP routing the Linux kernel options +# CONFIG_IP_ADVANCED_ROUTER and CONFIG_IP_MULTIPLE_TABLES +# must be enabled +# +# special routing table for sourceip routes +SOURCEIP_ROUTING_TABLE=100 # +# priority of the sourceip routing table +SOURCEIP_ROUTING_TABLE_PRIO=100 # check interface version case "$PLUTO_VERSION" in @@ -218,23 +227,26 @@ doroute() { parms1="$PLUTO_PEER_CLIENT" - parms2= - if [ -n "$KLIPS" ] + if [ -n "$PLUTO_NEXT_HOP" ] then - if [ -n "$PLUTO_NEXT_HOP" ] - then - parms2="via $PLUTO_NEXT_HOP" - fi + parms2="via $PLUTO_NEXT_HOP" else - parms2="via $PLUTO_ME" + parms2="via $PLUTO_PEER" fi parms2="$parms2 dev $PLUTO_INTERFACE" parms3= - if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" + if [ -n "$PLUTO_MY_SOURCEIP" ] then - addsource - parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}" + if test "$1" = "add" + then + addsource + if [ `ip rule list | grep "lookup ${SOURCEIP_ROUTING_TABLE}" | wc -l` -eq 0 ] + then + ip rule add pref ${SOURCEIP_ROUTING_TABLE_PRIO} table ${SOURCEIP_ROUTING_TABLE} + fi + fi + parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*} table ${SOURCEIP_ROUTING_TABLE}" fi case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in