From f6f55adb3a2a2e92d9237a7586dc6fa1eaa55f17 Mon Sep 17 00:00:00 2001 From: Andreas Steffen Date: Fri, 3 Aug 2007 10:05:15 +0000 Subject: [PATCH] use table 100 for source routing --- src/_updown/_updown | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/src/_updown/_updown b/src/_updown/_updown index 795b6f3..4cf2717 100755 --- a/src/_updown/_updown +++ b/src/_updown/_updown @@ -131,7 +131,16 @@ FAC_PRIO=local0.notice # the syslog configuration file /etc/syslog.conf: # # local0.notice -/var/log/vpn + +# in order to use source IP routing the Linux kernel options +# CONFIG_IP_ADVANCED_ROUTER and CONFIG_IP_MULTIPLE_TABLES +# must be enabled +# +# special routing table for sourceip routes +SOURCEIP_ROUTING_TABLE=100 # +# priority of the sourceip routing table +SOURCEIP_ROUTING_TABLE_PRIO=100 # check interface version case "$PLUTO_VERSION" in @@ -218,23 +227,26 @@ doroute() { parms1="$PLUTO_PEER_CLIENT" - parms2= - if [ -n "$KLIPS" ] + if [ -n "$PLUTO_NEXT_HOP" ] then - if [ -n "$PLUTO_NEXT_HOP" ] - then - parms2="via $PLUTO_NEXT_HOP" - fi + parms2="via $PLUTO_NEXT_HOP" else - parms2="via $PLUTO_ME" + parms2="via $PLUTO_PEER" fi parms2="$parms2 dev $PLUTO_INTERFACE" parms3= - if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP" + if [ -n "$PLUTO_MY_SOURCEIP" ] then - addsource - parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}" + if test "$1" = "add" + then + addsource + if [ `ip rule list | grep "lookup ${SOURCEIP_ROUTING_TABLE}" | wc -l` -eq 0 ] + then + ip rule add pref ${SOURCEIP_ROUTING_TABLE_PRIO} table ${SOURCEIP_ROUTING_TABLE} + fi + fi + parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*} table ${SOURCEIP_ROUTING_TABLE}" fi case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in -- 2.7.4