diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd --- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2020-01-30 15:25:07.275975761 +0100 +++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2020-01-30 15:32:48.235443757 +0100 @@ -28,9 +28,18 @@ else { - # Currently these are hard coded but could come from the DB key + # Currently most of these are hard coded but could come from the DB key + + # For nat connections you can use "vhost:%no,%priv" + # See above + # https://github.com/libreswan/libreswan/blob/master/docs/examples/l2tp-psk.conf + # see https://libreswan.org/man/ipsec.conf.5.html -> leftsubnet + + $OUT .= "conn $ipsecprop-NAT"; + $OUT .= " rightsubnet=vhost:%priv"; + $OUT .= " also=$ipsecprop-noNAT"; - $OUT .= "conn $ipsecprop\n"; + $OUT .= "conn $ipsecprop-noNAT\n"; $OUT .= " authby=secret\n"; $OUT .= " pfs=no\n"; $OUT .= " auto=add\n"; @@ -61,12 +70,8 @@ $OUT .= " dpdaction=$dpdaction\n"; # Some additional config entries if required - # For nat connections you can use "vhost:%no,%priv" - # Disabled for now - needs some thought - # Probably only needed if you are doing subnet <-> subnet - # Most likely not required for dialin - # see https://libreswan.org/man/ipsec.conf.5.html -> leftsubnet - + # right subnet would not normally be used as it is used above + my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || ''; if ( $rightsubnet ne '' ) { $OUT .= " rightsubnet=$rightsubnet\n"; diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ppp/ip-up.local/30ipparam30xl2tpd smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ppp/ip-up.local/30ipparam30xl2tpd --- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ppp/ip-up.local/30ipparam30xl2tpd 2017-11-24 13:51:59.000000000 +0100 +++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ppp/ip-up.local/30ipparam30xl2tpd 2020-01-30 15:32:48.235443757 +0100 @@ -1,4 +1,11 @@ - xl2tpd) - echo xl2tpd "$@" |logger -t "ip-up" - /sbin/e-smith/signal-event ip-up.xl2tpd - ;; +{ + my $status = ${'xl2tpd'}{'debug'} || 'disabled'; + + $OUT .= " xl2tpd)\n"; + + if ( $status eq 'enabled' ) { + $OUT .= " echo xl2tpd \"$@\" |logger -t \"xl2tpd-ip-up\" \n"; + } + $OUT .= " /sbin/e-smith/signal-event ip-up.xl2tpd \"\$@\" \n"; + $OUT .= " ;;"; +} diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ppp/options.xl2tpd/10default smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ppp/options.xl2tpd/10default --- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ppp/options.xl2tpd/10default 2017-11-24 13:51:59.000000000 +0100 +++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ppp/options.xl2tpd/10default 2020-01-30 15:32:48.235443757 +0100 @@ -25,6 +25,7 @@ my $InternalIP = $configDB->get_prop( "InternalInterface", 'IPAddress' ); my $DNS = $configDB->get_prop( "xl2tpd", 'DNS' ) || ''; my $debug = $configDB->get_prop( "xl2tpd", 'debug' ) || 'disabled'; + my $mtu = $configDB->get_prop( "xl2tpd", 'mtu' ) || '1400'; $OUT .= "#x2ltpd\n"; $OUT .= "login\n"; @@ -45,8 +46,8 @@ $OUT .= "ipparam xl2tpd\n"; $OUT .= "auth\n"; - $OUT .= "mtu 1400\n"; - $OUT .= "mru 1400\n"; + $OUT .= "mtu $mtu\n"; + $OUT .= "mru $mtu\n"; $OUT .= "hide-password\n"; $OUT .= "name l2tpd\n"; $OUT .= "proxyarp\n";