diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd --- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2017-11-24 13:51:59.000000000 +0100 +++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2017-11-30 02:46:30.779000653 +0100 @@ -39,24 +39,43 @@ $OUT .= " type=transport\n"; $OUT .= " forceencaps=yes\n"; $OUT .= " right=%any\n"; - $OUT .= " rightsubnet=vhost:%no,%priv\n"; $OUT .= " rightprotoport=17/%any\n"; $OUT .= " # Using the magic port of \"0\" means \"any one single port\". This is\n"; $OUT .= " # a work around required for Apple OSX clients that use a randomly\n"; $OUT .= " # high port, but propose \"0\" instead of their port.\n"; $OUT .= " left=%defaultroute\n"; $OUT .= " leftprotoport=17/1701\n"; - $OUT .= " # Apple iOS doesn't send delete notify so we need dead peer detection\n"; $OUT .= " # to detect vanishing clients\n"; - my $dpddelay = $ipsecDB->get_prop( "$ipsecprop", 'dpddelay' ) || "10\n"; + my $dpddelay = $ipsecDB->get_prop( $ipsecprop, 'dpddelay' ) || "10\n"; $OUT .= " dpddelay=$dpddelay\n"; - my $dpdtimeout = $ipsecDB->get_prop( "$ipsecprop", 'dpdtimeout' ) || "90\n"; + my $dpdtimeout = $ipsecDB->get_prop( $ipsecprop, 'dpdtimeout' ) || "90\n"; $OUT .= " dpdtimeout=$dpdtimeout\n"; - my $dpdaction = $ipsecDB->get_prop( "$ipsecprop", 'dpdaction' ) || "clear\n"; + my $dpdaction = $ipsecDB->get_prop( $ipsecprop, 'dpdaction' ) || "clear\n"; $OUT .= " dpdaction=$dpdaction\n"; + + # Some additional config entries if required + # For nat connections you can use "vhost:%no,%priv" + # Disabled for now - needs some thought + + my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || ''; + if ($rightsubnet ne '') { + $OUT .= " rightsubnet=$rightsubnet\n"; + } + + my $leftsourceip = $ipsecDB->get_prop( $ipsecprop, 'leftsourceip' ) || ''; + if ($leftsourceip ne '') { + $OUT .= " leftsourceip=$leftsourceip\n"; + } + + my $leftsubnet = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) || ''; + if ($leftsubnet ne '') { + $OUT .= " leftsubnet=$leftsubnet\n"; + } + + } }