1 |
brianr |
1.1 |
diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd |
2 |
|
|
--- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2017-11-24 13:51:59.000000000 +0100 |
3 |
|
|
+++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2017-11-30 02:46:30.779000653 +0100 |
4 |
|
|
@@ -39,24 +39,43 @@ |
5 |
|
|
$OUT .= " type=transport\n"; |
6 |
|
|
$OUT .= " forceencaps=yes\n"; |
7 |
|
|
$OUT .= " right=%any\n"; |
8 |
|
|
- $OUT .= " rightsubnet=vhost:%no,%priv\n"; |
9 |
|
|
$OUT .= " rightprotoport=17/%any\n"; |
10 |
|
|
$OUT .= " # Using the magic port of \"0\" means \"any one single port\". This is\n"; |
11 |
|
|
$OUT .= " # a work around required for Apple OSX clients that use a randomly\n"; |
12 |
|
|
$OUT .= " # high port, but propose \"0\" instead of their port.\n"; |
13 |
|
|
$OUT .= " left=%defaultroute\n"; |
14 |
|
|
$OUT .= " leftprotoport=17/1701\n"; |
15 |
|
|
- |
16 |
|
|
$OUT .= " # Apple iOS doesn't send delete notify so we need dead peer detection\n"; |
17 |
|
|
$OUT .= " # to detect vanishing clients\n"; |
18 |
|
|
|
19 |
|
|
- my $dpddelay = $ipsecDB->get_prop( "$ipsecprop", 'dpddelay' ) || "10\n"; |
20 |
|
|
+ my $dpddelay = $ipsecDB->get_prop( $ipsecprop, 'dpddelay' ) || "10\n"; |
21 |
|
|
$OUT .= " dpddelay=$dpddelay\n"; |
22 |
|
|
|
23 |
|
|
- my $dpdtimeout = $ipsecDB->get_prop( "$ipsecprop", 'dpdtimeout' ) || "90\n"; |
24 |
|
|
+ my $dpdtimeout = $ipsecDB->get_prop( $ipsecprop, 'dpdtimeout' ) || "90\n"; |
25 |
|
|
$OUT .= " dpdtimeout=$dpdtimeout\n"; |
26 |
|
|
|
27 |
|
|
- my $dpdaction = $ipsecDB->get_prop( "$ipsecprop", 'dpdaction' ) || "clear\n"; |
28 |
|
|
+ my $dpdaction = $ipsecDB->get_prop( $ipsecprop, 'dpdaction' ) || "clear\n"; |
29 |
|
|
$OUT .= " dpdaction=$dpdaction\n"; |
30 |
|
|
+ |
31 |
|
|
+ # Some additional config entries if required |
32 |
|
|
+ # For nat connections you can use "vhost:%no,%priv" |
33 |
|
|
+ # Disabled for now - needs some thought |
34 |
|
|
+ |
35 |
|
|
+ my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || ''; |
36 |
|
|
+ if ($rightsubnet ne '') { |
37 |
|
|
+ $OUT .= " rightsubnet=$rightsubnet\n"; |
38 |
|
|
+ } |
39 |
|
|
+ |
40 |
|
|
+ my $leftsourceip = $ipsecDB->get_prop( $ipsecprop, 'leftsourceip' ) || ''; |
41 |
|
|
+ if ($leftsourceip ne '') { |
42 |
|
|
+ $OUT .= " leftsourceip=$leftsourceip\n"; |
43 |
|
|
+ } |
44 |
|
|
+ |
45 |
|
|
+ my $leftsubnet = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) || ''; |
46 |
|
|
+ if ($leftsubnet ne '') { |
47 |
|
|
+ $OUT .= " leftsubnet=$leftsubnet\n"; |
48 |
|
|
+ } |
49 |
|
|
+ |
50 |
|
|
+ |
51 |
|
|
} |
52 |
|
|
} |