1 |
diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd |
2 |
--- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2020-01-30 15:25:07.275975761 +0100 |
3 |
+++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2020-01-30 15:32:48.235443757 +0100 |
4 |
@@ -28,9 +28,18 @@ |
5 |
|
6 |
else { |
7 |
|
8 |
- # Currently these are hard coded but could come from the DB key |
9 |
+ # Currently most of these are hard coded but could come from the DB key |
10 |
+ |
11 |
+ # For nat connections you can use "vhost:%no,%priv" |
12 |
+ # See above |
13 |
+ # https://github.com/libreswan/libreswan/blob/master/docs/examples/l2tp-psk.conf |
14 |
+ # see https://libreswan.org/man/ipsec.conf.5.html -> leftsubnet |
15 |
+ |
16 |
+ $OUT .= "conn $ipsecprop-NAT"; |
17 |
+ $OUT .= " rightsubnet=vhost:%priv"; |
18 |
+ $OUT .= " also=$ipsecprop-noNAT"; |
19 |
|
20 |
- $OUT .= "conn $ipsecprop\n"; |
21 |
+ $OUT .= "conn $ipsecprop-noNAT\n"; |
22 |
$OUT .= " authby=secret\n"; |
23 |
$OUT .= " pfs=no\n"; |
24 |
$OUT .= " auto=add\n"; |
25 |
@@ -61,12 +70,8 @@ |
26 |
$OUT .= " dpdaction=$dpdaction\n"; |
27 |
|
28 |
# Some additional config entries if required |
29 |
- # For nat connections you can use "vhost:%no,%priv" |
30 |
- # Disabled for now - needs some thought |
31 |
- # Probably only needed if you are doing subnet <-> subnet |
32 |
- # Most likely not required for dialin |
33 |
- # see https://libreswan.org/man/ipsec.conf.5.html -> leftsubnet |
34 |
- |
35 |
+ # right subnet would not normally be used as it is used above |
36 |
+ |
37 |
my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || ''; |
38 |
if ( $rightsubnet ne '' ) { |
39 |
$OUT .= " rightsubnet=$rightsubnet\n"; |
40 |
diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ppp/ip-up.local/30ipparam30xl2tpd smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ppp/ip-up.local/30ipparam30xl2tpd |
41 |
--- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ppp/ip-up.local/30ipparam30xl2tpd 2017-11-24 13:51:59.000000000 +0100 |
42 |
+++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ppp/ip-up.local/30ipparam30xl2tpd 2020-01-30 15:32:48.235443757 +0100 |
43 |
@@ -1,4 +1,11 @@ |
44 |
- xl2tpd) |
45 |
- echo xl2tpd "$@" |logger -t "ip-up" |
46 |
- /sbin/e-smith/signal-event ip-up.xl2tpd |
47 |
- ;; |
48 |
+{ |
49 |
+ my $status = ${'xl2tpd'}{'debug'} || 'disabled'; |
50 |
+ |
51 |
+ $OUT .= " xl2tpd)\n"; |
52 |
+ |
53 |
+ if ( $status eq 'enabled' ) { |
54 |
+ $OUT .= " echo xl2tpd \"$@\" |logger -t \"xl2tpd-ip-up\" \n"; |
55 |
+ } |
56 |
+ $OUT .= " /sbin/e-smith/signal-event ip-up.xl2tpd \"\$@\" \n"; |
57 |
+ $OUT .= " ;;"; |
58 |
+} |
59 |
diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ppp/options.xl2tpd/10default smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ppp/options.xl2tpd/10default |
60 |
--- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ppp/options.xl2tpd/10default 2017-11-24 13:51:59.000000000 +0100 |
61 |
+++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ppp/options.xl2tpd/10default 2020-01-30 15:32:48.235443757 +0100 |
62 |
@@ -25,6 +25,7 @@ |
63 |
my $InternalIP = $configDB->get_prop( "InternalInterface", 'IPAddress' ); |
64 |
my $DNS = $configDB->get_prop( "xl2tpd", 'DNS' ) || ''; |
65 |
my $debug = $configDB->get_prop( "xl2tpd", 'debug' ) || 'disabled'; |
66 |
+ my $mtu = $configDB->get_prop( "xl2tpd", 'mtu' ) || '1400'; |
67 |
|
68 |
$OUT .= "#x2ltpd\n"; |
69 |
$OUT .= "login\n"; |
70 |
@@ -45,8 +46,8 @@ |
71 |
|
72 |
$OUT .= "ipparam xl2tpd\n"; |
73 |
$OUT .= "auth\n"; |
74 |
- $OUT .= "mtu 1400\n"; |
75 |
- $OUT .= "mru 1400\n"; |
76 |
+ $OUT .= "mtu $mtu\n"; |
77 |
+ $OUT .= "mru $mtu\n"; |
78 |
$OUT .= "hide-password\n"; |
79 |
$OUT .= "name l2tpd\n"; |
80 |
$OUT .= "proxyarp\n"; |