1 |
brianr |
1.1 |
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection |
2 |
|
|
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-17 15:45:54.019583956 +0100 |
3 |
|
|
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-17 15:45:59.170833465 +0100 |
4 |
|
|
@@ -1,8 +1,8 @@ |
5 |
|
|
- |
6 |
|
|
{ |
7 |
|
|
use strict; |
8 |
|
|
use warnings; |
9 |
|
|
use esmith::ConfigDB; |
10 |
|
|
+ use NetAddr::IP; |
11 |
|
|
|
12 |
|
|
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); |
13 |
|
|
my $dbKey = 'ipsec'; |
14 |
|
|
@@ -213,17 +213,26 @@ |
15 |
|
|
$OUT .= " leftid=$leftid\n"; |
16 |
|
|
} |
17 |
|
|
|
18 |
|
|
+ # Left sourceIP and leftsubnet can be taken from the Internal interface |
19 |
|
|
+ # but we can allow them to be overridden |
20 |
|
|
+ |
21 |
|
|
+ #my $internalAddr = $configDB->get_prop( 'InternalInterface', 'IPAddress' ); |
22 |
|
|
+ my $internalMask = $configDB->get_prop( 'InternalInterface', 'Netmask' ); |
23 |
|
|
+ my $internalNetwork = $configDB->get_prop( 'InternalInterface', 'Network' ); |
24 |
|
|
+ |
25 |
|
|
+ my $ip = NetAddr::IP->new( $internalNetwork, $internalMask ) or die "Invalid host/mask"; |
26 |
|
|
+ my $internalCIDRNetwork = ( $ip->network() ); |
27 |
|
|
+ |
28 |
|
|
my $leftsourceip = $ipsecDB->get_prop( $ipsecprop, 'leftsourceip' ) |
29 |
|
|
- || ''; |
30 |
|
|
+ || $configDB->get_prop( 'InternalInterface', 'IPAddress' ); |
31 |
|
|
$OUT .= " leftsourceip=$leftsourceip\n"; |
32 |
|
|
|
33 |
|
|
- my $leftsub = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) |
34 |
|
|
- || ''; |
35 |
|
|
- $OUT .= " leftsubnet=$leftsub\n"; |
36 |
|
|
+ my $leftsubnet = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) || $internalCIDRNetwork; |
37 |
|
|
+ $OUT .= " leftsubnet=$leftsubnet\n"; |
38 |
|
|
|
39 |
|
|
# If we are a static host to a dynamic client we HAVE to set right %any |
40 |
|
|
- |
41 |
|
|
- my $right = $ipsecDB->get_prop( $ipsecprop, 'right' ) || ''; |
42 |
|
|
+ # Should never be empty |
43 |
|
|
+ my $right = $ipsecDB->get_prop( $ipsecprop, 'right' ) || '%any'; |
44 |
|
|
|
45 |
|
|
if ( $iptype eq 'stattodyn' ) { |
46 |
|
|
$OUT .= " right=%any\n"; |
47 |
|
|
@@ -242,19 +251,19 @@ |
48 |
|
|
} |
49 |
|
|
|
50 |
|
|
my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || ''; |
51 |
|
|
- $OUT .= " rightsubnet=$rightsubnet\n"; |
52 |
|
|
+ if ( $rightsubnet ne '' ) { |
53 |
|
|
+ $OUT .= " rightsubnet=$rightsubnet\n"; |
54 |
|
|
+ } |
55 |
|
|
|
56 |
|
|
my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) || ''; |
57 |
|
|
- if ($reauth eq 'y' || $reauth eq '1' ) { |
58 |
|
|
+ if ( $reauth eq 'y' || $reauth eq '1' ) { |
59 |
|
|
$OUT .= " reauth=yes\n"; |
60 |
|
|
} |
61 |
|
|
- |
62 |
|
|
- } # End If |
63 |
|
|
+ } # End if ( $ipsecstatus eq 'enabled' ) |
64 |
|
|
else { |
65 |
|
|
$OUT .= "# conn $ipsecprop disabled\n"; |
66 |
|
|
} |
67 |
|
|
- |
68 |
|
|
- } # End unless |
69 |
|
|
+ } # End if ( $ipsecprop ne 'L2TPD-PSK' ) |
70 |
|
|
} # End foreach |
71 |
|
|
} # End else |
72 |
|
|
} |