smeserver-libreswan/contribs10/smeserver-libreswan-modify-leftrightsubnet.patch

diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection  2020-02-17 15:45:54.019583956 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection      2020-02-17 15:45:59.170833465 +0100
@@ -1,8 +1,8 @@
-
 {
     use strict;
     use warnings;
     use esmith::ConfigDB;
+    use NetAddr::IP;
 
     my $configDB    = esmith::ConfigDB->open_ro or die("can't open Config DB");
     my $dbKey       = 'ipsec';
@@ -213,17 +213,26 @@
                         $OUT .= "    leftid=$leftid\n";
                     }
 
+                    # Left sourceIP and leftsubnet can be taken from the Internal interface
+                    # but we can allow them to be overridden
+
+                    #my $internalAddr    = $configDB->get_prop( 'InternalInterface', 'IPAddress' );
+                    my $internalMask    = $configDB->get_prop( 'InternalInterface', 'Netmask' );
+                    my $internalNetwork = $configDB->get_prop( 'InternalInterface', 'Network' );
+
+                    my $ip = NetAddr::IP->new( $internalNetwork, $internalMask ) or die "Invalid host/mask";
+                    my $internalCIDRNetwork = ( $ip->network() );
+
                     my $leftsourceip = $ipsecDB->get_prop( $ipsecprop, 'leftsourceip' )
-                        || '';
+                        || $configDB->get_prop( 'InternalInterface', 'IPAddress' );
                     $OUT .= "    leftsourceip=$leftsourceip\n";
 
-                    my $leftsub = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' )
-                        || '';
-                    $OUT .= "    leftsubnet=$leftsub\n";
+                    my $leftsubnet = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) || $internalCIDRNetwork;
+                    $OUT .= "    leftsubnet=$leftsubnet\n";
 
                     # If we are a static host to a dynamic client we HAVE to set right %any
-
-                    my $right = $ipsecDB->get_prop( $ipsecprop, 'right' ) || '';
+                    # Should never be empty
+                    my $right = $ipsecDB->get_prop( $ipsecprop, 'right' ) || '%any';
 
                     if ( $iptype eq 'stattodyn' ) {
                         $OUT .= "    right=%any\n";
@@ -242,19 +251,19 @@
                     }
 
                     my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || '';
-                    $OUT .= "    rightsubnet=$rightsubnet\n";
+                    if ( $rightsubnet ne '' ) {
+                        $OUT .= "    rightsubnet=$rightsubnet\n";
+                    }
 
                     my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) || '';
-                    if ($reauth eq 'y' || $reauth eq '1' ) {
+                    if ( $reauth eq 'y' || $reauth eq '1' ) {
                         $OUT .= "    reauth=yes\n";
                     }
-
-                }    # End If
+                }    # End if ( $ipsecstatus eq 'enabled' )
                 else {
                     $OUT .= "# conn $ipsecprop disabled\n";
                 }
-
-            }    # End unless
+            }    # End if ( $ipsecprop ne 'L2TPD-PSK' )
         }    # End foreach
     }    # End else
 }
1	diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
2	--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-17 15:45:54.019583956 +0100
3	+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-17 15:45:59.170833465 +0100
4	@@ -1,8 +1,8 @@
5	-
6	{
7	use strict;
8	use warnings;
9	use esmith::ConfigDB;
10	+ use NetAddr::IP;
11
12	my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
13	my $dbKey = 'ipsec';
14	@@ -213,17 +213,26 @@
15	$OUT .= " leftid=$leftid\n";
16	}
17
18	+ # Left sourceIP and leftsubnet can be taken from the Internal interface
19	+ # but we can allow them to be overridden
20	+
21	+ #my $internalAddr = $configDB->get_prop( 'InternalInterface', 'IPAddress' );
22	+ my $internalMask = $configDB->get_prop( 'InternalInterface', 'Netmask' );
23	+ my $internalNetwork = $configDB->get_prop( 'InternalInterface', 'Network' );
24	+
25	+ my $ip = NetAddr::IP->new( $internalNetwork, $internalMask ) or die "Invalid host/mask";
26	+ my $internalCIDRNetwork = ( $ip->network() );
27	+
28	my $leftsourceip = $ipsecDB->get_prop( $ipsecprop, 'leftsourceip' )
29	- \|\| '';
30	+ \|\| $configDB->get_prop( 'InternalInterface', 'IPAddress' );
31	$OUT .= " leftsourceip=$leftsourceip\n";
32
33	- my $leftsub = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' )
34	- \|\| '';
35	- $OUT .= " leftsubnet=$leftsub\n";
36	+ my $leftsubnet = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) \|\| $internalCIDRNetwork;
37	+ $OUT .= " leftsubnet=$leftsubnet\n";
38
39	# If we are a static host to a dynamic client we HAVE to set right %any
40	-
41	- my $right = $ipsecDB->get_prop( $ipsecprop, 'right' ) \|\| '';
42	+ # Should never be empty
43	+ my $right = $ipsecDB->get_prop( $ipsecprop, 'right' ) \|\| '%any';
44
45	if ( $iptype eq 'stattodyn' ) {
46	$OUT .= " right=%any\n";
47	@@ -242,19 +251,19 @@
48	}
49
50	my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) \|\| '';
51	- $OUT .= " rightsubnet=$rightsubnet\n";
52	+ if ( $rightsubnet ne '' ) {
53	+ $OUT .= " rightsubnet=$rightsubnet\n";
54	+ }
55
56	my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) \|\| '';
57	- if ($reauth eq 'y' \|\| $reauth eq '1' ) {
58	+ if ( $reauth eq 'y' \|\| $reauth eq '1' ) {
59	$OUT .= " reauth=yes\n";
60	}
61	-
62	- } # End If
63	+ } # End if ( $ipsecstatus eq 'enabled' )
64	else {
65	$OUT .= "# conn $ipsecprop disabled\n";
66	}
67	-
68	- } # End unless
69	+ } # End if ( $ipsecprop ne 'L2TPD-PSK' )
70	} # End foreach
71	} # End else
72	}