1 |
jcrisp |
1.1 |
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup |
2 |
|
|
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2020-02-14 19:31:04.604042908 +0100 |
3 |
|
|
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2020-02-14 19:32:08.184131330 +0100 |
4 |
|
|
@@ -72,22 +72,27 @@ |
5 |
|
|
} |
6 |
|
|
} # End foreach |
7 |
|
|
|
8 |
|
|
+ $virtual_private .= " virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,"; |
9 |
|
|
+ |
10 |
|
|
unless ( @subnetArr == 0 ) { |
11 |
|
|
- $OUT .= " virtual_private="; |
12 |
|
|
|
13 |
|
|
+ # For NAT and vhost:%priv seting exclude any right subnets |
14 |
|
|
foreach my $subnet (@subnetArr) { |
15 |
|
|
- $virtual_private .= "%v4:$subnet,"; |
16 |
|
|
+ $virtual_private .= "%v4:!$subnet,"; |
17 |
|
|
} |
18 |
|
|
|
19 |
|
|
# Remove last character ',' |
20 |
|
|
chop($virtual_private); |
21 |
|
|
$OUT .= "$virtual_private\n"; |
22 |
|
|
$OUT .= "\n"; |
23 |
|
|
- $OUT .= "include /etc/ipsec.d/ipsec.conf\n"; |
24 |
|
|
|
25 |
|
|
} #end unless |
26 |
|
|
- } # End else |
27 |
|
|
|
28 |
|
|
- # End |
29 |
|
|
+ # I think that this is all we really need. as long as we don't have complex subnets etc |
30 |
|
|
+ # $OUT .= " virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12"; |
31 |
|
|
+ $OUT .= "include /etc/ipsec.d/ipsec.conf\n"; |
32 |
|
|
+ |
33 |
|
|
+ } # End else |
34 |
|
|
+ # End |
35 |
|
|
} |
36 |
|
|
|
37 |
|
|
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection |
38 |
|
|
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-14 19:31:04.600042715 +0100 |
39 |
|
|
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-14 19:32:08.183131286 +0100 |
40 |
|
|
@@ -148,13 +148,13 @@ |
41 |
|
|
$ipsecDB->get_prop( $ipsecprop, 'forceencaps' ) |
42 |
|
|
|| $configDB->get_prop( $dbKey, 'forceencaps' ) |
43 |
|
|
|| 'no'; |
44 |
|
|
- |
45 |
|
|
+ |
46 |
|
|
$OUT .= " encapsulation=$forceencaps\n"; |
47 |
|
|
|
48 |
|
|
my $keyingtries = |
49 |
|
|
$ipsecDB->get_prop( $ipsecprop, 'keyingtries' ) |
50 |
|
|
|| $configDB->get_prop( $dbKey, 'keyingtries' ) |
51 |
|
|
- || '0'; |
52 |
|
|
+ || '%forever'; |
53 |
|
|
$OUT .= " keyingtries=$keyingtries\n"; |
54 |
|
|
|
55 |
|
|
# Following come from ipsecDB or configDB or hardcoded |
56 |
|
|
@@ -243,13 +243,12 @@ |
57 |
|
|
|
58 |
|
|
my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || ''; |
59 |
|
|
$OUT .= " rightsubnet=$rightsubnet\n"; |
60 |
|
|
- |
61 |
|
|
+ |
62 |
|
|
my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) || ''; |
63 |
|
|
if ($reauth eq 'y' || $reauth eq '1' ) { |
64 |
|
|
$OUT .= " reauth=yes\n"; |
65 |
|
|
} |
66 |
|
|
|
67 |
|
|
- |
68 |
|
|
} # End If |
69 |
|
|
else { |
70 |
|
|
$OUT .= "# conn $ipsecprop disabled\n"; |