| 1 |
jcrisp |
1.1 |
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection |
| 2 |
|
|
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-17 15:45:54.019583956 +0100 |
| 3 |
|
|
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-17 15:45:59.170833465 +0100 |
| 4 |
|
|
@@ -1,8 +1,8 @@ |
| 5 |
|
|
- |
| 6 |
|
|
{ |
| 7 |
|
|
use strict; |
| 8 |
|
|
use warnings; |
| 9 |
|
|
use esmith::ConfigDB; |
| 10 |
|
|
+ use NetAddr::IP; |
| 11 |
|
|
|
| 12 |
|
|
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); |
| 13 |
|
|
my $dbKey = 'ipsec'; |
| 14 |
|
|
@@ -213,17 +213,26 @@ |
| 15 |
|
|
$OUT .= " leftid=$leftid\n"; |
| 16 |
|
|
} |
| 17 |
|
|
|
| 18 |
|
|
+ # Left sourceIP and leftsubnet can be taken from the Internal interface |
| 19 |
|
|
+ # but we can allow them to be overridden |
| 20 |
|
|
+ |
| 21 |
|
|
+ #my $internalAddr = $configDB->get_prop( 'InternalInterface', 'IPAddress' ); |
| 22 |
|
|
+ my $internalMask = $configDB->get_prop( 'InternalInterface', 'Netmask' ); |
| 23 |
|
|
+ my $internalNetwork = $configDB->get_prop( 'InternalInterface', 'Network' ); |
| 24 |
|
|
+ |
| 25 |
|
|
+ my $ip = NetAddr::IP->new( $internalNetwork, $internalMask ) or die "Invalid host/mask"; |
| 26 |
|
|
+ my $internalCIDRNetwork = ( $ip->network() ); |
| 27 |
|
|
+ |
| 28 |
|
|
my $leftsourceip = $ipsecDB->get_prop( $ipsecprop, 'leftsourceip' ) |
| 29 |
|
|
- || ''; |
| 30 |
|
|
+ || $configDB->get_prop( 'InternalInterface', 'IPAddress' ); |
| 31 |
|
|
$OUT .= " leftsourceip=$leftsourceip\n"; |
| 32 |
|
|
|
| 33 |
|
|
- my $leftsub = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) |
| 34 |
|
|
- || ''; |
| 35 |
|
|
- $OUT .= " leftsubnet=$leftsub\n"; |
| 36 |
|
|
+ my $leftsubnet = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) || $internalCIDRNetwork; |
| 37 |
|
|
+ $OUT .= " leftsubnet=$leftsubnet\n"; |
| 38 |
|
|
|
| 39 |
|
|
# If we are a static host to a dynamic client we HAVE to set right %any |
| 40 |
|
|
- |
| 41 |
|
|
- my $right = $ipsecDB->get_prop( $ipsecprop, 'right' ) || ''; |
| 42 |
|
|
+ # Should never be empty |
| 43 |
|
|
+ my $right = $ipsecDB->get_prop( $ipsecprop, 'right' ) || '%any'; |
| 44 |
|
|
|
| 45 |
|
|
if ( $iptype eq 'stattodyn' ) { |
| 46 |
|
|
$OUT .= " right=%any\n"; |
| 47 |
|
|
@@ -242,19 +251,19 @@ |
| 48 |
|
|
} |
| 49 |
|
|
|
| 50 |
|
|
my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || ''; |
| 51 |
|
|
- $OUT .= " rightsubnet=$rightsubnet\n"; |
| 52 |
|
|
+ if ( $rightsubnet ne '' ) { |
| 53 |
|
|
+ $OUT .= " rightsubnet=$rightsubnet\n"; |
| 54 |
|
|
+ } |
| 55 |
|
|
|
| 56 |
|
|
my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) || ''; |
| 57 |
|
|
- if ($reauth eq 'y' || $reauth eq '1' ) { |
| 58 |
|
|
+ if ( $reauth eq 'y' || $reauth eq '1' ) { |
| 59 |
|
|
$OUT .= " reauth=yes\n"; |
| 60 |
|
|
} |
| 61 |
|
|
- |
| 62 |
|
|
- } # End If |
| 63 |
|
|
+ } # End if ( $ipsecstatus eq 'enabled' ) |
| 64 |
|
|
else { |
| 65 |
|
|
$OUT .= "# conn $ipsecprop disabled\n"; |
| 66 |
|
|
} |
| 67 |
|
|
- |
| 68 |
|
|
- } # End unless |
| 69 |
|
|
+ } # End if ( $ipsecprop ne 'L2TPD-PSK' ) |
| 70 |
|
|
} # End foreach |
| 71 |
|
|
} # End else |
| 72 |
|
|
} |
Parent Directory
| 
Revision Log
| 
Revision Graph
