| 1 |
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection |
| 2 |
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-17 15:45:54.019583956 +0100 |
| 3 |
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-17 15:45:59.170833465 +0100 |
| 4 |
@@ -1,8 +1,8 @@ |
| 5 |
- |
| 6 |
{ |
| 7 |
use strict; |
| 8 |
use warnings; |
| 9 |
use esmith::ConfigDB; |
| 10 |
+ use NetAddr::IP; |
| 11 |
|
| 12 |
my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); |
| 13 |
my $dbKey = 'ipsec'; |
| 14 |
@@ -213,17 +213,26 @@ |
| 15 |
$OUT .= " leftid=$leftid\n"; |
| 16 |
} |
| 17 |
|
| 18 |
+ # Left sourceIP and leftsubnet can be taken from the Internal interface |
| 19 |
+ # but we can allow them to be overridden |
| 20 |
+ |
| 21 |
+ #my $internalAddr = $configDB->get_prop( 'InternalInterface', 'IPAddress' ); |
| 22 |
+ my $internalMask = $configDB->get_prop( 'InternalInterface', 'Netmask' ); |
| 23 |
+ my $internalNetwork = $configDB->get_prop( 'InternalInterface', 'Network' ); |
| 24 |
+ |
| 25 |
+ my $ip = NetAddr::IP->new( $internalNetwork, $internalMask ) or die "Invalid host/mask"; |
| 26 |
+ my $internalCIDRNetwork = ( $ip->network() ); |
| 27 |
+ |
| 28 |
my $leftsourceip = $ipsecDB->get_prop( $ipsecprop, 'leftsourceip' ) |
| 29 |
- || ''; |
| 30 |
+ || $configDB->get_prop( 'InternalInterface', 'IPAddress' ); |
| 31 |
$OUT .= " leftsourceip=$leftsourceip\n"; |
| 32 |
|
| 33 |
- my $leftsub = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) |
| 34 |
- || ''; |
| 35 |
- $OUT .= " leftsubnet=$leftsub\n"; |
| 36 |
+ my $leftsubnet = $ipsecDB->get_prop( $ipsecprop, 'leftsubnet' ) || $internalCIDRNetwork; |
| 37 |
+ $OUT .= " leftsubnet=$leftsubnet\n"; |
| 38 |
|
| 39 |
# If we are a static host to a dynamic client we HAVE to set right %any |
| 40 |
- |
| 41 |
- my $right = $ipsecDB->get_prop( $ipsecprop, 'right' ) || ''; |
| 42 |
+ # Should never be empty |
| 43 |
+ my $right = $ipsecDB->get_prop( $ipsecprop, 'right' ) || '%any'; |
| 44 |
|
| 45 |
if ( $iptype eq 'stattodyn' ) { |
| 46 |
$OUT .= " right=%any\n"; |
| 47 |
@@ -242,19 +251,19 @@ |
| 48 |
} |
| 49 |
|
| 50 |
my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || ''; |
| 51 |
- $OUT .= " rightsubnet=$rightsubnet\n"; |
| 52 |
+ if ( $rightsubnet ne '' ) { |
| 53 |
+ $OUT .= " rightsubnet=$rightsubnet\n"; |
| 54 |
+ } |
| 55 |
|
| 56 |
my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) || ''; |
| 57 |
- if ($reauth eq 'y' || $reauth eq '1' ) { |
| 58 |
+ if ( $reauth eq 'y' || $reauth eq '1' ) { |
| 59 |
$OUT .= " reauth=yes\n"; |
| 60 |
} |
| 61 |
- |
| 62 |
- } # End If |
| 63 |
+ } # End if ( $ipsecstatus eq 'enabled' ) |
| 64 |
else { |
| 65 |
$OUT .= "# conn $ipsecprop disabled\n"; |
| 66 |
} |
| 67 |
- |
| 68 |
- } # End unless |
| 69 |
+ } # End if ( $ipsecprop ne 'L2TPD-PSK' ) |
| 70 |
} # End foreach |
| 71 |
} # End else |
| 72 |
} |
Parent Directory
| 
Revision Log
| 
Revision Graph
