1 |
vip-ire |
1.1 |
diff -Nur smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN |
2 |
|
|
--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN 1970-01-01 01:00:00.000000000 +0100 |
3 |
|
|
+++ smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN 2011-06-01 20:16:11.000000000 +0200 |
4 |
|
|
@@ -0,0 +1,8 @@ |
5 |
|
|
+ |
6 |
|
|
+ # Will handle SNAT for Site to Site VPN |
7 |
|
|
+ /sbin/iptables --table nat --new-chain SnatVPN |
8 |
|
|
+ /sbin/iptables --table nat --new-chain SnatVPN_1 |
9 |
|
|
+ /sbin/iptables --table nat --append SnatVPN -j SnatVPN_1 |
10 |
|
|
+ /sbin/iptables --table nat --append POSTROUTING \ |
11 |
|
|
+ --out-interface tun+ -j SnatVPN |
12 |
|
|
+ |
13 |
|
|
diff -Nur smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN |
14 |
|
|
--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN 1970-01-01 01:00:00.000000000 +0100 |
15 |
|
|
+++ smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN 2011-06-01 20:22:39.000000000 +0200 |
16 |
|
|
@@ -0,0 +1,27 @@ |
17 |
|
|
+{ |
18 |
|
|
+ my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s'); |
19 |
|
|
+ |
20 |
|
|
+ # Find the current SnatVPN_$$ chain, and create a new one. |
21 |
|
|
+ $OUT .=<<'EOF'; |
22 |
|
|
+ OLD_SnatVPN=$(get_safe_id SnatVPN nat find) |
23 |
|
|
+ NEW_SnatVPN=$(get_safe_id SnatVPN nat new) |
24 |
|
|
+ /sbin/iptables --table nat --new-chain $NEW_SnatVPN |
25 |
|
|
+EOF |
26 |
|
|
+ |
27 |
|
|
+ foreach my $vpn ($ovpndb->get_all_by_prop(type=>('client')), |
28 |
|
|
+ $ovpndb->get_all_by_prop(type=>('server'))){ |
29 |
|
|
+ $OUT .= " /sbin/iptables --table nat --append \$NEW_SnatVPN --out-interface tun" . $vpn->key . |
30 |
|
|
+ " -s " . $vpn->prop('LocalIP') . " -j SNAT --to-source $InternalInterface{'IPAddress'}\n" |
31 |
|
|
+ if (($vpn->prop('SnatOutbound') || 'yes') =~ m/(yes|enabled)/i); |
32 |
|
|
+ } |
33 |
|
|
+ |
34 |
|
|
+ # Having created a new SnatVPN chain, activate it and destroy the old. |
35 |
|
|
+ $OUT .=<<'EOF'; |
36 |
|
|
+ /sbin/iptables --table nat --replace SnatVPN 1 \ |
37 |
|
|
+ --jump $NEW_SnatVPN |
38 |
|
|
+ /sbin/iptables --table nat --flush $OLD_SnatVPN |
39 |
|
|
+ /sbin/iptables --table nat --delete-chain $OLD_SnatVPN |
40 |
|
|
+EOF |
41 |
|
|
+ |
42 |
|
|
+} |
43 |
|
|
+ |