/[smecontribs]/rpms/smeserver-openvpn-s2s/contribs7/smeserver-openvpn-s2s-0.1-snat_outbound.patch
ViewVC logotype

Annotation of /rpms/smeserver-openvpn-s2s/contribs7/smeserver-openvpn-s2s-0.1-snat_outbound.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Wed Jun 1 18:26:35 2011 UTC (13 years ago) by vip-ire
Branch: MAIN
CVS Tags: smeserver-openvpn-s2s-0_1-21_el4_sme, smeserver-openvpn-s2s-0_1-20_el4_sme, smeserver-openvpn-s2s-0_1-19_el4_sme, HEAD 
* Wed Jun 1 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-19.sme
- SNAT outbound connexions to use the local IP as source
1 vip-ire 1.1 diff -Nur smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN
2     --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN 1970-01-01 01:00:00.000000000 +0100
3     +++ smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN 2011-06-01 20:16:11.000000000 +0200
4     @@ -0,0 +1,8 @@
5     +
6     + # Will handle SNAT for Site to Site VPN
7     + /sbin/iptables --table nat --new-chain SnatVPN
8     + /sbin/iptables --table nat --new-chain SnatVPN_1
9     + /sbin/iptables --table nat --append SnatVPN -j SnatVPN_1
10     + /sbin/iptables --table nat --append POSTROUTING \
11     + --out-interface tun+ -j SnatVPN
12     +
13     diff -Nur smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN
14     --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN 1970-01-01 01:00:00.000000000 +0100
15     +++ smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN 2011-06-01 20:22:39.000000000 +0200
16     @@ -0,0 +1,27 @@
17     +{
18     + my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s');
19     +
20     + # Find the current SnatVPN_$$ chain, and create a new one.
21     + $OUT .=<<'EOF';
22     + OLD_SnatVPN=$(get_safe_id SnatVPN nat find)
23     + NEW_SnatVPN=$(get_safe_id SnatVPN nat new)
24     + /sbin/iptables --table nat --new-chain $NEW_SnatVPN
25     +EOF
26     +
27     + foreach my $vpn ($ovpndb->get_all_by_prop(type=>('client')),
28     + $ovpndb->get_all_by_prop(type=>('server'))){
29     + $OUT .= " /sbin/iptables --table nat --append \$NEW_SnatVPN --out-interface tun" . $vpn->key .
30     + " -s " . $vpn->prop('LocalIP') . " -j SNAT --to-source $InternalInterface{'IPAddress'}\n"
31     + if (($vpn->prop('SnatOutbound') || 'yes') =~ m/(yes|enabled)/i);
32     + }
33     +
34     + # Having created a new SnatVPN chain, activate it and destroy the old.
35     + $OUT .=<<'EOF';
36     + /sbin/iptables --table nat --replace SnatVPN 1 \
37     + --jump $NEW_SnatVPN
38     + /sbin/iptables --table nat --flush $OLD_SnatVPN
39     + /sbin/iptables --table nat --delete-chain $OLD_SnatVPN
40     +EOF
41     +
42     +}
43     +
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed