/[smecontribs]/rpms/smeserver-openvpn-s2s/contribs7/smeserver-openvpn-s2s-0.1-snat_outbound.patch
ViewVC logotype

Contents of /rpms/smeserver-openvpn-s2s/contribs7/smeserver-openvpn-s2s-0.1-snat_outbound.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Wed Jun 1 18:26:35 2011 UTC (13 years, 5 months ago) by vip-ire
Branch: MAIN
CVS Tags: smeserver-openvpn-s2s-0_1-21_el4_sme, smeserver-openvpn-s2s-0_1-20_el4_sme, smeserver-openvpn-s2s-0_1-19_el4_sme, HEAD
* Wed Jun 1 2011 Daniel Berteaud <daniel@firewall-services.com> 0.1-19.sme
- SNAT outbound connexions to use the local IP as source

1 diff -Nur smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN
2 --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN 1970-01-01 01:00:00.000000000 +0100
3 +++ smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/40snatVPN 2011-06-01 20:16:11.000000000 +0200
4 @@ -0,0 +1,8 @@
5 +
6 + # Will handle SNAT for Site to Site VPN
7 + /sbin/iptables --table nat --new-chain SnatVPN
8 + /sbin/iptables --table nat --new-chain SnatVPN_1
9 + /sbin/iptables --table nat --append SnatVPN -j SnatVPN_1
10 + /sbin/iptables --table nat --append POSTROUTING \
11 + --out-interface tun+ -j SnatVPN
12 +
13 diff -Nur smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN
14 --- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN 1970-01-01 01:00:00.000000000 +0100
15 +++ smeserver-openvpn-s2s-0.1_mod/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustSnatVPN 2011-06-01 20:22:39.000000000 +0200
16 @@ -0,0 +1,27 @@
17 +{
18 + my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s');
19 +
20 + # Find the current SnatVPN_$$ chain, and create a new one.
21 + $OUT .=<<'EOF';
22 + OLD_SnatVPN=$(get_safe_id SnatVPN nat find)
23 + NEW_SnatVPN=$(get_safe_id SnatVPN nat new)
24 + /sbin/iptables --table nat --new-chain $NEW_SnatVPN
25 +EOF
26 +
27 + foreach my $vpn ($ovpndb->get_all_by_prop(type=>('client')),
28 + $ovpndb->get_all_by_prop(type=>('server'))){
29 + $OUT .= " /sbin/iptables --table nat --append \$NEW_SnatVPN --out-interface tun" . $vpn->key .
30 + " -s " . $vpn->prop('LocalIP') . " -j SNAT --to-source $InternalInterface{'IPAddress'}\n"
31 + if (($vpn->prop('SnatOutbound') || 'yes') =~ m/(yes|enabled)/i);
32 + }
33 +
34 + # Having created a new SnatVPN chain, activate it and destroy the old.
35 + $OUT .=<<'EOF';
36 + /sbin/iptables --table nat --replace SnatVPN 1 \
37 + --jump $NEW_SnatVPN
38 + /sbin/iptables --table nat --flush $OLD_SnatVPN
39 + /sbin/iptables --table nat --delete-chain $OLD_SnatVPN
40 +EOF
41 +
42 +}
43 +

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed