Hi folks
I posted a method to check ipsec connections a while ago. I found this
was only a very temporary solution as each restart if ipsec would wipe
out all routes for the ipsec interface.
here is a small patch to /lib/ipsec/_updown (1.99.xxxx) which installs a
route to the table from.fw which allows the ipsec gateway to communicate
with the remote network, assuming that the locally connected network is
to be connected throgh the tunnel and assuming that eth1 is the
corresponding interface.
--- lib/ipsec/_updown.orig 2003-05-04 14:40:19.000000000 +0200
+++ lib/ipsec/_updown 2005-05-23 15:15:49.000000000 +0200
@@ -54,10 +54,21 @@
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
+ connroute
}
downroute() {
doroute del
}
+
+connroute() {
+ LOC_IF=eth1
+ LOCAL_IP=`ip addr show dev $LOC_IF | grep inet | sed -e 's/inet
*//g; s/\/.*//g'`
+ PLUTO_PEER_CLIENT_BITS=`mask2bits $PLUTO_PEER_CLIENT_MASK`
+ parms="$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_BITS"
+ ip route add $parms dev $PLUTO_INTERFACE src $LOCAL_IP table from.fw
+}
+
# <CTC> convert to iproute2 - add mask2bits function
#-------------------------------------------------------------------------
# mask2bits function, returns the number of bits in the netmask parameter.
have fun
Erich
-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/