Added support for setting up a proper source address when f.ex. pinging

from the SGW itself. Not a very fine solution, but... it works for now.

1 files changed, 24 insertions, 2 deletions

diff --git a/ipsec-updown-ipmasq b/ipsec-updown-ipmasq
index ae77c9e..8b61d86 100755
--- a/ipsec-updown-ipmasq
+++ b/ipsec-updown-ipmasq
@@ -11,10 +11,25 @@
 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 # or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 # for more details.
-#
-# RCSID $Id: ipsec-updown-ipmasq,v 1.1 2002-05-30 20:52:38 jrisch Exp $
 
 
+# This script is a derivative of the one by Hugh Redelmeier and Henry
+# Spencer. It uses ipmasq as the firewallscript, and should be used 
+# together with some modifications to ipmasq.
+#
+# It is modified by Jonas Smedegaard <jonas@jones.dk>, and Juri Jensen
+# <juri@xenux.dk>.
+# 
+# Features:
+#
+# * Dynamic creation of firewall rules to RW connections
+# * Setup of proper source address makes it possible to ping from the
+#   SGW itself to a remote subnet, without a separate tunnel. Remember
+#   to change the reference of a 10.0.x.x network below to the IP range
+#   you're using!
+#
+# RCSID $Id: ipsec-updown-ipmasq,v 1.2 2002-10-22 13:59:14 jrisch Exp $
+
 
 # CAUTION:  Installing a new version of FreeS/WAN will install a new
 # copy of this script, wiping out any custom changes you make.  If
@@ -74,6 +89,13 @@ doroute() {
 		;;
 	esac
 	st=$?
+	src="`ifconfig | egrep "^[[:space:]]*inet addr:10\.0\." | cut -f2 -d: | cut -f1 -d' ' | head -1`"
+	if test "$src" ; then
+		ip ro ls | egrep "^10\.0\..* dev ipsec" | egrep -v " src " |
+			while read ; do
+				ip ro change $REPLY src $src
+			done
+	fi
 	if test $st -ne 0
 	then
 		# route has already given its own cryptic message