diff options
author | Juri Jensen <juri@xenux.dk> | 2002-10-22 13:59:14 +0000 |
---|---|---|
committer | Juri Jensen <juri@xenux.dk> | 2002-10-22 13:59:14 +0000 |
commit | 5b0994b9dcf1cfd1e81592ef3893f0b343ab8209 (patch) | |
tree | b1bf3069cd9ac962389d51bddc36cd0c034e951d /ipsec-updown-ipmasq | |
parent | d8c7e6a1653f381becc164210a9c39e2f8f95f63 (diff) |
Added support for setting up a proper source address when f.ex. pinging
from the SGW itself. Not a very fine solution, but... it works for now.
Diffstat (limited to 'ipsec-updown-ipmasq')
-rwxr-xr-x | ipsec-updown-ipmasq | 26 |
1 files changed, 24 insertions, 2 deletions
diff --git a/ipsec-updown-ipmasq b/ipsec-updown-ipmasq index ae77c9e..8b61d86 100755 --- a/ipsec-updown-ipmasq +++ b/ipsec-updown-ipmasq @@ -11,10 +11,25 @@ # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. -# -# RCSID $Id: ipsec-updown-ipmasq,v 1.1 2002-05-30 20:52:38 jrisch Exp $ +# This script is a derivative of the one by Hugh Redelmeier and Henry +# Spencer. It uses ipmasq as the firewallscript, and should be used +# together with some modifications to ipmasq. +# +# It is modified by Jonas Smedegaard <jonas@jones.dk>, and Juri Jensen +# <juri@xenux.dk>. +# +# Features: +# +# * Dynamic creation of firewall rules to RW connections +# * Setup of proper source address makes it possible to ping from the +# SGW itself to a remote subnet, without a separate tunnel. Remember +# to change the reference of a 10.0.x.x network below to the IP range +# you're using! +# +# RCSID $Id: ipsec-updown-ipmasq,v 1.2 2002-10-22 13:59:14 jrisch Exp $ + # CAUTION: Installing a new version of FreeS/WAN will install a new # copy of this script, wiping out any custom changes you make. If @@ -74,6 +89,13 @@ doroute() { ;; esac st=$? + src="`ifconfig | egrep "^[[:space:]]*inet addr:10\.0\." | cut -f2 -d: | cut -f1 -d' ' | head -1`" + if test "$src" ; then + ip ro ls | egrep "^10\.0\..* dev ipsec" | egrep -v " src " | + while read ; do + ip ro change $REPLY src $src + done + fi if test $st -ne 0 then # route has already given its own cryptic message |