From 5b0994b9dcf1cfd1e81592ef3893f0b343ab8209 Mon Sep 17 00:00:00 2001 From: Juri Jensen Date: Tue, 22 Oct 2002 13:59:14 +0000 Subject: Added support for setting up a proper source address when f.ex. pinging from the SGW itself. Not a very fine solution, but... it works for now. --- ipsec-updown-ipmasq | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/ipsec-updown-ipmasq b/ipsec-updown-ipmasq index ae77c9e..8b61d86 100755 --- a/ipsec-updown-ipmasq +++ b/ipsec-updown-ipmasq @@ -11,10 +11,25 @@ # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. -# -# RCSID $Id: ipsec-updown-ipmasq,v 1.1 2002-05-30 20:52:38 jrisch Exp $ +# This script is a derivative of the one by Hugh Redelmeier and Henry +# Spencer. It uses ipmasq as the firewallscript, and should be used +# together with some modifications to ipmasq. +# +# It is modified by Jonas Smedegaard , and Juri Jensen +# . +# +# Features: +# +# * Dynamic creation of firewall rules to RW connections +# * Setup of proper source address makes it possible to ping from the +# SGW itself to a remote subnet, without a separate tunnel. Remember +# to change the reference of a 10.0.x.x network below to the IP range +# you're using! +# +# RCSID $Id: ipsec-updown-ipmasq,v 1.2 2002-10-22 13:59:14 jrisch Exp $ + # CAUTION: Installing a new version of FreeS/WAN will install a new # copy of this script, wiping out any custom changes you make. If @@ -74,6 +89,13 @@ doroute() { ;; esac st=$? + src="`ifconfig | egrep "^[[:space:]]*inet addr:10\.0\." | cut -f2 -d: | cut -f1 -d' ' | head -1`" + if test "$src" ; then + ip ro ls | egrep "^10\.0\..* dev ipsec" | egrep -v " src " | + while read ; do + ip ro change $REPLY src $src + done + fi if test $st -ne 0 then # route has already given its own cryptic message -- cgit v1.2.3