strongswan: allow to specify per-connection reqid with UCI
This is useful to assign all traffic to a fw3 zone, e.g.: /etc/config/ipsec: config remote 'test' list tunnel 'dev' ... config 'tunnel' 'dev' option reqid '33' ... /etc/config/firewall: config zone option name wan option extra_src "-m policy --pol none --dir in" option extra_dest "-m policy --pol none --dir out" ... config zone option name vpn # subnet needed for firewall3 before 22 Nov 2019, 8174814a list subnet '0.0.0.0/0' option extra_src "-m policy --pol ipsec --dir in --reqid 33" option extra_dest "-m policy --pol ipsec --dir out --reqid 33" ... Signed-off-by: Paul Fertser <fercerpav@gmail.com> Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This commit is contained in:
Paul Fertser
Stijn Tintel
parent
3880d65a07
commit
243673b2d0
1 changed files with 3 additions and 0 deletions
|
|
@ -140,6 +140,7 @@ config_conn() {
|
|||
local dpddelay
|
||||
local inactivity
|
||||
local keyexchange
|
||||
local reqid
|
||||
|
||||
config_get mode "$1" mode "route"
|
||||
config_get local_subnet "$1" local_subnet ""
|
||||
|
|
@ -159,6 +160,7 @@ config_conn() {
|
|||
config_get dpddelay "$1" dpddelay "30s"
|
||||
config_get inactivity "$1" inactivity
|
||||
config_get keyexchange "$1" keyexchange "ikev2"
|
||||
config_get reqid "$1" reqid
|
||||
|
||||
[ -n "$local_nat" ] && local_subnet=$local_nat
|
||||
|
||||
|
|
@ -180,6 +182,7 @@ config_conn() {
|
|||
ipsec_xappend " dpddelay=$dpddelay"
|
||||
|
||||
[ -n "$inactivity" ] && ipsec_xappend " inactivity=$inactivity"
|
||||
[ -n "$reqid" ] && ipsec_xappend " reqid=$reqid"
|
||||
|
||||
if [ "$auth_method" = "psk" ]; then
|
||||
ipsec_xappend " leftauth=psk"
|
||||
|
|
|
|||
Loading…
Reference in a new issue