diff options
| author | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-02-05 19:00:58 -0800 |
|---|---|---|
| committer | Mohit Mehta <mohit.mehta@vyatta.com> | 2010-02-05 19:00:58 -0800 |
| commit | a53ed5e8d8775e5b77caceca9637e663381afbf7 (patch) | |
| tree | cb85c4eccfd3390b5986bff9566d1ee905364867 | |
| parent | 17a233e00c5a426ac2816e1d94f8e8b5c7af98d4 (diff) | |
| download | vyatta-cfg-vpn-a53ed5e8d8775e5b77caceca9637e663381afbf7.tar.gz vyatta-cfg-vpn-a53ed5e8d8775e5b77caceca9637e663381afbf7.zip | |
1. use correct notation to represent private,public networks
i.e. use vhost:%priv,%no instead of %priv,%no. Previously
used notation was never supposed to work. Corrected notation
is what we use in l2tp/ipsec as well and is also recommended
otherwise.
2. cannot use leftsourceip to add route when right-subnet is not
specific is based on generalized private,public networks
| -rwxr-xr-x | scripts/vpn-config.pl | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 78258ff..370c62c 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -617,7 +617,7 @@ if ( $vcVPN->exists('ipsec') ) { . " been configured.\n"; } - $rightsubnet = "%priv"; + $rightsubnet = "vhost:%priv"; if ( defined($allow_public_networks) && $allow_public_networks eq "enable" ) { @@ -642,6 +642,10 @@ if ( $vcVPN->exists('ipsec') ) { # not adding vpn route if remote subnet is 0.0.0.0/0 # user should add a route [default/static] manually $leftsourceip = undef if $rightsubnet eq '0.0.0.0/0'; + if ($rightsubnet =~ /vhost:%priv/) { + # can't add route when rightsubnet is not specific + $leftsourceip = undef; + } } else { $leftsourceip = undef; # no need for vpn route if rightsubnet not defined |