diff options
| author | John Southworth <john.southworth@vyatta.com> | 2011-01-26 19:01:28 -0600 |
|---|---|---|
| committer | John Southworth <john.southworth@vyatta.com> | 2011-01-26 19:01:28 -0600 |
| commit | d67471aded31af03568a09bd8e7b1893ef6d2dfc (patch) | |
| tree | 4bfdd1202524eab99dd5ce49e8d173d993158acc | |
| parent | 6a7afb8eb1ece01f6cd6bbbf23fd7ac591a10585 (diff) | |
| download | vyatta-cfg-vpn-d67471aded31af03568a09bd8e7b1893ef6d2dfc.tar.gz vyatta-cfg-vpn-d67471aded31af03568a09bd8e7b1893ef6d2dfc.zip | |
Bugfix: 5677 add protoport option for simpler GRE tunnels, for now this is specifically for GRE more protocols can be added in the future if required.
| -rwxr-xr-x | scripts/vpn-config.pl | 21 | ||||
| -rw-r--r-- | templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/protocol/node.def | 3 |
2 files changed, 20 insertions, 4 deletions
diff --git a/scripts/vpn-config.pl b/scripts/vpn-config.pl index 0391628..fdbe079 100755 --- a/scripts/vpn-config.pl +++ b/scripts/vpn-config.pl @@ -619,10 +619,10 @@ if ( $vcVPN->exists('ipsec') ) { # not adding vpn route if remote subnet is 0.0.0.0/0 # user should add a route [default/static] manually $leftsourceip = undef if $rightsubnet eq '0.0.0.0/0'; - if ($rightsubnet =~ /vhost:%priv/) { - # can't add route when rightsubnet is not specific + if ($rightsubnet =~ /vhost:%priv/) { + # can't add route when rightsubnet is not specific $leftsourceip = undef; - } + } } else { $leftsourceip = undef; # no need for vpn route if rightsubnet not defined @@ -631,12 +631,25 @@ if ( $vcVPN->exists('ipsec') ) { $genout .= $leftsourceip if defined $leftsourceip; # + # Protocol + # + my $protocol = $vcVPN->returnValue( + "ipsec site-to-site peer $peer tunnel $tunnel protocol"); + if (defined($protocol)){ + if ($protocol eq "GRE"){ + $genout .= "\tleftprotoport=gre\n\trightprotoport=gre\n" + } else { + vpn_die(["vpn", "ipsec", "site-to-site", "peer", $peer, "tunnel", $tunnel, "protocol"], + "$vpn_cfg_err protocol, $protocol, is unsupported."); + } + } + + # # check if passthrough connection is needed # needed when remote-subnet encompasses local-subnet # if (defined $leftsubnet && defined $rightsubnet) { # validate that these values are ipv4net - ### ADD fix for 6229 here ### my $valid_leftsubnet = 'false'; my $valid_rightsubnet = 'false'; diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/protocol/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/protocol/node.def new file mode 100644 index 0000000..033f7fa --- /dev/null +++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/tunnel/node.tag/protocol/node.def @@ -0,0 +1,3 @@ +help: Protocol that will be sent over tunnel. +type: txt +syntax:expression: $VAR(@) in "GRE"; "Only GRE is allowed" |