diff options
author | Sylvain Munaut <s.munaut@whatever-company.com> | 2017-03-23 22:16:18 +0100 |
---|---|---|
committer | Sylvain Munaut <s.munaut@whatever-company.com> | 2017-03-23 22:17:30 +0100 |
commit | 4e78db594120375843a981eae43d87edc873177a (patch) | |
tree | 7d6c989a38f8e1ef1d67274b7278a7130870bf36 /scripts | |
parent | 876cb466c7256973917dc56f81f08bf8364b900d (diff) | |
download | vyatta-cfg-vpn-4e78db594120375843a981eae43d87edc873177a.tar.gz vyatta-cfg-vpn-4e78db594120375843a981eae43d87edc873177a.zip |
Fix VTI interface configuration to set both ikey and okey
Without this, the outgoing traffic is marked and encrypted but incoming
traffic isn't properly forwarded to the VTI and just gets dropped.
Partially Fixes T137
Signed-off-by: Sylvain Munaut <s.munaut@whatever-company.com>
Diffstat (limited to 'scripts')
-rwxr-xr-x | scripts/vyatta-vti-config.pl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/vyatta-vti-config.pl b/scripts/vyatta-vti-config.pl index fbfad64..81abf97 100755 --- a/scripts/vyatta-vti-config.pl +++ b/scripts/vyatta-vti-config.pl @@ -25,7 +25,7 @@ # # For each VTI tunnel (vpn ipsec site-to-site peer ip-address sti); find the vti tunnel, local address, mark. # Find the corresponding tunnel (interfaces vti vtiXXX), tunnel address, disable, mtu -# if not configured: ip tunnel add vtiXXX mode esp local $local remote $remote i_key $mark +# if not configured: ip tunnel add vtiXXX mode esp local $local remote $remote ikey $mark okey $mark # if (mtu): configure mtu # if (tunnel-addres): configur ip link vtiXXX address # if (!disable): enable the interface. @@ -207,7 +207,7 @@ foreach my $peer (@peers) { # By default we delete the tunnel... my $genmark = $mark; $gencmds .= "sudo /sbin/ip link delete $tunName type vti &> /dev/null\n"; - $gencmds .= "sudo /sbin/ip link add $tunName type vti local $lip remote $peer okey $genmark\n"; + $gencmds .= "sudo /sbin/ip link add $tunName type vti local $lip remote $peer okey $genmark ikey $genmark\n"; foreach my $tunIP (@tunIPs) { $gencmds .= "sudo /sbin/ip addr add $tunIP dev $tunName\n"; } |