summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorSylvain Munaut <s.munaut@whatever-company.com>2017-03-23 22:16:18 +0100
committerSylvain Munaut <s.munaut@whatever-company.com>2017-03-23 22:17:30 +0100
commit4e78db594120375843a981eae43d87edc873177a (patch)
tree7d6c989a38f8e1ef1d67274b7278a7130870bf36 /scripts
parent876cb466c7256973917dc56f81f08bf8364b900d (diff)
downloadvyatta-cfg-vpn-4e78db594120375843a981eae43d87edc873177a.tar.gz
vyatta-cfg-vpn-4e78db594120375843a981eae43d87edc873177a.zip
Fix VTI interface configuration to set both ikey and okey
Without this, the outgoing traffic is marked and encrypted but incoming traffic isn't properly forwarded to the VTI and just gets dropped. Partially Fixes T137 Signed-off-by: Sylvain Munaut <s.munaut@whatever-company.com>
Diffstat (limited to 'scripts')
-rwxr-xr-xscripts/vyatta-vti-config.pl4
1 files changed, 2 insertions, 2 deletions
diff --git a/scripts/vyatta-vti-config.pl b/scripts/vyatta-vti-config.pl
index fbfad64..81abf97 100755
--- a/scripts/vyatta-vti-config.pl
+++ b/scripts/vyatta-vti-config.pl
@@ -25,7 +25,7 @@
#
# For each VTI tunnel (vpn ipsec site-to-site peer ip-address sti); find the vti tunnel, local address, mark.
# Find the corresponding tunnel (interfaces vti vtiXXX), tunnel address, disable, mtu
-# if not configured: ip tunnel add vtiXXX mode esp local $local remote $remote i_key $mark
+# if not configured: ip tunnel add vtiXXX mode esp local $local remote $remote ikey $mark okey $mark
# if (mtu): configure mtu
# if (tunnel-addres): configur ip link vtiXXX address
# if (!disable): enable the interface.
@@ -207,7 +207,7 @@ foreach my $peer (@peers) {
# By default we delete the tunnel...
my $genmark = $mark;
$gencmds .= "sudo /sbin/ip link delete $tunName type vti &> /dev/null\n";
- $gencmds .= "sudo /sbin/ip link add $tunName type vti local $lip remote $peer okey $genmark\n";
+ $gencmds .= "sudo /sbin/ip link add $tunName type vti local $lip remote $peer okey $genmark ikey $genmark\n";
foreach my $tunIP (@tunIPs) {
$gencmds .= "sudo /sbin/ip addr add $tunIP dev $tunName\n";
}