summaryrefslogtreecommitdiff
path: root/templates
diff options
context:
space:
mode:
Diffstat (limited to 'templates')
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def16
-rw-r--r--templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def13
2 files changed, 29 insertions, 0 deletions
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def
index 01bb112..c8b2222 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/bind/node.def
@@ -1,3 +1,19 @@
type: txt
help: VTI tunnel interface associated with this configuration [REQUIRED]
allowed: cli-shell-api listActiveNodes interfaces vti
+
+update:
+ old_vti=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti bind`
+ if [ ! -z "$old_vti" ] ; then
+ if [ -d /sys/class/net/$old_vti ] ; then
+ sudo ip tunnel del $old_vti
+ fi
+ fi
+
+delete:
+ old_vti=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti bind`
+ if [ ! -z "$old_vti" ] ; then
+ if [ -d /sys/class/net/$old_vti ] ; then
+ sudo ip tunnel del $old_vti
+ fi
+ fi
diff --git a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def
index 1d29970..0841bd2 100644
--- a/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def
+++ b/templates/vpn/ipsec/site-to-site/peer/node.tag/vti/mark/node.def
@@ -1,2 +1,15 @@
type: u32
help: Mark associated with the secure tunnel interface [REQUIRED]
+
+update:
+ old_mark=`cli-shell-api returnActiveValue vpn ipsec site-to-site peer $VAR(../../@) vti mark`
+ if [ ! -z "$old_mark" ] ; then
+ sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $old_mark
+ sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $old_mark
+ fi
+ sudo iptables -t mangle -A PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $VAR(@)
+ sudo iptables -t mangle -A PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $VAR(@)
+
+delete:
+ sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p esp -j MARK --set-mark $VAR(@)
+ sudo iptables -t mangle -D PREROUTING -s $VAR(../../@) -p udp --dport 4500 -j MARK --set-mark $VAR(@)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 07:25:21 +0000