From 656e2f1755df003da6f2ee96466d61361158a49a Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Fri, 27 May 2022 22:04:26 +0200 Subject: T4350: DMVPN spokes do not work behind NAT --- etc/opennhrp-script | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/etc/opennhrp-script b/etc/opennhrp-script index 92c0043..463e911 100755 --- a/etc/opennhrp-script +++ b/etc/opennhrp-script @@ -28,9 +28,12 @@ peer-up) logger -t ${_script_name} -p local7.notice "Create link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)" if [[ ( ${_type} == "spoke" ) && ( -e ${_strongswan_pid} ) ]]; then if grep "${NHRP_SRCADDR}" "${_nhrp_ipsec}"; then - swanctl -t -S $NHRP_SRCNBMA -R $NHRP_DESTNBMA > /dev/null 2>&1 - logger -t ${_script_name} -p local7.notice "IPSec: connect to $NHRP_SRCADDR ($NHRP_SRCNBMA)" - swanctl -i -c dmvpn -S $NHRP_SRCNBMA -R $NHRP_DESTNBMA || exit 1 + if swanctl -l -r | grep -q "^list-sa event {dmvpn-DMVPN-.* state=ESTABLISHED local-host=$NHRP_SRCNBMA.*remote-host=$NHRP_DESTNBMA"; then + logger -t ${_script_name} -p local7.notice "IPSec: connection to $NHRP_DESTADDR ($NHRP_DESTNBMA) already exists" + else + logger -t ${_script_name} -p local7.notice "IPSec: connect to $NHRP_DESTADDR ($NHRP_DESTNBMA)" + swanctl -i -c dmvpn -S $NHRP_SRCNBMA -R $NHRP_DESTNBMA || exit 1 + fi fi fi ;; -- cgit v1.2.3