[Openswan dev] [Users] [PATCH] Dynamic left IP without %defaultroute (fwd)

Paul Wouters paul at xtdnet.nl
Fri Feb 27 17:07:12 CET 2004 

---------- Forwarded message ----------
Date: Fri, 27 Feb 2004 15:30:54 +0100
From: Ludwig Nussel <ludwig.nussel at suse.de>
To: users at lists.freeswan.org
Subject: [Users] [PATCH] Dynamic left IP without %defaultroute

Hi,

Sometimes you want to start IPsec connections on interfaces that
have a dynamic IP address but no defaultroute or the defaultroute is
not yet available when pluto starts. The attached patch (on top of
FreeS/WAN 2.04+X509 1.5.0) allows to specify left=%dynamic which
means you have to specify the local IP Address using ipec auto
--left <ip> when adding a connection. This is especially useful in
combination with scripts that automatically run after an interface
got an IP address (post-up scripts).

To be really useful it would also be necessary to split the ipsec
init script into two parts. The first script needs to start pluto
without adding connections. It must be run before network interfaces
are activated so that the post-up scripts can add connections. The
second script then needs to run after network initialization and can
add 'classic' connections.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   SUSE LINUX AG, Development
 V_/_  http://www.suse.de/
-------------- next part --------------
Index: freeswan-2.04/programs/auto/auto.in
===================================================================
--- freeswan-2.04.orig/programs/auto/auto.in	2004-02-27 11:59:58.949921229 +0100
+++ freeswan-2.04/programs/auto/auto.in	2004-02-27 12:00:20.957466350 +0100
@@ -17,7 +17,7 @@
 me='ipsec auto'
 usage="Usage:
 	$me [--showonly] [--asynchronous] --up connectionname
-	$me [--showonly] --{add|delete|replace|down} connectionname
+	$me [--showonly] [--left address] --{add|delete|replace|down} connectionname
 	$me [--showonly] --{route|unroute} connectionname
 	$me [--showonly] --{ready|status|rereadsecrets|rereadgroups}
 	$me [--showonly] --{rereadcacerts|rereadaacerts|rereadocspcerts}
@@ -40,6 +40,7 @@
 op=
 argc=
 utc=
+leftoverride=
 
 for dummy
 do
@@ -78,6 +79,7 @@
 			op="$1"
 			argc=0
 			;;
+	--left) leftoverride="$2"; shift ;;
 	--)		shift ; break		;;
 	-*)		echo "$me: unknown option \`$1'" >&2 ; exit 2 ;;
 	*)		break			;;
@@ -171,6 +173,7 @@
 		err = "cat >&2"
 		draddr = "'"$defaultrouteaddr"'"
 		drnexthop = "'"$defaultroutenexthop"'"
+		leftoverride = "'"$leftoverride"'"
 		failed = 0
 		s[""] = ""
 		init()
@@ -351,6 +354,13 @@
 
 		need("left")
 		need("right")
+
+		if(s["left"] == "%dynamic") {
+			if(leftoverride == "")
+				fail("you need to specify an address using --left")
+			s["left"] = leftoverride
+		}
+
 		if (s["left"] == "%defaultroute") {
 			if (s["right"] == "%defaultroute")
 				fail("left and right cannot both be %defaultroute")
-------------- next part --------------
_______________________________________________
FreeS/WAN Users mailing list
users at lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr

More information about the Dev mailing list