summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Palfrader <peter@palfrader.org>2006-01-07 16:01:21 +0000
committerweasel <weasel@bc3d92e2-beff-0310-a7cd-cc87d7ac0ede>2006-01-07 16:01:21 +0000
commit4a6f7b79bc8fea7cce3b4742cd89f4a54e251d71 (patch)
treed0223227e34fc1b32d19c09689bc1a230f47db6f
parent17692e9e69eb578143555403a80aea5b08b21d6d (diff)
Split inet_port setup in host setup into peer/host settings, so they can later be overwritten
git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@48 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede
-rwxr-xr-xGenerate16
1 files changed, 12 insertions, 4 deletions
diff --git a/Generate b/Generate
index 07da5a3..a5ee4d5 100755
--- a/Generate
+++ b/Generate
@@ -281,7 +281,6 @@ $config['hosts'].each_pair{ |name, host|
host['name'] = name
host['vpn_address'] = $config['prefix']+'.'+host['host_no'].to_s
host['vpn_address6'] = $config['prefix6']+':'+host['host_no'].to_s
- host['inet_port'] = $config['baseport']+host['host_no']
host['asn'] = $config['baseasn']+host['host_no']
host['ifacename'] = "tun-n2-#{host['name']}"[0..14]
iface_dup_check[host['ifacename']] = true
@@ -314,6 +313,14 @@ hostlist.each{ |host|
"peer" => ipv6_link_local_peer
}
}
+
+ host['inet_port'] = {}
+ host['peers'].each{ |peer|
+ host['inet_port'][ peer['name'] ] = {
+ "remote" => $config['baseport']+host['host_no'],
+ "local" => $config['baseport']+peer['host_no']
+ }
+ }
}
throw "Duplicate iface names" unless iface_dup_check.size == $config['hosts'].size
@@ -593,8 +600,8 @@ hostlist.each{ |host|
mtu = 1200
conffile.puts "fragment #{mtu}"
conffile.puts "ifconfig %s %s"%[host['vpn_address'], peer['vpn_address']]
- conffile.puts "rport %s"%[host['inet_port']]
- conffile.puts "lport %s"%[peer['inet_port']]
+ conffile.puts "rport #{host['inet_port'][ peer['name'] ]['remote']}"
+ conffile.puts "lport #{host['inet_port'][ peer['name'] ]['local']}"
conffile.puts "remote %s"%[peer['host_address']] if peer['host_address']
conffile.puts "local %s"%[host['host_address']] if host['host_address']
if host_is_server
@@ -633,8 +640,9 @@ hostlist.each{ |host|
File.chmod(0755, upscriptname) == 1 or throw "Cannot chmod #{upscriptname}"
##########
+ # do not filter on remote port as NAT gateways may change ports
iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\"
- iptables.puts " --protocol udp --destination-port #{ peer['inet_port'] } \\"
+ iptables.puts " --protocol udp --destination-port #{ host['inet_port'][ peer['name'] ]['local'] } \\"
iptables.puts " --jump ACCEPT"
iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['vpn_address'] } --destination #{ host['vpn_address'] } \\"