summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Palfrader <peter@palfrader.org>2013-08-29 15:49:49 +0000
committerweasel <weasel@bc3d92e2-beff-0310-a7cd-cc87d7ac0ede>2013-08-29 15:49:49 +0000
commit946f94ab801d84a4a19a11c5af35e534d11ae252 (patch)
tree81fe858c17b2b994b03b1f4a1082890344caea79
parent814bd33fc0f7554f6e080b262cb964b1a6f238cb (diff)
introduce bind_address
git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@644 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede
-rwxr-xr-xGenerate8
1 files changed, 6 insertions, 2 deletions
diff --git a/Generate b/Generate
index 0d940c2..e8f14b4 100755
--- a/Generate
+++ b/Generate
@@ -648,7 +648,11 @@ hostlist.each{ |host|
conffile.puts "rport #{host['inet_port'][ peer['name'] ]['remote']}"
conffile.puts "lport #{host['inet_port'][ peer['name'] ]['local']}"
conffile.puts "remote %s"%[peer['host_address']] if peer['host_address']
- conffile.puts "local %s"%[host['host_address']] if host['host_address']
+ if host['bind_address']
+ conffile.puts "local %s"%[host['bind_address']]
+ elsif host['host_address']
+ conffile.puts "local %s"%[host['host_address']]
+ end
if host_is_server
conffile.puts "tls-server"
conffile.puts "dh #{$NAMESPACE}.dh2048.pem"
@@ -689,7 +693,7 @@ hostlist.each{ |host|
# do not filter on remote port as NAT gateways may change ports
iptables.puts "#"
iptables.puts "# to/from #{peer['name']}"
- iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\"
+ iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['bind_address'] || host['host_address'] || '0.0.0.0/0' } \\"
iptables.puts " --protocol udp --destination-port #{ host['inet_port'][ peer['name'] ]['local'] } \\"
iptables.puts " --jump ACCEPT"