diff options
author | Peter Palfrader <peter@palfrader.org> | 2013-08-29 15:49:49 +0000 |
---|---|---|
committer | weasel <weasel@bc3d92e2-beff-0310-a7cd-cc87d7ac0ede> | 2013-08-29 15:49:49 +0000 |
commit | 946f94ab801d84a4a19a11c5af35e534d11ae252 (patch) | |
tree | 81fe858c17b2b994b03b1f4a1082890344caea79 | |
parent | 814bd33fc0f7554f6e080b262cb964b1a6f238cb (diff) |
introduce bind_address
git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@644 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede
-rwxr-xr-x | Generate | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -648,7 +648,11 @@ hostlist.each{ |host| conffile.puts "rport #{host['inet_port'][ peer['name'] ]['remote']}" conffile.puts "lport #{host['inet_port'][ peer['name'] ]['local']}" conffile.puts "remote %s"%[peer['host_address']] if peer['host_address'] - conffile.puts "local %s"%[host['host_address']] if host['host_address'] + if host['bind_address'] + conffile.puts "local %s"%[host['bind_address']] + elsif host['host_address'] + conffile.puts "local %s"%[host['host_address']] + end if host_is_server conffile.puts "tls-server" conffile.puts "dh #{$NAMESPACE}.dh2048.pem" @@ -689,7 +693,7 @@ hostlist.each{ |host| # do not filter on remote port as NAT gateways may change ports iptables.puts "#" iptables.puts "# to/from #{peer['name']}" - iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\" + iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['bind_address'] || host['host_address'] || '0.0.0.0/0' } \\" iptables.puts " --protocol udp --destination-port #{ host['inet_port'][ peer['name'] ]['local'] } \\" iptables.puts " --jump ACCEPT" |