diff options
-rwxr-xr-x | Generate | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -648,7 +648,11 @@ hostlist.each{ |host| conffile.puts "rport #{host['inet_port'][ peer['name'] ]['remote']}" conffile.puts "lport #{host['inet_port'][ peer['name'] ]['local']}" conffile.puts "remote %s"%[peer['host_address']] if peer['host_address'] - conffile.puts "local %s"%[host['host_address']] if host['host_address'] + if host['bind_address'] + conffile.puts "local %s"%[host['bind_address']] + elsif host['host_address'] + conffile.puts "local %s"%[host['host_address']] + end if host_is_server conffile.puts "tls-server" conffile.puts "dh #{$NAMESPACE}.dh2048.pem" @@ -689,7 +693,7 @@ hostlist.each{ |host| # do not filter on remote port as NAT gateways may change ports iptables.puts "#" iptables.puts "# to/from #{peer['name']}" - iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\" + iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['bind_address'] || host['host_address'] || '0.0.0.0/0' } \\" iptables.puts " --protocol udp --destination-port #{ host['inet_port'][ peer['name'] ]['local'] } \\" iptables.puts " --jump ACCEPT" |