From: Paul Fertser Date: Thu, 21 Nov 2019 17:26:46 +0000 (+0300) Subject: strongswan: allow to specify per-connection reqid with UCI X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=a8fa557cd51eadf2feb448b4398fd040c73264d4;p=openwrt-packages.git strongswan: allow to specify per-connection reqid with UCI This is useful to assign all traffic to a fw3 zone, e.g.: /etc/config/ipsec: config remote 'test' list tunnel 'dev' ... config 'tunnel' 'dev' option reqid '33' ... /etc/config/firewall: config zone option name wan option extra_src "-m policy --pol none --dir in" option extra_dest "-m policy --pol none --dir out" ... config zone option name vpn # subnet needed for firewall3 before 22 Nov 2019, 8174814a list subnet '0.0.0.0/0' option extra_src "-m policy --pol ipsec --dir in --reqid 33" option extra_dest "-m policy --pol ipsec --dir out --reqid 33" ... Signed-off-by: Paul Fertser --- diff --git a/net/strongswan/files/ipsec.init b/net/strongswan/files/ipsec.init index 07ccffd2e..021380487 100644 --- a/net/strongswan/files/ipsec.init +++ b/net/strongswan/files/ipsec.init @@ -140,6 +140,7 @@ config_conn() { local dpddelay local inactivity local keyexchange + local reqid config_get mode "$1" mode "route" config_get local_subnet "$1" local_subnet "" @@ -159,6 +160,7 @@ config_conn() { config_get dpddelay "$1" dpddelay "30s" config_get inactivity "$1" inactivity config_get keyexchange "$1" keyexchange "ikev2" + config_get reqid "$1" reqid [ -n "$local_nat" ] && local_subnet=$local_nat @@ -180,6 +182,7 @@ config_conn() { ipsec_xappend " dpddelay=$dpddelay" [ -n "$inactivity" ] && ipsec_xappend " inactivity=$inactivity" + [ -n "$reqid" ] && ipsec_xappend " reqid=$reqid" if [ "$auth_method" = "psk" ]; then ipsec_xappend " leftauth=psk"