You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ya...@apache.org on 2012/08/07 00:32:51 UTC
[1/6] git commit: S2S VPN: CS-15852: Add vpninmask for VPN network
usage
Updated Branches:
refs/heads/vpc 469e18051 -> 4908adb3a
S2S VPN: CS-15852: Add vpninmask for VPN network usage
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/4908adb3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/4908adb3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/4908adb3
Branch: refs/heads/vpc
Commit: 4908adb3a1586d8bc0b8a0f06daf3500fcbe5c86
Parents: 6e7b4bc
Author: Sheng Yang <sh...@citrix.com>
Authored: Mon Aug 6 14:23:52 2012 -0700
Committer: Sheng Yang <sh...@citrix.com>
Committed: Mon Aug 6 15:32:36 2012 -0700
----------------------------------------------------------------------
.../debian/config/opt/cloud/bin/ipsectunnel.sh | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/4908adb3/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh b/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
index 1ff4b13..b0414b9 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/ipsectunnel.sh
@@ -21,6 +21,7 @@ fi
vpnconfdir="/etc/ipsec.d"
vpnoutmark="0x525"
+vpninmark="0x524"
usage() {
printf "Usage: %s: (-A|-D) -l <left-side vpn peer> -n <left-side guest cidr> -g <left-side gateway> -r <right-side vpn peer> -N <right-side private subnets> -e <esp policy> -i <ike policy> -t <ike lifetime> -T <esp lifetime> -s <pre-shared secret> -d <dpd 0 or 1> \n" $(basename $0) >&2
@@ -55,6 +56,8 @@ enable_iptables_subnets() {
do
sudo iptables -A FORWARD -t mangle -s $leftnet -d $net -j MARK --set-mark $vpnoutmark
sudo iptables -A OUTPUT -t mangle -s $leftnet -d $net -j MARK --set-mark $vpnoutmark
+ sudo iptables -A FORWARD -t mangle -s $net -d $leftnet -j MARK --set-mark $vpninmark
+ sudo iptables -A INPUT -t mangle -s $net -d $leftnet -j MARK --set-mark $vpninmark
done
return 0
}
@@ -75,6 +78,8 @@ disable_iptables_subnets() {
do
sudo iptables -D FORWARD -t mangle -s $leftnet -d $net -j MARK --set-mark $vpnoutmark
sudo iptables -D OUTPUT -t mangle -s $leftnet -d $net -j MARK --set-mark $vpnoutmark
+ sudo iptables -D FORWARD -t mangle -s $net -d $leftnet -j MARK --set-mark $vpninmark
+ sudo iptables -D INPUT -t mangle -s $net -d $leftnet -j MARK --set-mark $vpninmark
done
return 0
}