strongswan: allow to specify per-connection reqid with UCI

This is useful to assign all traffic to a fw3 zone, e.g.: /etc/config/ipsec: config remote 'test' list tunnel 'dev' ... config 'tunnel' 'dev' option reqid '33' ... /etc/config/firewall: config zone option name wan option extra_src "-m policy --pol none --dir in" option extra_dest "-m policy --pol none --dir out" ... config zone option name vpn # subnet needed for firewall3 before 22 Nov 2019, 8174814a list subnet '0.0.0.0/0' option extra_src "-m policy --pol ipsec --dir in --reqid 33" option extra_dest "-m policy --pol ipsec --dir out --reqid 33" ... Signed-off-by: Paul Fertser <fercerpav@gmail.com>
2024-06-16 04:14:01 +02:00 · 2019-11-21 20:26:46 +03:00 · 2019-11-21 20:26:46 +03:00 · a8fa557cd5
commit a8fa557cd5
parent ffeb852e61
1 changed files with 3 additions and 0 deletions
--- a/net/strongswan/files/ipsec.init
+++ b/net/strongswan/files/ipsec.init
@ -140,6 +140,7 @@ config_conn() {
 	local dpddelay
 	local inactivity
 	local keyexchange
+	local reqid

 	config_get mode                     "$1"           mode "route"
 	config_get local_subnet             "$1"           local_subnet ""
@ -159,6 +160,7 @@ config_conn() {
 	config_get dpddelay                 "$1"           dpddelay "30s"
 	config_get inactivity               "$1"           inactivity
 	config_get keyexchange              "$1"           keyexchange "ikev2"
+	config_get reqid                    "$1"           reqid

 	[ -n "$local_nat" ] && local_subnet=$local_nat

@ -180,6 +182,7 @@ config_conn() {
 	ipsec_xappend "  dpddelay=$dpddelay"

 	[ -n "$inactivity" ] && ipsec_xappend "  inactivity=$inactivity"
+	[ -n "$reqid" ] && ipsec_xappend "  reqid=$reqid"

 	if [ "$auth_method" = "psk" ]; then
 		ipsec_xappend "  leftauth=psk"