git.openwrt.org Git - feed/packages.git/commit

author	Paul Fertser <fercerpav@gmail.com>
	Thu, 21 Nov 2019 17:26:46 +0000 (20:26 +0300)
committer	Paul Fertser <fercerpav@gmail.com>
	Tue, 26 Nov 2019 12:27:54 +0000 (15:27 +0300)
commit	a8fa557cd51eadf2feb448b4398fd040c73264d4
tree	a0601aa0b19e169823b31b723acadb6aa48c324e	tree \| snapshot
parent	ffeb852e616424d8f604c86a9a04de9287600f7e	commit \| diff

strongswan: allow to specify per-connection reqid with UCI

This is useful to assign all traffic to a fw3 zone, e.g.:

/etc/config/ipsec:

config remote 'test'
list tunnel 'dev'
...

config 'tunnel' 'dev'
option reqid '33'
...

/etc/config/firewall:

config zone
option name wan
option extra_src "-m policy --pol none --dir in"
option extra_dest "-m policy --pol none --dir out"
...

config zone
option name vpn
# subnet needed for firewall3 before 22 Nov 2019, 8174814a
list subnet '0.0.0.0/0'
option extra_src "-m policy --pol ipsec --dir in --reqid 33"
option extra_dest "-m policy --pol ipsec --dir out --reqid 33"
...

Signed-off-by: Paul Fertser <fercerpav@gmail.com>