use table 100 for source routing

1 files changed, 22 insertions, 10 deletions

diff --git a/src/_updown/_updown b/src/_updown/_updown
index 795b6f388..4cf271742 100755
--- a/src/_updown/_updown
+++ b/src/_updown/_updown
@@ -131,7 +131,16 @@ FAC_PRIO=local0.notice
 # the syslog configuration file /etc/syslog.conf:
 #
 # local0.notice                   -/var/log/vpn
+
+# in order to use source IP routing the Linux kernel options
+# CONFIG_IP_ADVANCED_ROUTER and CONFIG_IP_MULTIPLE_TABLES
+# must be enabled
+#
+# special routing table for sourceip routes
+SOURCEIP_ROUTING_TABLE=100
 #
+# priority of the sourceip routing table
+SOURCEIP_ROUTING_TABLE_PRIO=100
 
 # check interface version
 case "$PLUTO_VERSION" in
@@ -218,23 +227,26 @@ doroute() {
 
 	parms1="$PLUTO_PEER_CLIENT"
 
-	parms2=
-	if [ -n "$KLIPS" ]
+	if [ -n "$PLUTO_NEXT_HOP" ]
 	then
-	    if [ -n "$PLUTO_NEXT_HOP" ]
-	    then
-		parms2="via $PLUTO_NEXT_HOP"
-	    fi
+	    parms2="via $PLUTO_NEXT_HOP"
 	else
-	    parms2="via $PLUTO_ME"
+	    parms2="via $PLUTO_PEER"
 	fi	
 	parms2="$parms2 dev $PLUTO_INTERFACE"
 
 	parms3=
-	if test "$1" = "add" -a -n "$PLUTO_MY_SOURCEIP"
+	if [ -n "$PLUTO_MY_SOURCEIP" ]
 	then
-	    addsource
-	    parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*}"
+	    if test "$1" = "add"
+	    then
+		addsource
+		if [ `ip rule list | grep "lookup ${SOURCEIP_ROUTING_TABLE}" | wc -l` -eq 0 ]
+		then
+		    ip rule add pref ${SOURCEIP_ROUTING_TABLE_PRIO} table ${SOURCEIP_ROUTING_TABLE}
+		fi
+	    fi
+	    parms3="$parms3 src ${PLUTO_MY_SOURCEIP%/*} table ${SOURCEIP_ROUTING_TABLE}"
 	fi
 
 	case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in