<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hi Paul,<br>
I was following your logic. If you have:<br>
leftsubnets=1.2.3.0/24,5.6.7.0/24,6.7.8.0/24<br>
leftsourceips=1.2.3.4,5.6.7.8<br>
<br>
Then for each leftlourceips, loop through leftsubnets. Then if the
leftsourceip exists in one of the subnets then add a route. In this
case, there is no leftsourceip for the 6.7.8.0/24 subnet so no route
is added, but routes are added for the other two subnets.<br>
<br>
My scripting skills may not be good enough for this. Also my
knowledge would not have picked up your /32 case.<br>
<br>
Nick<br>
<br>
<div class="moz-cite-prefix">On 27/01/2019 19:10, Paul Wouters
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:alpine.LRH.2.21.1901271406370.2189@bofh.nohats.ca">
<br>
On Sat, 26 Jan 2019, Nick Howitt wrote:
<br>
<br>
<blockquote type="cite">
<blockquote type="cite"> It would be nice if we could extend
that functionality to cover all
<br>
combinatory cases with a multiple
leftsourceip=1.2.3.4,5.6.7.8 but we
<br>
don’t currently.
<br>
</blockquote>
Ugh. That points to multiple conns then, doesn't it? I wouldn't
have thought the logic wouldn't be too difficult to implement
(pick the source IP from the subnet you are instantiating ...)
but it is more time and effort.
<br>
</blockquote>
<br>
It's tricky. You have to do this in _updown.netkey. You have to
first
<br>
figure out if the gateway has an IP in the local subnet or whether
it is
<br>
just routing the subnet. then if you find that IP, you need to add
a source route to the destination IP. And exlude things like the
remote is
<br>
a /32 to which you also have to talk IKE/IPsec (prevent imploding)
<br>
<br>
At least the connections instantiate, so there is only one left
and
<br>
right subnet for the instance of te _updown.netkey running. So it
is
<br>
possible to do.
<br>
<br>
I'm not sure if there are valid reasons for an admin to NOT want
to
<br>
add this source route.
<br>
<br>
Anyway, I'd say patches are welcome from people with shell fu :)
<br>
<br>
Paul
<br>
</blockquote>
<br>
</body>
</html>