From ddffeb1ceb781cfb17ca83e846de835ffd4bda54 Mon Sep 17 00:00:00 2001 From: fendo Date: Wed, 26 Dec 2012 11:13:09 +0100 Subject: [PATCH] Authorize to change the source IP of the tunnels l2tp --- Docs/manual.html | 12 ++++++++++++ debian/changelog | 6 ++++++ l2tpns.c | 15 ++++++++++++++- l2tpns.h | 1 + 4 files changed, 33 insertions(+), 1 deletion(-) diff --git a/Docs/manual.html b/Docs/manual.html index d6930dd..4215189 100644 --- a/Docs/manual.html +++ b/Docs/manual.html @@ -265,6 +265,10 @@ from the address of "bind_address" (For use in cases of specific configuration). If no address is given to iftun_address and bind_address, 1.1.1.1 is used. +
  • tundevicename (string)
    +Name of the tun interface (default: "tun0"). +
    • +
  • peer_address (ip address)
    Address to send to clients as the default gateway.
    • @@ -384,6 +388,14 @@ If no address is given, all interfaces are listened (Any Address). Port to bind for the Remote LNS (default: 65432). +
  • auth_tunnel_change_addr_src (boolean)
    +This parameter authorize to change the source IP of the tunnels l2tp. +This parameter can be used when the remotes BAS/LAC are l2tpns server +configured in cluster mode, but that the interface to remote LNS are +not clustered (the tunnel can be coming from different source IP) +(default: no). +
    • +

    The REMOTES LNS configuration is entered by the command: diff --git a/debian/changelog b/debian/changelog index bcba095..a9aa82b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +l2tpns (2.2.1-2fdn3.2) unstable; urgency=low + + * Authorize to change the source IP of the tunnels l2tp. + + -- Fernando Alves Wed, 26 Dec 2012 10:57:10 +0100 + l2tpns (2.2.1-2fdn3.1) unstable; urgency=low * Add tundevicename configuration option diff --git a/l2tpns.c b/l2tpns.c index 5f3b865..9db5bc3 100644 --- a/l2tpns.c +++ b/l2tpns.c @@ -182,6 +182,7 @@ config_descriptt config_values[] = { CONFIG("tundevicename", tundevicename, STRING), #ifdef LAC CONFIG("disable_lac_func", disable_lac_func, BOOL), + CONFIG("auth_tunnel_change_addr_src", auth_tunnel_change_addr_src, BOOL), CONFIG("bind_address_remotelns", bind_address_remotelns, IPv4), CONFIG("bind_portremotelns", bind_portremotelns, SHORT), #endif @@ -3229,10 +3230,22 @@ void processudp(uint8_t *buf, int len, struct sockaddr_in *addr) if (session[s].forwardtosession) { LOG(5, s, t, "Forwarding data session to session %u\n", session[s].forwardtosession); - // Forward to LAC or Remote LNS session + // Forward to LAC/BAS or Remote LNS session lac_session_forward(buf, len, s, proto, addr->sin_addr.s_addr, addr->sin_port); return; } + else if (config->auth_tunnel_change_addr_src) + { + if (tunnel[t].ip != ntohl(addr->sin_addr.s_addr) && + tunnel[t].port == ntohs(addr->sin_port)) + { + // The remotes BAS are a clustered l2tpns server and the source IP has changed + LOG(5, s, t, "The tunnel IP source (%s) has changed by new IP (%s)\n", + fmtaddr(htonl(tunnel[t].ip), 0), fmtaddr(addr->sin_addr.s_addr, 0)); + + tunnel[t].ip = ntohl(addr->sin_addr.s_addr); + } + } #endif /* LAC */ if (s && !session[s].opened) // Is something wrong?? diff --git a/l2tpns.h b/l2tpns.h index ba9a56f..5dbaee7 100644 --- a/l2tpns.h +++ b/l2tpns.h @@ -764,6 +764,7 @@ typedef struct in_addr_t iftun_address; #ifdef LAC int disable_lac_func; + int auth_tunnel_change_addr_src; int highest_rlnsid; uint16_t bind_portremotelns; in_addr_t bind_address_remotelns; -- 2.20.1