Add ipsec support

2025-03-09 15:40:03 +00:00 · 2020-01-24 21:04:26 +01:00 · 2020-01-24 21:04:26 +01:00 · bf4ee2cc5e
commit bf4ee2cc5e
parent 62a2f4ff7f
13 changed files with 690 additions and 1 deletions
--- a/luci-app-ipsec-vpnd/root/etc/uci-defaults/ipsec
+++ b/luci-app-ipsec-vpnd/root/etc/uci-defaults/ipsec
@ -0,0 +1,54 @@
+#!/bin/sh
+
+uci -q batch <<-EOF >/dev/null
+	delete firewall.ipsecd
+	set firewall.ipsecd=include
+	set firewall.ipsecd.type=script
+	set firewall.ipsecd.path=/etc/ipsec.include
+	set firewall.ipsecd.reload=1
+	commit firewall
+EOF
+
+uci -q batch <<-EOF >/dev/null
+  delete firewall.ike
+  add firewall rule
+  rename firewall.@rule[-1]="ike"
+  set firewall.@rule[-1].name="ike"
+  set firewall.@rule[-1].target="ACCEPT"
+  set firewall.@rule[-1].src="wan"
+  set firewall.@rule[-1].proto="udp"
+  set firewall.@rule[-1].dest_port="500"
+  delete firewall.ipsec
+  add firewall rule
+  rename firewall.@rule[-1]="ipsec"
+  set firewall.@rule[-1].name="ipsec"
+  set firewall.@rule[-1].target="ACCEPT"
+  set firewall.@rule[-1].src="wan"
+  set firewall.@rule[-1].proto="udp"
+  set firewall.@rule[-1].dest_port="4500"
+  delete firewall.ah
+  add firewall rule
+  rename firewall.@rule[-1]="ah"
+  set firewall.@rule[-1].name="ah"
+  set firewall.@rule[-1].target="ACCEPT"
+  set firewall.@rule[-1].src="wan"
+  set firewall.@rule[-1].proto="ah"
+  delete firewall.esp
+  add firewall rule
+  rename firewall.@rule[-1]="esp"
+  set firewall.@rule[-1].name="esp"
+  set firewall.@rule[-1].target="ACCEPT"
+  set firewall.@rule[-1].src="wan"
+  set firewall.@rule[-1].proto="esp"
+  commit firewall
+EOF
+
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@ipsec[-1]
+	add ucitrack ipsec
+	set ucitrack.@ipsec[-1].init=ipsec
+	commit ucitrack
+EOF
+
+rm -f /tmp/luci-indexcache
+exit 0