mirror of
https://github.com/apache/cloudstack.git
synced 2025-12-16 10:32:34 +01:00
S2S VPN: CS-15641: Enable UDP port 4500 for NAT-T
This commit is contained in:
Sheng Yang
parent
37b66d3fb2
commit
435480cb5a
@ -67,6 +67,7 @@ check_and_enable_iptables() {
|
|||||||
if [ $? -ne 0 ]
|
if [ $? -ne 0 ]
|
||||||
then
|
then
|
||||||
sudo iptables -A INPUT -i $outIf -p udp -m udp --dport 500 -j ACCEPT
|
sudo iptables -A INPUT -i $outIf -p udp -m udp --dport 500 -j ACCEPT
|
||||||
|
sudo iptables -A INPUT -i $outIf -p udp -m udp --dport 4500 -j ACCEPT
|
||||||
# Prevent NAT on "marked" VPN traffic, so need to be the first one on POSTROUTING chain
|
# Prevent NAT on "marked" VPN traffic, so need to be the first one on POSTROUTING chain
|
||||||
sudo iptables -t nat -I POSTROUTING -t nat -o $outIf -m mark --mark $vpnoutmark -j ACCEPT
|
sudo iptables -t nat -I POSTROUTING -t nat -o $outIf -m mark --mark $vpnoutmark -j ACCEPT
|
||||||
fi
|
fi
|
||||||
@ -90,6 +91,7 @@ check_and_disable_iptables() {
|
|||||||
then
|
then
|
||||||
#Nobody else use s2s vpn now, so delete the iptables rules
|
#Nobody else use s2s vpn now, so delete the iptables rules
|
||||||
sudo iptables -D INPUT -i $outIf -p udp -m udp --dport 500 -j ACCEPT
|
sudo iptables -D INPUT -i $outIf -p udp -m udp --dport 500 -j ACCEPT
|
||||||
|
sudo iptables -D INPUT -i $outIf -p udp -m udp --dport 4500 -j ACCEPT
|
||||||
sudo iptables -t nat -D POSTROUTING -t nat -o $outIf -m mark --mark $vpnoutmark -j ACCEPT
|
sudo iptables -t nat -D POSTROUTING -t nat -o $outIf -m mark --mark $vpnoutmark -j ACCEPT
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user