From 51214e191fab48d3f1a04e4f15f8b93c4e6b6f63 Mon Sep 17 00:00:00 2001
From: "Michael C. Bazarewsky" <github@bazstuff.com>
Date: Thu, 27 Aug 2020 16:06:34 -0400
Subject: [PATCH] strongswan: add left and mark configuration to UCI

This commit allows for UCI configuration of the "left=" and the
"mark=" values in a StrongSwan IPSec connection.  This improves
VTI support and allows certain stricter connection scenarios.

Signed-off-by: Michael C. Bazarewsky <github@bazstuff.com>
---
 net/strongswan/files/ipsec.init | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/net/strongswan/files/ipsec.init b/net/strongswan/files/ipsec.init
index 021380487..b2efc74e8 100644
--- a/net/strongswan/files/ipsec.init
+++ b/net/strongswan/files/ipsec.init
@@ -126,6 +126,7 @@ config_conn() {
 	local local_subnet
 	local local_nat
 	local local_sourceip
+	local local_leftip
 	local local_updown
 	local local_firewall
 	local remote_subnet
@@ -141,11 +142,13 @@ config_conn() {
 	local inactivity
 	local keyexchange
 	local reqid
+	local packet_marker
 
 	config_get mode                     "$1"           mode "route"
 	config_get local_subnet             "$1"           local_subnet ""
 	config_get local_nat                "$1"           local_nat ""
 	config_get local_sourceip           "$1"           local_sourceip ""
+	config_get local_leftip             "$1"           local_leftip "%any"
 	config_get local_updown             "$1"           local_updown ""
 	config_get local_firewall           "$1"           local_firewall ""
 	config_get remote_subnet            "$1"           remote_subnet ""
@@ -161,11 +164,12 @@ config_conn() {
 	config_get inactivity               "$1"           inactivity
 	config_get keyexchange              "$1"           keyexchange "ikev2"
 	config_get reqid                    "$1"           reqid
+	config_get packet_marker            "$1"           packet_marker
 
 	[ -n "$local_nat" ] && local_subnet=$local_nat
 
 	ipsec_xappend "conn $config_name-$1"
-	ipsec_xappend "  left=%any"
+	ipsec_xappend "  left=$local_leftip"
 	ipsec_xappend "  right=$remote_gateway"
 
 	[ -n "$local_sourceip" ] && ipsec_xappend "  leftsourceip=$local_sourceip"
@@ -200,6 +204,7 @@ config_conn() {
 	[ -n "$remote_identifier" ] && ipsec_xappend "  rightid=$remote_identifier"
 	[ -n "$local_updown" ] && ipsec_xappend "  leftupdown=$local_updown"
 	[ -n "$remote_updown" ] && ipsec_xappend "  rightupdown=$remote_updown"
+	[ -n "$packet_marker" ] && ipsec_xappend "  mark=$packet_marker"	
 	ipsec_xappend "  keyexchange=$keyexchange"
 
 	set_crypto_proposal "$1"