add proper ipsec route (#146169, #140654)

2 files changed, 7 insertions, 4 deletions

diff --git a/sysconfig/network-scripts/ifdown-ipsec b/sysconfig/network-scripts/ifdown-ipsec
index cbc8e2df..ffaaa3a3 100755
--- a/sysconfig/network-scripts/ifdown-ipsec
+++ b/sysconfig/network-scripts/ifdown-ipsec
@@ -61,8 +61,9 @@ EOF
 else
       [ -z "$SRCNET" ] && SRCNET="$SRC/32"
       [ -z "$DSTNET" ] && DSTNET="$DST/32"
-
-      ip route del to $DSTNET via $DST
+      
+      [ -z "$SRCGW" ] && SRCGW=`ip -o route get to $SRCNET | sed "s|.*src \([^ ]*\).*|\1|"`
+      ip route del to $DSTNET via $SRCGW src $SRCGW
 
       /sbin/setkey -c >/dev/null 2>&1 << EOF
 	spddelete $SRCNET $DSTNET any -P out;
diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec
index 4751b5cc..0314f71a 100755
--- a/sysconfig/network-scripts/ifup-ipsec
+++ b/sysconfig/network-scripts/ifup-ipsec
@@ -137,7 +137,8 @@ EOF
       [ -z "$SRCNET" ] && SRCNET="$SRC/32"
       [ -z "$DSTNET" ] && DSTNET="$DST/32"
       
-      ip route add to $DSTNET via $DST
+      [ -z "$SRCGW" ] && SRCGW=`ip -o route get to $SRCNET | sed "s|.*src \([^ ]*\).*|\1|"`
+      ip route add to $DSTNET via $SRCGW src $SRCGW
 
       /sbin/setkey -c >/dev/null 2>&1 << EOF
 delete $SRC $DST ah $SPI_AH_OUT;
@@ -191,7 +192,8 @@ EOF
       [ -z "$SRCNET" ] && SRCNET="$SRC/32"
       [ -z "$DSTNET" ] && DSTNET="$DST/32"
       
-      ip route add to $DSTNET via $DST
+      [ -z "$SRCGW" ] && SRCGW=`ip -o route get to $SRCNET | sed "s|.*src \([^ ]*\).*|\1|"`
+      ip route add to $DSTNET via $SRCGW src $SRCGW
       
       /sbin/setkey -c >/dev/null 2>&1 << EOF
 spddelete $SRCNET $DSTNET any -P out;