allow different in/out encryption protocols, too

1 files changed, 8 insertions, 8 deletions

diff --git a/sysconfig/network-scripts/ifup-ipsec b/sysconfig/network-scripts/ifup-ipsec
index 8a311afe..4cdade86 100755
--- a/sysconfig/network-scripts/ifup-ipsec
+++ b/sysconfig/network-scripts/ifup-ipsec
@@ -82,12 +82,12 @@ spddelete $SRC $DST any -P out;
 spddelete $DST $SRC any -P in;
 
 # ESP
-${KEY_ESP_IN:+add $DST $SRC esp $SPI3 -E $ESP_PROTO $KEY_ESP_IN;}
-${KEY_ESP_OUT:+add $SRC $DST esp $SPI4 -E $ESP_PROTO $KEY_ESP_OUT;}
+${KEY_ESP_IN:+add $DST $SRC esp $SPI3 -E ${ESP_PROTO_IN:-$ESP_PROTO} $KEY_ESP_IN;}
+${KEY_ESP_OUT:+add $SRC $DST esp $SPI4 -E ${ESP_PROTO_OUT:-$ESP_PROTO} $KEY_ESP_OUT;}
 
 # AH
-${KEY_AH_IN:+add $DST $SRC ah $SPI1 -A $AH_PROTO $KEY_AH_IN;}
-${KEY_AH_OUT:+add $SRC $DST ah $SPI2 -A $AH_PROTO $KEY_AH_OUT;}
+${KEY_AH_IN:+add $DST $SRC ah $SPI1 -A ${AH_PROTO_IN:-$AH_PROTO} $KEY_AH_IN;}
+${KEY_AH_OUT:+add $SRC $DST ah $SPI2 -A ${AH_PROTO_OUT:-$AH_PROTO} $KEY_AH_OUT;}
 
 spdadd $SRC $DST any -P out ipsec
             ${KEY_ESP_OUT:+esp/transport//require}
@@ -112,12 +112,12 @@ spddelete $SRCNET $DSTNET any -P out;
 spddelete $DSTNET $SRCNET any -P in;
 
 # ESP
-${KEY_ESP_IN:+add $DST $SRC esp $SPI3 -m tunnel -E $ESP_PROTO $KEY_ESP_IN;}
-${KEY_ESP_OUT:+add $SRC $DST esp $SPI4 -m tunnel -E $ESP_PROTO $KEY_ESP_OUT;}
+${KEY_ESP_IN:+add $DST $SRC esp $SPI3 -m tunnel -E ${ESP_PROTO_IN:-$ESP_PROTO} $KEY_ESP_IN;}
+${KEY_ESP_OUT:+add $SRC $DST esp $SPI4 -m tunnel -E ${ESP_PROTO_OUT:-$ESP_PROTO} $KEY_ESP_OUT;}
 
 # AH
-${KEY_AH_IN:+add $DST $SRC ah $SPI1 -m tunnel -A $AH_PROTO $KEY_AH_IN;}
-${KEY_AH_OUT:+add $SRC $DST ah $SPI2 -m tunnel -A $AH_PROTO $KEY_AH_OUT;}
+${KEY_AH_IN:+add $DST $SRC ah $SPI1 -m tunnel -A ${AH_PROTO_IN:-$AH_PROTO} $KEY_AH_IN;}
+${KEY_AH_OUT:+add $SRC $DST ah $SPI2 -m tunnel -A ${AH_PROTO_OUT:-$AH_PROTO} $KEY_AH_OUT;}
 
 spdadd $SRCNET $DSTNET any -P out ipsec
             ${KEY_ESP_OUT:+esp/tunnel/$SRC-$DEST/require}