/[smecontribs]/rpms/smeserver-libreswan-xl2tpd/contribs9/smeserver-libreswan-xl2tpd-update-status-default
ViewVC logotype

Annotation of /rpms/smeserver-libreswan-xl2tpd/contribs9/smeserver-libreswan-xl2tpd-update-status-default

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph

Revision 1.1 - (hide annotations) (download)
Sun Oct 13 14:08:12 2019 UTC (5 years, 1 month ago) by jcrisp
Branch: MAIN
CVS Tags: smeserver-libreswan-xl2tpd-0_5-9, smeserver-libreswan-xl2tpd-0_5-8, smeserver-libreswan-xl2tpd-0_5-7, smeserver-libreswan-xl2tpd-0_5-6, HEAD 
* Tue Sep 03 2019 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6
- Add ipsec connection status key (disabled as default)
- Update Libreswan depends
- Add ikev2 permit to allow ike v1
1 jcrisp 1.1 diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/db/ipsec_connections/defaults/L2TPD-PSK/status smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/db/ipsec_connections/defaults/L2TPD-PSK/status
2     --- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/db/ipsec_connections/defaults/L2TPD-PSK/status 1970-01-01 01:00:00.000000000 +0100
3     +++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/db/ipsec_connections/defaults/L2TPD-PSK/status 2019-10-13 16:05:56.435030738 +0200
4     @@ -0,0 +1 @@
5     +disabled
6     \ No newline at end of file
7     diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd
8     --- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2019-10-13 16:01:44.453638751 +0200
9     +++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2019-10-13 16:05:56.468032361 +0200
10     @@ -45,6 +45,9 @@
11     $OUT .= " # high port, but propose \"0\" instead of their port.\n";
12     $OUT .= " left=%defaultroute\n";
13     $OUT .= " leftprotoport=17/1701\n";
14     + $OUT .= " # Permit Ike v1 for older xl2tpd connections/clients\n";
15     + $OUT .= " ikev2=permit\n";
16     +
17     $OUT .= " # Apple iOS doesn't send delete notify so we need dead peer detection\n";
18     $OUT .= " # to detect vanishing clients\n";
19    
20     @@ -62,6 +65,7 @@
21     # Disabled for now - needs some thought
22     # Probably only needed if you are doing subnet <-> subnet
23     # Most likely not required for dialin
24     + # see https://libreswan.org/man/ipsec.conf.5.html -> leftsubnet
25    
26     my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || '';
27     if ( $rightsubnet ne '' ) {
admin@koozali.org
 ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed