1 |
diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/db/ipsec_connections/defaults/L2TPD-PSK/status smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/db/ipsec_connections/defaults/L2TPD-PSK/status |
2 |
--- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/db/ipsec_connections/defaults/L2TPD-PSK/status 1970-01-01 01:00:00.000000000 +0100 |
3 |
+++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/db/ipsec_connections/defaults/L2TPD-PSK/status 2019-10-13 16:05:56.435030738 +0200 |
4 |
@@ -0,0 +1 @@ |
5 |
+disabled |
6 |
\ No newline at end of file |
7 |
diff -ruN smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd |
8 |
--- smeserver-libreswan-xl2tpd-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2019-10-13 16:01:44.453638751 +0200 |
9 |
+++ smeserver-libreswan-xl2tpd-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/20defaultL2tpd 2019-10-13 16:05:56.468032361 +0200 |
10 |
@@ -45,6 +45,9 @@ |
11 |
$OUT .= " # high port, but propose \"0\" instead of their port.\n"; |
12 |
$OUT .= " left=%defaultroute\n"; |
13 |
$OUT .= " leftprotoport=17/1701\n"; |
14 |
+ $OUT .= " # Permit Ike v1 for older xl2tpd connections/clients\n"; |
15 |
+ $OUT .= " ikev2=permit\n"; |
16 |
+ |
17 |
$OUT .= " # Apple iOS doesn't send delete notify so we need dead peer detection\n"; |
18 |
$OUT .= " # to detect vanishing clients\n"; |
19 |
|
20 |
@@ -62,6 +65,7 @@ |
21 |
# Disabled for now - needs some thought |
22 |
# Probably only needed if you are doing subnet <-> subnet |
23 |
# Most likely not required for dialin |
24 |
+ # see https://libreswan.org/man/ipsec.conf.5.html -> leftsubnet |
25 |
|
26 |
my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || ''; |
27 |
if ( $rightsubnet ne '' ) { |