smeserver-libreswan/contribs10/smeserver-libreswan-createlinks.patch

diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup       2020-02-14 19:31:04.604042908 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup   2020-02-14 19:32:08.184131330 +0100
@@ -72,22 +72,27 @@
             }
         }    # End foreach
 
+        $virtual_private .= "    virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,";
+
         unless ( @subnetArr == 0 ) {
-            $OUT .= "    virtual_private=";
 
+            # For NAT and vhost:%priv seting exclude any right subnets
             foreach my $subnet (@subnetArr) {
-                $virtual_private .= "%v4:$subnet,";
+                $virtual_private .= "%v4:!$subnet,";
             }
 
             # Remove last character ','
             chop($virtual_private);
             $OUT .= "$virtual_private\n";
             $OUT .= "\n";
-            $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
 
         }    #end unless
-    }    # End else
 
-    # End
+        # I think that this is all we really need. as long as we don't have complex subnets etc
+        # $OUT .= "    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12";
+        $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
+
+    }    # End else
+         # End
 }
 
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection  2020-02-14 19:31:04.600042715 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection      2020-02-14 19:32:08.183131286 +0100
@@ -148,13 +148,13 @@
                            $ipsecDB->get_prop( $ipsecprop, 'forceencaps' )
                         || $configDB->get_prop( $dbKey, 'forceencaps' )
                         || 'no';
-                    
+
                     $OUT .= "    encapsulation=$forceencaps\n";
 
                     my $keyingtries =
                            $ipsecDB->get_prop( $ipsecprop, 'keyingtries' )
                         || $configDB->get_prop( $dbKey, 'keyingtries' )
-                        || '0';
+                        || '%forever';
                     $OUT .= "    keyingtries=$keyingtries\n";
 
                     # Following come from ipsecDB or configDB or hardcoded
@@ -243,13 +243,12 @@
 
                     my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || '';
                     $OUT .= "    rightsubnet=$rightsubnet\n";
-                    
+
                     my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) || '';
                     if ($reauth eq 'y' || $reauth eq '1' ) {
                         $OUT .= "    reauth=yes\n";
                     }
 
-
                 }    # End If
                 else {
                     $OUT .= "# conn $ipsecprop disabled\n";
1	diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup
2	--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2020-02-14 19:31:04.604042908 +0100
3	+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2020-02-14 19:32:08.184131330 +0100
4	@@ -72,22 +72,27 @@
5	}
6	} # End foreach
7
8	+ $virtual_private .= " virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,";
9	+
10	unless ( @subnetArr == 0 ) {
11	- $OUT .= " virtual_private=";
12
13	+ # For NAT and vhost:%priv seting exclude any right subnets
14	foreach my $subnet (@subnetArr) {
15	- $virtual_private .= "%v4:$subnet,";
16	+ $virtual_private .= "%v4:!$subnet,";
17	}
18
19	# Remove last character ','
20	chop($virtual_private);
21	$OUT .= "$virtual_private\n";
22	$OUT .= "\n";
23	- $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
24
25	} #end unless
26	- } # End else
27
28	- # End
29	+ # I think that this is all we really need. as long as we don't have complex subnets etc
30	+ # $OUT .= " virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12";
31	+ $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
32	+
33	+ } # End else
34	+ # End
35	}
36
37	diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
38	--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-14 19:31:04.600042715 +0100
39	+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-14 19:32:08.183131286 +0100
40	@@ -148,13 +148,13 @@
41	$ipsecDB->get_prop( $ipsecprop, 'forceencaps' )
42	\|\| $configDB->get_prop( $dbKey, 'forceencaps' )
43	\|\| 'no';
44	-
45	+
46	$OUT .= " encapsulation=$forceencaps\n";
47
48	my $keyingtries =
49	$ipsecDB->get_prop( $ipsecprop, 'keyingtries' )
50	\|\| $configDB->get_prop( $dbKey, 'keyingtries' )
51	- \|\| '0';
52	+ \|\| '%forever';
53	$OUT .= " keyingtries=$keyingtries\n";
54
55	# Following come from ipsecDB or configDB or hardcoded
56	@@ -243,13 +243,12 @@
57
58	my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) \|\| '';
59	$OUT .= " rightsubnet=$rightsubnet\n";
60	-
61	+
62	my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) \|\| '';
63	if ($reauth eq 'y' \|\| $reauth eq '1' ) {
64	$OUT .= " reauth=yes\n";
65	}
66
67	-
68	} # End If
69	else {
70	$OUT .= "# conn $ipsecprop disabled\n";