/[smecontribs]/rpms/smeserver-libreswan/contribs9/smeserver-libreswan-createlinks.patch
ViewVC logotype

Annotation of /rpms/smeserver-libreswan/contribs9/smeserver-libreswan-createlinks.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Fri Feb 14 18:33:11 2020 UTC (4 years, 9 months ago) by jcrisp
Branch: MAIN
CVS Tags: smeserver-libreswan-0_5-33_el6_sme, smeserver-libreswan-0_5-34_el6_sme, HEAD
* Tue Feb 14 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-33.sme
- update keyingtries
- update virtual-private

1 jcrisp 1.1 diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup
2     --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2020-02-14 19:31:04.604042908 +0100
3     +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2020-02-14 19:32:08.184131330 +0100
4     @@ -72,22 +72,27 @@
5     }
6     } # End foreach
7    
8     + $virtual_private .= " virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,";
9     +
10     unless ( @subnetArr == 0 ) {
11     - $OUT .= " virtual_private=";
12    
13     + # For NAT and vhost:%priv seting exclude any right subnets
14     foreach my $subnet (@subnetArr) {
15     - $virtual_private .= "%v4:$subnet,";
16     + $virtual_private .= "%v4:!$subnet,";
17     }
18    
19     # Remove last character ','
20     chop($virtual_private);
21     $OUT .= "$virtual_private\n";
22     $OUT .= "\n";
23     - $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
24    
25     } #end unless
26     - } # End else
27    
28     - # End
29     + # I think that this is all we really need. as long as we don't have complex subnets etc
30     + # $OUT .= " virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12";
31     + $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
32     +
33     + } # End else
34     + # End
35     }
36    
37     diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
38     --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-14 19:31:04.600042715 +0100
39     +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-14 19:32:08.183131286 +0100
40     @@ -148,13 +148,13 @@
41     $ipsecDB->get_prop( $ipsecprop, 'forceencaps' )
42     || $configDB->get_prop( $dbKey, 'forceencaps' )
43     || 'no';
44     -
45     +
46     $OUT .= " encapsulation=$forceencaps\n";
47    
48     my $keyingtries =
49     $ipsecDB->get_prop( $ipsecprop, 'keyingtries' )
50     || $configDB->get_prop( $dbKey, 'keyingtries' )
51     - || '0';
52     + || '%forever';
53     $OUT .= " keyingtries=$keyingtries\n";
54    
55     # Following come from ipsecDB or configDB or hardcoded
56     @@ -243,13 +243,12 @@
57    
58     my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || '';
59     $OUT .= " rightsubnet=$rightsubnet\n";
60     -
61     +
62     my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) || '';
63     if ($reauth eq 'y' || $reauth eq '1' ) {
64     $OUT .= " reauth=yes\n";
65     }
66    
67     -
68     } # End If
69     else {
70     $OUT .= "# conn $ipsecprop disabled\n";

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed