/[smecontribs]/rpms/smeserver-libreswan/contribs9/smeserver-libreswan-createlinks.patch
ViewVC logotype

Contents of /rpms/smeserver-libreswan/contribs9/smeserver-libreswan-createlinks.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Fri Feb 14 18:33:11 2020 UTC (4 years, 9 months ago) by jcrisp
Branch: MAIN
CVS Tags: smeserver-libreswan-0_5-33_el6_sme, smeserver-libreswan-0_5-34_el6_sme, HEAD
* Tue Feb 14 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-33.sme
- update keyingtries
- update virtual-private

1 diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup
2 --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2020-02-14 19:31:04.604042908 +0100
3 +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2020-02-14 19:32:08.184131330 +0100
4 @@ -72,22 +72,27 @@
5 }
6 } # End foreach
7
8 + $virtual_private .= " virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,";
9 +
10 unless ( @subnetArr == 0 ) {
11 - $OUT .= " virtual_private=";
12
13 + # For NAT and vhost:%priv seting exclude any right subnets
14 foreach my $subnet (@subnetArr) {
15 - $virtual_private .= "%v4:$subnet,";
16 + $virtual_private .= "%v4:!$subnet,";
17 }
18
19 # Remove last character ','
20 chop($virtual_private);
21 $OUT .= "$virtual_private\n";
22 $OUT .= "\n";
23 - $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
24
25 } #end unless
26 - } # End else
27
28 - # End
29 + # I think that this is all we really need. as long as we don't have complex subnets etc
30 + # $OUT .= " virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12";
31 + $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
32 +
33 + } # End else
34 + # End
35 }
36
37 diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
38 --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-14 19:31:04.600042715 +0100
39 +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2020-02-14 19:32:08.183131286 +0100
40 @@ -148,13 +148,13 @@
41 $ipsecDB->get_prop( $ipsecprop, 'forceencaps' )
42 || $configDB->get_prop( $dbKey, 'forceencaps' )
43 || 'no';
44 -
45 +
46 $OUT .= " encapsulation=$forceencaps\n";
47
48 my $keyingtries =
49 $ipsecDB->get_prop( $ipsecprop, 'keyingtries' )
50 || $configDB->get_prop( $dbKey, 'keyingtries' )
51 - || '0';
52 + || '%forever';
53 $OUT .= " keyingtries=$keyingtries\n";
54
55 # Following come from ipsecDB or configDB or hardcoded
56 @@ -243,13 +243,12 @@
57
58 my $rightsubnet = $ipsecDB->get_prop( $ipsecprop, 'rightsubnet' ) || '';
59 $OUT .= " rightsubnet=$rightsubnet\n";
60 -
61 +
62 my $reauth = $ipsecDB->get_prop( $ipsecprop, 'reauth' ) || '';
63 if ($reauth eq 'y' || $reauth eq '1' ) {
64 $OUT .= " reauth=yes\n";
65 }
66
67 -
68 } # End If
69 else {
70 $OUT .= "# conn $ipsecprop disabled\n";

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed