smeserver-libreswan/contribs9/smeserver-libreswan-ikev2-logrotate.patch

diff -ruN smeserver-libreswan-0.5.old/createlinks smeserver-libreswan-0.5/createlinks
--- smeserver-libreswan-0.5.old/createlinks     2016-12-22 11:34:27.074000958 +0100
+++ smeserver-libreswan-0.5/createlinks 2016-12-22 11:34:39.047000957 +0100
@@ -38,3 +38,20 @@
 service_link_enhanced("ipsec", "K21", "1");
 
 safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
+
+# Set up generic logfile timestamp renaming/symlinking
+
+foreach (qw(
+    /var/log/pluto/pluto.log
+    ))
+{
+    safe_touch "root/etc/e-smith/events/logrotate/logfiles2timestamp/$_";
+}
+
+#--------------------------------------------------
+# actions for logrotate event
+#--------------------------------------------------
+
+$event = "logrotate";
+
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ipsec");
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion
--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion   1970-01-01 01:00:00.000000000 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion       2016-12-22 11:34:39.030000959 +0100
@@ -0,0 +1 @@
+yes
\ No newline at end of file
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort
--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort        2016-02-17 14:19:42.000000000 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort    1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-500
\ No newline at end of file
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts
--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts       1970-01-01 01:00:00.000000000 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts   2016-12-22 11:34:39.018000956 +0100
@@ -0,0 +1 @@
+500,4500
\ No newline at end of file
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup       2016-12-22 11:34:27.070000958 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup   2016-12-22 11:34:39.047000957 +0100
@@ -1,77 +1,79 @@
 #!/usr/bin/perl -w
 
 {
- use strict;
- use warnings;
- use esmith::ConfigDB;
+    use strict;
+    use warnings;
+    use esmith::ConfigDB;
 
- my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
+    my $configDB    = esmith::ConfigDB->open_ro or die("can't open Config DB");
+    my $dbKey       = 'ipsec';
+    my $systemMode  = $configDB->get("SystemMode")->value;
+    my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled';
 
- my $systemMode = $configDB->get("SystemMode")->value;
+    if ( $systemMode ne 'servergateway' ) {
+        $OUT .= "# System not in Server Gateway mode\n";
+    }
 
- if ( $systemMode ne 'servergateway' )
- {
-  $OUT .= "# System not in Server Gateway mode\n";
- }
+    elsif ( $ipsecStatus ne 'enabled' ) {
+        $OUT .= "# Ipsec not enabled\n";
+    }
 
- else
- {
+    else {
+        my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
+          or die("cant connect to ipsec database");
 
-  my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
-    or die("cant connect to ipsec database");
+        my $dbKey = 'ipsec';
 
-  my $dbKey = 'ipsec';
+        # Generic setup file
+        my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) || 'none';
 
-  # Generic setup file
-  my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) || 'none';
-  
-# A standard config is included in the RPM but we need to generate a new one so we can modify settings
+        # A standard config is included in the RPM but we need to generate a new one so we can modify settings
 
-  $OUT .= "config setup\n";
-  $OUT .= "    protostack=netkey\n";
-  $OUT .= "    plutodebug=$debugstatus\n";
-  $OUT .= "    #klipsdebug=none\n";
-  $OUT .= "    plutostderrlog=/var/log/pluto/pluto.log\n";
-  $OUT .= "    dumpdir=/var/run/pluto/\n";
-  $OUT .= "    nat_traversal=yes\n";
+        $OUT .= "config setup\n";
+        $OUT .= "    protostack=netkey\n";
+        $OUT .= "    plutodebug=$debugstatus\n";
+        $OUT .= "    #klipsdebug=none\n";
+        $OUT .= "    plutostderrlog=/var/log/pluto/pluto.log\n";
+        $OUT .= "    dumpdir=/var/run/pluto/\n";
+        $OUT .= "    nat_traversal=yes\n";
 
-  # This should get all the connections in an array
+        # This should get all the connections in an array
 
-  my @connections = $ipsecDB->keys;
+        my @connections = $ipsecDB->keys;
 
-  $OUT .= "    virtual_private=";
+        $OUT .= "    virtual_private=";
 
-  my $virtual_private = '';
+        my $virtual_private = '';
 
-  foreach my $ipsecprop (@connections) {
+        foreach my $ipsecprop (@connections) {
 
-       my $type =  $ipsecDB->get_prop("$ipsecprop",'type');
-       print "Connection: $ipsecprop Type: $type\n";
+            my $type = $ipsecDB->get_prop( "$ipsecprop", 'type' );
+            print "Connection: $ipsecprop Type: $type\n";
 
-   if ( $type eq "ipsec") {
-          print "Connection: $ipsecprop\n";
-     my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) || "disabled";
+            if ( $type eq "ipsec" ) {
+                print "Connection: $ipsecprop\n";
+                my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) || "disabled";
 
-     if ( $ipsecstatus eq "enabled" ) {
-       my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' );
-       $virtual_private .= "%v4:$subnet,";
-      }
+                if ( $ipsecstatus eq "enabled" ) {
+                    my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' );
+                    $virtual_private .= "%v4:$subnet,";
+                }
 
-     # End if
-     }
+                # End if
+            }
 
-  # End foreach
-  }
+            # End foreach
+        }
 
-    # Remove last character ','
-     chop($virtual_private);
-     $OUT .= "$virtual_private\n";
-     $OUT .= "\n";
-     $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
+        # Remove last character ','
+        chop($virtual_private);
+        $OUT .= "$virtual_private\n";
+        $OUT .= "\n";
+        $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
 
- # End else
- }
+        # End else
+    }
 
-# End
+    # End
 }
 
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection  2016-02-17 14:19:42.000000000 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection      2016-12-22 11:34:39.036000959 +0100
@@ -5,21 +5,23 @@
     use warnings;
     use esmith::ConfigDB;
 
-    my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
-
-    my $systemMode = $configDB->get("SystemMode")->value;
+    my $configDB    = esmith::ConfigDB->open_ro or die("can't open Config DB");
+    my $dbKey       = 'ipsec';
+    my $systemMode  = $configDB->get("SystemMode")->value;
+    my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled';
 
     if ( $systemMode ne 'servergateway' ) {
         $OUT .= "# System not in Server Gateway mode\n";
     }
 
-    else {
+    elsif ( $ipsecStatus ne 'enabled' ) {
+        $OUT .= "# Ipsec not enabled\n";
+    }
 
+    else {
         my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
           or die("cant connect to ipsec database");
 
-        my $dbKey = 'ipsec';
-
         # This should get all the connections in an array
 
         my @connections = $ipsecDB->keys;
@@ -108,10 +110,13 @@
                         $OUT .= "    auto=$auto\n";
                     }
 
-                    my $ipsecversion = $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' ) || '';
-                    if ( $ipsecversion eq 'v2' ) {
-                        $OUT .= "    ikev2=insist\n";
-                    }
+                    # We should change ipsecversion to ikev2status
+                    my $ipsecversion =
+                         $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' )
+                      || $configDB->get_prop( $dbKey, 'ipsecversion' )
+                      || 'permit';
+
+                    $OUT .= "    ikev2=$ipsecversion\n";
 
                     # Set the Phase one and Phase two default strengths - these are set to aes
                     my $ike =
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords        2016-12-22 11:34:27.073000958 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords    2016-12-22 11:34:39.036000959 +0100
@@ -5,20 +5,23 @@
     use warnings;
     use esmith::ConfigDB;
 
-    my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
-
-    my $systemMode = $configDB->get("SystemMode")->value;
+    my $configDB    = esmith::ConfigDB->open_ro or die("can't open Config DB");
+    my $dbKey       = 'ipsec';
+    my $systemMode  = $configDB->get("SystemMode")->value;
+    my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled';
 
     if ( $systemMode ne 'servergateway' ) {
         $OUT .= "# System not in Server Gateway mode\n";
     }
 
+    elsif ( $ipsecStatus ne 'enabled' ) {
+        $OUT .= "# Ipsec not enabled\n";
+    }
+
     else {
         my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
           or die("cant connect to ipsec database");
 
-        my $dbKey = 'ipsec';
-
         my $ExternalIP = $configDB->get_prop( "ExternalInterface", "IPAddress" );
 
         # This should get all the connections in an array
@@ -79,8 +82,8 @@
                             $OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\"";
                         }
                     }
-                    
-                    elsif (( $leftid ne '' ) && ( $rightid ne '' )) {
+
+                    elsif ( ( $leftid ne '' ) && ( $rightid ne '' ) ) {
                         $OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\"";
                     }
 
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto        2016-12-22 11:34:27.065000961 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto    1970-01-01 01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-/var/log/pluto/pluto.log \{
-    missingok
-    notifempty
-    compress
-    daily
-    rotate 10
-    create 0600 root root
-\}
1	reetspetit	1.1	diff -ruN smeserver-libreswan-0.5.old/createlinks smeserver-libreswan-0.5/createlinks
2			--- smeserver-libreswan-0.5.old/createlinks 2016-12-22 11:34:27.074000958 +0100
3			+++ smeserver-libreswan-0.5/createlinks 2016-12-22 11:34:39.047000957 +0100
4			@@ -38,3 +38,20 @@
5			service_link_enhanced("ipsec", "K21", "1");
6
7			safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
8			+
9			+# Set up generic logfile timestamp renaming/symlinking
10			+
11			+foreach (qw(
12			+ /var/log/pluto/pluto.log
13			+ ))
14			+{
15			+ safe_touch "root/etc/e-smith/events/logrotate/logfiles2timestamp/$_";
16			+}
17			+
18			+#--------------------------------------------------
19			+# actions for logrotate event
20			+#--------------------------------------------------
21			+
22			+$event = "logrotate";
23			+
24			+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ipsec");
25			diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion
26			--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion 1970-01-01 01:00:00.000000000 +0100
27			+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion 2016-12-22 11:34:39.030000959 +0100
28			@@ -0,0 +1 @@
29			+yes
30			\ No newline at end of file
31			diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort
32			--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort 2016-02-17 14:19:42.000000000 +0100
33			+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort 1970-01-01 01:00:00.000000000 +0100
34			@@ -1 +0,0 @@
35			-500
36			\ No newline at end of file
37			diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts
38			--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts 1970-01-01 01:00:00.000000000 +0100
39			+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts 2016-12-22 11:34:39.018000956 +0100
40			@@ -0,0 +1 @@
41			+500,4500
42			\ No newline at end of file
43			diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup
44			--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2016-12-22 11:34:27.070000958 +0100
45			+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2016-12-22 11:34:39.047000957 +0100
46			@@ -1,77 +1,79 @@
47			#!/usr/bin/perl -w
48
49			{
50			- use strict;
51			- use warnings;
52			- use esmith::ConfigDB;
53			+ use strict;
54			+ use warnings;
55			+ use esmith::ConfigDB;
56
57			- my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
58			+ my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
59			+ my $dbKey = 'ipsec';
60			+ my $systemMode = $configDB->get("SystemMode")->value;
61			+ my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) \|\| 'disabled';
62
63			- my $systemMode = $configDB->get("SystemMode")->value;
64			+ if ( $systemMode ne 'servergateway' ) {
65			+ $OUT .= "# System not in Server Gateway mode\n";
66			+ }
67
68			- if ( $systemMode ne 'servergateway' )
69			- {
70			- $OUT .= "# System not in Server Gateway mode\n";
71			- }
72			+ elsif ( $ipsecStatus ne 'enabled' ) {
73			+ $OUT .= "# Ipsec not enabled\n";
74			+ }
75
76			- else
77			- {
78			+ else {
79			+ my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
80			+ or die("cant connect to ipsec database");
81
82			- my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
83			- or die("cant connect to ipsec database");
84			+ my $dbKey = 'ipsec';
85
86			- my $dbKey = 'ipsec';
87			+ # Generic setup file
88			+ my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) \|\| 'none';
89
90			- # Generic setup file
91			- my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) \|\| 'none';
92			-
93			-# A standard config is included in the RPM but we need to generate a new one so we can modify settings
94			+ # A standard config is included in the RPM but we need to generate a new one so we can modify settings
95
96			- $OUT .= "config setup\n";
97			- $OUT .= " protostack=netkey\n";
98			- $OUT .= " plutodebug=$debugstatus\n";
99			- $OUT .= " #klipsdebug=none\n";
100			- $OUT .= " plutostderrlog=/var/log/pluto/pluto.log\n";
101			- $OUT .= " dumpdir=/var/run/pluto/\n";
102			- $OUT .= " nat_traversal=yes\n";
103			+ $OUT .= "config setup\n";
104			+ $OUT .= " protostack=netkey\n";
105			+ $OUT .= " plutodebug=$debugstatus\n";
106			+ $OUT .= " #klipsdebug=none\n";
107			+ $OUT .= " plutostderrlog=/var/log/pluto/pluto.log\n";
108			+ $OUT .= " dumpdir=/var/run/pluto/\n";
109			+ $OUT .= " nat_traversal=yes\n";
110
111			- # This should get all the connections in an array
112			+ # This should get all the connections in an array
113
114			- my @connections = $ipsecDB->keys;
115			+ my @connections = $ipsecDB->keys;
116
117			- $OUT .= " virtual_private=";
118			+ $OUT .= " virtual_private=";
119
120			- my $virtual_private = '';
121			+ my $virtual_private = '';
122
123			- foreach my $ipsecprop (@connections) {
124			+ foreach my $ipsecprop (@connections) {
125
126			- my $type = $ipsecDB->get_prop("$ipsecprop",'type');
127			- print "Connection: $ipsecprop Type: $type\n";
128			+ my $type = $ipsecDB->get_prop( "$ipsecprop", 'type' );
129			+ print "Connection: $ipsecprop Type: $type\n";
130
131			- if ( $type eq "ipsec") {
132			- print "Connection: $ipsecprop\n";
133			- my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) \|\| "disabled";
134			+ if ( $type eq "ipsec" ) {
135			+ print "Connection: $ipsecprop\n";
136			+ my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) \|\| "disabled";
137
138			- if ( $ipsecstatus eq "enabled" ) {
139			- my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' );
140			- $virtual_private .= "%v4:$subnet,";
141			- }
142			+ if ( $ipsecstatus eq "enabled" ) {
143			+ my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' );
144			+ $virtual_private .= "%v4:$subnet,";
145			+ }
146
147			- # End if
148			- }
149			+ # End if
150			+ }
151
152			- # End foreach
153			- }
154			+ # End foreach
155			+ }
156
157			- # Remove last character ','
158			- chop($virtual_private);
159			- $OUT .= "$virtual_private\n";
160			- $OUT .= "\n";
161			- $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
162			+ # Remove last character ','
163			+ chop($virtual_private);
164			+ $OUT .= "$virtual_private\n";
165			+ $OUT .= "\n";
166			+ $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
167
168			- # End else
169			- }
170			+ # End else
171			+ }
172
173			-# End
174			+ # End
175			}
176
177			diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
178			--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2016-02-17 14:19:42.000000000 +0100
179			+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2016-12-22 11:34:39.036000959 +0100
180			@@ -5,21 +5,23 @@
181			use warnings;
182			use esmith::ConfigDB;
183
184			- my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
185			-
186			- my $systemMode = $configDB->get("SystemMode")->value;
187			+ my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
188			+ my $dbKey = 'ipsec';
189			+ my $systemMode = $configDB->get("SystemMode")->value;
190			+ my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) \|\| 'disabled';
191
192			if ( $systemMode ne 'servergateway' ) {
193			$OUT .= "# System not in Server Gateway mode\n";
194			}
195
196			- else {
197			+ elsif ( $ipsecStatus ne 'enabled' ) {
198			+ $OUT .= "# Ipsec not enabled\n";
199			+ }
200
201			+ else {
202			my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
203			or die("cant connect to ipsec database");
204
205			- my $dbKey = 'ipsec';
206			-
207			# This should get all the connections in an array
208
209			my @connections = $ipsecDB->keys;
210			@@ -108,10 +110,13 @@
211			$OUT .= " auto=$auto\n";
212			}
213
214			- my $ipsecversion = $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' ) \|\| '';
215			- if ( $ipsecversion eq 'v2' ) {
216			- $OUT .= " ikev2=insist\n";
217			- }
218			+ # We should change ipsecversion to ikev2status
219			+ my $ipsecversion =
220			+ $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' )
221			+ \|\| $configDB->get_prop( $dbKey, 'ipsecversion' )
222			+ \|\| 'permit';
223			+
224			+ $OUT .= " ikev2=$ipsecversion\n";
225
226			# Set the Phase one and Phase two default strengths - these are set to aes
227			my $ike =
228			diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords
229			--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords 2016-12-22 11:34:27.073000958 +0100
230			+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords 2016-12-22 11:34:39.036000959 +0100
231			@@ -5,20 +5,23 @@
232			use warnings;
233			use esmith::ConfigDB;
234
235			- my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
236			-
237			- my $systemMode = $configDB->get("SystemMode")->value;
238			+ my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
239			+ my $dbKey = 'ipsec';
240			+ my $systemMode = $configDB->get("SystemMode")->value;
241			+ my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) \|\| 'disabled';
242
243			if ( $systemMode ne 'servergateway' ) {
244			$OUT .= "# System not in Server Gateway mode\n";
245			}
246
247			+ elsif ( $ipsecStatus ne 'enabled' ) {
248			+ $OUT .= "# Ipsec not enabled\n";
249			+ }
250			+
251			else {
252			my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
253			or die("cant connect to ipsec database");
254
255			- my $dbKey = 'ipsec';
256			-
257			my $ExternalIP = $configDB->get_prop( "ExternalInterface", "IPAddress" );
258
259			# This should get all the connections in an array
260			@@ -79,8 +82,8 @@
261			$OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\"";
262			}
263			}
264			-
265			- elsif (( $leftid ne '' ) && ( $rightid ne '' )) {
266			+
267			+ elsif ( ( $leftid ne '' ) && ( $rightid ne '' ) ) {
268			$OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\"";
269			}
270
271			diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto
272			--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto 2016-12-22 11:34:27.065000961 +0100
273			+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto 1970-01-01 01:00:00.000000000 +0100
274			@@ -1,8 +0,0 @@
275			-/var/log/pluto/pluto.log \{
276			- missingok
277			- notifempty
278			- compress
279			- daily
280			- rotate 10
281			- create 0600 root root
282			-\}