smeserver-libreswan/contribs9/smeserver-libreswan-ikev2-logrotate.patch

diff -ruN smeserver-libreswan-0.5.old/createlinks smeserver-libreswan-0.5/createlinks
--- smeserver-libreswan-0.5.old/createlinks     2016-12-22 11:34:27.074000958 +0100
+++ smeserver-libreswan-0.5/createlinks 2016-12-22 11:34:39.047000957 +0100
@@ -38,3 +38,20 @@
 service_link_enhanced("ipsec", "K21", "1");
 
 safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
+
+# Set up generic logfile timestamp renaming/symlinking
+
+foreach (qw(
+    /var/log/pluto/pluto.log
+    ))
+{
+    safe_touch "root/etc/e-smith/events/logrotate/logfiles2timestamp/$_";
+}
+
+#--------------------------------------------------
+# actions for logrotate event
+#--------------------------------------------------
+
+$event = "logrotate";
+
+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ipsec");
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion
--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion   1970-01-01 01:00:00.000000000 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion       2016-12-22 11:34:39.030000959 +0100
@@ -0,0 +1 @@
+yes
\ No newline at end of file
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort
--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort        2016-02-17 14:19:42.000000000 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort    1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-500
\ No newline at end of file
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts
--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts       1970-01-01 01:00:00.000000000 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts   2016-12-22 11:34:39.018000956 +0100
@@ -0,0 +1 @@
+500,4500
\ No newline at end of file
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup       2016-12-22 11:34:27.070000958 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup   2016-12-22 11:34:39.047000957 +0100
@@ -1,77 +1,79 @@
 #!/usr/bin/perl -w
 
 {
- use strict;
- use warnings;
- use esmith::ConfigDB;
+    use strict;
+    use warnings;
+    use esmith::ConfigDB;
 
- my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
+    my $configDB    = esmith::ConfigDB->open_ro or die("can't open Config DB");
+    my $dbKey       = 'ipsec';
+    my $systemMode  = $configDB->get("SystemMode")->value;
+    my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled';
 
- my $systemMode = $configDB->get("SystemMode")->value;
+    if ( $systemMode ne 'servergateway' ) {
+        $OUT .= "# System not in Server Gateway mode\n";
+    }
 
- if ( $systemMode ne 'servergateway' )
- {
-  $OUT .= "# System not in Server Gateway mode\n";
- }
+    elsif ( $ipsecStatus ne 'enabled' ) {
+        $OUT .= "# Ipsec not enabled\n";
+    }
 
- else
- {
+    else {
+        my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
+          or die("cant connect to ipsec database");
 
-  my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
-    or die("cant connect to ipsec database");
+        my $dbKey = 'ipsec';
 
-  my $dbKey = 'ipsec';
+        # Generic setup file
+        my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) || 'none';
 
-  # Generic setup file
-  my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) || 'none';
-  
-# A standard config is included in the RPM but we need to generate a new one so we can modify settings
+        # A standard config is included in the RPM but we need to generate a new one so we can modify settings
 
-  $OUT .= "config setup\n";
-  $OUT .= "    protostack=netkey\n";
-  $OUT .= "    plutodebug=$debugstatus\n";
-  $OUT .= "    #klipsdebug=none\n";
-  $OUT .= "    plutostderrlog=/var/log/pluto/pluto.log\n";
-  $OUT .= "    dumpdir=/var/run/pluto/\n";
-  $OUT .= "    nat_traversal=yes\n";
+        $OUT .= "config setup\n";
+        $OUT .= "    protostack=netkey\n";
+        $OUT .= "    plutodebug=$debugstatus\n";
+        $OUT .= "    #klipsdebug=none\n";
+        $OUT .= "    plutostderrlog=/var/log/pluto/pluto.log\n";
+        $OUT .= "    dumpdir=/var/run/pluto/\n";
+        $OUT .= "    nat_traversal=yes\n";
 
-  # This should get all the connections in an array
+        # This should get all the connections in an array
 
-  my @connections = $ipsecDB->keys;
+        my @connections = $ipsecDB->keys;
 
-  $OUT .= "    virtual_private=";
+        $OUT .= "    virtual_private=";
 
-  my $virtual_private = '';
+        my $virtual_private = '';
 
-  foreach my $ipsecprop (@connections) {
+        foreach my $ipsecprop (@connections) {
 
-       my $type =  $ipsecDB->get_prop("$ipsecprop",'type');
-       print "Connection: $ipsecprop Type: $type\n";
+            my $type = $ipsecDB->get_prop( "$ipsecprop", 'type' );
+            print "Connection: $ipsecprop Type: $type\n";
 
-   if ( $type eq "ipsec") {
-          print "Connection: $ipsecprop\n";
-     my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) || "disabled";
+            if ( $type eq "ipsec" ) {
+                print "Connection: $ipsecprop\n";
+                my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) || "disabled";
 
-     if ( $ipsecstatus eq "enabled" ) {
-       my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' );
-       $virtual_private .= "%v4:$subnet,";
-      }
+                if ( $ipsecstatus eq "enabled" ) {
+                    my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' );
+                    $virtual_private .= "%v4:$subnet,";
+                }
 
-     # End if
-     }
+                # End if
+            }
 
-  # End foreach
-  }
+            # End foreach
+        }
 
-    # Remove last character ','
-     chop($virtual_private);
-     $OUT .= "$virtual_private\n";
-     $OUT .= "\n";
-     $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
+        # Remove last character ','
+        chop($virtual_private);
+        $OUT .= "$virtual_private\n";
+        $OUT .= "\n";
+        $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
 
- # End else
- }
+        # End else
+    }
 
-# End
+    # End
 }
 
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection  2016-02-17 14:19:42.000000000 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection      2016-12-22 11:34:39.036000959 +0100
@@ -5,21 +5,23 @@
     use warnings;
     use esmith::ConfigDB;
 
-    my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
-
-    my $systemMode = $configDB->get("SystemMode")->value;
+    my $configDB    = esmith::ConfigDB->open_ro or die("can't open Config DB");
+    my $dbKey       = 'ipsec';
+    my $systemMode  = $configDB->get("SystemMode")->value;
+    my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled';
 
     if ( $systemMode ne 'servergateway' ) {
         $OUT .= "# System not in Server Gateway mode\n";
     }
 
-    else {
+    elsif ( $ipsecStatus ne 'enabled' ) {
+        $OUT .= "# Ipsec not enabled\n";
+    }
 
+    else {
         my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
           or die("cant connect to ipsec database");
 
-        my $dbKey = 'ipsec';
-
         # This should get all the connections in an array
 
         my @connections = $ipsecDB->keys;
@@ -108,10 +110,13 @@
                         $OUT .= "    auto=$auto\n";
                     }
 
-                    my $ipsecversion = $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' ) || '';
-                    if ( $ipsecversion eq 'v2' ) {
-                        $OUT .= "    ikev2=insist\n";
-                    }
+                    # We should change ipsecversion to ikev2status
+                    my $ipsecversion =
+                         $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' )
+                      || $configDB->get_prop( $dbKey, 'ipsecversion' )
+                      || 'permit';
+
+                    $OUT .= "    ikev2=$ipsecversion\n";
 
                     # Set the Phase one and Phase two default strengths - these are set to aes
                     my $ike =
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords        2016-12-22 11:34:27.073000958 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords    2016-12-22 11:34:39.036000959 +0100
@@ -5,20 +5,23 @@
     use warnings;
     use esmith::ConfigDB;
 
-    my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
-
-    my $systemMode = $configDB->get("SystemMode")->value;
+    my $configDB    = esmith::ConfigDB->open_ro or die("can't open Config DB");
+    my $dbKey       = 'ipsec';
+    my $systemMode  = $configDB->get("SystemMode")->value;
+    my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled';
 
     if ( $systemMode ne 'servergateway' ) {
         $OUT .= "# System not in Server Gateway mode\n";
     }
 
+    elsif ( $ipsecStatus ne 'enabled' ) {
+        $OUT .= "# Ipsec not enabled\n";
+    }
+
     else {
         my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
           or die("cant connect to ipsec database");
 
-        my $dbKey = 'ipsec';
-
         my $ExternalIP = $configDB->get_prop( "ExternalInterface", "IPAddress" );
 
         # This should get all the connections in an array
@@ -79,8 +82,8 @@
                             $OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\"";
                         }
                     }
-                    
-                    elsif (( $leftid ne '' ) && ( $rightid ne '' )) {
+
+                    elsif ( ( $leftid ne '' ) && ( $rightid ne '' ) ) {
                         $OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\"";
                     }
 
diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto
--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto        2016-12-22 11:34:27.065000961 +0100
+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto    1970-01-01 01:00:00.000000000 +0100
@@ -1,8 +0,0 @@
-/var/log/pluto/pluto.log \{
-    missingok
-    notifempty
-    compress
-    daily
-    rotate 10
-    create 0600 root root
-\}
1	diff -ruN smeserver-libreswan-0.5.old/createlinks smeserver-libreswan-0.5/createlinks
2	--- smeserver-libreswan-0.5.old/createlinks 2016-12-22 11:34:27.074000958 +0100
3	+++ smeserver-libreswan-0.5/createlinks 2016-12-22 11:34:39.047000957 +0100
4	@@ -38,3 +38,20 @@
5	service_link_enhanced("ipsec", "K21", "1");
6
7	safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq");
8	+
9	+# Set up generic logfile timestamp renaming/symlinking
10	+
11	+foreach (qw(
12	+ /var/log/pluto/pluto.log
13	+ ))
14	+{
15	+ safe_touch "root/etc/e-smith/events/logrotate/logfiles2timestamp/$_";
16	+}
17	+
18	+#--------------------------------------------------
19	+# actions for logrotate event
20	+#--------------------------------------------------
21	+
22	+$event = "logrotate";
23	+
24	+safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ipsec");
25	diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion
26	--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion 1970-01-01 01:00:00.000000000 +0100
27	+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion 2016-12-22 11:34:39.030000959 +0100
28	@@ -0,0 +1 @@
29	+yes
30	\ No newline at end of file
31	diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort
32	--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort 2016-02-17 14:19:42.000000000 +0100
33	+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort 1970-01-01 01:00:00.000000000 +0100
34	@@ -1 +0,0 @@
35	-500
36	\ No newline at end of file
37	diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts
38	--- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts 1970-01-01 01:00:00.000000000 +0100
39	+++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts 2016-12-22 11:34:39.018000956 +0100
40	@@ -0,0 +1 @@
41	+500,4500
42	\ No newline at end of file
43	diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup
44	--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2016-12-22 11:34:27.070000958 +0100
45	+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2016-12-22 11:34:39.047000957 +0100
46	@@ -1,77 +1,79 @@
47	#!/usr/bin/perl -w
48
49	{
50	- use strict;
51	- use warnings;
52	- use esmith::ConfigDB;
53	+ use strict;
54	+ use warnings;
55	+ use esmith::ConfigDB;
56
57	- my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
58	+ my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
59	+ my $dbKey = 'ipsec';
60	+ my $systemMode = $configDB->get("SystemMode")->value;
61	+ my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) \|\| 'disabled';
62
63	- my $systemMode = $configDB->get("SystemMode")->value;
64	+ if ( $systemMode ne 'servergateway' ) {
65	+ $OUT .= "# System not in Server Gateway mode\n";
66	+ }
67
68	- if ( $systemMode ne 'servergateway' )
69	- {
70	- $OUT .= "# System not in Server Gateway mode\n";
71	- }
72	+ elsif ( $ipsecStatus ne 'enabled' ) {
73	+ $OUT .= "# Ipsec not enabled\n";
74	+ }
75
76	- else
77	- {
78	+ else {
79	+ my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
80	+ or die("cant connect to ipsec database");
81
82	- my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
83	- or die("cant connect to ipsec database");
84	+ my $dbKey = 'ipsec';
85
86	- my $dbKey = 'ipsec';
87	+ # Generic setup file
88	+ my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) \|\| 'none';
89
90	- # Generic setup file
91	- my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) \|\| 'none';
92	-
93	-# A standard config is included in the RPM but we need to generate a new one so we can modify settings
94	+ # A standard config is included in the RPM but we need to generate a new one so we can modify settings
95
96	- $OUT .= "config setup\n";
97	- $OUT .= " protostack=netkey\n";
98	- $OUT .= " plutodebug=$debugstatus\n";
99	- $OUT .= " #klipsdebug=none\n";
100	- $OUT .= " plutostderrlog=/var/log/pluto/pluto.log\n";
101	- $OUT .= " dumpdir=/var/run/pluto/\n";
102	- $OUT .= " nat_traversal=yes\n";
103	+ $OUT .= "config setup\n";
104	+ $OUT .= " protostack=netkey\n";
105	+ $OUT .= " plutodebug=$debugstatus\n";
106	+ $OUT .= " #klipsdebug=none\n";
107	+ $OUT .= " plutostderrlog=/var/log/pluto/pluto.log\n";
108	+ $OUT .= " dumpdir=/var/run/pluto/\n";
109	+ $OUT .= " nat_traversal=yes\n";
110
111	- # This should get all the connections in an array
112	+ # This should get all the connections in an array
113
114	- my @connections = $ipsecDB->keys;
115	+ my @connections = $ipsecDB->keys;
116
117	- $OUT .= " virtual_private=";
118	+ $OUT .= " virtual_private=";
119
120	- my $virtual_private = '';
121	+ my $virtual_private = '';
122
123	- foreach my $ipsecprop (@connections) {
124	+ foreach my $ipsecprop (@connections) {
125
126	- my $type = $ipsecDB->get_prop("$ipsecprop",'type');
127	- print "Connection: $ipsecprop Type: $type\n";
128	+ my $type = $ipsecDB->get_prop( "$ipsecprop", 'type' );
129	+ print "Connection: $ipsecprop Type: $type\n";
130
131	- if ( $type eq "ipsec") {
132	- print "Connection: $ipsecprop\n";
133	- my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) \|\| "disabled";
134	+ if ( $type eq "ipsec" ) {
135	+ print "Connection: $ipsecprop\n";
136	+ my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) \|\| "disabled";
137
138	- if ( $ipsecstatus eq "enabled" ) {
139	- my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' );
140	- $virtual_private .= "%v4:$subnet,";
141	- }
142	+ if ( $ipsecstatus eq "enabled" ) {
143	+ my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' );
144	+ $virtual_private .= "%v4:$subnet,";
145	+ }
146
147	- # End if
148	- }
149	+ # End if
150	+ }
151
152	- # End foreach
153	- }
154	+ # End foreach
155	+ }
156
157	- # Remove last character ','
158	- chop($virtual_private);
159	- $OUT .= "$virtual_private\n";
160	- $OUT .= "\n";
161	- $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
162	+ # Remove last character ','
163	+ chop($virtual_private);
164	+ $OUT .= "$virtual_private\n";
165	+ $OUT .= "\n";
166	+ $OUT .= "include /etc/ipsec.d/ipsec.conf\n";
167
168	- # End else
169	- }
170	+ # End else
171	+ }
172
173	-# End
174	+ # End
175	}
176
177	diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection
178	--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2016-02-17 14:19:42.000000000 +0100
179	+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2016-12-22 11:34:39.036000959 +0100
180	@@ -5,21 +5,23 @@
181	use warnings;
182	use esmith::ConfigDB;
183
184	- my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
185	-
186	- my $systemMode = $configDB->get("SystemMode")->value;
187	+ my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
188	+ my $dbKey = 'ipsec';
189	+ my $systemMode = $configDB->get("SystemMode")->value;
190	+ my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) \|\| 'disabled';
191
192	if ( $systemMode ne 'servergateway' ) {
193	$OUT .= "# System not in Server Gateway mode\n";
194	}
195
196	- else {
197	+ elsif ( $ipsecStatus ne 'enabled' ) {
198	+ $OUT .= "# Ipsec not enabled\n";
199	+ }
200
201	+ else {
202	my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
203	or die("cant connect to ipsec database");
204
205	- my $dbKey = 'ipsec';
206	-
207	# This should get all the connections in an array
208
209	my @connections = $ipsecDB->keys;
210	@@ -108,10 +110,13 @@
211	$OUT .= " auto=$auto\n";
212	}
213
214	- my $ipsecversion = $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' ) \|\| '';
215	- if ( $ipsecversion eq 'v2' ) {
216	- $OUT .= " ikev2=insist\n";
217	- }
218	+ # We should change ipsecversion to ikev2status
219	+ my $ipsecversion =
220	+ $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' )
221	+ \|\| $configDB->get_prop( $dbKey, 'ipsecversion' )
222	+ \|\| 'permit';
223	+
224	+ $OUT .= " ikev2=$ipsecversion\n";
225
226	# Set the Phase one and Phase two default strengths - these are set to aes
227	my $ike =
228	diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords
229	--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords 2016-12-22 11:34:27.073000958 +0100
230	+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords 2016-12-22 11:34:39.036000959 +0100
231	@@ -5,20 +5,23 @@
232	use warnings;
233	use esmith::ConfigDB;
234
235	- my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
236	-
237	- my $systemMode = $configDB->get("SystemMode")->value;
238	+ my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB");
239	+ my $dbKey = 'ipsec';
240	+ my $systemMode = $configDB->get("SystemMode")->value;
241	+ my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) \|\| 'disabled';
242
243	if ( $systemMode ne 'servergateway' ) {
244	$OUT .= "# System not in Server Gateway mode\n";
245	}
246
247	+ elsif ( $ipsecStatus ne 'enabled' ) {
248	+ $OUT .= "# Ipsec not enabled\n";
249	+ }
250	+
251	else {
252	my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections')
253	or die("cant connect to ipsec database");
254
255	- my $dbKey = 'ipsec';
256	-
257	my $ExternalIP = $configDB->get_prop( "ExternalInterface", "IPAddress" );
258
259	# This should get all the connections in an array
260	@@ -79,8 +82,8 @@
261	$OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\"";
262	}
263	}
264	-
265	- elsif (( $leftid ne '' ) && ( $rightid ne '' )) {
266	+
267	+ elsif ( ( $leftid ne '' ) && ( $rightid ne '' ) ) {
268	$OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\"";
269	}
270
271	diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto
272	--- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto 2016-12-22 11:34:27.065000961 +0100
273	+++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto 1970-01-01 01:00:00.000000000 +0100
274	@@ -1,8 +0,0 @@
275	-/var/log/pluto/pluto.log \{
276	- missingok
277	- notifempty
278	- compress
279	- daily
280	- rotate 10
281	- create 0600 root root
282	-\}