diff -ruN smeserver-libreswan-0.5.old/createlinks smeserver-libreswan-0.5/createlinks --- smeserver-libreswan-0.5.old/createlinks 2016-12-22 11:34:27.074000958 +0100 +++ smeserver-libreswan-0.5/createlinks 2016-12-22 11:34:39.047000957 +0100 @@ -38,3 +38,20 @@ service_link_enhanced("ipsec", "K21", "1"); safe_symlink("adjust", "root/etc/e-smith/events/$event/services2adjust/masq"); + +# Set up generic logfile timestamp renaming/symlinking + +foreach (qw( + /var/log/pluto/pluto.log + )) +{ + safe_touch "root/etc/e-smith/events/logrotate/logfiles2timestamp/$_"; +} + +#-------------------------------------------------- +# actions for logrotate event +#-------------------------------------------------- + +$event = "logrotate"; + +safe_symlink("restart", "root/etc/e-smith/events/$event/services2adjust/ipsec"); diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion --- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion 1970-01-01 01:00:00.000000000 +0100 +++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/ipsecversion 2016-12-22 11:34:39.030000959 +0100 @@ -0,0 +1 @@ +yes \ No newline at end of file diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort --- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort 2016-02-17 14:19:42.000000000 +0100 +++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPort 1970-01-01 01:00:00.000000000 +0100 @@ -1 +0,0 @@ -500 \ No newline at end of file diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts --- smeserver-libreswan-0.5.old/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts 1970-01-01 01:00:00.000000000 +0100 +++ smeserver-libreswan-0.5/root/etc/e-smith/db/configuration/defaults/ipsec/UDPPorts 2016-12-22 11:34:39.018000956 +0100 @@ -0,0 +1 @@ +500,4500 \ No newline at end of file diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2016-12-22 11:34:27.070000958 +0100 +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.conf/10Setup 2016-12-22 11:34:39.047000957 +0100 @@ -1,77 +1,79 @@ #!/usr/bin/perl -w { - use strict; - use warnings; - use esmith::ConfigDB; + use strict; + use warnings; + use esmith::ConfigDB; - my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); + my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); + my $dbKey = 'ipsec'; + my $systemMode = $configDB->get("SystemMode")->value; + my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled'; - my $systemMode = $configDB->get("SystemMode")->value; + if ( $systemMode ne 'servergateway' ) { + $OUT .= "# System not in Server Gateway mode\n"; + } - if ( $systemMode ne 'servergateway' ) - { - $OUT .= "# System not in Server Gateway mode\n"; - } + elsif ( $ipsecStatus ne 'enabled' ) { + $OUT .= "# Ipsec not enabled\n"; + } - else - { + else { + my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections') + or die("cant connect to ipsec database"); - my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections') - or die("cant connect to ipsec database"); + my $dbKey = 'ipsec'; - my $dbKey = 'ipsec'; + # Generic setup file + my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) || 'none'; - # Generic setup file - my $debugstatus = $configDB->get_prop( $dbKey, 'debug' ) || 'none'; - -# A standard config is included in the RPM but we need to generate a new one so we can modify settings + # A standard config is included in the RPM but we need to generate a new one so we can modify settings - $OUT .= "config setup\n"; - $OUT .= " protostack=netkey\n"; - $OUT .= " plutodebug=$debugstatus\n"; - $OUT .= " #klipsdebug=none\n"; - $OUT .= " plutostderrlog=/var/log/pluto/pluto.log\n"; - $OUT .= " dumpdir=/var/run/pluto/\n"; - $OUT .= " nat_traversal=yes\n"; + $OUT .= "config setup\n"; + $OUT .= " protostack=netkey\n"; + $OUT .= " plutodebug=$debugstatus\n"; + $OUT .= " #klipsdebug=none\n"; + $OUT .= " plutostderrlog=/var/log/pluto/pluto.log\n"; + $OUT .= " dumpdir=/var/run/pluto/\n"; + $OUT .= " nat_traversal=yes\n"; - # This should get all the connections in an array + # This should get all the connections in an array - my @connections = $ipsecDB->keys; + my @connections = $ipsecDB->keys; - $OUT .= " virtual_private="; + $OUT .= " virtual_private="; - my $virtual_private = ''; + my $virtual_private = ''; - foreach my $ipsecprop (@connections) { + foreach my $ipsecprop (@connections) { - my $type = $ipsecDB->get_prop("$ipsecprop",'type'); - print "Connection: $ipsecprop Type: $type\n"; + my $type = $ipsecDB->get_prop( "$ipsecprop", 'type' ); + print "Connection: $ipsecprop Type: $type\n"; - if ( $type eq "ipsec") { - print "Connection: $ipsecprop\n"; - my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) || "disabled"; + if ( $type eq "ipsec" ) { + print "Connection: $ipsecprop\n"; + my $ipsecstatus = $ipsecDB->get_prop( "$ipsecprop", 'status' ) || "disabled"; - if ( $ipsecstatus eq "enabled" ) { - my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' ); - $virtual_private .= "%v4:$subnet,"; - } + if ( $ipsecstatus eq "enabled" ) { + my $subnet = $ipsecDB->get_prop( "$ipsecprop", 'rightsubnet' ); + $virtual_private .= "%v4:$subnet,"; + } - # End if - } + # End if + } - # End foreach - } + # End foreach + } - # Remove last character ',' - chop($virtual_private); - $OUT .= "$virtual_private\n"; - $OUT .= "\n"; - $OUT .= "include /etc/ipsec.d/ipsec.conf\n"; + # Remove last character ',' + chop($virtual_private); + $OUT .= "$virtual_private\n"; + $OUT .= "\n"; + $OUT .= "include /etc/ipsec.d/ipsec.conf\n"; - # End else - } + # End else + } -# End + # End } diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2016-02-17 14:19:42.000000000 +0100 +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.conf/10Connection 2016-12-22 11:34:39.036000959 +0100 @@ -5,21 +5,23 @@ use warnings; use esmith::ConfigDB; - my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); - - my $systemMode = $configDB->get("SystemMode")->value; + my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); + my $dbKey = 'ipsec'; + my $systemMode = $configDB->get("SystemMode")->value; + my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled'; if ( $systemMode ne 'servergateway' ) { $OUT .= "# System not in Server Gateway mode\n"; } - else { + elsif ( $ipsecStatus ne 'enabled' ) { + $OUT .= "# Ipsec not enabled\n"; + } + else { my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections') or die("cant connect to ipsec database"); - my $dbKey = 'ipsec'; - # This should get all the connections in an array my @connections = $ipsecDB->keys; @@ -108,10 +110,13 @@ $OUT .= " auto=$auto\n"; } - my $ipsecversion = $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' ) || ''; - if ( $ipsecversion eq 'v2' ) { - $OUT .= " ikev2=insist\n"; - } + # We should change ipsecversion to ikev2status + my $ipsecversion = + $ipsecDB->get_prop( $ipsecprop, 'ipsecversion' ) + || $configDB->get_prop( $dbKey, 'ipsecversion' ) + || 'permit'; + + $OUT .= " ikev2=$ipsecversion\n"; # Set the Phase one and Phase two default strengths - these are set to aes my $ike = diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords 2016-12-22 11:34:27.073000958 +0100 +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/ipsec.d/ipsec.secrets/10Passwords 2016-12-22 11:34:39.036000959 +0100 @@ -5,20 +5,23 @@ use warnings; use esmith::ConfigDB; - my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); - - my $systemMode = $configDB->get("SystemMode")->value; + my $configDB = esmith::ConfigDB->open_ro or die("can't open Config DB"); + my $dbKey = 'ipsec'; + my $systemMode = $configDB->get("SystemMode")->value; + my $ipsecStatus = $configDB->get_prop( $dbKey, 'status' ) || 'disabled'; if ( $systemMode ne 'servergateway' ) { $OUT .= "# System not in Server Gateway mode\n"; } + elsif ( $ipsecStatus ne 'enabled' ) { + $OUT .= "# Ipsec not enabled\n"; + } + else { my $ipsecDB = esmith::ConfigDB->open_ro('ipsec_connections') or die("cant connect to ipsec database"); - my $dbKey = 'ipsec'; - my $ExternalIP = $configDB->get_prop( "ExternalInterface", "IPAddress" ); # This should get all the connections in an array @@ -79,8 +82,8 @@ $OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\""; } } - - elsif (( $leftid ne '' ) && ( $rightid ne '' )) { + + elsif ( ( $leftid ne '' ) && ( $rightid ne '' ) ) { $OUT .= "\@$rightid \@$leftid \: PSK \"$passwd\""; } diff -ruN smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto --- smeserver-libreswan-0.5.old/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto 2016-12-22 11:34:27.065000961 +0100 +++ smeserver-libreswan-0.5/root/etc/e-smith/templates/etc/logrotate.d/pluto/00pluto 1970-01-01 01:00:00.000000000 +0100 @@ -1,8 +0,0 @@ -/var/log/pluto/pluto.log \{ - missingok - notifempty - compress - daily - rotate 10 - create 0600 root root -\}