[Astlinux-commits] SF.net SVN: astlinux:[5515] branches/1.0

[<abe...@us...>]

Revision: 5515
          http://astlinux.svn.sourceforge.net/astlinux/?rev=5515&view=rev
Author:   abelbeck
Date:     2012-04-16 18:11:21 +0000 (Mon, 16 Apr 2012)
Log Message:
-----------
ipsec mobile, add variables IPSECM_XAUTH_NETWORK and IPSECM_XAUTH_BANNER, MASQUERADE the XAUTH_POOL network to the external interface.

Modified Paths:
--------------
    branches/1.0/package/arnofw/arnofw.wrapper
    branches/1.0/package/ipsec-tools/racoon-ipsec
    branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf

Modified: branches/1.0/package/arnofw/arnofw.wrapper
===================================================================
--- branches/1.0/package/arnofw/arnofw.wrapper	2012-04-15 05:25:23 UTC (rev 5514)
+++ branches/1.0/package/arnofw/arnofw.wrapper	2012-04-16 18:11:21 UTC (rev 5515)
@@ -96,6 +96,18 @@
   fi
 }
 
+setIPSECnet()
+{
+  # args: IP, NM
+  if [ -n "$1" -a -n "$2" ]; then
+    local NETWORK PREFIX
+    eval `ipcalc -np $1 $2`
+
+    NAT_INTERNAL_NET="$NAT_INTERNAL_NET${NAT_INTERNAL_NET:+ }$NETWORK/$PREFIX"
+    NAT=1
+  fi
+}
+
 getLANinterface()
 {
   local lanif=""
@@ -199,6 +211,10 @@
   RP_FILTER=0
 fi
 
+if isVPNtype ipsecmobile && [ "$IPSECM_AUTH_METHOD" = "xauth_rsa_server" ]; then
+  setIPSECnet "$IPSECM_XAUTH_POOLBASE" "$IPSECM_XAUTH_POOLMASK"
+fi
+
 if isVPNtype openvpn; then
   if [ -n "$OVPN_SERVER" ]; then
     ovpnIP="`echo $OVPN_SERVER | awk '{ print $1; }'`"

Modified: branches/1.0/package/ipsec-tools/racoon-ipsec
===================================================================
--- branches/1.0/package/ipsec-tools/racoon-ipsec	2012-04-15 05:25:23 UTC (rev 5514)
+++ branches/1.0/package/ipsec-tools/racoon-ipsec	2012-04-16 18:11:21 UTC (rev 5515)
@@ -282,6 +282,12 @@
     done
     chmod 600 /tmp/etc/xauthuser.txt
 
+    if [ -n "$IPSECM_XAUTH_BANNER" ]; then
+      echo "$IPSECM_XAUTH_BANNER" > /tmp/etc/xauthmsg.txt
+    else
+      touch /tmp/etc/xauthmsg.txt
+    fi
+
     IFS=' '
     for name in IPSECM_XAUTH_POOLBASE IPSECM_XAUTH_POOLMASK IPSECM_XAUTH_POOLSIZE; do
       if [ -z "${!name}" ]; then
@@ -367,7 +373,7 @@
 
 mobile_xauth()
 {
-  local arg IFS
+  local arg net IFS
 
   echo "
 mode_cfg {
@@ -382,6 +388,13 @@
   for arg in $IPSECM_XAUTH_WINS; do
     echo "  wins4 $arg;"
   done
+  if [ -n "$IPSECM_XAUTH_NETWORK" ]; then
+    net=""
+    for arg in $IPSECM_XAUTH_NETWORK; do
+      net="$net${net:+,}$arg"
+    done
+    echo "  split_network include $net;"
+  fi
   if [ -n "$IPSECM_XAUTH_DOMAIN" -a -n "$IPSECM_XAUTH_DNS" ]; then
     echo "  default_domain \"$IPSECM_XAUTH_DOMAIN\";"
     echo "  split_dns \"$IPSECM_XAUTH_DOMAIN\";"
@@ -389,6 +402,7 @@
   if [ "$IPSECM_XAUTH_SAVE_PASSWD" = "yes" ]; then
     echo "  save_passwd on;"
   fi
+  echo "  banner \"/tmp/etc/xauthmsg.txt\";"
   echo "}"
 }
 
@@ -646,7 +660,8 @@
   if [ -f /tmp/etc/racoon_bad_config ]; then
     echo "$prog failed to start due to configuration errors." 1>&2
 
-    rm -f /tmp/etc/racoon.conf /tmp/etc/psk.txt /tmp/etc/tunnel.sh /tmp/etc/xauthuser.txt /tmp/etc/racoon_bad_config
+    rm -f /tmp/etc/racoon.conf /tmp/etc/psk.txt /tmp/etc/tunnel.sh /tmp/etc/racoon_bad_config
+    rm -f /tmp/etc/xauthuser.txt /tmp/etc/xauthmsg.txt
     rm -rf /tmp/etc/certificate
 
     exit 1
@@ -701,7 +716,8 @@
   setkey -F
   setkey -FP
 
-  rm -f /tmp/etc/psk.txt /tmp/etc/racoon.conf /tmp/etc/tunnel.sh /tmp/etc/xauthuser.txt
+  rm -f /tmp/etc/psk.txt /tmp/etc/racoon.conf /tmp/etc/tunnel.sh
+  rm -f /tmp/etc/xauthuser.txt /tmp/etc/xauthmsg.txt
   rm -rf /tmp/etc/certificate
 
   ## Hangs with linux 2.6.35

Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2012-04-15 05:25:23 UTC (rev 5514)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf	2012-04-16 18:11:21 UTC (rev 5515)
@@ -588,7 +588,9 @@
 #IPSECM_XAUTH_POOLSIZE="8"                # "4", "8", "16"
 #IPSECM_XAUTH_DNS=""             # space separated list of DNS server(s) pushed to client
 #IPSECM_XAUTH_WINS=""            # space separated list of local MS WINS servers, rarely needed
+#IPSECM_XAUTH_NETWORK=""         # space separated list of Server network(s) pushed to client
 #IPSECM_XAUTH_DOMAIN=""          # Default DNS domain pushed to client
+#IPSECM_XAUTH_BANNER=""          # Login message to client
 #IPSECM_XAUTH_SAVE_PASSWD="no"   # "no" or "yes", defaults to "no"
 ## Authentication - multi-line, space separated
 #IPSECM_XAUTH_USER_PASS="

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.