Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[5551] branches/1.0
|
From: <abe...@us...> - 2012-05-29 17:18:18
|
Revision: 5551
http://astlinux.svn.sourceforge.net/astlinux/?rev=5551&view=rev
Author: abelbeck
Date: 2012-05-29 17:18:11 +0000 (Tue, 29 May 2012)
Log Message:
-----------
ipsec xauth, new rc.conf variable IPSECM_XAUTH_LOCAL_GW which defines a client local gateway for IPsec XAuth clients, defaults to INTIP. Remote IPsec XAuth clients then use INTIP (or IPSECM_XAUTH_LOCAL_GW) as the Asterisk server, any local server for that matter.
Modified Paths:
--------------
branches/1.0/package/ipsec-tools/ipsec-tools.mk
branches/1.0/package/ipsec-tools/racoon-ipsec
branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
Added Paths:
-----------
branches/1.0/package/ipsec-tools/ipsec-xauth-up-down.sh
Modified: branches/1.0/package/ipsec-tools/ipsec-tools.mk
===================================================================
--- branches/1.0/package/ipsec-tools/ipsec-tools.mk 2012-05-23 00:06:35 UTC (rev 5550)
+++ branches/1.0/package/ipsec-tools/ipsec-tools.mk 2012-05-29 17:18:11 UTC (rev 5551)
@@ -72,6 +72,7 @@
define IPSEC_TOOLS_INSTALL_SCRIPT
$(INSTALL) -D -m 755 package/ipsec-tools/racoon.init $(TARGET_DIR)/etc/init.d/racoon
$(INSTALL) -D -m 755 package/ipsec-tools/racoon-ipsec $(TARGET_DIR)/usr/sbin/racoon-ipsec
+ $(INSTALL) -D -m 755 package/ipsec-tools/ipsec-xauth-up-down.sh $(TARGET_DIR)/usr/sbin/ipsec-xauth-up-down
ln -sf /tmp/etc/racoon.conf $(TARGET_DIR)/etc/racoon.conf
ln -sf /tmp/etc/psk.txt $(TARGET_DIR)/etc/psk.txt
endef
Added: branches/1.0/package/ipsec-tools/ipsec-xauth-up-down.sh
===================================================================
--- branches/1.0/package/ipsec-tools/ipsec-xauth-up-down.sh (rev 0)
+++ branches/1.0/package/ipsec-tools/ipsec-xauth-up-down.sh 2012-05-29 17:18:11 UTC (rev 5551)
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+# IPsec XAuth Phase1 Up / Down script
+
+PATH="/usr/bin:/bin:/usr/sbin:/sbin"
+
+#
+# script "/usr/sbin/ipsec-xauth-up-down" phase1_up;
+# script "/usr/sbin/ipsec-xauth-up-down" phase1_down;
+#
+
+. /etc/rc.conf
+
+findintf()
+{
+ ip -o addr show to "$1" \
+ | awk '{ print $2; }'
+}
+
+case $1 in
+
+ phase1_up)
+
+ if [ -n "$IPSECM_XAUTH_LOCAL_GW" ]; then
+ gw="$IPSECM_XAUTH_LOCAL_GW"
+ else
+ gw="$INTIP"
+ fi
+ if [ -n "$gw" ]; then
+ intf="$(findintf $gw)"
+ if [ -n "$INTERNAL_ADDR4" -a -n "$intf" ]; then
+ ip route add $INTERNAL_ADDR4 via $gw dev $intf
+ fi
+ fi
+ ;;
+
+ phase1_down)
+
+ if [ -n "$INTERNAL_ADDR4" ]; then
+ ip route delete $INTERNAL_ADDR4
+ fi
+ ;;
+
+esac
+
+exit 0
+
Property changes on: branches/1.0/package/ipsec-tools/ipsec-xauth-up-down.sh
___________________________________________________________________
Added: svn:executable
+ *
Modified: branches/1.0/package/ipsec-tools/racoon-ipsec
===================================================================
--- branches/1.0/package/ipsec-tools/racoon-ipsec 2012-05-23 00:06:35 UTC (rev 5550)
+++ branches/1.0/package/ipsec-tools/racoon-ipsec 2012-05-29 17:18:11 UTC (rev 5551)
@@ -359,8 +359,15 @@
generate_policy on;
proposal_check obey;
dpd_delay 30;${5:+
- lifetime time $5 sec;}
+ lifetime time $5 sec;}"
+if [ "$6" = "xauth_rsa_server" ]; then
+ echo "
+ script \"/usr/sbin/ipsec-xauth-up-down\" phase1_up;
+ script \"/usr/sbin/ipsec-xauth-up-down\" phase1_down;"
+fi
+
+ echo "
proposal {
encryption_algorithm $2;
hash_algorithm $3;
Modified: branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf
===================================================================
--- branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-05-23 00:06:35 UTC (rev 5550)
+++ branches/1.0/project/astlinux/target_skeleton/stat/etc/rc.conf 2012-05-29 17:18:11 UTC (rev 5551)
@@ -599,6 +599,7 @@
#IPSECM_XAUTH_DOMAIN="" # Default DNS domain pushed to client
#IPSECM_XAUTH_BANNER="" # Login message to client
#IPSECM_XAUTH_SAVE_PASSWD="no" # "no" or "yes", defaults to "no"
+#IPSECM_XAUTH_LOCAL_GW="" # Optional IP address for client local gateway, defaults to $INTIP
## Authentication - multi-line, space separated
#IPSECM_XAUTH_USER_PASS="
#username1 password1
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
