Menu
▾
▴
[Astlinux-commits] SF.net SVN: astlinux:[7956] branches/1.0/package
|
From: <abe...@us...> - 2016-11-14 16:52:34
|
Revision: 7956
http://sourceforge.net/p/astlinux/code/7956
Author: abelbeck
Date: 2016-11-14 16:52:32 +0000 (Mon, 14 Nov 2016)
Log Message:
-----------
strongswan, add AIF support for 'ipsec' VPN type, keep both racoon and strongswan from running at the same time
Modified Paths:
--------------
branches/1.0/package/arnofw/arnofw.serial
branches/1.0/package/arnofw/arnofw.wrapper
branches/1.0/package/arnofw/ipsec-vpn-astlinux.conf
branches/1.0/package/ipsec-tools/racoon.init
branches/1.0/package/strongswan/ipsec.init
Modified: branches/1.0/package/arnofw/arnofw.serial
===================================================================
--- branches/1.0/package/arnofw/arnofw.serial 2016-11-13 21:41:18 UTC (rev 7955)
+++ branches/1.0/package/arnofw/arnofw.serial 2016-11-14 16:52:32 UTC (rev 7956)
@@ -1 +1 @@
-0002~0028~0000~0000~0000~
+0002~0029~0000~0000~0000~
Modified: branches/1.0/package/arnofw/arnofw.wrapper
===================================================================
--- branches/1.0/package/arnofw/arnofw.wrapper 2016-11-13 21:41:18 UTC (rev 7955)
+++ branches/1.0/package/arnofw/arnofw.wrapper 2016-11-14 16:52:32 UTC (rev 7956)
@@ -233,7 +233,7 @@
EXTERNAL_DHCP_SERVER=1
fi
- if isVPNtype racoon || isVPNtype ipsecmobile; then
+ if isVPNtype racoon || isVPNtype ipsecmobile || isVPNtype ipsec; then
RP_FILTER=0
fi
Modified: branches/1.0/package/arnofw/ipsec-vpn-astlinux.conf
===================================================================
--- branches/1.0/package/arnofw/ipsec-vpn-astlinux.conf 2016-11-13 21:41:18 UTC (rev 7955)
+++ branches/1.0/package/arnofw/ipsec-vpn-astlinux.conf 2016-11-14 16:52:32 UTC (rev 7956)
@@ -20,12 +20,14 @@
IPSEC_NAT_TRAVERSAL=0
vpntype_racoon=0
vpntype_ipsecmobile=0
+ vpntype_ipsec=0
unset IFS
for vpntype in $VPN; do
case $vpntype in
racoon) vpntype_racoon=1 ;;
ipsecmobile) vpntype_ipsecmobile=1 ;;
+ ipsec) vpntype_ipsec=1 ;;
esac
done
@@ -63,5 +65,12 @@
fi
fi
+ if [ $vpntype_ipsec -eq 1 ]; then
+ ENABLED=1
+ IPSEC_ALLOWED_HOSTS="0/0"
+ IPSEC_VPN_NETS=""
+ IPSEC_NAT_TRAVERSAL=1
+ fi
+
unset IFS
Modified: branches/1.0/package/ipsec-tools/racoon.init
===================================================================
--- branches/1.0/package/ipsec-tools/racoon.init 2016-11-13 21:41:18 UTC (rev 7955)
+++ branches/1.0/package/ipsec-tools/racoon.init 2016-11-14 16:52:32 UTC (rev 7956)
@@ -11,25 +11,23 @@
start()
{
+ if SYS_is_vpn_type racoon || SYS_is_vpn_type ipsecmobile; then
- if SYS_is_vpn_type racoon || \
- SYS_is_vpn_type ipsecmobile; then
+ ## Stop strongSwan IPsec if it is running
+ if [ -f /etc/init.d/ipsec -a -f /var/run/charon.pid ]; then
+ service ipsec stop
+ fi
/usr/sbin/racoon-ipsec start
-
fi
-
}
stop()
{
-
if [ -f /tmp/etc/racoon.conf ]; then
/usr/sbin/racoon-ipsec stop
-
fi
-
}
case $1 in
Modified: branches/1.0/package/strongswan/ipsec.init
===================================================================
--- branches/1.0/package/strongswan/ipsec.init 2016-11-13 21:41:18 UTC (rev 7955)
+++ branches/1.0/package/strongswan/ipsec.init 2016-11-14 16:52:32 UTC (rev 7956)
@@ -6,8 +6,8 @@
PIDFILE="/var/run/charon.pid"
-init () {
-
+init ()
+{
if ! SYS_is_vpn_type ipsec; then
exit
fi
@@ -33,7 +33,16 @@
start ()
{
if SYS_is_vpn_type ipsec; then
+ if SYS_is_vpn_type racoon || SYS_is_vpn_type ipsecmobile; then
+ echo "Failed starting strongSwan IPsec, racoon IPsec is also enabled." >&2
+ exit 1
+ fi
+ ## Stop racoon IPsec if it is running
+ if [ -f /etc/init.d/racoon -a -f /var/run/racoon.pid ]; then
+ service racoon stop
+ fi
+
/usr/sbin/ipsec start >/dev/null
fi
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
