From 96214c4f67aaba5cc0fb03a68510406ccd801695 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 4 Aug 2012 11:39:56 +0200
Subject: [PATCH 1/5] strongswan update: Add absolute path to ipsecctrl binary.

---
 config/rootfiles/core/strongswan/update.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/rootfiles/core/strongswan/update.sh b/config/rootfiles/core/strongswan/update.sh
index 7ef3f2fe7..c1d5975b5 100644
--- a/config/rootfiles/core/strongswan/update.sh
+++ b/config/rootfiles/core/strongswan/update.sh
@@ -34,7 +34,7 @@ done
 
 #
 #Stop services
-ipsecctrl D
+/usr/local/bin/ipsecctrl D
 
 #
 #Extract files
@@ -49,7 +49,7 @@ rm -f /usr/local/bin/vpn-watch
 
 # Call the CGI script to regenerate the configuration files.
 /srv/web/ipfire/cgi-bin/vpnmain.cgi
-ipsecctrl S
+/usr/local/bin/ipsecctrl S
 
 #
 #Update Language cache

From 35b5392a958b9f3439dab71a19485326c9d7343b Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 7 Aug 2012 17:04:37 +0200
Subject: [PATCH 2/5] vpnmain.cgi: Fix saving ENABLED status.

The web interface ignores what has been set to the ENABLED
checkbox.

http://lists.ipfire.org/pipermail/development/2012-August/000047.html
---
 html/cgi-bin/vpnmain.cgi | 1 +
 1 file changed, 1 insertion(+)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 831ef93bf..56d80c6e1 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -436,6 +436,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	goto SAVE_ERROR;
     }
 
+    $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
     $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
     $vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'};
     $vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'};

From ba890f65844a996100f0c2d32832fec53f194f42 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 8 Aug 2012 00:40:43 +0200
Subject: [PATCH 3/5] ipsecctrl: Don't shout when we have found an interface.

---
 src/misc-progs/ipsecctrl.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index 65a96e01c..633004e23 100644
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -270,22 +270,16 @@ int main(int argc, char *argv[]) {
         findkey(kv, "GREEN_DEV", if_green);
         if (VALID_DEVICE(if_green))
                 enable_green++;
-        else
-                fprintf(stderr, "IPSec enabled on green but green interface is invalid or not found\n");
 
 	// Check if ORANGE is enabled.
         findkey(kv, "ORANGE_DEV", if_orange);
         if (VALID_DEVICE(if_orange))
                 enable_orange++;
-        else
-                fprintf(stderr, "IPSec enabled on orange but orange interface is invalid or not found\n");
 
 	// Check if BLUE is enabled.
         findkey(kv, "BLUE_DEV", if_blue);
         if (VALID_DEVICE(if_blue))
                 enable_blue++;
-        else
-                fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
 
         freekeyvalues(kv);
 

From 01b5bc917008f92d20016c1e5280b2cb5d2b8d97 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 26 Sep 2012 23:05:21 +0200
Subject: [PATCH 4/5] vpnmain.cgi: Support more ciphers and integrity
 algorithms.

---
 html/cgi-bin/vpnmain.cgi | 40 ++++++++++++++++++++++++++++------------
 1 file changed, 28 insertions(+), 12 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 56d80c6e1..91c12492e 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1818,12 +1818,12 @@ END
 	$cgiparams{'REMOTE_ID'} = '';
 
 	#use default advanced value
-	$cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes128|3des';	#[18];
-	$cgiparams{'IKE_INTEGRITY'}  = 'sha|md5';	#[19];
-	$cgiparams{'IKE_GROUPTYPE'}  = '2048';		#[20];
+	$cgiparams{'IKE_ENCRYPTION'} = 'aes256|aes192|aes128|3des';	#[18];
+	$cgiparams{'IKE_INTEGRITY'}  = 'sha2_256|sha|md5';	#[19];
+	$cgiparams{'IKE_GROUPTYPE'}  = '8192|6144|4096|3072|2048|1536|1024';		#[20];
 	$cgiparams{'IKE_LIFETIME'}   = '1';		#[16];
-	$cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes128|3des';	#[21];
-	$cgiparams{'ESP_INTEGRITY'}  = 'sha1|md5';	#[22];
+	$cgiparams{'ESP_ENCRYPTION'} = 'aes256|aes192|aes128|3des';	#[21];
+	$cgiparams{'ESP_INTEGRITY'}  = 'sha2_256|sha1|md5';	#[22];
 	$cgiparams{'ESP_GROUPTYPE'}  = '';		#[23];
 	$cgiparams{'ESP_KEYLIFE'}    = '8';		#[17];
 	$cgiparams{'COMPRESSION'}    = 'on';		#[13];
@@ -2094,7 +2094,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    goto ADVANCED_ERROR;
 	}
 	foreach my $val (@temp) {
-	    if ($val !~ /^(sha2_512|sha2_256|sha|md5)$/) {
+	    if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha|md5|aesxcbc)$/) {
 		$errormessage = $Lang::tr{'invalid input'};
 		goto ADVANCED_ERROR;
 	    }
@@ -2124,7 +2124,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    goto ADVANCED_ERROR;
 	}
 	foreach my $val (@temp) {
-	    if ($val !~ /^(aes256|aes128|3des)$/) {
+	    if ($val !~ /^(aes256|aes192|aes128|3des)$/) {
 		$errormessage = $Lang::tr{'invalid input'};
 		goto ADVANCED_ERROR;
 	    }
@@ -2135,13 +2135,13 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    goto ADVANCED_ERROR;
 	}
 	foreach my $val (@temp) {
-	    if ($val !~ /^(sha2_512|sha2_256|sha1|md5)$/) {
+	    if ($val !~ /^(sha2_512|sha2_384|sha2_256|sha1|md5|aesxcbc)$/) {
 		$errormessage = $Lang::tr{'invalid input'};
 		goto ADVANCED_ERROR;
 	    }
 	}
 	if ($cgiparams{'ESP_GROUPTYPE'} ne '' &&
-	    $cgiparams{'ESP_GROUPTYPE'} !~  /^modp(1024|1536|2048|3072|4096)$/) {
+	    $cgiparams{'ESP_GROUPTYPE'} !~  /^modp(1024|1536|2048|3072|4096|6144|8192)$/) {
 	    $errormessage = $Lang::tr{'invalid input'};
 	    goto ADVANCED_ERROR;
 	}
@@ -2206,14 +2206,17 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 
     ADVANCED_ERROR:
     $checked{'IKE_ENCRYPTION'}{'aes256'} = '';
+    $checked{'IKE_ENCRYPTION'}{'aes192'} = '';
     $checked{'IKE_ENCRYPTION'}{'aes128'} = '';
     $checked{'IKE_ENCRYPTION'}{'3des'} = '';
     my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
     foreach my $key (@temp) {$checked{'IKE_ENCRYPTION'}{$key} = "selected='selected'"; }
     $checked{'IKE_INTEGRITY'}{'sha2_512'} = '';
+    $checked{'IKE_INTEGRITY'}{'sha2_384'} = '';
     $checked{'IKE_INTEGRITY'}{'sha2_256'} = '';
     $checked{'IKE_INTEGRITY'}{'sha'} = '';
     $checked{'IKE_INTEGRITY'}{'md5'} = '';
+    $checked{'IKE_INTEGRITY'}{'aesxcbc'} = '';
     @temp = split('\|', $cgiparams{'IKE_INTEGRITY'});
     foreach my $key (@temp) {$checked{'IKE_INTEGRITY'}{$key} = "selected='selected'"; }
     $checked{'IKE_GROUPTYPE'}{'768'} = '';
@@ -2230,16 +2233,18 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
     # 768 is not supported by strongswan
     $checked{'IKE_GROUPTYPE'}{'768'} = '';
 
-
     $checked{'ESP_ENCRYPTION'}{'aes256'} = '';
+    $checked{'ESP_ENCRYPTION'}{'aes192'} = '';
     $checked{'ESP_ENCRYPTION'}{'aes128'} = '';
     $checked{'ESP_ENCRYPTION'}{'3des'} = '';
     @temp = split('\|', $cgiparams{'ESP_ENCRYPTION'});
     foreach my $key (@temp) {$checked{'ESP_ENCRYPTION'}{$key} = "selected='selected'"; }
     $checked{'ESP_INTEGRITY'}{'sha2_512'} = '';
+    $checked{'ESP_INTEGRITY'}{'sha2_384'} = '';
     $checked{'ESP_INTEGRITY'}{'sha2_256'} = '';
     $checked{'ESP_INTEGRITY'}{'sha1'} = '';
     $checked{'ESP_INTEGRITY'}{'md5'} = '';
+    $checked{'ESP_INTEGRITY'}{'aesxcbc'} = '';
     @temp = split('\|', $cgiparams{'ESP_INTEGRITY'});
     foreach my $key (@temp) {$checked{'ESP_INTEGRITY'}{$key} = "selected='selected'"; }
     $checked{'ESP_GROUPTYPE'}{$cgiparams{'ESP_GROUPTYPE'}} = "selected='selected'";
@@ -2277,14 +2282,19 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	<tr><td class='boldbase' align='right' valign='top'>$Lang::tr{'ike encryption'}</td><td class='boldbase' valign='top'>
 		<select name='IKE_ENCRYPTION' multiple='multiple' size='4'>
 		<option value='aes256' $checked{'IKE_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
+		<option value='aes192' $checked{'IKE_ENCRYPTION'}{'aes192'}>AES (192 bit)</option>
 		<option value='aes128' $checked{'IKE_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
 		<option value='3des' $checked{'IKE_ENCRYPTION'}{'3des'}>3DES</option>
 		</select></td>
 
 	    <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike integrity'}</td><td class='boldbase' valign='top'>
 		<select name='IKE_INTEGRITY' multiple='multiple' size='4'>
-		<option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA</option>
+		<option value='sha2_512' $checked{'IKE_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
+		<option value='sha2_384' $checked{'IKE_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
+		<option value='sha2_256' $checked{'IKE_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
+		<option value='sha' $checked{'IKE_INTEGRITY'}{'sha'}>SHA1</option>
 		<option value='md5' $checked{'IKE_INTEGRITY'}{'md5'}>MD5</option>
+		<option value='aesxcbc' $checked{'IKE_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
 		</select></td>
 	
 	    <td class='boldbase' align='right' valign='top'>$Lang::tr{'ike grouptype'}</td><td class='boldbase' valign='top'>
@@ -2307,13 +2317,19 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
 	    <td class='boldbase' align='right' valign='top'>$Lang::tr{'esp encryption'}</td><td class='boldbase' valign='top'>
 		<select name='ESP_ENCRYPTION' multiple='multiple' size='4'>
 		<option value='aes256' $checked{'ESP_ENCRYPTION'}{'aes256'}>AES (256 bit)</option>
+		<option value='aes192' $checked{'ESP_ENCRYPTION'}{'aes192'}>AES (192 bit)</option>
 		<option value='aes128' $checked{'ESP_ENCRYPTION'}{'aes128'}>AES (128 bit)</option>
 		<option value='3des' $checked{'ESP_ENCRYPTION'}{'3des'}>3DES</option>
 
 	    <td class='boldbase' align='right' valign='top'>$Lang::tr{'esp integrity'}</td><td class='boldbase' valign='top'>
 		<select name='ESP_INTEGRITY' multiple='multiple' size='4'>
+		<option value='sha2_512' $checked{'ESP_INTEGRITY'}{'sha2_512'}>SHA2 512 bit</option>
+		<option value='sha2_384' $checked{'ESP_INTEGRITY'}{'sha2_384'}>SHA2 384 bit</option>
+		<option value='sha2_256' $checked{'ESP_INTEGRITY'}{'sha2_256'}>SHA2 256 bit</option>
 		<option value='sha1' $checked{'ESP_INTEGRITY'}{'sha1'}>SHA1</option>
-		<option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option></select></td>
+		<option value='md5' $checked{'ESP_INTEGRITY'}{'md5'}>MD5</option>
+		<option value='aesxcbc' $checked{'ESP_INTEGRITY'}{'aesxcbc'}>AES XCBC</option>
+		</select></td>
 
 	    <td class='boldbase' align='right' valign='top'>$Lang::tr{'esp grouptype'}</td><td class='boldbase' valign='top'>
 		<select name='ESP_GROUPTYPE'>

From b8e25fcdcd8ce84791799d332b43ea06dde46919 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 9 Oct 2012 00:29:38 +0200
Subject: [PATCH 5/5] strongswan: Update to 5.0.1.

---
 lfs/strongswan | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/strongswan b/lfs/strongswan
index 3d220862d..e6be0c235 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 5.0.0
+VER        = 5.0.1
 
 THISAPP    = strongswan-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -46,7 +46,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = c8b861305def7c0abae04f7bbefec212
+$(DL_FILE)_MD5 = 58fdeb49f133139a58f4d8adafc69a16
 
 install : $(TARGET)