Add ipsec.user.conf & secrets for user defined connections (e.g. XAUTH).

2026-04-09 18:45:54 +02:00 · 2010-06-26 19:44:02 +02:00
parent 3f97f51735
commit 63043a1b44
5 changed files with 14 additions and 0 deletions
--- a/config/etc/ipsec.user.conf
+++ b/config/etc/ipsec.user.conf
@@ -0,0 +1,2 @@
+# user connections that should not overwritten by the webif
+#
--- a/config/etc/ipsec.user.secrets
+++ b/config/etc/ipsec.user.secrets
@@ -0,0 +1,2 @@
+# user secrets that should not overwritten by the webif
+#
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -15,6 +15,8 @@ etc/hddtemp.db
 etc/host.conf
 etc/inittab
 etc/inputrc
+#etc/ipsec.user.conf
+#etc/ipsec.user.secrets
 etc/issue
 etc/ld.so.conf
 etc/logrotate.conf
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -1,4 +1,5 @@
 etc/ipsec.conf
+etc/ipsec.user.conf
 #etc/ipsec.d
 etc/ipsec.d/aacerts
 etc/ipsec.d/acerts
@@ -9,6 +10,7 @@ etc/ipsec.d/ocspcerts
 etc/ipsec.d/private
 etc/ipsec.d/reqs
 etc/ipsec.secrets
+etc/ipsec.user.secrets
 etc/strongswan.conf
 #usr/lib/libcharon.a
 #usr/lib/libcharon.la
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -289,6 +289,12 @@ sub writeipsecfiles {
    #print CONF "\tdisablearrivalcheck=no\n";
    print CONF "\n";

+    # Add user includes to config file
+    print CONF "include /etc/ipsec.user.conf\n";
+    print CONF "\n";
+
+    print SECRETS "include /etc/ipsec.user/secrets\n";
+
    if (-f "${General::swroot}/certs/hostkey.pem") {
        print SECRETS ": RSA ${General::swroot}/certs/hostkey.pem\n"
    }