Updated openwan to 2.6.16

2026-04-26 02:42:58 +02:00 · 2008-09-07 14:14:35 +02:00
parent 27159f53e0
commit 8b6d5b1d9f
8 changed files with 133 additions and 50 deletions
--- a/config/ipac-ng/ipac.conf
+++ b/config/ipac-ng/ipac.conf
@@ -1,5 +0,0 @@
-access agent = files
-account agent = iptables
-storage = gdbm
-rules file = /etc/ipac-ng/rules.conf
-drop zero lines = yes
--- a/config/ipac-ng/rules.conf
+++ b/config/ipac-ng/rules.conf
@@ -1,36 +0,0 @@
-# Example config file with accounting rules
-# Install as /etc/ipac-ng/rules.conf.iptables
-#
-# Format:
-# Name of rule|direction|interface|protocol|source|destination
-# WARNING!!!! spaces are not allowed before and after '|'.
-#
-# where
-# Name of rule		Any string to identify this rule
-# direction		ipac~fi  - forward in
-#			ipac~fo  - forward out
-#			ipac~i   - outgoing from machine with ipac-ng to other host(/net)
-#					(or incoming to otherhost)
-#			ipac~o   - incoming to machine with ipac-ng
-#					(or outgoing from otherhost)
-#
-# interface		interface name, '+' means all interfaces (dont try to use ip numbers here!)
-# protocol		tcp | udp | icmp | all
-# source		\
-# destination		both as described in ipfwadm(8), or empty
-#
-# incoming:
-
-# lets demonstrate this by following rules.
-# Example 1:
-# there are some hosts in out net 192.168.0.0/24
-# our ipac-ng host has two interfaces - eth0 connected to local net
-#				    and eth1 to internet
-Incoming GREEN|ipac~i|green0|all|||
-Outgoing GREEN|ipac~o|green0|all|||
-
-Incoming RED (PPP)|ipac~i|ppp0|all|||
-Outgoing RED (PPP)|ipac~o|ppp0|all|||
-
-Incoming RED (ISDN PPP)|ipac~i|ippp0|all|||
-Outgoing RED (ISDN PPP)|ipac~o|ippp0|all|||
--- a/doc/packages-list.txt
+++ b/doc/packages-list.txt
@@ -221,8 +221,8 @@
 * openmailadmin-1.0.0
 * openssh-4.7p1
 * openssl-0.9.8g
-* openswan-2.4.12
-* openswan-2.4.12-kmod
+* openswan-2.6.16
+* openswan-2.6.16-kmod
 * openvpn-2.0.9
 * pam_mysql-0.7RC1
 * patch-2.5.4
--- a/lfs/openswan
+++ b/lfs/openswan
@@ -24,7 +24,7 @@

 include Config

-VER        = 2.4.12
+VER        = 2.6.16

 THISAPP    = openswan-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -48,7 +48,7 @@ objects = $(DL_FILE)

 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = 0bca0cc205d2d83eff64a7cea825ce7a
+$(DL_FILE)_MD5 = ef0ea8f9082df70c993a035904d538c7

 install : $(TARGET)

@@ -86,9 +86,18 @@ else
 		-e 's%^INC_USRLOCAL.*$$%INC_USRLOCAL=/usr%' \
 		-e 's%^USERCOMPILE.*$$%USERCOMPILE=$(CFLAGS)%' \
 		-e 's%^KLIPSCOMPILE.*$$%KLIPSCOMPILE=$(CFLAGS)%' Makefile.inc
+
+	cd $(DIR_APP) && sed -i 's/-Werror//' lib/libdns/Makefile
+	cd $(DIR_APP) && sed -i 's/-Werror//' lib/libisc/Makefile
+	cd $(DIR_APP) && sed -i 's/-Werror//' lib/liblwres/Makefile
+	cd $(DIR_APP) && sed -i 's/-Werror//' programs/Makefile.program
+	
 	cd $(DIR_APP) && make programs
 	cd $(DIR_APP) && make install
 	
+	# don't know why make this doesnt made
+	cd $(DIR_APP) && cp -a programs/_confread/_confread.in /usr/lib/ipsec/_confread
+	
 	-rm -rfv /etc/rc*.d/*ipsec
 	cd $(DIR_SRC) && cp src/initscripts/init.d/ipsec /etc/rc.d/init.d/ipsec
 	rm -f /etc/ipsec.conf /etc/ipsec.secrets
@@ -100,10 +109,10 @@ else
 	ln -sf $(CONFIG_ROOT)/certs /etc/ipsec.d/certs
 	ln -sf $(CONFIG_ROOT)/crls  /etc/ipsec.d/crls
 	
-	cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.12-startklips-1.patch
-	cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-updown-1.patch
-	cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-updown_x509-1.patch
-	cd /etc/ipsec.d/policies && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-clear-1.patch
+	cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-startklips-1.patch
+	cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-updown.klips-1.patch
+	# cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-updown_x509-1.patch
+	cd /etc/ipsec.d/policies && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-clear-1.patch
 endif	
 	#@rm -rf $(DIR_APP)
 	@$(POSTBUILD)
--- a/make.sh
+++ b/make.sh
@@ -24,7 +24,7 @@

 NAME="IPFire"										# Software name
 SNAME="ipfire"									# Short name
-VERSION="2.3-beta3"
+VERSION="2.3-test"
 GIT_BRANCH=master:master										# Version number
 SLOGAN="www.ipfire.org"					# Software slogan
 CONFIG_ROOT=/var/ipfire					# Configuration rootdir
--- a/src/patches/openswan-2.6.16-clear-1.patch
+++ b/src/patches/openswan-2.6.16-clear-1.patch
@@ -0,0 +1,21 @@
+--- clear.org	2008-09-07 01:10:26.000000000 +0200
+++ clear	2008-09-07 01:12:23.000000000 +0200
+@@ -3,18 +3,3 @@
+ #
+ # See /usr/share/doc/openswan/policygroups.html for details.
+ #
+-
+-# root name servers should be in the clear
+-192.58.128.30/32
+-198.41.0.4/32
+-192.228.79.201/32
+-192.33.4.12/32
+-128.8.10.90/32
+-192.203.230.10/32
+-192.5.5.241/32
+-192.112.36.4/32
+-128.63.2.53/32
+-192.36.148.17/32
+-193.0.14.129/32
+-199.7.83.42/32
+-202.12.27.33/32
--- a/src/patches/openswan-2.6.16-startklips-1.patch
+++ b/src/patches/openswan-2.6.16-startklips-1.patch
@@ -0,0 +1,64 @@
+--- _startklips.old	2008-09-07 00:50:40.000000000 +0200
+++ _startklips	2008-09-07 00:50:42.000000000 +0200
+@@ -146,23 +146,35 @@
+ 
+ 	# figure out ifconfig for interface
+ 	addr=
+-	eval `ifconfig $phys |
+-		awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
+-			gsub(/:/, " ", $0)
+-			print "addr=" $3
+-			other = $5
+-			if ($4 == "Bcast")
+-				print "type=broadcast"
+-			else if ($4 == "P-t-P")
+-				print "type=pointopoint"
+-			else if (NF == 5) {
+-				print "type="
+-				other = ""
+-			} else
+-				print "type=unknown"
+-			print "otheraddr=" other
+-			print "mask=" $NF
+-		}'`
+	eval `ip addr show $phys | awk '$3 ~ /BROADCAST|POINTOPOINT/ { 
+				if ($3 ~ /BROADCAST/) 
+					print "type=broadcast"; 
+				else if ($3 ~ /POINTOPOINT/) 
+					print "type=pointopoint";
+				else {
+					print "type=";
+				}
+			}'`
+			
+	if [ "$type" == "broadcast" ]; then
+		eval `ip addr show $phys | awk '$1 == "inet"  { gsub(/\//, " "); 
+					print "addr=" $2;
+					print "mask=" $3;
+					print "otheraddr=" $5;
+					}'`
+	elif [ "$type" == "pointopoint" ]; then
+		eval `ip addr show $phys | awk '$1 == "inet"  { gsub(/\//, " "); 
+					print "addr=" $2;
+					print "mask=" $5;
+					print "otheraddr=" $4;
+					}'`
+	else
+		type="unknown"
+		otheraddr=
+	fi
+	
+	eval `whatmask /$mask | awk -F': ' '$1 ~ /^Netmask =/ { print "mask=" $2 }'`
+	
+ 	if test " $addr" = " "
+ 	then
+ 		echo "unable to determine address of \`$phys'"
+@@ -171,7 +183,7 @@
+ 	if test " $type" = " unknown"
+ 	then
+ 		echo "\`$phys' is of an unknown type"
+-		exit 1
+		exit 1 
+ 	fi
+ 	if test " $omtu" != " "
+ 	then
--- a/src/patches/openswan-2.6.16-updown.klips-1.patch
+++ b/src/patches/openswan-2.6.16-updown.klips-1.patch
@@ -0,0 +1,30 @@
+--- /usr/lib/ipsec/_updown.klips	2007-10-14 00:56:15.000000000 +0200
+++ /usr/lib/ipsec/_updown.klips	2007-10-27 00:00:26.000000000 +0200
+@@ -376,8 +376,8 @@
+ 		# opportunistic encryption work around
+ 		# need to provide route that eclipses default, without 
+ 		# replacing it.
+-		it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+-			ip route $1 128.0.0.0/1 $parms2 $parms3"
+		#it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+	#		ip route $1 128.0.0.0/1 $parms2 $parms3"
+ 		;;
+ 	*)	it="ip route $1 $parms $parms2 $parms3"
+ 		;;
+@@ -401,13 +401,13 @@
+ prepare-host:*|prepare-client:*)
+ 	# delete possibly-existing route (preliminary to adding a route)
+ 	case "$PLUTO_PEER_CLIENT" in
+-	"0.0.0.0/0")
+  "0.0.0.0/0")
+ 		# need to provide route that eclipses default, without 
+ 		# replacing it.
+ 		parms1="0.0.0.0/1"
+ 		parms2="128.0.0.0/1"
+-		it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
+-		oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
+	#	it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
+	#	oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
+ 		;;
+ 	*)
+ 		parms="$PLUTO_PEER_CLIENT $IPROUTEARGS"