webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-11 03:25:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
40407aee99546b4f25632bcaeb796d2a53cb1bcb
bpfire/lfs/strongswan
Michael Tremer 918ee4a4cf strongswan: Manually install all routes for non-routed VPNs 
This is a regression from disabling charon.install_routes.

VPNs are routing fine as long as traffic is passing through
the firewall. Traps are not propertly used as long as these
routes are not present and therefore we won't trigger any
tunnels when traffic originates from the firewall.

Fixes: #12045
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2019-04-08 16:44:57 +01:00

122 lines
4.4 KiB
Plaintext
Raw Blame History

###############################################################################
# #
# IPFire.org - A linux based firewall #
# Copyright (C) 2007-2018 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
# #
###############################################################################
###############################################################################
# Definitions
###############################################################################
include Config
VER = 5.7.2
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/strongswan-$(VER)
TARGET = $(DIR_INFO)/$(THISAPP)
###############################################################################
# Top-level Rules
###############################################################################
objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_MD5 = 618de96dc2a506f82a162a5abf9263d4
install : $(TARGET)
check : $(patsubst %,$(DIR_CHK)/%,$(objects))
download :$(patsubst %,$(DIR_DL)/%,$(objects))
md5 : $(subst %,%_MD5,$(objects))
###############################################################################
# Downloading, checking, md5sum
###############################################################################
$(patsubst %,$(DIR_CHK)/%,$(objects)) :
@$(CHECK)
$(patsubst %,$(DIR_DL)/%,$(objects)) :
@$(LOAD)
$(subst %,%_MD5,$(objects)) :
@$(MD5)
###############################################################################
# Installation Details
###############################################################################
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-disable-ipv6.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire-interfaces.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire-revert.patch
cd $(DIR_APP) && ./configure \
--prefix="/usr" \
--sysconfdir="/etc" \
--enable-curl \
--enable-dhcp \
--enable-farp \
--enable-openssl \
--enable-gcrypt \
--enable-ccm \
--enable-ctr \
--enable-gcm \
--enable-xauth-eap \
--enable-xauth-noauth \
--enable-eap-radius \
--enable-eap-tls \
--enable-eap-ttls \
--enable-eap-peap \
--enable-eap-mschapv2 \
--enable-eap-identity \
--enable-chapoly \
--disable-padlock \
--disable-rc2 \
$(CONFIGURE_OPTIONS)
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
# Remove all library files we don't want or need.
rm -vf /usr/lib/ipsec/plugins/*.{,l}a
rm -f /etc/ipsec.conf /etc/ipsec.secrets
ln -sf $(CONFIG_ROOT)/vpn/ipsec.conf /etc/ipsec.conf
ln -sf $(CONFIG_ROOT)/vpn/ipsec.secrets /etc/ipsec.secrets
rm -rf /etc/ipsec.d/{cacerts,certs,crls}
ln -sf $(CONFIG_ROOT)/ca /etc/ipsec.d/cacerts
ln -sf $(CONFIG_ROOT)/certs /etc/ipsec.d/certs
ln -sf $(CONFIG_ROOT)/crls /etc/ipsec.d/crls
install -v -m 644 $(DIR_SRC)/config/strongswan/charon.conf \
/etc/strongswan.d/charon.conf
@rm -rf $(DIR_APP)
@$(POSTBUILD)
Reference in New Issue View Git Blame Copy Permalink