From 9b957043e047ac37b2944de7f4d2639be3531afbf958c728dd9f2b8ae913a675 Mon Sep 17 00:00:00 2001 From: Marguerite Su Date: Thu, 25 Feb 2016 14:38:11 +0000 Subject: [PATCH] Accepting request 361424 from home:MargueriteSu:branches:network:vpn OBS-URL: https://build.opensuse.org/request/show/361424 OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=5 --- README.SUSE | 8 -------- ocserv-0.10.10.tar.xz | 3 --- ocserv-0.10.11.tar.xz | 3 +++ ocserv.SuSEfirewall | 6 ++++++ ocserv.changes | 12 ++++++++++++ ocserv.spec | 16 +++++++++++----- ocserv.sysctl | 3 +++ 7 files changed, 35 insertions(+), 16 deletions(-) delete mode 100644 ocserv-0.10.10.tar.xz create mode 100644 ocserv-0.10.11.tar.xz create mode 100644 ocserv.SuSEfirewall create mode 100644 ocserv.sysctl diff --git a/README.SUSE b/README.SUSE index 47cc70f..d49c80d 100644 --- a/README.SUSE +++ b/README.SUSE @@ -45,8 +45,6 @@ If you can help me, please fork this package and submit back. #### Set iptables rules -sudo /sbin/iptables -A INPUT -p tcp --dport 9000 -j ACCEPT -sudo /sbin/iptables -A INPUT -p udp --dport 9001 -j ACCEPT sudo /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE sudo /sbin/iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT @@ -55,12 +53,6 @@ you can change them in /etc/ocserv/ocserv.conf Warning: Your eth0 may not exist, you can ifconfig -a to find yours. -#### Enable IP forward - -sudo echo 1 > /proc/sys/net/ipv4/ip_forward - -It doesn't live after reboot. - #### Test sudo /sbin/ocserv -f -d 1 diff --git a/ocserv-0.10.10.tar.xz b/ocserv-0.10.10.tar.xz deleted file mode 100644 index af16f21..0000000 --- a/ocserv-0.10.10.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:17111607a6c833ea151424a85351a7936c9526a793799c49eea12d19fb4bc725 -size 729580 diff --git a/ocserv-0.10.11.tar.xz b/ocserv-0.10.11.tar.xz new file mode 100644 index 0000000..3867abe --- /dev/null +++ b/ocserv-0.10.11.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ba607ecc377d62e66cecaca73154c97e2ef6609e932250aad2906af46c1f785c +size 730128 diff --git a/ocserv.SuSEfirewall b/ocserv.SuSEfirewall new file mode 100644 index 0000000..4212553 --- /dev/null +++ b/ocserv.SuSEfirewall @@ -0,0 +1,6 @@ +## Name: ocserv +## Description: opens ports for ocserv +# space separated list of allowed TCP ports +TCP="9000" +# space separated list of allowed UDP ports +UDP="9001" diff --git a/ocserv.changes b/ocserv.changes index d9a9db4..7142c82 100644 --- a/ocserv.changes +++ b/ocserv.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Feb 12 14:10:54 UTC 2016 - i@marguerite.su + +- update version 0.10.11 + * Corrected the reporting of keepalive to occtl. + * Handle clients which send the first request to /VPN + * Prevent a crash in per-user config dir is not available if + expose-iroutes is set to true. +- update license: GPL-2.0 +- open ports using ocserv.SuSEfirewall +- enable ip forwarding using ocserv.sysctl + ------------------------------------------------------------------- Thu Jan 7 16:08:58 UTC 2016 - i@marguerite.su diff --git a/ocserv.spec b/ocserv.spec index 2e103d2..9fd258d 100644 --- a/ocserv.spec +++ b/ocserv.spec @@ -16,9 +16,9 @@ # Name: ocserv -Version: 0.10.10 +Version: 0.10.11 Release: 0 -License: GPL-2.0+ +License: GPL-2.0 Summary: OpenConnect VPN Server Url: http://www.infradead.org/ocserv Group: Productivity/Networking/Security @@ -26,6 +26,8 @@ Source: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz Source1: ca.tmpl Source2: server.tmpl Source3: user.tmpl +Source4: ocserv.SuSEfirewall +Source5: ocserv.sysctl Source99: README.SUSE #PATCH-FIX-UPSTREAM marguerite@opensuse.org $LIBSYSTEMD_DAEMON env is not set on openSUSE Patch1: %{name}-enable-systemd.patch @@ -85,11 +87,14 @@ autoreconf -fiv --disable-rpath \ --enable-local-libopts \ --enable-libopts-install -make %{?_smp_mflags} +make V=1 %{?_smp_mflags} %install make install DESTDIR=%{buildroot} %{?_smp_mflags} +install -Dm 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ocserv +install -Dm 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysctl.d/60-ocserv.conf + install -d %{buildroot}%{_sysconfdir}/ocserv/certificates install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/ocserv/certificates install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/ocserv/certificates @@ -108,20 +113,20 @@ install -m 0644 doc/systemd/socket-activated/ocserv.service %{buildroot}%{_unitd %service_add_pre ocserv.service ocserv.socket %post -/sbin/ldconfig %service_add_post ocserv.service ocserv.socket %preun %service_del_preun ocserv.service ocserv.socket %postun -/sbin/ldconfig %service_del_postun ocserv.service ocserv.socket %files %defattr(-,root,root) %doc AUTHORS ChangeLog LICENSE NEWS README.md COPYING TODO %config %{_sysconfdir}/ocserv +%config(noreplace) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ocserv +%config(noreplace) %{_sysconfdir}/sysctl.d/60-ocserv.conf %{_bindir}/occtl %{_bindir}/ocpasswd %{_bindir}/ocserv-script @@ -133,3 +138,4 @@ install -m 0644 doc/systemd/socket-activated/ocserv.service %{buildroot}%{_unitd %{_mandir}/man8/ocpasswd.8.gz %{_mandir}/man8/ocserv.8.gz +%changelog diff --git a/ocserv.sysctl b/ocserv.sysctl new file mode 100644 index 0000000..5c37e8c --- /dev/null +++ b/ocserv.sysctl @@ -0,0 +1,3 @@ +net.ipv4.ip_forward=1 +net.ipv6.conf.default.forwarding=1 +net.ipv6.conf.all.forwarding=1