commit 6e9e4ef0221fb6a3709bcfd315f41c4be8c2e5e6f0554f66af20bebf54a2cc14 Author: OBS User unknown Date: Thu Dec 13 03:49:24 2007 +0000 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=1 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/ready b/ready new file mode 100644 index 0000000..473a0f4 diff --git a/strongswan-4.1.9.tar.bz2 b/strongswan-4.1.9.tar.bz2 new file mode 100644 index 0000000..bed7c93 --- /dev/null +++ b/strongswan-4.1.9.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:37ea5119dc54cb150d444302f82f84854a15d35e45a817e3a29be86b7d750587 +size 2176339 diff --git a/strongswan-4.1.9.tar.bz2.sig b/strongswan-4.1.9.tar.bz2.sig new file mode 100644 index 0000000..a09f8e6 --- /dev/null +++ b/strongswan-4.1.9.tar.bz2.sig @@ -0,0 +1,9 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (GNU/Linux) + +iQCVAwUAR1Wm+dYbDnNAmVNZAQIvkAQAolk4x+wmuJEIBHQ+24S2v2fOJoZKud6L +Fl8cqH2GPe4yYZkuaJ+djgK+GslBfY8qyqXKC49SUkwWtA/yMKkItwDNv2RwhXdQ +jzjAI1Ad8nCck3XFkIYg9gxL/p2caooRqu6PUr0qfTpVl1lKMW0tHVssavUnCWJv +NcjWTSUihl0= +=GC6L +-----END PGP SIGNATURE----- diff --git a/strongswan.changes b/strongswan.changes new file mode 100644 index 0000000..90cabe5 --- /dev/null +++ b/strongswan.changes @@ -0,0 +1,23 @@ +------------------------------------------------------------------- +Sat Dec 8 13:03:42 CET 2007 - mt@suse.de + +- Updated to 4.1.9 final, including all our patches. +- Changed init script to use ipsec cmd using LSB codes now. +- Added strongswan_path.dif setting a PATH in scripts (updown). +- Added strongswan_ipsec_script_msg.dif for consistent look of + ipsec script messages. +- Added strongswan_modprobe_syslog.dif redirecting modprobe + output to syslog. + +------------------------------------------------------------------- +Mon Nov 26 10:19:40 CET 2007 - mt@suse.de + +- Renamed charon plugins to avoid rpm conflicts with existing + libraries (libstroke). Patch: strongswan-libconflicts.dif +- Added init script. Template file: strongswan.init.in + +------------------------------------------------------------------- +Thu Nov 22 10:25:56 CET 2007 - mt@suse.de + +- Initial, unfinished package + diff --git a/strongswan.init.in b/strongswan.init.in new file mode 100644 index 0000000..94c535f --- /dev/null +++ b/strongswan.init.in @@ -0,0 +1,278 @@ +#!/bin/bash +# +# SUSE/LSB system startup script for strongswan ipsec +# +# Copyright (C) 2007 Marius Tomaschewski, SUSE / Novell Inc. +# based on /etc/init.d/skeleton.compat by Kurt Garloff. +# +# This library is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or (at +# your option) any later version. +# +# This library is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, +# USA. +# +# /etc/init.d/ipsec +# and its symbolic link +# /usr/sbin/rcipsec +# +# LSB compatible service control script; see http://www.linuxbase.org/spec/ +# Please send feedback to http://www.suse.de/feedback/ +# +# Note: This script uses functions rc_XXX defined in /etc/rc.status on +# UnitedLinux/SUSE/Novell based Linux distributions. However, it shoule +# work on other distributions as well, by using the LSB (Linux Standard +# Base) or RH functions or by open coding the needed functions. +# +# chkconfig: 345 99 00 +# description: StrongSwan IPsec +# +### BEGIN INIT INFO +# Provides: ipsec +# Required-Start: $syslog $remote_fs $named +# Should-Start: $time +# Required-Stop: $syslog $remote_fs $named +# Should-Stop: $time +# Default-Start: 3 4 5 +# Default-Stop: 0 1 2 6 +# Short-Description: StrongSwan IPsec +# Description: StrongSwan IPsec provides encrypted and authenticated +# communication via a unsafe network, such as the internet. +# This scripts loads the kernel modules and starts the user-space setup. +### END INIT INFO + + +# Check for missing binaries (stale symlinks should not happen) +# Note: Special treatment of stop for LSB conformance +IPSEC_CMD="/usr/sbin/ipsec" +test -x $IPSEC_CMD || { + echo "$IPSEC_CMD not installed"; + if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; +} +IPSEC_STARTER="@libexecdir@/ipsec/starter" +test -x $IPSEC_STARTER || { + echo "$IPSEC_STARTER not installed"; + if [ "$1" = "stop" ]; then exit 0; else exit 5; fi; +} + +# The pid file of the ipsec starter +IPSEC_PIDFILE="/var/run/starter.pid" + +# Check for existence of needed config files +IPSEC_CONFIG="/etc/ipsec.conf" +test -r $IPSEC_CONFIG || { + echo "$IPSEC_CONFIG not existing"; + if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; +} +IPSEC_SECRET="/etc/ipsec.secrets" +test -r $IPSEC_SECRET || { + echo "$IPSEC_SECRET not existing"; + if [ "$1" = "stop" ]; then exit 0; else exit 6; fi; +} + +# Source LSB init functions +# providing start_daemon, killproc, pidofproc, +# log_success_msg, log_failure_msg and log_warning_msg. +# This is currently not used by UnitedLinux based distributions and +# not needed for init scripts for UnitedLinux only. If it is used, +# the functions from rc.status should not be sourced or used. +#. /lib/lsb/init-functions + +# Shell functions sourced from /etc/rc.status: +# rc_check check and set local and overall rc status +# rc_status check and set local and overall rc status +# rc_status -v be verbose in local rc status and clear it afterwards +# rc_status -v -r ditto and clear both the local and overall rc status +# rc_status -s display "skipped" and exit with status 3 +# rc_status -u display "unused" and exit with status 3 +# rc_failed set local and overall rc status to failed +# rc_failed set local and overall rc status to +# rc_reset clear both the local and overall rc status +# rc_exit exit appropriate to overall rc status +# rc_active checks whether a service is activated by symlinks + +# Use the SUSE rc_ init script functions; +# emulate them on LSB, RH and other systems + +# Default: Assume sysvinit binaries exist +start_daemon() { /sbin/start_daemon ${1+"$@"}; } +killproc() { /sbin/killproc ${1+"$@"}; } +pidofproc() { /sbin/pidofproc ${1+"$@"}; } +checkproc() { /sbin/checkproc ${1+"$@"}; } +if test -e /etc/rc.status; then + # SUSE rc script library + . /etc/rc.status +else + export LC_ALL=POSIX + _cmd=$1 + declare -a _SMSG + if test "${_cmd}" = "status"; then + _SMSG=(running dead dead unused unknown reserved) + _RC_UNUSED=3 + else + _SMSG=(done failed failed missed failed skipped unused failed failed reserved) + _RC_UNUSED=6 + fi + if test -e /lib/lsb/init-functions; then + # LSB + . /lib/lsb/init-functions + echo_rc() + { + if test ${_RC_RV} = 0; then + log_success_msg " [${_SMSG[${_RC_RV}]}] " + else + log_failure_msg " [${_SMSG[${_RC_RV}]}] " + fi + } + # TODO: Add checking for lockfiles + checkproc() { pidofproc ${1+"$@"} >/dev/null 2>&1; } + elif test -e /etc/init.d/functions; then + # RHAT + . /etc/init.d/functions + echo_rc() + { + #echo -n " [${_SMSG[${_RC_RV}]}] " + if test ${_RC_RV} = 0; then + success " [${_SMSG[${_RC_RV}]}] " + else + failure " [${_SMSG[${_RC_RV}]}] " + fi + } + checkproc() { status ${1+"$@"}; } + start_daemon() { daemon ${1+"$@"}; } + else + # emulate it + echo_rc() { echo " [${_SMSG[${_RC_RV}]}] "; } + fi + rc_reset() { _RC_RV=0; } + rc_failed() + { + if test -z "$1"; then + _RC_RV=1; + elif test "$1" != "0"; then + _RC_RV=$1; + fi + return ${_RC_RV} + } + rc_check() + { + rc_failed $? + } + rc_status() + { + rc_failed $? + if test "$1" = "-r"; then _RC_RV=0; shift; fi + if test "$1" = "-s"; then rc_failed 5; echo_rc; rc_failed 3; shift; fi + if test "$1" = "-u"; then rc_failed ${_RC_UNUSED}; echo_rc; rc_failed 3; shift; fi + if test "$1" = "-v"; then echo_rc; shift; fi + if test "$1" = "-r"; then _RC_RV=0; shift; fi + return ${_RC_RV} + } + rc_exit() { exit ${_RC_RV}; } + rc_active() + { + local x + for x in /etc/rc.d/rc[0-9].d/S[0-9][0-9]${1} ; do + test -e $x && return 0 || break + done + return 1 + } +fi + +# Reset status of this service +rc_reset + +# Return values acc. to LSB for all commands but status: +# 0 - success +# 1 - generic or unspecified error +# 2 - invalid or excess argument(s) +# 3 - unimplemented feature (e.g. "reload") +# 4 - user had insufficient privileges +# 5 - program is not installed +# 6 - program is not configured +# 7 - program is not running +# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl) +# +# Note that starting an already running service, stopping +# or restarting a not-running service as well as the restart +# with force-reload (in case signaling is not supported) are +# considered a success. + +case "$1" in + start) + $IPSEC_CMD start 2>&1 | sed -e "s/ -- .*//g" + rc_status -v1 + ;; + stop) + $IPSEC_CMD stop 2>&1 + rc_status -v1 + ;; + try-restart|condrestart) + ## Do a restart only if the service was active before. + ## Note: try-restart is now part of LSB (as of 1.9). + ## RH has a similar command named condrestart. + if test "$1" = "condrestart"; then + echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}" + fi + $0 status + if test $? = 0; then + $0 restart + else + rc_reset # Not running is not a failure. + fi + # Remember status and be quiet + rc_status + ;; + restart) + ## Stop the service and regardless of whether it was + ## running or not, start it again. + $0 stop + sleep 2 + $0 start + + # Remember status and be quiet + rc_status + ;; + reload|force-reload) + $IPSEC_CMD reload + rc_status -v1 + ;; + status) + # Return value is slightly different for the status command: + # 0 - service up and running + # 1 - service dead, but /var/run/ pid file exists + # 2 - service dead, but /var/lock/ lock file exists + # 3 - service not running (unused) + # 4 - service status unknown :-( + # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.) + + echo -n "Checking for service strongSwan IPsec " + #checkproc $IPSEC_STARTER + $IPSEC_CMD status 2>&1 >/dev/null + + # NOTE: rc_status knows that we called this init script with + # "status" option and adapts its messages accordingly. + rc_status -v + ;; + probe) + ## Optional: Probe for the necessity of a reload, print out the + ## argument to this init script which is required for a reload. + ## Note: probe is not (yet) part of LSB (as of 1.9) + + test $IPSEC_CONFIG -nt $IPSEC_PIDFILE || \ + test $IPSEC_SECRET -nt $IPSEC_PIDFILE && echo reload + ;; + *) + echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" + exit 1 + ;; +esac +rc_exit diff --git a/strongswan.spec b/strongswan.spec new file mode 100644 index 0000000..a02ccef --- /dev/null +++ b/strongswan.spec @@ -0,0 +1,268 @@ +# +# spec file for package strongswan (Version 4.1.9) +# +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. +# This file and all modifications and additions to the pristine +# package are under the same license as the package itself. +# +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + +# norootforbuild + +Name: strongswan +%define upstream_version 4.1.9 +%define strongswan_docdir %{_docdir}/%{name} +Version: 4.1.9 +Release: 6 +License: GPL v2 or later +Group: Productivity/Networking/Security +Summary: StrongSwan -- OpenSource IPsec-based VPN Solution +Url: http://www.strongswan.org/ +PreReq: gmp grep %insserv_prereq %fillup_prereq +Requires: iproute2 +Provides: pluto klips ipsec VPN freeswan +Obsoletes: freeswan +Conflicts: openswan +AutoReqProv: on +Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2 +Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig +Source2: %{name}.init.in +Patch1: %{name}_path.dif +Patch2: %{name}_ipsec_script_msg.dif +Patch3: %{name}_modprobe_syslog.dif +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: bison flex gmp-devel gperf pkg-config +%if 0%{?suse_version} >= 1030 +BuildRequires: libpcap-devel +%else +BuildRequires: libpcap +%endif +# --enable-http +BuildRequires: curl-devel +# --enable-ldap +BuildRequires: openldap2-devel + +%description +StrongSwan is an OpenSource IPsec-based VPN Solution for Linux + +* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec) + kernels + +* supports both the IKEv1 and IKEv2 (RFC 4306) key exchange + protocols + +* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC + 4555) + +* Fast connection startup and periodic update using ipsec starter + +* Automatic insertion and deletion of IPsec policy based firewall + rules + +* Strong 3DES, AES, Serpent, Twofish, or Blowfish encryption + +* NAT-Traversal via UDP encapsulation and port floating (RFC 3947) + +* Static Virtual IPs and IKE Mode Config Pull and Push modes + +* XAUTH server and client functionality on top of IKE Main Mode + authentication + +* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels + +* Authentication based on X.509 certificates or preshared keys + +* Generation of a default self-signed certificate during first + strongSwan startup + +* Retrieval and local caching of Certificate Revocation Lists via + HTTP or LDAP + +* Full support of the Online Certificate Status Protocol (OCSP, RCF + 2560). + +* CA management (OCSP and CRL URIs, default LDAP server) + +* Powerful IPsec policies based on wildcards or intermediate CAs + +* Group policies based on X.509 attribute certificates ( RFC 3281) + +* Optional storage of RSA private keys and certificates on a + smartcard + +* Smartcard access via standardized PKCS #11 interface + +* PKCS #11 proxy function offering RSA decryption services via whack + +* NEW: strongSwan Manager - a graphical management interface for IKEv2 + + + +Authors: +-------- + Andreas Steffen + and others + +%package doc +Summary: StrongSwan -- OpenSource IPsec-based VPN Solution +Group: Productivity/Networking/Security + +%description doc +StrongSwan is an OpenSource IPsec-based VPN Solution for Linux + +This package provides the StrongSwan documentation. + + + +Authors: +-------- + Andreas Steffen + and others + +%prep +%setup -q -n %{name}-%{upstream_version} +%patch1 -p0 +%patch2 -p0 +%patch3 -p0 +sed -e 's|@libexecdir@|%_libexecdir|g' \ + < $RPM_SOURCE_DIR/strongswan.init.in \ + > strongswan.init + +%build +export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -W -Wall" +export CFLAGS="$RPM_OPT_FLAGS" +%{?suse_update_config:%{suse_update_config -f}} +autoreconf +%configure \ + --enable-smartcard --with-default-pkcs11=%{_libdir}/opensc-pkcs11.so \ + --enable-cisco-quirks \ + --enable-http \ + --enable-ldap +make %_smp_mflags + +%install +export RPM_BUILD_ROOT +install -m755 -d ${RPM_BUILD_ROOT}%{_sbindir}/ +install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ +install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec +ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec +# +make install DESTDIR="$RPM_BUILD_ROOT" +# +rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets +cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets +# +# ipsec.secrets +# +# This file holds the RSA private keys or the PSK preshared secrets for +# the IKE/IPsec authentication. See the ipsec.secrets(5) manual page. +# +EOT +# +rm -f $RPM_BUILD_ROOT%{_libdir}/libstrongswan.{so,a,la} +find $RPM_BUILD_ROOT%{_libdir}/ipsec \ + -name "*.a" -o -name "*.la" | xargs -r rm -f +# +install -m755 -d ${RPM_BUILD_ROOT}%{strongswan_docdir}/ +install -m644 TODO NEWS README COPYING CREDITS \ + ${RPM_BUILD_ROOT}%{strongswan_docdir}/ + +%clean +if [ -n "$RPM_BUILD_ROOT" ] && [ "$RPM_BUILD_ROOT" != "/" ] ; then + rm -rf "$RPM_BUILD_ROOT" +fi + +%post +%{run_ldconfig} +%{fillup_and_insserv ipsec} + +%preun +%{stop_on_removal ipsec} +if test -s %{_sysconfdir}/ipsec.secrets.rpmsave; then + cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave %{_sysconfdir}/ipsec.secrets.rpmsave.old +fi +if test -s %{_sysconfdir}/ipsec.conf.rpmsave; then + cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave %{_sysconfdir}/ipsec.conf.rpmsave.old +fi + +%postun +%{run_ldconfig} +%{restart_on_update ipsec} +%{insserv_cleanup} + +%files +%defattr(-,root,root) +%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf +%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets +%dir %{_sysconfdir}/ipsec.d +%dir %{_sysconfdir}/ipsec.d/crls +%dir %{_sysconfdir}/ipsec.d/reqs +%dir %{_sysconfdir}/ipsec.d/certs +%dir %{_sysconfdir}/ipsec.d/acerts +%dir %{_sysconfdir}/ipsec.d/aacerts +%dir %{_sysconfdir}/ipsec.d/cacerts +%dir %{_sysconfdir}/ipsec.d/ocspcerts +%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private +%config %{_sysconfdir}/init.d/ipsec +%{_sbindir}/rcipsec +%{_sbindir}/ipsec +%{_libdir}/ipsec +%{_libdir}/libstrongswan.* +%if "%{_libdir}" != "%{_libexecdir}" +%{_libexecdir}/ipsec +%endif +%{_mandir}/man5/ipsec.conf.5* +%{_mandir}/man5/ipsec.secrets.5* +%{_mandir}/man8/ipsec.8* + +%files doc +%defattr(-,root,root) +%dir %{strongswan_docdir} +%{strongswan_docdir}/TODO +%{strongswan_docdir}/NEWS +%{strongswan_docdir}/README +%{strongswan_docdir}/COPYING +%{strongswan_docdir}/CREDITS +%{_mandir}/man3/anyaddr.3* +%{_mandir}/man3/atoaddr.3* +%{_mandir}/man3/atoasr.3* +%{_mandir}/man3/atosa.3* +%{_mandir}/man3/atoul.3* +%{_mandir}/man3/goodmask.3* +%{_mandir}/man3/initaddr.3* +%{_mandir}/man3/initsubnet.3* +%{_mandir}/man3/keyblobtoid.3* +%{_mandir}/man3/optionsfrom.3* +%{_mandir}/man3/portof.3* +%{_mandir}/man3/prng.3* +%{_mandir}/man3/rangetosubnet.3* +%{_mandir}/man3/sameaddr.3* +%{_mandir}/man3/subnetof.3* +%{_mandir}/man3/ttoaddr.3* +%{_mandir}/man3/ttodata.3* +%{_mandir}/man3/ttosa.3* +%{_mandir}/man3/ttoul.3* +%{_mandir}/man3/version.3* +%{_mandir}/man8/_copyright.8* +%{_mandir}/man8/_updown.8* +%{_mandir}/man8/_updown_espmark.8* +%{_mandir}/man8/openac.8* +%{_mandir}/man8/pluto.8* +%{_mandir}/man8/scepclient.8* +%{_mandir}/man8/starter.8* +%changelog +* Sat Dec 08 2007 - mt@suse.de +- Updated to 4.1.9 final, including all our patches. +- Changed init script to use ipsec cmd using LSB codes now. +- Added strongswan_path.dif setting a PATH in scripts (updown). +- Added strongswan_ipsec_script_msg.dif for consistent look of + ipsec script messages. +- Added strongswan_modprobe_syslog.dif redirecting modprobe + output to syslog. +* Mon Nov 26 2007 - mt@suse.de +- Renamed charon plugins to avoid rpm conflicts with existing + libraries (libstroke). Patch: strongswan-libconflicts.dif +- Added init script. Template file: strongswan.init.in +* Thu Nov 22 2007 - mt@suse.de +- Initial, unfinished package diff --git a/strongswan_ipsec_script_msg.dif b/strongswan_ipsec_script_msg.dif new file mode 100644 index 0000000..edaea8d --- /dev/null +++ b/strongswan_ipsec_script_msg.dif @@ -0,0 +1,20 @@ +--- src/ipsec/ipsec.in ++++ src/ipsec/ipsec.in 2007/12/06 09:21:17 +@@ -166,7 +166,7 @@ reload) + echo "Reloading strongSwan IPsec configuration..." >&2 + kill -s USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0 + else +- echo "ipsec starter is not running" >&2 ++ echo "Reloading strongSwan IPsec: starter is not running" >&2 + fi + exit "$rc" + ;; +@@ -285,7 +285,7 @@ stop) + fi + fi + else +- echo "ipsec starter is not running" >&2 ++ echo "Stopping strongSwan IPsec: starter is not running" >&2 + fi + exit 0 + ;; diff --git a/strongswan_modprobe_syslog.dif b/strongswan_modprobe_syslog.dif new file mode 100644 index 0000000..0ecfe7b --- /dev/null +++ b/strongswan_modprobe_syslog.dif @@ -0,0 +1,28 @@ +--- src/starter/netkey.c ++++ src/starter/netkey.c 2007/12/06 09:05:30 +@@ -36,7 +36,7 @@ starter_netkey_init(void) + /* af_key module makes the netkey proc interface visible */ + if (stat(PROC_MODULES, &stb) == 0) + { +- system("modprobe -qv af_key"); ++ system("modprobe -s af_key"); + } + + /* now test again */ +@@ -52,11 +52,11 @@ starter_netkey_init(void) + /* make sure that all required IPsec modules are loaded */ + if (stat(PROC_MODULES, &stb) == 0) + { +- system("modprobe -qv ah4"); +- system("modprobe -qv esp4"); +- system("modprobe -qv ipcomp"); +- system("modprobe -qv xfrm4_tunnel"); +- system("modprobe -qv xfrm_user"); ++ system("modprobe -s ah4"); ++ system("modprobe -s esp4"); ++ system("modprobe -s ipcomp"); ++ system("modprobe -s xfrm4_tunnel"); ++ system("modprobe -s xfrm_user"); + } + + DBG(DBG_CONTROL, diff --git a/strongswan_path.dif b/strongswan_path.dif new file mode 100644 index 0000000..62410fb --- /dev/null +++ b/strongswan_path.dif @@ -0,0 +1,24 @@ +--- src/ipsec/ipsec.in ++++ src/ipsec/ipsec.in 2007/12/05 08:15:29 +@@ -16,6 +16,9 @@ + # + # RCSID $Id: ipsec.in 3370 2007-11-29 18:27:04Z andreas $ + ++PATH="/sbin:/bin:/usr/sbin:/usr/bin" ++export PATH ++ + # name and version of the ipsec implementation + IPSEC_NAME="@IPSEC_NAME@" + IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`" +--- src/_updown/_updown.in ++++ src/_updown/_updown.in 2007/12/05 08:15:29 +@@ -118,6 +118,9 @@ + # restricted on the peer side. + # + ++PATH="/sbin:/bin:/usr/sbin:/usr/bin" ++export PATH ++ + # uncomment to log VPN connections + VPN_LOGGING=1 + #