From 3babeff858a9599766275a5431a35bde540fdd99a3bfa8d1a2111dbce5c7da56 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 1 Sep 2020 15:38:16 +0000 Subject: [PATCH 1/3] Accepting request 831234 from home:monosoul:branches:network:vpn Enable bypass-lan strongswan plugin https://wiki.strongswan.org/projects/strongswan/wiki/Bypass-lan OBS-URL: https://build.opensuse.org/request/show/831234 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=123 --- strongswan.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/strongswan.spec b/strongswan.spec index c3b0995..a227260 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -365,6 +365,7 @@ autoreconf --force --install --enable-ldap \ --enable-soup \ --enable-curl \ + --enable-bypass-lan \ --disable-static make %{?_smp_mflags} @@ -713,6 +714,7 @@ fi %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/xauth-generic.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/xauth-pam.conf %config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/xcbc.conf +%config(noreplace) %attr(600,root,root) %{strongswan_configs}/charon/bypass-lan.conf %dir %{strongswan_libdir} %if %{with integrity} %{strongswan_libdir}/libchecksum.so @@ -828,6 +830,7 @@ fi %{strongswan_plugins}/libstrongswan-xcbc.so %{strongswan_plugins}/libstrongswan-curve25519.so %{strongswan_plugins}/libstrongswan-vici.so +%{strongswan_plugins}/libstrongswan-bypass-lan.so %dir %{strongswan_datadir} %dir %{strongswan_templates} %dir %{strongswan_templates}/config @@ -933,6 +936,7 @@ fi %{strongswan_templates}/config/plugins/xcbc.conf %{strongswan_templates}/config/plugins/curve25519.conf %{strongswan_templates}/config/plugins/vici.conf +%{strongswan_templates}/config/plugins/bypass-lan.conf %if %{with systemd} %{strongswan_templates}/config/strongswan.d/charon-systemd.conf %endif From b9f4a82f2e5242146c10ebe04b6158cc9eba5c498b9b9d62d839bc250efcd70b Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 1 Sep 2020 16:31:18 +0000 Subject: [PATCH 2/3] - Enable bypass-lan strongswan plugin OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=124 --- strongswan.changes | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/strongswan.changes b/strongswan.changes index dcaf20a..eb05874 100644 --- a/strongswan.changes +++ b/strongswan.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Sep 1 16:31:02 UTC 2020 - Jan Engelhardt + +- Enable bypass-lan strongswan plugin + ------------------------------------------------------------------- Fri May 1 09:39:42 UTC 2020 - Bjørn Lie From f54d9f50839fae422ca5b9befb3974c9fb40c542aa27a157068119f55acaaca5 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Tue, 1 Sep 2020 22:39:10 +0000 Subject: [PATCH 3/3] Accepting request 831323 from home:monosoul:branches:network:vpn Disable bypass-lan strongswan plugin by default, so update to the new version would not change existing strongswan behavior OBS-URL: https://build.opensuse.org/request/show/831323 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=125 --- strongswan.spec | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/strongswan.spec b/strongswan.spec index a227260..c7ad454 100644 --- a/strongswan.spec +++ b/strongswan.spec @@ -446,7 +446,9 @@ echo 'd %{_rundir}/%{name} 0770 root root' > %{buildroot}%{_tmpfilesdir}/%{name} # install -c -m750 _fipscheck %{buildroot}/%{_libexecdir}/ipsec/ install -c -m644 %{_sourcedir}/fips-enforce.conf \ - %{buildroot}/%{strongswan_configs}/charon/zzz_fips-enforce.conf + %{buildroot}/%{strongswan_configs}/charon/zzz_fips-enforce.conf +# disable bypass-lan plugin by default +sed -i 's/\(load[ ]*=[ ]*\)yes/\1no/g' %{buildroot}/%{strongswan_configs}/charon/bypass-lan.conf # create fips hmac hashes _after_ install post run %{expand:%%global __os_install_post {%__os_install_post for f in %{buildroot}/%{strongswan_libdir}/lib*.so.*.*.* \