rpm/strongswan
SHA256
1
0
Fork 0
forked from pool/strongswan
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/strongswan?expand=0&rev=1

Browse Source
This commit is contained in:
OBS User unknown 2007-12-13 03:49:24 +00:00 committed by Git OBS Bridge
commit 6e9e4ef022
11 changed files with 677 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

0
ready Normal file
View File

3
strongswan-4.1.9.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:37ea5119dc54cb150d444302f82f84854a15d35e45a817e3a29be86b7d750587
size 2176339

9
strongswan-4.1.9.tar.bz2.sig Normal file
View File

@ -0,0 +1,9 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQCVAwUAR1Wm+dYbDnNAmVNZAQIvkAQAolk4x+wmuJEIBHQ+24S2v2fOJoZKud6L
Fl8cqH2GPe4yYZkuaJ+djgK+GslBfY8qyqXKC49SUkwWtA/yMKkItwDNv2RwhXdQ
jzjAI1Ad8nCck3XFkIYg9gxL/p2caooRqu6PUr0qfTpVl1lKMW0tHVssavUnCWJv
NcjWTSUihl0=
=GC6L
-----END PGP SIGNATURE-----

23
strongswan.changes Normal file
View File

@ -0,0 +1,23 @@
-------------------------------------------------------------------
Sat Dec 8 13:03:42 CET 2007 - mt@suse.de
- Updated to 4.1.9 final, including all our patches.
- Changed init script to use ipsec cmd using LSB codes now.
- Added strongswan_path.dif setting a PATH in scripts (updown).
- Added strongswan_ipsec_script_msg.dif for consistent look of
ipsec script messages.
- Added strongswan_modprobe_syslog.dif redirecting modprobe
output to syslog.
-------------------------------------------------------------------
Mon Nov 26 10:19:40 CET 2007 - mt@suse.de
- Renamed charon plugins to avoid rpm conflicts with existing
libraries (libstroke). Patch: strongswan-libconflicts.dif
- Added init script. Template file: strongswan.init.in
-------------------------------------------------------------------
Thu Nov 22 10:25:56 CET 2007 - mt@suse.de
- Initial, unfinished package

278
strongswan.init.in Normal file
View File

@ -0,0 +1,278 @@
#!/bin/bash
#
# SUSE/LSB system startup script for strongswan ipsec
#
# Copyright (C) 2007 Marius Tomaschewski, SUSE / Novell Inc.
# based on /etc/init.d/skeleton.compat by Kurt Garloff.
#
# This library is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or (at
# your option) any later version.
#
# This library is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307,
# USA.
#
# /etc/init.d/ipsec
# and its symbolic link
# /usr/sbin/rcipsec
#
# LSB compatible service control script; see http://www.linuxbase.org/spec/
# Please send feedback to http://www.suse.de/feedback/
#
# Note: This script uses functions rc_XXX defined in /etc/rc.status on
# UnitedLinux/SUSE/Novell based Linux distributions. However, it shoule
# work on other distributions as well, by using the LSB (Linux Standard
# Base) or RH functions or by open coding the needed functions.
#
# chkconfig: 345 99 00
# description: StrongSwan IPsec
#
### BEGIN INIT INFO
# Provides: ipsec
# Required-Start: $syslog $remote_fs $named
# Should-Start: $time
# Required-Stop: $syslog $remote_fs $named
# Should-Stop: $time
# Default-Start: 3 4 5
# Default-Stop: 0 1 2 6
# Short-Description: StrongSwan IPsec
# Description: StrongSwan IPsec provides encrypted and authenticated
# communication via a unsafe network, such as the internet.
# This scripts loads the kernel modules and starts the user-space setup.
### END INIT INFO
# Check for missing binaries (stale symlinks should not happen)
# Note: Special treatment of stop for LSB conformance
IPSEC_CMD="/usr/sbin/ipsec"
test -x $IPSEC_CMD || {
echo "$IPSEC_CMD not installed";
if [ "$1" = "stop" ]; then exit 0; else exit 5; fi;
}
IPSEC_STARTER="@libexecdir@/ipsec/starter"
test -x $IPSEC_STARTER || {
echo "$IPSEC_STARTER not installed";
if [ "$1" = "stop" ]; then exit 0; else exit 5; fi;
}
# The pid file of the ipsec starter
IPSEC_PIDFILE="/var/run/starter.pid"
# Check for existence of needed config files
IPSEC_CONFIG="/etc/ipsec.conf"
test -r $IPSEC_CONFIG || {
echo "$IPSEC_CONFIG not existing";
if [ "$1" = "stop" ]; then exit 0; else exit 6; fi;
}
IPSEC_SECRET="/etc/ipsec.secrets"
test -r $IPSEC_SECRET || {
echo "$IPSEC_SECRET not existing";
if [ "$1" = "stop" ]; then exit 0; else exit 6; fi;
}
# Source LSB init functions
# providing start_daemon, killproc, pidofproc,
# log_success_msg, log_failure_msg and log_warning_msg.
# This is currently not used by UnitedLinux based distributions and
# not needed for init scripts for UnitedLinux only. If it is used,
# the functions from rc.status should not be sourced or used.
#. /lib/lsb/init-functions
# Shell functions sourced from /etc/rc.status:
# rc_check check and set local and overall rc status
# rc_status check and set local and overall rc status
# rc_status -v be verbose in local rc status and clear it afterwards
# rc_status -v -r ditto and clear both the local and overall rc status
# rc_status -s display "skipped" and exit with status 3
# rc_status -u display "unused" and exit with status 3
# rc_failed set local and overall rc status to failed
# rc_failed <num> set local and overall rc status to <num>
# rc_reset clear both the local and overall rc status
# rc_exit exit appropriate to overall rc status
# rc_active checks whether a service is activated by symlinks
# Use the SUSE rc_ init script functions;
# emulate them on LSB, RH and other systems
# Default: Assume sysvinit binaries exist
start_daemon() { /sbin/start_daemon ${1+"$@"}; }
killproc() { /sbin/killproc ${1+"$@"}; }
pidofproc() { /sbin/pidofproc ${1+"$@"}; }
checkproc() { /sbin/checkproc ${1+"$@"}; }
if test -e /etc/rc.status; then
# SUSE rc script library
. /etc/rc.status
else
export LC_ALL=POSIX
_cmd=$1
declare -a _SMSG
if test "${_cmd}" = "status"; then
_SMSG=(running dead dead unused unknown reserved)
_RC_UNUSED=3
else
_SMSG=(done failed failed missed failed skipped unused failed failed reserved)
_RC_UNUSED=6
fi
if test -e /lib/lsb/init-functions; then
# LSB
. /lib/lsb/init-functions
echo_rc()
{
if test ${_RC_RV} = 0; then
log_success_msg " [${_SMSG[${_RC_RV}]}] "
else
log_failure_msg " [${_SMSG[${_RC_RV}]}] "
fi
}
# TODO: Add checking for lockfiles
checkproc() { pidofproc ${1+"$@"} >/dev/null 2>&1; }
elif test -e /etc/init.d/functions; then
# RHAT
. /etc/init.d/functions
echo_rc()
{
#echo -n " [${_SMSG[${_RC_RV}]}] "
if test ${_RC_RV} = 0; then
success " [${_SMSG[${_RC_RV}]}] "
else
failure " [${_SMSG[${_RC_RV}]}] "
fi
}
checkproc() { status ${1+"$@"}; }
start_daemon() { daemon ${1+"$@"}; }
else
# emulate it
echo_rc() { echo " [${_SMSG[${_RC_RV}]}] "; }
fi
rc_reset() { _RC_RV=0; }
rc_failed()
{
if test -z "$1"; then
_RC_RV=1;
elif test "$1" != "0"; then
_RC_RV=$1;
fi
return ${_RC_RV}
}
rc_check()
{
rc_failed $?
}
rc_status()
{
rc_failed $?
if test "$1" = "-r"; then _RC_RV=0; shift; fi
if test "$1" = "-s"; then rc_failed 5; echo_rc; rc_failed 3; shift; fi
if test "$1" = "-u"; then rc_failed ${_RC_UNUSED}; echo_rc; rc_failed 3; shift; fi
if test "$1" = "-v"; then echo_rc; shift; fi
if test "$1" = "-r"; then _RC_RV=0; shift; fi
return ${_RC_RV}
}
rc_exit() { exit ${_RC_RV}; }
rc_active()
{
local x
for x in /etc/rc.d/rc[0-9].d/S[0-9][0-9]${1} ; do
test -e $x && return 0 || break
done
return 1
}
fi
# Reset status of this service
rc_reset
# Return values acc. to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - user had insufficient privileges
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running
# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
#
# Note that starting an already running service, stopping
# or restarting a not-running service as well as the restart
# with force-reload (in case signaling is not supported) are
# considered a success.
case "$1" in
start)
$IPSEC_CMD start 2>&1 | sed -e "s/ -- .*//g"
rc_status -v1
;;
stop)
$IPSEC_CMD stop 2>&1
rc_status -v1
;;
try-restart|condrestart)
## Do a restart only if the service was active before.
## Note: try-restart is now part of LSB (as of 1.9).
## RH has a similar command named condrestart.
if test "$1" = "condrestart"; then
echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
fi
$0 status
if test $? = 0; then
$0 restart
else
rc_reset # Not running is not a failure.
fi
# Remember status and be quiet
rc_status
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
$0 stop
sleep 2
$0 start
# Remember status and be quiet
rc_status
;;
reload|force-reload)
$IPSEC_CMD reload
rc_status -v1
;;
status)
# Return value is slightly different for the status command:
# 0 - service up and running
# 1 - service dead, but /var/run/ pid file exists
# 2 - service dead, but /var/lock/ lock file exists
# 3 - service not running (unused)
# 4 - service status unknown :-(
# 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
echo -n "Checking for service strongSwan IPsec "
#checkproc $IPSEC_STARTER
$IPSEC_CMD status 2>&1 >/dev/null
# NOTE: rc_status knows that we called this init script with
# "status" option and adapts its messages accordingly.
rc_status -v
;;
probe)
## Optional: Probe for the necessity of a reload, print out the
## argument to this init script which is required for a reload.
## Note: probe is not (yet) part of LSB (as of 1.9)
test $IPSEC_CONFIG -nt $IPSEC_PIDFILE || \
test $IPSEC_SECRET -nt $IPSEC_PIDFILE && echo reload
;;
*)
echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
exit 1
;;
esac
rc_exit

268
strongswan.spec Normal file
View File

@ -0,0 +1,268 @@
#
# spec file for package strongswan (Version 4.1.9)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: strongswan
%define upstream_version 4.1.9
%define strongswan_docdir %{_docdir}/%{name}
Version: 4.1.9
Release: 6
License: GPL v2 or later
Group: Productivity/Networking/Security
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
Url: http://www.strongswan.org/
PreReq: gmp grep %insserv_prereq %fillup_prereq
Requires: iproute2
Provides: pluto klips ipsec VPN freeswan
Obsoletes: freeswan
Conflicts: openswan
AutoReqProv: on
Source0: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2
Source1: http://download.strongswan.org/strongswan-%{upstream_version}.tar.bz2.sig
Source2: %{name}.init.in
Patch1: %{name}_path.dif
Patch2: %{name}_ipsec_script_msg.dif
Patch3: %{name}_modprobe_syslog.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: bison flex gmp-devel gperf pkg-config
%if 0%{?suse_version} >= 1030
BuildRequires: libpcap-devel
%else
BuildRequires: libpcap
%endif
# --enable-http
BuildRequires: curl-devel
# --enable-ldap
BuildRequires: openldap2-devel
%description
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
* runs both on Linux 2.4 (KLIPS IPsec) and Linux 2.6 (NETKEY IPsec)
kernels
* supports both the IKEv1 and IKEv2 (RFC 4306) key exchange
protocols
* Dynamical IP address and interface update with IKEv2 MOBIKE (RFC
4555)
* Fast connection startup and periodic update using ipsec starter
* Automatic insertion and deletion of IPsec policy based firewall
rules
* Strong 3DES, AES, Serpent, Twofish, or Blowfish encryption
* NAT-Traversal via UDP encapsulation and port floating (RFC 3947)
* Static Virtual IPs and IKE Mode Config Pull and Push modes
* XAUTH server and client functionality on top of IKE Main Mode
authentication
* Dead Peer Detection (DPD, RFC 3706) takes care of dangling tunnels
* Authentication based on X.509 certificates or preshared keys
* Generation of a default self-signed certificate during first
strongSwan startup
* Retrieval and local caching of Certificate Revocation Lists via
HTTP or LDAP
* Full support of the Online Certificate Status Protocol (OCSP, RCF
2560).
* CA management (OCSP and CRL URIs, default LDAP server)
* Powerful IPsec policies based on wildcards or intermediate CAs
* Group policies based on X.509 attribute certificates ( RFC 3281)
* Optional storage of RSA private keys and certificates on a
smartcard
* Smartcard access via standardized PKCS #11 interface
* PKCS #11 proxy function offering RSA decryption services via whack
* NEW: strongSwan Manager - a graphical management interface for IKEv2
Authors:
--------
Andreas Steffen
and others
%package doc
Summary: StrongSwan -- OpenSource IPsec-based VPN Solution
Group: Productivity/Networking/Security
%description doc
StrongSwan is an OpenSource IPsec-based VPN Solution for Linux
This package provides the StrongSwan documentation.
Authors:
--------
Andreas Steffen
and others
%prep
%setup -q -n %{name}-%{upstream_version}
%patch1 -p0
%patch2 -p0
%patch3 -p0
sed -e 's|@libexecdir@|%_libexecdir|g' \
< $RPM_SOURCE_DIR/strongswan.init.in \
> strongswan.init
%build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -W -Wall"
export CFLAGS="$RPM_OPT_FLAGS"
%{?suse_update_config:%{suse_update_config -f}}
autoreconf
%configure \
--enable-smartcard --with-default-pkcs11=%{_libdir}/opensc-pkcs11.so \
--enable-cisco-quirks \
--enable-http \
--enable-ldap
make %_smp_mflags
%install
export RPM_BUILD_ROOT
install -m755 -d ${RPM_BUILD_ROOT}%{_sbindir}/
install -m755 -d ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/
install -m755 strongswan.init ${RPM_BUILD_ROOT}%{_sysconfdir}/init.d/ipsec
ln -s %{_sysconfdir}/init.d/ipsec ${RPM_BUILD_ROOT}%{_sbindir}/rcipsec
#
make install DESTDIR="$RPM_BUILD_ROOT"
#
rm -f ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
cat << EOT > ${RPM_BUILD_ROOT}%{_sysconfdir}/ipsec.secrets
#
# ipsec.secrets
#
# This file holds the RSA private keys or the PSK preshared secrets for
# the IKE/IPsec authentication. See the ipsec.secrets(5) manual page.
#
EOT
#
rm -f $RPM_BUILD_ROOT%{_libdir}/libstrongswan.{so,a,la}
find $RPM_BUILD_ROOT%{_libdir}/ipsec \
-name "*.a" -o -name "*.la" | xargs -r rm -f
#
install -m755 -d ${RPM_BUILD_ROOT}%{strongswan_docdir}/
install -m644 TODO NEWS README COPYING CREDITS \
${RPM_BUILD_ROOT}%{strongswan_docdir}/
%clean
if [ -n "$RPM_BUILD_ROOT" ] && [ "$RPM_BUILD_ROOT" != "/" ] ; then
rm -rf "$RPM_BUILD_ROOT"
fi
%post
%{run_ldconfig}
%{fillup_and_insserv ipsec}
%preun
%{stop_on_removal ipsec}
if test -s %{_sysconfdir}/ipsec.secrets.rpmsave; then
cp -p --backup=numbered %{_sysconfdir}/ipsec.secrets.rpmsave %{_sysconfdir}/ipsec.secrets.rpmsave.old
fi
if test -s %{_sysconfdir}/ipsec.conf.rpmsave; then
cp -p --backup=numbered %{_sysconfdir}/ipsec.conf.rpmsave %{_sysconfdir}/ipsec.conf.rpmsave.old
fi
%postun
%{run_ldconfig}
%{restart_on_update ipsec}
%{insserv_cleanup}
%files
%defattr(-,root,root)
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.conf
%config(noreplace) %attr(600,root,root) %{_sysconfdir}/ipsec.secrets
%dir %{_sysconfdir}/ipsec.d
%dir %{_sysconfdir}/ipsec.d/crls
%dir %{_sysconfdir}/ipsec.d/reqs
%dir %{_sysconfdir}/ipsec.d/certs
%dir %{_sysconfdir}/ipsec.d/acerts
%dir %{_sysconfdir}/ipsec.d/aacerts
%dir %{_sysconfdir}/ipsec.d/cacerts
%dir %{_sysconfdir}/ipsec.d/ocspcerts
%dir %attr(700,root,root) %{_sysconfdir}/ipsec.d/private
%config %{_sysconfdir}/init.d/ipsec
%{_sbindir}/rcipsec
%{_sbindir}/ipsec
%{_libdir}/ipsec
%{_libdir}/libstrongswan.*
%if "%{_libdir}" != "%{_libexecdir}"
%{_libexecdir}/ipsec
%endif
%{_mandir}/man5/ipsec.conf.5*
%{_mandir}/man5/ipsec.secrets.5*
%{_mandir}/man8/ipsec.8*
%files doc
%defattr(-,root,root)
%dir %{strongswan_docdir}
%{strongswan_docdir}/TODO
%{strongswan_docdir}/NEWS
%{strongswan_docdir}/README
%{strongswan_docdir}/COPYING
%{strongswan_docdir}/CREDITS
%{_mandir}/man3/anyaddr.3*
%{_mandir}/man3/atoaddr.3*
%{_mandir}/man3/atoasr.3*
%{_mandir}/man3/atosa.3*
%{_mandir}/man3/atoul.3*
%{_mandir}/man3/goodmask.3*
%{_mandir}/man3/initaddr.3*
%{_mandir}/man3/initsubnet.3*
%{_mandir}/man3/keyblobtoid.3*
%{_mandir}/man3/optionsfrom.3*
%{_mandir}/man3/portof.3*
%{_mandir}/man3/prng.3*
%{_mandir}/man3/rangetosubnet.3*
%{_mandir}/man3/sameaddr.3*
%{_mandir}/man3/subnetof.3*
%{_mandir}/man3/ttoaddr.3*
%{_mandir}/man3/ttodata.3*
%{_mandir}/man3/ttosa.3*
%{_mandir}/man3/ttoul.3*
%{_mandir}/man3/version.3*
%{_mandir}/man8/_copyright.8*
%{_mandir}/man8/_updown.8*
%{_mandir}/man8/_updown_espmark.8*
%{_mandir}/man8/openac.8*
%{_mandir}/man8/pluto.8*
%{_mandir}/man8/scepclient.8*
%{_mandir}/man8/starter.8*
%changelog
* Sat Dec 08 2007 - mt@suse.de
- Updated to 4.1.9 final, including all our patches.
- Changed init script to use ipsec cmd using LSB codes now.
- Added strongswan_path.dif setting a PATH in scripts (updown).
- Added strongswan_ipsec_script_msg.dif for consistent look of
ipsec script messages.
- Added strongswan_modprobe_syslog.dif redirecting modprobe
output to syslog.
* Mon Nov 26 2007 - mt@suse.de
- Renamed charon plugins to avoid rpm conflicts with existing
libraries (libstroke). Patch: strongswan-libconflicts.dif
- Added init script. Template file: strongswan.init.in
* Thu Nov 22 2007 - mt@suse.de
- Initial, unfinished package

20
strongswan_ipsec_script_msg.dif Normal file
View File

@ -0,0 +1,20 @@
--- src/ipsec/ipsec.in
+++ src/ipsec/ipsec.in 2007/12/06 09:21:17
@@ -166,7 +166,7 @@ reload)
echo "Reloading strongSwan IPsec configuration..." >&2
kill -s USR1 `cat $IPSEC_STARTER_PID` 2>/dev/null && rc=0
else
- echo "ipsec starter is not running" >&2
+ echo "Reloading strongSwan IPsec: starter is not running" >&2
fi
exit "$rc"
;;
@@ -285,7 +285,7 @@ stop)
fi
fi
else
- echo "ipsec starter is not running" >&2
+ echo "Stopping strongSwan IPsec: starter is not running" >&2
fi
exit 0
;;

28
strongswan_modprobe_syslog.dif Normal file
View File

@ -0,0 +1,28 @@
--- src/starter/netkey.c
+++ src/starter/netkey.c 2007/12/06 09:05:30
@@ -36,7 +36,7 @@ starter_netkey_init(void)
/* af_key module makes the netkey proc interface visible */
if (stat(PROC_MODULES, &stb) == 0)
{
- system("modprobe -qv af_key");
+ system("modprobe -s af_key");
}
/* now test again */
@@ -52,11 +52,11 @@ starter_netkey_init(void)
/* make sure that all required IPsec modules are loaded */
if (stat(PROC_MODULES, &stb) == 0)
{
- system("modprobe -qv ah4");
- system("modprobe -qv esp4");
- system("modprobe -qv ipcomp");
- system("modprobe -qv xfrm4_tunnel");
- system("modprobe -qv xfrm_user");
+ system("modprobe -s ah4");
+ system("modprobe -s esp4");
+ system("modprobe -s ipcomp");
+ system("modprobe -s xfrm4_tunnel");
+ system("modprobe -s xfrm_user");
}
DBG(DBG_CONTROL,

24
strongswan_path.dif Normal file
View File

@ -0,0 +1,24 @@
--- src/ipsec/ipsec.in
+++ src/ipsec/ipsec.in 2007/12/05 08:15:29
@@ -16,6 +16,9 @@
#
# RCSID $Id: ipsec.in 3370 2007-11-29 18:27:04Z andreas $
+PATH="/sbin:/bin:/usr/sbin:/usr/bin"
+export PATH
+
# name and version of the ipsec implementation
IPSEC_NAME="@IPSEC_NAME@"
IPSEC_VERSION="U@IPSEC_VERSION@/K`uname -r`"
--- src/_updown/_updown.in
+++ src/_updown/_updown.in 2007/12/05 08:15:29
@@ -118,6 +118,9 @@
# restricted on the peer side.
#
+PATH="/sbin:/bin:/usr/sbin:/usr/bin"
+export PATH
+
# uncomment to log VPN connections
VPN_LOGGING=1
#