Gentoo Archives: gentoo-commits

From: "Anthony G. Basile (blueness)" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in net-firewall/ipsec-tools/files: racoon.init.d-r2 ipsec-tools.conf racoon.conf.d-r1
Date: Fri, 28 Sep 2012 00:45:37
Message-Id: 20120928004526.B2DDE21600@flycatcher.gentoo.org
1 blueness 12/09/28 00:45:26
2
3 Added: racoon.init.d-r2 ipsec-tools.conf racoon.conf.d-r1
4 Log:
5 Fix bug #435398 and #436144
6
7 (Portage version: 2.1.11.9/cvs/Linux x86_64)
8
9 Revision Changes Path
10 1.1 net-firewall/ipsec-tools/files/racoon.init.d-r2
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/racoon.init.d-r2?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/racoon.init.d-r2?rev=1.1&content-type=text/plain
14
15 Index: racoon.init.d-r2
16 ===================================================================
17 #!/sbin/runscript
18 # Copyright 1999-2012 Gentoo Foundation
19 # Distributed under the terms of the GNU General Public License v2
20
21 depend() {
22 before netmount
23 use net
24 }
25
26 checkconfig() {
27 if [ ! -e ${SETKEY_CONF} ] ; then
28 eerror "You need to configure setkey before starting racoon."
29 return 1
30 fi
31 if [ ! -e ${RACOON_CONF} ] ; then
32 eerror "You need a configuration file to start racoon."
33 return 1
34 fi
35 if [ ! -z ${RACOON_PSK_FILE} ] ; then
36 if [ ! -f ${RACOON_PSK_FILE} ] ; then
37 eerror "PSK file not found as specified."
38 eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
39 return 1
40 fi
41 case "`ls -Lldn ${RACOON_PSK_FILE}`" in
42 -r--------*)
43 ;;
44 *)
45 eerror "Your defined PSK file should be mode 400 for security!"
46 return 1
47 ;;
48 esac
49 fi
50 }
51
52 command=/usr/sbin/racoon
53 command_args="-f ${RACOON_CONF} ${RACOON_OPTS}"
54 pidfile=/var/run/racoon.pid
55 start_stop_daemon_args="--wait ${RACOON_WAIT}"
56
57 start_pre() {
58 checkconfig || return 1
59 einfo "Loading ipsec policies from ${SETKEY_CONF}."
60 /usr/sbin/setkey -f ${SETKEY_CONF}
61 if [ $? -eq 1 ] ; then
62 eerror "Error while loading ipsec policies"
63 fi
64 }
65
66 stop_post() {
67 if [ -n "${RACOON_RESET_TABLES}" ]; then
68 ebegin "Flushing policy entries"
69 /usr/sbin/setkey -F
70 /usr/sbin/setkey -FP
71 eend $?
72 fi
73 }
74
75
76
77 1.1 net-firewall/ipsec-tools/files/ipsec-tools.conf
78
79 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/ipsec-tools.conf?rev=1.1&view=markup
80 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/ipsec-tools.conf?rev=1.1&content-type=text/plain
81
82 Index: ipsec-tools.conf
83 ===================================================================
84 #!/usr/sbin/setkey -f
85 #
86 # THIS IS A SAMPLE FILE!
87 #
88 # This is a sample file to test Gentoo's ipsec-tools out of the box.
89 # Do not use it in production. See: http://www.ipsec-howto.org/
90 #
91 flush;
92 spdflush;
93
94 #
95 # Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon.
96 # Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer
97 #
98 #add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6;
99 #add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b;
100 #add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
101 #add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
102
103 #
104 # Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer
105 #
106 #spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require;
107 #spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require;
108 spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require;
109 spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require;
110
111
112
113 1.1 net-firewall/ipsec-tools/files/racoon.conf.d-r1
114
115 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d-r1?rev=1.1&view=markup
116 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d-r1?rev=1.1&content-type=text/plain
117
118 Index: racoon.conf.d-r1
119 ===================================================================
120 # Copyright 1999-2012 Gentoo Foundation
121 # Distributed under the terms of the GNU General Public License v2
122 # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d-r1,v 1.1 2012/09/28 00:45:26 blueness Exp $
123
124 # Config file for /etc/init.d/racoon
125
126 # See the man page or run `racoon --help` for valid command-line options
127 # RACOON_OPTS="-d"
128
129 RACOON_CONF="/etc/racoon/racoon.conf"
130 RACOON_PSK_FILE="/etc/racoon/psk.txt"
131
132 # The amount of time in ms for start-stop-daemon to wait before a timeout
133 # Racoon can sometimes be slow. We'll wait 1 sec. Bug #435398.
134
135 RACOON_WAIT="1000"
136
137 # The setkey config file. Don't name it ipsec.conf as this clashes
138 # with strongswan. We'll follow debian's naming. Bug #436144.
139
140 SETKEY_CONF="/etc/ipsec-tools.conf"
141
142 # Comment or remove the following if you don't want the policy tables
143 # to be flushed when racoon is stopped.
144
145 RACOON_RESET_TABLES="true"