From: | "Anthony G. Basile (blueness)" <blueness@g.o> |
---|---|
To: | gentoo-commits@l.g.o |
Subject: | [gentoo-commits] gentoo-x86 commit in net-firewall/ipsec-tools/files: racoon.init.d-r2 ipsec-tools.conf racoon.conf.d-r1 |
Date: | Fri, 28 Sep 2012 00:45:37 |
Message-Id: | 20120928004526.B2DDE21600@flycatcher.gentoo.org |
1 | blueness 12/09/28 00:45:26 |
2 | |
3 | Added: racoon.init.d-r2 ipsec-tools.conf racoon.conf.d-r1 |
4 | Log: |
5 | Fix bug #435398 and #436144 |
6 | |
7 | (Portage version: 2.1.11.9/cvs/Linux x86_64) |
8 | |
9 | Revision Changes Path |
10 | 1.1 net-firewall/ipsec-tools/files/racoon.init.d-r2 |
11 | |
12 | file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/racoon.init.d-r2?rev=1.1&view=markup |
13 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/racoon.init.d-r2?rev=1.1&content-type=text/plain |
14 | |
15 | Index: racoon.init.d-r2 |
16 | =================================================================== |
17 | #!/sbin/runscript |
18 | # Copyright 1999-2012 Gentoo Foundation |
19 | # Distributed under the terms of the GNU General Public License v2 |
20 | |
21 | depend() { |
22 | before netmount |
23 | use net |
24 | } |
25 | |
26 | checkconfig() { |
27 | if [ ! -e ${SETKEY_CONF} ] ; then |
28 | eerror "You need to configure setkey before starting racoon." |
29 | return 1 |
30 | fi |
31 | if [ ! -e ${RACOON_CONF} ] ; then |
32 | eerror "You need a configuration file to start racoon." |
33 | return 1 |
34 | fi |
35 | if [ ! -z ${RACOON_PSK_FILE} ] ; then |
36 | if [ ! -f ${RACOON_PSK_FILE} ] ; then |
37 | eerror "PSK file not found as specified." |
38 | eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." |
39 | return 1 |
40 | fi |
41 | case "`ls -Lldn ${RACOON_PSK_FILE}`" in |
42 | -r--------*) |
43 | ;; |
44 | *) |
45 | eerror "Your defined PSK file should be mode 400 for security!" |
46 | return 1 |
47 | ;; |
48 | esac |
49 | fi |
50 | } |
51 | |
52 | command=/usr/sbin/racoon |
53 | command_args="-f ${RACOON_CONF} ${RACOON_OPTS}" |
54 | pidfile=/var/run/racoon.pid |
55 | start_stop_daemon_args="--wait ${RACOON_WAIT}" |
56 | |
57 | start_pre() { |
58 | checkconfig || return 1 |
59 | einfo "Loading ipsec policies from ${SETKEY_CONF}." |
60 | /usr/sbin/setkey -f ${SETKEY_CONF} |
61 | if [ $? -eq 1 ] ; then |
62 | eerror "Error while loading ipsec policies" |
63 | fi |
64 | } |
65 | |
66 | stop_post() { |
67 | if [ -n "${RACOON_RESET_TABLES}" ]; then |
68 | ebegin "Flushing policy entries" |
69 | /usr/sbin/setkey -F |
70 | /usr/sbin/setkey -FP |
71 | eend $? |
72 | fi |
73 | } |
74 | |
75 | |
76 | |
77 | 1.1 net-firewall/ipsec-tools/files/ipsec-tools.conf |
78 | |
79 | file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/ipsec-tools.conf?rev=1.1&view=markup |
80 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/ipsec-tools.conf?rev=1.1&content-type=text/plain |
81 | |
82 | Index: ipsec-tools.conf |
83 | =================================================================== |
84 | #!/usr/sbin/setkey -f |
85 | # |
86 | # THIS IS A SAMPLE FILE! |
87 | # |
88 | # This is a sample file to test Gentoo's ipsec-tools out of the box. |
89 | # Do not use it in production. See: http://www.ipsec-howto.org/ |
90 | # |
91 | flush; |
92 | spdflush; |
93 | |
94 | # |
95 | # Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon. |
96 | # Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer |
97 | # |
98 | #add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6; |
99 | #add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b; |
100 | #add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; |
101 | #add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; |
102 | |
103 | # |
104 | # Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer |
105 | # |
106 | #spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require; |
107 | #spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require; |
108 | spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require; |
109 | spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require; |
110 | |
111 | |
112 | |
113 | 1.1 net-firewall/ipsec-tools/files/racoon.conf.d-r1 |
114 | |
115 | file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d-r1?rev=1.1&view=markup |
116 | plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d-r1?rev=1.1&content-type=text/plain |
117 | |
118 | Index: racoon.conf.d-r1 |
119 | =================================================================== |
120 | # Copyright 1999-2012 Gentoo Foundation |
121 | # Distributed under the terms of the GNU General Public License v2 |
122 | # $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d-r1,v 1.1 2012/09/28 00:45:26 blueness Exp $ |
123 | |
124 | # Config file for /etc/init.d/racoon |
125 | |
126 | # See the man page or run `racoon --help` for valid command-line options |
127 | # RACOON_OPTS="-d" |
128 | |
129 | RACOON_CONF="/etc/racoon/racoon.conf" |
130 | RACOON_PSK_FILE="/etc/racoon/psk.txt" |
131 | |
132 | # The amount of time in ms for start-stop-daemon to wait before a timeout |
133 | # Racoon can sometimes be slow. We'll wait 1 sec. Bug #435398. |
134 | |
135 | RACOON_WAIT="1000" |
136 | |
137 | # The setkey config file. Don't name it ipsec.conf as this clashes |
138 | # with strongswan. We'll follow debian's naming. Bug #436144. |
139 | |
140 | SETKEY_CONF="/etc/ipsec-tools.conf" |
141 | |
142 | # Comment or remove the following if you don't want the policy tables |
143 | # to be flushed when racoon is stopped. |
144 | |
145 | RACOON_RESET_TABLES="true" |