+++ /dev/null
-access agent = files
-account agent = iptables
-storage = gdbm
-rules file = /etc/ipac-ng/rules.conf
-drop zero lines = yes
+++ /dev/null
-# Example config file with accounting rules
-# Install as /etc/ipac-ng/rules.conf.iptables
-#
-# Format:
-# Name of rule|direction|interface|protocol|source|destination
-# WARNING!!!! spaces are not allowed before and after '|'.
-#
-# where
-# Name of rule Any string to identify this rule
-# direction ipac~fi - forward in
-# ipac~fo - forward out
-# ipac~i - outgoing from machine with ipac-ng to other host(/net)
-# (or incoming to otherhost)
-# ipac~o - incoming to machine with ipac-ng
-# (or outgoing from otherhost)
-#
-# interface interface name, '+' means all interfaces (dont try to use ip numbers here!)
-# protocol tcp | udp | icmp | all
-# source \
-# destination both as described in ipfwadm(8), or empty
-#
-# incoming:
-
-# lets demonstrate this by following rules.
-# Example 1:
-# there are some hosts in out net 192.168.0.0/24
-# our ipac-ng host has two interfaces - eth0 connected to local net
-# and eth1 to internet
-Incoming GREEN|ipac~i|green0|all|||
-Outgoing GREEN|ipac~o|green0|all|||
-
-Incoming RED (PPP)|ipac~i|ppp0|all|||
-Outgoing RED (PPP)|ipac~o|ppp0|all|||
-
-Incoming RED (ISDN PPP)|ipac~i|ippp0|all|||
-Outgoing RED (ISDN PPP)|ipac~o|ippp0|all|||
* openmailadmin-1.0.0
* openssh-4.7p1
* openssl-0.9.8g
-* openswan-2.4.12
-* openswan-2.4.12-kmod
+* openswan-2.6.16
+* openswan-2.6.16-kmod
* openvpn-2.0.9
* pam_mysql-0.7RC1
* patch-2.5.4
include Config
-VER = 2.4.12
+VER = 2.6.16
THISAPP = openswan-$(VER)
DL_FILE = $(THISAPP).tar.gz
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 0bca0cc205d2d83eff64a7cea825ce7a
+$(DL_FILE)_MD5 = ef0ea8f9082df70c993a035904d538c7
install : $(TARGET)
-e 's%^INC_USRLOCAL.*$$%INC_USRLOCAL=/usr%' \
-e 's%^USERCOMPILE.*$$%USERCOMPILE=$(CFLAGS)%' \
-e 's%^KLIPSCOMPILE.*$$%KLIPSCOMPILE=$(CFLAGS)%' Makefile.inc
+
+ cd $(DIR_APP) && sed -i 's/-Werror//' lib/libdns/Makefile
+ cd $(DIR_APP) && sed -i 's/-Werror//' lib/libisc/Makefile
+ cd $(DIR_APP) && sed -i 's/-Werror//' lib/liblwres/Makefile
+ cd $(DIR_APP) && sed -i 's/-Werror//' programs/Makefile.program
+
cd $(DIR_APP) && make programs
cd $(DIR_APP) && make install
+ # don't know why make this doesnt made
+ cd $(DIR_APP) && cp -a programs/_confread/_confread.in /usr/lib/ipsec/_confread
+
-rm -rfv /etc/rc*.d/*ipsec
cd $(DIR_SRC) && cp src/initscripts/init.d/ipsec /etc/rc.d/init.d/ipsec
rm -f /etc/ipsec.conf /etc/ipsec.secrets
ln -sf $(CONFIG_ROOT)/certs /etc/ipsec.d/certs
ln -sf $(CONFIG_ROOT)/crls /etc/ipsec.d/crls
- cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.12-startklips-1.patch
- cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-updown-1.patch
- cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-updown_x509-1.patch
- cd /etc/ipsec.d/policies && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-clear-1.patch
+ cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-startklips-1.patch
+ cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-updown.klips-1.patch
+ # cd /usr/lib/ipsec && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.4.9-updown_x509-1.patch
+ cd /etc/ipsec.d/policies && patch -Np0 < $(DIR_SRC)/src/patches/openswan-2.6.16-clear-1.patch
endif
#@rm -rf $(DIR_APP)
@$(POSTBUILD)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
-VERSION="2.3-beta3"
+VERSION="2.3-test"
GIT_BRANCH=master:master # Version number
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
--- /dev/null
+--- clear.org 2008-09-07 01:10:26.000000000 +0200
++++ clear 2008-09-07 01:12:23.000000000 +0200
+@@ -3,18 +3,3 @@
+ #
+ # See /usr/share/doc/openswan/policygroups.html for details.
+ #
+-
+-# root name servers should be in the clear
+-192.58.128.30/32
+-198.41.0.4/32
+-192.228.79.201/32
+-192.33.4.12/32
+-128.8.10.90/32
+-192.203.230.10/32
+-192.5.5.241/32
+-192.112.36.4/32
+-128.63.2.53/32
+-192.36.148.17/32
+-193.0.14.129/32
+-199.7.83.42/32
+-202.12.27.33/32
--- /dev/null
+--- _startklips.old 2008-09-07 00:50:40.000000000 +0200
++++ _startklips 2008-09-07 00:50:42.000000000 +0200
+@@ -146,23 +146,35 @@
+
+ # figure out ifconfig for interface
+ addr=
+- eval `ifconfig $phys |
+- awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
+- gsub(/:/, " ", $0)
+- print "addr=" $3
+- other = $5
+- if ($4 == "Bcast")
+- print "type=broadcast"
+- else if ($4 == "P-t-P")
+- print "type=pointopoint"
+- else if (NF == 5) {
+- print "type="
+- other = ""
+- } else
+- print "type=unknown"
+- print "otheraddr=" other
+- print "mask=" $NF
+- }'`
++ eval `ip addr show $phys | awk '$3 ~ /BROADCAST|POINTOPOINT/ {
++ if ($3 ~ /BROADCAST/)
++ print "type=broadcast";
++ else if ($3 ~ /POINTOPOINT/)
++ print "type=pointopoint";
++ else {
++ print "type=";
++ }
++ }'`
++
++ if [ "$type" == "broadcast" ]; then
++ eval `ip addr show $phys | awk '$1 == "inet" { gsub(/\//, " ");
++ print "addr=" $2;
++ print "mask=" $3;
++ print "otheraddr=" $5;
++ }'`
++ elif [ "$type" == "pointopoint" ]; then
++ eval `ip addr show $phys | awk '$1 == "inet" { gsub(/\//, " ");
++ print "addr=" $2;
++ print "mask=" $5;
++ print "otheraddr=" $4;
++ }'`
++ else
++ type="unknown"
++ otheraddr=
++ fi
++
++ eval `whatmask /$mask | awk -F': ' '$1 ~ /^Netmask =/ { print "mask=" $2 }'`
++
+ if test " $addr" = " "
+ then
+ echo "unable to determine address of \`$phys'"
+@@ -171,7 +183,7 @@
+ if test " $type" = " unknown"
+ then
+ echo "\`$phys' is of an unknown type"
+- exit 1
++ exit 1
+ fi
+ if test " $omtu" != " "
+ then
--- /dev/null
+--- /usr/lib/ipsec/_updown.klips 2007-10-14 00:56:15.000000000 +0200
++++ /usr/lib/ipsec/_updown.klips 2007-10-27 00:00:26.000000000 +0200
+@@ -376,8 +376,8 @@
+ # opportunistic encryption work around
+ # need to provide route that eclipses default, without
+ # replacing it.
+- it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+- ip route $1 128.0.0.0/1 $parms2 $parms3"
++ #it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
++ # ip route $1 128.0.0.0/1 $parms2 $parms3"
+ ;;
+ *) it="ip route $1 $parms $parms2 $parms3"
+ ;;
+@@ -401,13 +401,13 @@
+ prepare-host:*|prepare-client:*)
+ # delete possibly-existing route (preliminary to adding a route)
+ case "$PLUTO_PEER_CLIENT" in
+- "0.0.0.0/0")
++ "0.0.0.0/0")
+ # need to provide route that eclipses default, without
+ # replacing it.
+ parms1="0.0.0.0/1"
+ parms2="128.0.0.0/1"
+- it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
+- oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
++ # it="ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1"
++ # oops="`ip route delete $parms1 $IPROUTEARGS 2>&1 ; ip route delete $parms2 $IPROUTEARGS 2>&1`"
+ ;;
+ *)
+ parms="$PLUTO_PEER_CLIENT $IPROUTEARGS"