Add ipsec.user.conf & secrets for user defined connections (e.g. XAUTH).

author Arne Fitzenreiter <arne_f@ipfire.org>

Sat, 26 Jun 2010 17:44:02 +0000 (19:44 +0200)

committer Arne Fitzenreiter <arne_f@ipfire.org>

Sat, 26 Jun 2010 17:44:02 +0000 (19:44 +0200)
author Arne Fitzenreiter <arne_f@ipfire.org>
Sat, 26 Jun 2010 17:44:02 +0000 (19:44 +0200)
committer Arne Fitzenreiter <arne_f@ipfire.org>
Sat, 26 Jun 2010 17:44:02 +0000 (19:44 +0200)
diff --git a/config/etc/ipsec.user.conf b/config/etc/ipsec.user.conf

new file mode 100644 (file)

index 0000000..19f35db
--- /dev/null
+++ b/config/etc/ipsec.user.conf
@@ -0,0 +1,2 @@
+# user connections that should not overwritten by the webif
+#
diff --git a/config/etc/ipsec.user.secrets b/config/etc/ipsec.user.secrets

new file mode 100644 (file)

index 0000000..0e0858a
--- /dev/null
+++ b/config/etc/ipsec.user.secrets
@@ -0,0 +1,2 @@
+# user secrets that should not overwritten by the webif
+#
diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2

index f542667df5bb44037a8af6ec6572413e6938e10d..a7655e6b58973b1997dfb1e2c230f4319bfb5a06 100644 (file)
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -15,6 +15,8 @@ etc/hddtemp.db
  etc/host.conf
  etc/inittab
  etc/inputrc
+#etc/ipsec.user.conf
+#etc/ipsec.user.secrets
  etc/issue
  etc/ld.so.conf
  etc/logrotate.conf
diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan

index 4367cd0c92d317483f567ca667030aba9334e8e4..bd0f1dee6ade31db84b3df07618c34170253b12b 100644 (file)
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -1,4 +1,5 @@
  etc/ipsec.conf
+etc/ipsec.user.conf
  #etc/ipsec.d
  etc/ipsec.d/aacerts
  etc/ipsec.d/acerts
@@ -9,6 +10,7 @@ etc/ipsec.d/ocspcerts
  etc/ipsec.d/private
  etc/ipsec.d/reqs
  etc/ipsec.secrets
+etc/ipsec.user.secrets
  etc/strongswan.conf
  #usr/lib/libcharon.a
  #usr/lib/libcharon.la
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi

index 85bb713c32e07cbeaac545d7c4c54b60e06e4512..2ed83f0bc7925c000ef4bff2d05e6c741bf6cd90 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -289,6 +289,12 @@ sub writeipsecfiles {
      #print CONF "\tdisablearrivalcheck=no\n";
      print CONF "\n";
  
+    # Add user includes to config file
+    print CONF "include /etc/ipsec.user.conf\n";
+    print CONF "\n";
+
+    print SECRETS "include /etc/ipsec.user/secrets\n";
+
      if (-f "${General::swroot}/certs/hostkey.pem") {
          print SECRETS ": RSA ${General::swroot}/certs/hostkey.pem\n"
      }
author	Arne Fitzenreiter <arne_f@ipfire.org>
	Sat, 26 Jun 2010 17:44:02 +0000 (19:44 +0200)
committer	Arne Fitzenreiter <arne_f@ipfire.org>
	Sat, 26 Jun 2010 17:44:02 +0000 (19:44 +0200)
config/etc/ipsec.user.conf	[new file with mode: 0644]	patch \| blob
config/etc/ipsec.user.secrets	[new file with mode: 0644]	patch \| blob
config/rootfiles/common/stage2		patch \| blob \| blame \| history
config/rootfiles/common/strongswan		patch \| blob \| blame \| history
html/cgi-bin/vpnmain.cgi		patch \| blob \| blame \| history