From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sun, 19 Dec 2010 14:11:40 +0000 (+0100)
Subject: Updater: add keyexchange=ikev1 to ipsec.conf.
X-Git-Tag: v2.9-beta2~10
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=c599b6dfea0babccad9eef077e48e1a0fffed3f1

Updater: add keyexchange=ikev1 to ipsec.conf.
---

diff --git a/config/rootfiles/core/44/update.sh b/config/rootfiles/core/44/update.sh
index 1efccb7b84..c0abbe766c 100644
--- a/config/rootfiles/core/44/update.sh
+++ b/config/rootfiles/core/44/update.sh
@@ -85,6 +85,8 @@ cp -vf /boot/grub/grub.conf /boot/grub/grub.conf.org
 #
 /etc/init.d/snort stop
 /etc/init.d/squid stop
+/etc/init.d/ipsec stop
+
 #
 #
 # Remove old snort...
@@ -164,11 +166,17 @@ if [ ! -z $SWAP ]; then
 	echo "WARNING! swap not found!!!"
 fi
 
+#new strongswan need keyexchange=ikev1 because this is not default anymore
+mv /var/ipfire/vpn/ipsec.conf /var/ipfire/vpn/ipsec.conf.org
+grep -v "keyexchange=ikev1" /var/ipfire/vpn/ipsec.conf.org > /var/ipfire/vpn/ipsec.conf
+sed -i "s|^conn [A-Za-z].*$|&\n\tkeyexchange=ikev1|g" /var/ipfire/vpn/ipsec.conf
+
 #
 # Start services
 #
 /etc/init.d/squid start
 /etc/init.d/snort start
+/etc/init.d/ipsec start
 
 
 # Add pakfire and fireinfo cronjobs...