From 63043a1b44d360006cae4d4311506b972b63f2b7 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sat, 26 Jun 2010 19:44:02 +0200 Subject: [PATCH] Add ipsec.user.conf & secrets for user defined connections (e.g. XAUTH). --- config/etc/ipsec.user.conf | 2 ++ config/etc/ipsec.user.secrets | 2 ++ config/rootfiles/common/stage2 | 2 ++ config/rootfiles/common/strongswan | 2 ++ html/cgi-bin/vpnmain.cgi | 6 ++++++ 5 files changed, 14 insertions(+) create mode 100644 config/etc/ipsec.user.conf create mode 100644 config/etc/ipsec.user.secrets diff --git a/config/etc/ipsec.user.conf b/config/etc/ipsec.user.conf new file mode 100644 index 0000000000..19f35db8b2 --- /dev/null +++ b/config/etc/ipsec.user.conf @@ -0,0 +1,2 @@ +# user connections that should not overwritten by the webif +# diff --git a/config/etc/ipsec.user.secrets b/config/etc/ipsec.user.secrets new file mode 100644 index 0000000000..0e0858aa8a --- /dev/null +++ b/config/etc/ipsec.user.secrets @@ -0,0 +1,2 @@ +# user secrets that should not overwritten by the webif +# diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index f542667df5..a7655e6b58 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -15,6 +15,8 @@ etc/hddtemp.db etc/host.conf etc/inittab etc/inputrc +#etc/ipsec.user.conf +#etc/ipsec.user.secrets etc/issue etc/ld.so.conf etc/logrotate.conf diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index 4367cd0c92..bd0f1dee6a 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -1,4 +1,5 @@ etc/ipsec.conf +etc/ipsec.user.conf #etc/ipsec.d etc/ipsec.d/aacerts etc/ipsec.d/acerts @@ -9,6 +10,7 @@ etc/ipsec.d/ocspcerts etc/ipsec.d/private etc/ipsec.d/reqs etc/ipsec.secrets +etc/ipsec.user.secrets etc/strongswan.conf #usr/lib/libcharon.a #usr/lib/libcharon.la diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 85bb713c32..2ed83f0bc7 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -289,6 +289,12 @@ sub writeipsecfiles { #print CONF "\tdisablearrivalcheck=no\n"; print CONF "\n"; + # Add user includes to config file + print CONF "include /etc/ipsec.user.conf\n"; + print CONF "\n"; + + print SECRETS "include /etc/ipsec.user/secrets\n"; + if (-f "${General::swroot}/certs/hostkey.pem") { print SECRETS ": RSA ${General::swroot}/certs/hostkey.pem\n" } -- 2.39.2