From d38ed86f8b56436e420eb5f89dcb2393450939e4 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 15 Mar 2017 12:56:05 +0000
Subject: [PATCH] strongswan: Disable IPv6 by default

IPFire 2 does not have IPv6 connectivity with exception of a
few systems for testing where IPsec connections become a little
bit unstable when trying to connect over IPv6.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 .../rootfiles/core/110/filelists/strongswan   |  1 +
 lfs/strongswan                                |  1 +
 src/patches/strongswan-disable-ipv6.patch     | 24 +++++++++++++++++++
 3 files changed, 26 insertions(+)
 create mode 120000 config/rootfiles/core/110/filelists/strongswan
 create mode 100644 src/patches/strongswan-disable-ipv6.patch

diff --git a/config/rootfiles/core/110/filelists/strongswan b/config/rootfiles/core/110/filelists/strongswan
new file mode 120000
index 0000000000..90c727e265
--- /dev/null
+++ b/config/rootfiles/core/110/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/lfs/strongswan b/lfs/strongswan
index 0af9e9dbee..fffa9af0f2 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -78,6 +78,7 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-disable-ipv6.patch
 	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-ipfire.patch
 
 	cd $(DIR_APP) && ./configure \
diff --git a/src/patches/strongswan-disable-ipv6.patch b/src/patches/strongswan-disable-ipv6.patch
new file mode 100644
index 0000000000..e459941cc0
--- /dev/null
+++ b/src/patches/strongswan-disable-ipv6.patch
@@ -0,0 +1,24 @@
+diff --git a/conf/plugins/socket-default.opt b/conf/plugins/socket-default.opt
+index 483a0f03d584..6fc7c2db47a7 100644
+--- a/conf/plugins/socket-default.opt
++++ b/conf/plugins/socket-default.opt
+@@ -7,5 +7,5 @@ charon.plugins.socket-default.set_source = yes
+ charon.plugins.socket-default.use_ipv4 = yes
+ 	Listen on IPv4, if possible.
+ 
+-charon.plugins.socket-default.use_ipv6 = yes
++charon.plugins.socket-default.use_ipv6 = no
+ 	Listen on IPv6, if possible.
+diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c
+index ba22b0c2bdb6..da6989d81d7a 100644
+--- a/src/libcharon/plugins/socket_default/socket_default_socket.c
++++ b/src/libcharon/plugins/socket_default/socket_default_socket.c
+@@ -748,7 +748,7 @@ static bool use_family(int family)
+ 						"%s.plugins.socket-default.use_ipv4", TRUE, lib->ns);
+ 		case AF_INET6:
+ 			return lib->settings->get_bool(lib->settings,
+-						"%s.plugins.socket-default.use_ipv6", TRUE, lib->ns);
++						"%s.plugins.socket-default.use_ipv6", FALSE, lib->ns);
+ 		default:
+ 			return FALSE;
+ 	}
-- 
2.39.2