- update to 0.5.1
- adds a sample split vpn script from Thomas Schoeller, tested by many - thanks! ok sthen@ landry@
This commit is contained in:
parent
49ba93287b
commit
f1876a2bc5
@ -1,9 +1,8 @@
|
||||
# $OpenBSD: Makefile,v 1.12 2007/09/15 23:30:01 merdely Exp $
|
||||
# $OpenBSD: Makefile,v 1.13 2008/04/04 21:41:27 okan Exp $
|
||||
|
||||
COMMENT= client for Cisco 3000 VPN concentrators
|
||||
|
||||
DISTNAME= vpnc-0.3.3
|
||||
PKGNAME= ${DISTNAME}p1
|
||||
DISTNAME= vpnc-0.5.1
|
||||
CATEGORIES= security net
|
||||
|
||||
HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/
|
||||
@ -25,6 +24,7 @@ NO_REGRESS= Yes
|
||||
do-configure:
|
||||
@perl -pi -e "s,/etc,${SYSCONFDIR},g" ${WRKSRC}/{README,config.c}
|
||||
@sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/vpnc.sh > ${WRKBUILD}/vpnc.sh
|
||||
@sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/split.sh > ${WRKBUILD}/split.sh
|
||||
|
||||
do-install:
|
||||
${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin
|
||||
@ -33,6 +33,7 @@ do-install:
|
||||
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc
|
||||
${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc
|
||||
${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc
|
||||
${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc
|
||||
${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc
|
||||
${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag==
|
||||
RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo=
|
||||
SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo=
|
||||
SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c=
|
||||
SIZE (vpnc-0.3.3.tar.gz) = 59939
|
||||
MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw==
|
||||
RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI=
|
||||
SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0=
|
||||
SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0=
|
||||
SIZE (vpnc-0.5.1.tar.gz) = 91496
|
||||
|
19
security/vpnc/files/split.sh
Normal file
19
security/vpnc/files/split.sh
Normal file
@ -0,0 +1,19 @@
|
||||
#!/bin/sh
|
||||
|
||||
# this effectively disables changes to /etc/resolv.conf
|
||||
INTERNAL_IP4_DNS=
|
||||
|
||||
# This sets up split networking regardless
|
||||
# of the concentrators specifications.
|
||||
# You can add as many routes as you want,
|
||||
# but you must set the counter $CISCO_SPLIT_INC
|
||||
# accordingly
|
||||
CISCO_SPLIT_INC=1
|
||||
CISCO_SPLIT_INC_0_ADDR=10.0.0.0
|
||||
CISCO_SPLIT_INC_0_MASK=255.255.0.0
|
||||
CISCO_SPLIT_INC_0_MASKLEN=16
|
||||
CISCO_SPLIT_INC_0_PROTOCOL=0
|
||||
CISCO_SPLIT_INC_0_SPORT=0
|
||||
CISCO_SPLIT_INC_0_DPORT=0
|
||||
|
||||
. /etc/vpnc/vpnc-script
|
@ -1,16 +1,18 @@
|
||||
$OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $
|
||||
--- Makefile.orig Sun May 1 22:30:35 2005
|
||||
+++ Makefile Fri Nov 4 00:03:54 2005
|
||||
@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
|
||||
SBINDIR=$(PREFIX)/sbin
|
||||
MANDIR=$(PREFIX)/share/man
|
||||
$OpenBSD: patch-Makefile,v 1.4 2008/04/04 21:41:27 okan Exp $
|
||||
--- Makefile.orig Thu Sep 6 16:05:15 2007
|
||||
+++ Makefile Wed Sep 19 06:05:20 2007
|
||||
@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION)
|
||||
#OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
|
||||
#OPENSSLLIBS = -lcrypto
|
||||
|
||||
-CC=gcc
|
||||
-CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags)
|
||||
-LDFLAGS=-g $(shell libgcrypt-config --libs)
|
||||
+CC?=gcc
|
||||
+CFLAGS+=-W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags)
|
||||
+LDFLAGS+=$(shell libgcrypt-config --libs)
|
||||
-CFLAGS ?= -O3 -g
|
||||
-CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings
|
||||
-CFLAGS += $(shell libgcrypt-config --cflags)
|
||||
+CC ?= gcc
|
||||
+CFLAGS += -W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags)
|
||||
CPPFLAGS += -DVERSION=\"$(VERSION)\" $(OPENSSL_GPL_VIOLATION)
|
||||
-LDFLAGS ?= -g
|
||||
LDFLAGS += $(shell libgcrypt-config --libs) $(OPENSSLLIBS)
|
||||
|
||||
ifeq ($(shell uname -s), Linux)
|
||||
SYSDEP=sysdep-linux.o
|
||||
ifeq ($(shell uname -s), SunOS)
|
||||
|
@ -1,21 +0,0 @@
|
||||
$OpenBSD: patch-tunip_c,v 1.3 2005/11/11 19:38:07 sturm Exp $
|
||||
--- tunip.c.orig Thu May 5 12:25:00 2005
|
||||
+++ tunip.c Fri Nov 4 00:09:30 2005
|
||||
@@ -436,7 +436,7 @@ int update_sa_addr(struct sa_desc *p)
|
||||
if (new_addr.sin_addr.s_addr != p->source.sin_addr.s_addr) {
|
||||
char addr1[16];
|
||||
p->source.sin_addr = new_addr.sin_addr;
|
||||
- strcpy(addr1, inet_ntoa(p->dest.sin_addr));
|
||||
+ strlcpy(addr1, inet_ntoa(p->dest.sin_addr), sizeof(addr1));
|
||||
syslog(LOG_NOTICE,
|
||||
"local address for %s is %s", addr1, inet_ntoa(p->source.sin_addr));
|
||||
return 1;
|
||||
@@ -844,7 +844,7 @@ static void vpnc_main_loop(struct peer_d
|
||||
|| from.sin_addr.s_addr != peer->remote_sa->dest.sin_addr.s_addr) {
|
||||
/* remote end changed address */
|
||||
char addr1[16];
|
||||
- strcpy(addr1, inet_ntoa(peer->remote_sa->dest.sin_addr));
|
||||
+ strlcpy(addr1, inet_ntoa(peer->remote_sa->dest.sin_addr), sizeof(addr1));
|
||||
syslog(LOG_NOTICE,
|
||||
"spi %u: remote address changed from %s to %s",
|
||||
peer->remote_sa->spi, addr1, inet_ntoa(from.sin_addr));
|
@ -1,64 +1,26 @@
|
||||
$OpenBSD: patch-vpnc-script,v 1.1 2005/11/11 19:38:07 sturm Exp $
|
||||
--- vpnc-script.orig Thu Nov 3 23:39:23 2005
|
||||
+++ vpnc-script Thu Nov 3 23:51:02 2005
|
||||
@@ -70,7 +70,7 @@ do_ifconfig() {
|
||||
ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up
|
||||
}
|
||||
$OpenBSD: patch-vpnc-script,v 1.2 2008/04/04 21:41:27 okan Exp $
|
||||
--- vpnc-script.orig Thu Sep 6 22:05:15 2007
|
||||
+++ vpnc-script Thu Sep 13 21:53:21 2007
|
||||
@@ -108,7 +108,7 @@ destroy_tun_device() {
|
||||
|
||||
# =========== route handling ====================================
|
||||
|
||||
-if [ -n "$IPROUTE" ]; then
|
||||
+if [ -x "$IPROUTE" ]; then
|
||||
fix_ip_get_output () {
|
||||
sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g'
|
||||
sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g'
|
||||
}
|
||||
@@ -117,7 +117,11 @@ if [ -n "$IPROUTE" ]; then
|
||||
}
|
||||
else
|
||||
get_default_gw() {
|
||||
- netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
|
||||
+ if [ "$OS" = "OpenBSD" ]; then
|
||||
+ netstat -r -n | grep '^default' | awk '{print $2}'
|
||||
+ else
|
||||
+ netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
|
||||
+ fi
|
||||
}
|
||||
|
||||
set_vpngateway_route() {
|
||||
@@ -215,15 +219,21 @@ do_connect() {
|
||||
echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
|
||||
echo
|
||||
fi
|
||||
-
|
||||
+
|
||||
+ if [ ! -d /var/run/vpnc ]; then
|
||||
+ mkdir /var/run/vpnc || exit $?
|
||||
+ fi
|
||||
+
|
||||
do_ifconfig
|
||||
set_vpngateway_route
|
||||
if [ -n "$CISCO_SPLIT_INC" ]; then
|
||||
- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
|
||||
+ i=0
|
||||
+ while [ $i -lt $CISCO_SPLIT_INC ]; do
|
||||
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
|
||||
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
|
||||
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
|
||||
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
||||
+ i=`expr $i + 1`
|
||||
done
|
||||
for i in $INTERNAL_IP4_DNS ; do
|
||||
set_network_route "$i" "255.255.255.255" "32"
|
||||
@@ -239,11 +249,13 @@ do_connect() {
|
||||
|
||||
do_disconnect() {
|
||||
if [ -n "$CISCO_SPLIT_INC" ]; then
|
||||
- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
|
||||
+ i=0
|
||||
+ while [ $i -lt $CISCO_SPLIT_INC ]; do
|
||||
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
|
||||
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
|
||||
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
|
||||
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
||||
+ i=`expr $i + 1`
|
||||
done
|
||||
for i in $INTERNAL_IP4_DNS ; do
|
||||
del_network_route "$i" "255.255.255.255" "32"
|
||||
@@ -195,6 +195,13 @@ else # use route command
|
||||
case "$OS" in
|
||||
Linux|NetBSD) # and probably others...
|
||||
# routes are deleted automatically on device shutdown
|
||||
+ return
|
||||
+ ;;
|
||||
+ OpenBSD)
|
||||
+ # delete only routes that are present
|
||||
+ if [ `route -n get $1|grep $2|wc -l` -ne 0 ]; then
|
||||
+ route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
|
||||
+ fi
|
||||
return
|
||||
;;
|
||||
esac
|
||||
|
@ -1,7 +1,7 @@
|
||||
$OpenBSD: patch-vpnc_c,v 1.2 2005/11/11 19:38:07 sturm Exp $
|
||||
--- vpnc.c.orig Fri Nov 4 00:09:49 2005
|
||||
+++ vpnc.c Fri Nov 4 00:11:03 2005
|
||||
@@ -196,10 +196,11 @@ static void addenv(const void *name, con
|
||||
$OpenBSD: patch-vpnc_c,v 1.3 2008/04/04 21:41:27 okan Exp $
|
||||
--- vpnc.c.orig Mon Sep 10 15:39:48 2007
|
||||
+++ vpnc.c Wed Sep 12 16:47:27 2007
|
||||
@@ -159,10 +159,11 @@ static void addenv(const void *name, const char *value
|
||||
|
||||
oldval = getenv(name);
|
||||
if (oldval != NULL) {
|
||||
|
10
security/vpnc/patches/patch-vpnc_conf
Normal file
10
security/vpnc/patches/patch-vpnc_conf
Normal file
@ -0,0 +1,10 @@
|
||||
$OpenBSD: patch-vpnc_conf,v 1.1 2008/04/04 21:41:27 okan Exp $
|
||||
--- vpnc.conf.orig Thu Sep 13 22:40:00 2007
|
||||
+++ vpnc.conf Thu Sep 13 22:39:04 2007
|
||||
@@ -4,3 +4,6 @@ IPSec secret <group-psk>
|
||||
IKE Authmode hybrid
|
||||
Xauth username <username>
|
||||
Xauth password <password>
|
||||
+
|
||||
+# run script to manipulate dns and routing settings
|
||||
+#Script /etc/vpnc/split.sh
|
@ -1,10 +1,14 @@
|
||||
@comment $OpenBSD: PLIST,v 1.5 2006/06/29 17:26:15 steven Exp $
|
||||
@comment $OpenBSD: PLIST,v 1.6 2008/04/04 21:41:27 okan Exp $
|
||||
@man man/man8/vpnc.8
|
||||
sbin/vpnc
|
||||
share/doc/vpnc/
|
||||
share/doc/vpnc/README
|
||||
share/examples/vpnc/
|
||||
@sample ${SYSCONFDIR}/vpnc/
|
||||
share/examples/vpnc/split.sh
|
||||
@mode 0755
|
||||
@sample ${SYSCONFDIR}/vpnc/split.sh
|
||||
@mode
|
||||
share/examples/vpnc/vpnc-script
|
||||
@mode 0755
|
||||
@sample ${SYSCONFDIR}/vpnc/vpnc-script
|
||||
|
Loading…
Reference in New Issue
Block a user