[Openswan dev] [Openswan Users] trying to configure XAUTH as replacement for working Cisco VPN Client

Benny Amorsen benny+usenet at amorsen.dk
Thu Mar 29 06:03:08 EDT 2007


>>>>> "DN" == Dirk Nehring <dnehring at marcant.net> writes:

DN> Where can I find the patches? I can iintegrate your changes in
DN> FreeWRT/trunk.

Ok this has proven way more popular than I imagined. No guarantees,
the result has been checked but my diff may have been faulty.



diff -urN whiterussian-0.9/package/openswan/Makefile whiterussian-0.9-newopenswan/package/openswan/Makefile
--- whiterussian-0.9/package/openswan/Makefile	2006-08-22 16:21:30.000000000 +0200
+++ whiterussian-0.9-newopenswan/package/openswan/Makefile	2007-02-26 20:45:25.000000000 +0100
@@ -3,11 +3,11 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openswan
-PKG_VERSION:=2.4.6
+PKG_VERSION:=2.4.8rc1
 PKG_RELEASE:=1
-PKG_MD5SUM:=b34d71ca49dedad017879b0e912d40dd
+PKG_MD5SUM:=873613c7e691e1fd8cedfeb6dc71a729
 
-PKG_SOURCE_URL:=http://www.openswan.org/download
+PKG_SOURCE_URL:=http://www.openswan.org/download/testing
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_CAT:=zcat
diff -urN whiterussian-0.9/package/openswan/patches/110-scripts.patch whiterussian-0.9-newopenswan/package/openswan/patches/110-scripts.patch
--- whiterussian-0.9/package/openswan/patches/110-scripts.patch	2006-11-15 10:21:46.000000000 +0100
+++ whiterussian-0.9-newopenswan/package/openswan/patches/110-scripts.patch	2007-02-26 21:05:14.000000000 +0100
@@ -154,9 +154,9 @@
  		if (stat(PROC_NETKEY,&stb)==0) {
  			_netkey_module_loaded = 1;
 diff -urN openswan.old/programs/_startklips/_startklips.in openswan.dev/programs/_startklips/_startklips.in
---- openswan.old/programs/_startklips/_startklips.in	2006-10-08 20:43:21.000000000 +0200
-+++ openswan.dev/programs/_startklips/_startklips.in	2006-10-08 20:41:46.000000000 +0200
-@@ -242,7 +242,7 @@
+--- openswan.old/programs/_startklips/_startklips.in.orig	2006-11-13 21:27:18.000000000 +0100
++++ openswan.dev/programs/_startklips/_startklips.in	2007-02-26 21:01:38.000000000 +0100
+@@ -249,7 +249,7 @@
          fi
          if test -f $moduleinstplace/$wantgoo
          then
@@ -165,79 +165,74 @@
                  echo "Copying $moduleinstplace/$wantgoo to $module."
                  rm -f $module
                  mkdir -p $moduleplace
-@@ -262,15 +262,15 @@
+@@ -269,16 +269,16 @@
      echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
      exit
  fi
 -if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
 +if test ! -f $ipsecversion && test ! -f $netkey && insmod -q ipsec
  then
-     # statically compiled KLIPS/NETKEY not found; try to load the module
--    modprobe ipsec
-+    insmod ipsec
+ 	# statically compiled KLIPS/NETKEY not found; but there seems to be an ipsec module
+-	modprobe ipsec 2> /dev/null
++	insmod ipsec 2> /dev/null
  fi
  
- if test ! -f $ipsecversion && test ! -f $netkey
+-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn af_key
++if test ! -f $ipsecversion && test ! -f $netkey && insmod -q af_key
  then
--	modprobe -v af_key
-+	insmod -v af_key
+ 	# netkey should work then
+-	modprobe af_key 2> /dev/null
++	insmod af_key 2> /dev/null
  fi
+ if test ! -f $ipsecversion && test ! -f $netkey 
+ then
+@@ -291,27 +291,27 @@
+ # modules shared between klips and netkey
+ if test -f $modules
+ then
+-	# we modprobe hw_random so ipsec verify can complain about not using it
+-	modprobe -q hw_random 2> /dev/null
++	# we insmod hw_random so ipsec verify can complain about not using it
++	insmod -q hw_random 2> /dev/null
+ 	# padlock must load before aes module
+-	modprobe -q padlock 2> /dev/null
++	insmod -q padlock 2> /dev/null
+ 	# load the most common ciphers/algo's
+-	modprobe -q sha256 2> /dev/null
+-	modprobe -q sha1 2> /dev/null
+-	modprobe -q md5 2> /dev/null
+-	modprobe -q des 2> /dev/null
+-	modprobe -q aes 2> /dev/null
++	insmod -q sha256 2> /dev/null
++	insmod -q sha1 2> /dev/null
++	insmod -q md5 2> /dev/null
++	insmod -q des 2> /dev/null
++	insmod -q aes 2> /dev/null
  
- if test -f $netkey
-@@ -278,25 +278,25 @@
- 	klips=false
- 	if test -f $modules
+ 	if test -f $netkey
  	then
--		modprobe -qv ah4
--		modprobe -qv esp4
--		modprobe -qv ipcomp
-+		insmod -qv ah4
-+		insmod -qv esp4
-+		insmod -qv ipcomp
+ 		klips=false
+-		modprobe -q ah4 2> /dev/null
+-		modprobe -q esp4 2> /dev/null
+-		modprobe -q ipcomp 2> /dev/null
++		insmod -q ah4 2> /dev/null
++		insmod -q esp4 2> /dev/null
++		insmod -q ipcomp 2> /dev/null
  		#  xfrm4_tunnel is needed by ipip and ipcomp
--		modprobe -qv xfrm4_tunnel
-+		insmod -qv xfrm4_tunnel
+-		modprobe -q xfrm4_tunnel 2> /dev/null
++		insmod -q xfrm4_tunnel 2> /dev/null
  		# xfrm_user contains netlink support for IPsec 
--		modprobe -qv xfrm_user
-+		insmod -qv xfrm_user
- 		if [ -n "`cat /proc/cpuinfo |grep Nehemiah`" ]
- 		then
- 			echo "VIA Nehemiah detected, probing for PadLock"
--			modprobe -qv hw_random
-+			insmod -qv hw_random
- 			# padlock must load before aes module
--			modprobe -qv padlock
-+			insmod -qv padlock
- 		fi
- 		# load the most common ciphers/algo's
--		modprobe -qv sha1
--		modprobe -qv md5
--		modprobe -qv des
--		modprobe -qv aes
-+		insmod -qv sha1
-+		insmod -qv md5
-+		insmod -qv des
-+		insmod -qv aes
+-		modprobe -q xfrm_user 2> /dev/null
++		insmod -q xfrm_user 2> /dev/null
  	fi
- fi
  
-@@ -312,10 +312,16 @@
+ 	if test ! -f $ipsecversion && $klips
+@@ -324,7 +324,7 @@
  		fi
-                 unset MODPATH MODULECONF        # no user overrides!
-                 depmod -a >/dev/null 2>&1
--		modprobe -qv hw_random
-+		insmod -qv hw_random
- 		# padlock must load before aes module
--		modprobe -qv padlock
--                modprobe -v ipsec
-+		insmod -qv padlock
-+                if [ -f insmod ]
-+		then
-+			insmod -v ipsec
-+		elif [ -f insmod ]
-+		then
-+			insmod ipsec
-+		fi
-         fi
-         if test ! -f $ipsecversion
-         then
+                	unset MODPATH MODULECONF        # no user overrides!
+                	depmod -a >/dev/null 2>&1
+-               	modprobe -v ipsec
++               	insmod -v ipsec
+         	if test ! -f $ipsecversion
+         	then
+                 	echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"



More information about the Dev mailing list