[Openswan Users] [Openswan dev] trying to configure XAUTH as replacement for working Cisco VPN Client
Benny Amorsen
benny+usenet at amorsen.dk
Thu Mar 29 06:03:08 EDT 2007
>>>>> "DN" == Dirk Nehring <dnehring at marcant.net> writes:
DN> Where can I find the patches? I can iintegrate your changes in
DN> FreeWRT/trunk.
Ok this has proven way more popular than I imagined. No guarantees,
the result has been checked but my diff may have been faulty.
diff -urN whiterussian-0.9/package/openswan/Makefile whiterussian-0.9-newopenswan/package/openswan/Makefile
--- whiterussian-0.9/package/openswan/Makefile 2006-08-22 16:21:30.000000000 +0200
+++ whiterussian-0.9-newopenswan/package/openswan/Makefile 2007-02-26 20:45:25.000000000 +0100
@@ -3,11 +3,11 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=openswan
-PKG_VERSION:=2.4.6
+PKG_VERSION:=2.4.8rc1
PKG_RELEASE:=1
-PKG_MD5SUM:=b34d71ca49dedad017879b0e912d40dd
+PKG_MD5SUM:=873613c7e691e1fd8cedfeb6dc71a729
-PKG_SOURCE_URL:=http://www.openswan.org/download
+PKG_SOURCE_URL:=http://www.openswan.org/download/testing
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_CAT:=zcat
diff -urN whiterussian-0.9/package/openswan/patches/110-scripts.patch whiterussian-0.9-newopenswan/package/openswan/patches/110-scripts.patch
--- whiterussian-0.9/package/openswan/patches/110-scripts.patch 2006-11-15 10:21:46.000000000 +0100
+++ whiterussian-0.9-newopenswan/package/openswan/patches/110-scripts.patch 2007-02-26 21:05:14.000000000 +0100
@@ -154,9 +154,9 @@
if (stat(PROC_NETKEY,&stb)==0) {
_netkey_module_loaded = 1;
diff -urN openswan.old/programs/_startklips/_startklips.in openswan.dev/programs/_startklips/_startklips.in
---- openswan.old/programs/_startklips/_startklips.in 2006-10-08 20:43:21.000000000 +0200
-+++ openswan.dev/programs/_startklips/_startklips.in 2006-10-08 20:41:46.000000000 +0200
-@@ -242,7 +242,7 @@
+--- openswan.old/programs/_startklips/_startklips.in.orig 2006-11-13 21:27:18.000000000 +0100
++++ openswan.dev/programs/_startklips/_startklips.in 2007-02-26 21:01:38.000000000 +0100
+@@ -249,7 +249,7 @@
fi
if test -f $moduleinstplace/$wantgoo
then
@@ -165,79 +165,74 @@
echo "Copying $moduleinstplace/$wantgoo to $module."
rm -f $module
mkdir -p $moduleplace
-@@ -262,15 +262,15 @@
+@@ -269,16 +269,16 @@
echo "FATAL ERROR: Both KLIPS and NETKEY IPsec code is present in kernel"
exit
fi
-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn ipsec
+if test ! -f $ipsecversion && test ! -f $netkey && insmod -q ipsec
then
- # statically compiled KLIPS/NETKEY not found; try to load the module
-- modprobe ipsec
-+ insmod ipsec
+ # statically compiled KLIPS/NETKEY not found; but there seems to be an ipsec module
+- modprobe ipsec 2> /dev/null
++ insmod ipsec 2> /dev/null
fi
- if test ! -f $ipsecversion && test ! -f $netkey
+-if test ! -f $ipsecversion && test ! -f $netkey && modprobe -qn af_key
++if test ! -f $ipsecversion && test ! -f $netkey && insmod -q af_key
then
-- modprobe -v af_key
-+ insmod -v af_key
+ # netkey should work then
+- modprobe af_key 2> /dev/null
++ insmod af_key 2> /dev/null
fi
+ if test ! -f $ipsecversion && test ! -f $netkey
+ then
+@@ -291,27 +291,27 @@
+ # modules shared between klips and netkey
+ if test -f $modules
+ then
+- # we modprobe hw_random so ipsec verify can complain about not using it
+- modprobe -q hw_random 2> /dev/null
++ # we insmod hw_random so ipsec verify can complain about not using it
++ insmod -q hw_random 2> /dev/null
+ # padlock must load before aes module
+- modprobe -q padlock 2> /dev/null
++ insmod -q padlock 2> /dev/null
+ # load the most common ciphers/algo's
+- modprobe -q sha256 2> /dev/null
+- modprobe -q sha1 2> /dev/null
+- modprobe -q md5 2> /dev/null
+- modprobe -q des 2> /dev/null
+- modprobe -q aes 2> /dev/null
++ insmod -q sha256 2> /dev/null
++ insmod -q sha1 2> /dev/null
++ insmod -q md5 2> /dev/null
++ insmod -q des 2> /dev/null
++ insmod -q aes 2> /dev/null
- if test -f $netkey
-@@ -278,25 +278,25 @@
- klips=false
- if test -f $modules
+ if test -f $netkey
then
-- modprobe -qv ah4
-- modprobe -qv esp4
-- modprobe -qv ipcomp
-+ insmod -qv ah4
-+ insmod -qv esp4
-+ insmod -qv ipcomp
+ klips=false
+- modprobe -q ah4 2> /dev/null
+- modprobe -q esp4 2> /dev/null
+- modprobe -q ipcomp 2> /dev/null
++ insmod -q ah4 2> /dev/null
++ insmod -q esp4 2> /dev/null
++ insmod -q ipcomp 2> /dev/null
# xfrm4_tunnel is needed by ipip and ipcomp
-- modprobe -qv xfrm4_tunnel
-+ insmod -qv xfrm4_tunnel
+- modprobe -q xfrm4_tunnel 2> /dev/null
++ insmod -q xfrm4_tunnel 2> /dev/null
# xfrm_user contains netlink support for IPsec
-- modprobe -qv xfrm_user
-+ insmod -qv xfrm_user
- if [ -n "`cat /proc/cpuinfo |grep Nehemiah`" ]
- then
- echo "VIA Nehemiah detected, probing for PadLock"
-- modprobe -qv hw_random
-+ insmod -qv hw_random
- # padlock must load before aes module
-- modprobe -qv padlock
-+ insmod -qv padlock
- fi
- # load the most common ciphers/algo's
-- modprobe -qv sha1
-- modprobe -qv md5
-- modprobe -qv des
-- modprobe -qv aes
-+ insmod -qv sha1
-+ insmod -qv md5
-+ insmod -qv des
-+ insmod -qv aes
+- modprobe -q xfrm_user 2> /dev/null
++ insmod -q xfrm_user 2> /dev/null
fi
- fi
-@@ -312,10 +312,16 @@
+ if test ! -f $ipsecversion && $klips
+@@ -324,7 +324,7 @@
fi
- unset MODPATH MODULECONF # no user overrides!
- depmod -a >/dev/null 2>&1
-- modprobe -qv hw_random
-+ insmod -qv hw_random
- # padlock must load before aes module
-- modprobe -qv padlock
-- modprobe -v ipsec
-+ insmod -qv padlock
-+ if [ -f insmod ]
-+ then
-+ insmod -v ipsec
-+ elif [ -f insmod ]
-+ then
-+ insmod ipsec
-+ fi
- fi
- if test ! -f $ipsecversion
- then
+ unset MODPATH MODULECONF # no user overrides!
+ depmod -a >/dev/null 2>&1
+- modprobe -v ipsec
++ insmod -v ipsec
+ if test ! -f $ipsecversion
+ then
+ echo "kernel appears to lack IPsec support (neither CONFIG_KLIPS or CONFIG_NET_KEY are set)"
More information about the Users
mailing list