2024-09-07 12:32:54 +02:00
|
|
|
%define name smeserver-libreswan
|
|
|
|
%define version 0.5
|
2024-09-08 09:49:19 +02:00
|
|
|
%define release 38
|
2024-09-07 12:32:54 +02:00
|
|
|
Summary: Plugin to enable IPSEC connections
|
|
|
|
Name: %{name}
|
|
|
|
Version: %{version}
|
|
|
|
Release: %{release}%{?dist}
|
|
|
|
License: GNU GPL version 2
|
|
|
|
URL: http://libreswan.org/
|
|
|
|
Group: SMEserver/addon
|
|
|
|
Source: %{name}-%{version}.tar.xz
|
|
|
|
|
|
|
|
BuildRoot: /var/tmp/%{name}-%{version}
|
|
|
|
BuildArchitectures: noarch
|
2024-09-08 09:49:19 +02:00
|
|
|
BuildRequires: smeserver-devtools
|
|
|
|
Requires: smeserver-release >= 9.2
|
2024-09-07 12:32:54 +02:00
|
|
|
Requires: libreswan >= 3.29
|
|
|
|
AutoReqProv: no
|
|
|
|
|
|
|
|
%description
|
|
|
|
Libreswan is a free software implementation of the most widely supported and standardised VPN protocol based on ("IPsec") and the Internet Key Exchange ("IKE")
|
|
|
|
|
|
|
|
%changelog
|
2024-09-08 09:49:19 +02:00
|
|
|
* Sun Sep 08 2024 fix-e-smith-pkg.sh by Trevor Batley <trevor@batley.id.au> 0.5-38.sme
|
|
|
|
- Fix e-smith references in smeserver-libreswan [SME: 12732]
|
|
|
|
|
2024-09-07 12:32:54 +02:00
|
|
|
* Sat Sep 07 2024 cvs2git.sh aka Brian Read <brianr@koozali.org> 0.5-37.sme
|
|
|
|
- Roll up patches and move to git repo [SME: 12338]
|
|
|
|
|
|
|
|
* Sat Sep 07 2024 BogusDateBot
|
|
|
|
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
|
|
|
|
by assuming the date is correct and changing the weekday.
|
|
|
|
|
|
|
|
* Wed May 24 2023 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-36.sme
|
|
|
|
- Change ipsec.conf log setting
|
|
|
|
- Create /var/log/pluto/pluto.log
|
|
|
|
- Add reauth 'yes' as an added option
|
|
|
|
- Update createlinks
|
|
|
|
|
|
|
|
* Mon Mar 01 2021 Brian Read <brianr@bjsystems.co.uk> 0.5-35.sme
|
|
|
|
- Initial Import in SME10 tree [SME: 11405]
|
|
|
|
- Update for systemd
|
|
|
|
|
|
|
|
* Mon Feb 17 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-34.sme
|
|
|
|
- auto insert leftsourceip and subnet from internal interface
|
|
|
|
- Force right to have a value
|
|
|
|
|
|
|
|
* Fri Feb 14 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-33.sme
|
|
|
|
- update keyingtries
|
|
|
|
- update virtual-private
|
|
|
|
|
|
|
|
* Thu Jan 30 2020 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-32.sme
|
|
|
|
- Fix xl2tpd status check
|
|
|
|
|
|
|
|
* Thu Oct 17 2019 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-31.sme
|
|
|
|
- Allow rightsubnet for xl2tpd in virtual_private
|
|
|
|
- Add check for empty virtual_private hosts
|
|
|
|
|
|
|
|
* Sun Oct 13 2019 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-30.sme
|
|
|
|
- Fix issue when there is no xl2tpd key
|
|
|
|
|
|
|
|
* Sat Aug 31 2019 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-29.sme
|
|
|
|
- Bump required Libreswan to 3.29
|
|
|
|
- add reauth option
|
|
|
|
|
|
|
|
* Thu Jun 21 2018 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-28.sme
|
|
|
|
- Bump required Libreswan to 3.23
|
|
|
|
- Change forceencaps to encapsulation
|
|
|
|
- Remove obsolete nat_traversal
|
|
|
|
- Modify ipsec.conf for no rightsubnet in xl2tpd
|
|
|
|
|
|
|
|
* Tue Sep 19 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-27.sme
|
|
|
|
- Allow variable network interface names - Stefano Zamboni
|
|
|
|
|
|
|
|
* Thu Jun 15 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-26.sme
|
|
|
|
- add keep-alive option in main ipsec.conf
|
|
|
|
- add forceencaps option overall default and per connection
|
|
|
|
- small code tidy
|
|
|
|
- Add support for L2TPD
|
|
|
|
|
|
|
|
* Thu Jan 26 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-25.sme
|
|
|
|
- Fix the ipsec.conf as well
|
|
|
|
- remove automatic \@ in IDs - Fixes [SME: 9729]
|
|
|
|
|
|
|
|
* Thu Jan 26 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-24.sme
|
|
|
|
- remove automatic \@ in IDs - Fixes [SME: 9729]
|
|
|
|
- fix swapped left/right IDs in password file
|
|
|
|
|
|
|
|
* Wed Jan 25 2017 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-23.sme
|
|
|
|
- Add the ability to use PEM/PKCS#12 certificates - fixes [SME: 9942]
|
|
|
|
- lots of code tidying
|
|
|
|
|
|
|
|
* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-22.sme
|
|
|
|
- update logrotate completely now I realise it is symlinked
|
|
|
|
- remove UPDPort and add UPDPorts due to ipsec v2
|
|
|
|
|
|
|
|
* Wed Dec 21 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-21.sme
|
|
|
|
- add more variations for ike v1/2
|
|
|
|
- remove logrotate template
|
|
|
|
- add /etc/e-smith/events/logrotate/logfiles2timestamp/var/log/pluto.log
|
|
|
|
- Fix some log noise when first installed and still disabled
|
|
|
|
|
|
|
|
* Sat Apr 23 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-20.sme
|
|
|
|
- Fix typo in createlinks for sysctl.conf
|
|
|
|
|
|
|
|
* Mon Apr 04 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-19.sme
|
|
|
|
- Fix ID in ipsec.secrets if ID is set
|
|
|
|
|
|
|
|
* Thu Mar 24 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-18.sme
|
|
|
|
- Add debug db key to /etc/ipsec.conf
|
|
|
|
- Remove setting public/private keys as they won't affect unless templates are re-expanded
|
|
|
|
- Set xfrm_larval_drop drop correctly
|
|
|
|
|
|
|
|
* Tue Mar 22 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-17.sme
|
|
|
|
- Move pluto.log to /var/log/pluto
|
|
|
|
- bump libreswan requires version to 3.16
|
|
|
|
- regenerate masq template on ipsec-update
|
|
|
|
- change wiki location page
|
|
|
|
- add sysctl.conf template
|
|
|
|
- modify masq templates for ipsec status enabled/disabled
|
|
|
|
- only load ipsec.conf rather than *.conf to avoid loading v6neighbor-hole.conf
|
|
|
|
|
|
|
|
* Thu Mar 10 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-16.sme
|
|
|
|
- Fix masq templates for missing db entries on install
|
|
|
|
|
|
|
|
* Wed Mar 09 2016 JP Pialasse <tests@pialasse.com> 0.5-15.sme
|
|
|
|
- first import in SME buildsys
|
|
|
|
|
|
|
|
* Wed Feb 17 2016 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-13
|
|
|
|
- Fix small typo in readme
|
|
|
|
|
|
|
|
* Fri Dec 04 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-12
|
|
|
|
- Add keyingtries
|
|
|
|
- Finally fix add issues using asynchronous
|
|
|
|
|
|
|
|
* Wed Dec 02 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-11
|
|
|
|
- Determine host IPtype - static or dynamic IP
|
|
|
|
- auto --up changed to exec
|
|
|
|
- Add checks for Left/Right ID in secrets file
|
|
|
|
|
|
|
|
* Tue Dec 01 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-10
|
|
|
|
- Allow dynamic addresses
|
|
|
|
- Add iptype
|
|
|
|
- disallow " in PSK passwords
|
|
|
|
- Revised logging messages
|
|
|
|
|
|
|
|
* Mon Nov 30 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-9
|
|
|
|
- Amended templates to allow for rsasig. Early cert settings removed
|
|
|
|
|
|
|
|
* Wed Nov 25 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-8
|
|
|
|
- Revised masq templates - disable on ipsec disable
|
|
|
|
- Template ipsec.secrets so Terry won't break it again
|
|
|
|
- Set requires e-smith >=9 and libreswan >=3.14
|
|
|
|
|
|
|
|
* Wed Nov 18 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-7
|
|
|
|
- add 90adjustESP
|
|
|
|
|
|
|
|
* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-6
|
|
|
|
- more update to masq firewalls - change -p 50 to -p ESP
|
|
|
|
|
|
|
|
* Tue Nov 17 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-5
|
|
|
|
- update masq firewall rules
|
|
|
|
- document clean up
|
|
|
|
|
|
|
|
* Wed May 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-4
|
|
|
|
- set dpd actions off if ipsec is 'add'
|
|
|
|
- add salifetime key and rename ikelifetime and keylife
|
|
|
|
- change defaults for salifetime and ikelifetime
|
|
|
|
- add in rsasig support
|
|
|
|
|
|
|
|
* Wed Apr 22 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-3
|
|
|
|
- change default ike from aes-sha to aes-sha1
|
|
|
|
|
|
|
|
* Tue Mar 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-2
|
|
|
|
- More minor fixes - should work OK with xl2tpd
|
|
|
|
|
|
|
|
* Thu Mar 19 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.5-1
|
|
|
|
- Remove templates2expand and added to createlinks
|
|
|
|
- modified ipsec.secret template
|
|
|
|
- various other fixes
|
|
|
|
|
|
|
|
* Fri Mar 13 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-5
|
|
|
|
- Big changes again - now have PreviousState to detect changes
|
|
|
|
- Createlinks to S10 to run after expand-templates
|
|
|
|
|
|
|
|
* Thu Mar 5 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-4
|
|
|
|
- Changed lots. Removed sysctl.conf template
|
|
|
|
- Changed firewall template
|
|
|
|
|
|
|
|
* Tue Mar 3 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-3
|
|
|
|
- Load of code tidying and prep from xl2tpd
|
|
|
|
|
|
|
|
* Fri Feb 27 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-2
|
|
|
|
- Update action script and allow for system not in gateway mode
|
|
|
|
- add ike and phase2alg db settings
|
|
|
|
|
|
|
|
* Tue Feb 24 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.4-1
|
|
|
|
- New ipsec-action script
|
|
|
|
- Numerous template changes
|
|
|
|
|
|
|
|
* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.3-1
|
|
|
|
- remove debugging lines
|
|
|
|
- remove expand templates from spec file
|
|
|
|
- add status check for ipsec.conf
|
|
|
|
- add comment to masq template
|
|
|
|
- updated db defaults
|
|
|
|
- ipsec.conf not expanded on install
|
|
|
|
- missed auto=start
|
|
|
|
|
|
|
|
* Fri Jan 16 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.2-1
|
|
|
|
- remove rc.local modifications
|
|
|
|
- add /etc/sysctl.conf patches
|
|
|
|
|
|
|
|
* Thu Jan 15 2015 John Crisp <jcrisp@safeandsoundit.co.uk> 0.1-1
|
|
|
|
- initial release
|
|
|
|
|
|
|
|
%prep
|
|
|
|
%setup
|
|
|
|
|
|
|
|
%build
|
|
|
|
perl createlinks
|
|
|
|
|
|
|
|
%install
|
|
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
|
|
|
|
rm -f %{name}-%{version}-filelist
|
|
|
|
/sbin/e-smith/genfilelist $RPM_BUILD_ROOT > %{name}-%{version}-filelist
|
|
|
|
echo "%doc COPYING" >> %{name}-%{version}-filelist
|
|
|
|
|
|
|
|
|
|
|
|
%clean
|
|
|
|
cd ..
|
|
|
|
rm -rf %{name}-%{version}
|
|
|
|
|
|
|
|
%files -f %{name}-%{version}-filelist
|
|
|
|
%defattr(-,root,root)
|
|
|
|
|
|
|
|
%pre
|
|
|
|
%preun
|
|
|
|
%post
|
|
|
|
|
|
|
|
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
|
|
|
|
#/sbin/e-smith/expand-template /etc/inittab
|
|
|
|
#/sbin/init q
|
|
|
|
|
|
|
|
if [[ ! -d /var/log/pluto ]]
|
|
|
|
then
|
|
|
|
mkdir /var/log/pluto
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo "see https://wiki.contribs.org/Libreswan"
|
|
|
|
|
|
|
|
%postun
|
|
|
|
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
|
|
|
|
#/sbin/e-smith/expand-template /etc/inittab
|
|
|
|
#/sbin/init q
|