ipsec-tools: install a sample config file for racoon

Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
author: Bian Naimeng <biannm@cn.fujitsu.com> 2015-02-16 11:14:34 +0800
committer: Joe MacDonald <joe_macdonald@mentor.com> 2015-02-23 13:40:10 -0500
commit: a900b9b577c625cc899293192f3654b0d2cb0670 (patch)
tree: 72d3f96922c2523f1ebc072cdb3178f84533cc27 /meta-networking
parent: b740f2712f122712b541d1fc1b2db3c43a18c97c (diff)
download: meta-openembedded-a900b9b577c625cc899293192f3654b0d2cb0670.tar.gz
2 files changed, 47 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon.conf.sample b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon.conf.sample
new file mode 100644
index 000000000..2948a4a35
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon.conf.sample
@@ -0,0 +1,40 @@
+#
+# NOTE: This file will not be used if you use racoon-tool(8) to manage your
+# IPsec connections. racoon-tool will process racoon-tool.conf(5) and
+# generate a configuration (/var/lib/racoon/racoon.conf) and use it, instead
+# of this file.
+#
+# Simple racoon.conf
+# 
+#
+# Please look in /usr/share/doc/racoon/examples for
+# examples that come with the source.
+#
+# Please read racoon.conf(5) for details, and alsoread setkey(8).
+#
+#
+# Also read the Linux IPSEC Howto up at 
+# http://www.ipsec-howto.org/t1.html 
+#
+log notify;
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+#remote 172.31.1.1 {
+#        exchange_mode main,aggressive;
+#        proposal {
+#                encryption_algorithm 3des;
+#                hash_algorithm sha1;
+#                authentication_method pre_shared_key;
+#                dh_group modp1024;
+#        }
+#        generate_policy off;
+#}
+# 
+#sainfo address 192.168.203.10[any] any address 192.168.22.0/24[any] any {
+#        pfs_group modp768;
+#        encryption_algorithm 3des;
+#        authentication_algorithm hmac_md5;
+#        compression_algorithm deflate;
+#}
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
index 8cc55ef8a..7519d8376 100644
--- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
@@ -15,6 +15,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
           file://racoon-check-invalid-ivm.patch \
           file://glibc-2.20.patch \
           file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \
+           file://racoon.conf.sample \
          "
 SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
 SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"
@@ -54,6 +55,7 @@ EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \
                --enable-shared \
                --enable-dpd \
                --enable-natt=yes \
+                --sysconfdir=${sysconfdir}/racoon \
                ${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"
 # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527
@@ -62,3 +64,8 @@ CFLAGS += "-fno-strict-aliasing"
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,"
 PACKAGECONFIG[selinux] = "--enable-security-context,--disable-security-context,libselinux,"
+do_install_append() {
+    install -d ${D}${sysconfdir}/racoon
+    install -m 0644 ${WORKDIR}/racoon.conf.sample ${D}${sysconfdir}/racoon/racoon.conf
+}
author	Bian Naimeng <biannm@cn.fujitsu.com>	2015-02-16 11:14:34 +0800
committer	Joe MacDonald <joe_macdonald@mentor.com>	2015-02-23 13:40:10 -0500
commit	a900b9b577c625cc899293192f3654b0d2cb0670 (patch)
tree	72d3f96922c2523f1ebc072cdb3178f84533cc27 /meta-networking
parent	b740f2712f122712b541d1fc1b2db3c43a18c97c (diff)
download	meta-openembedded-a900b9b577c625cc899293192f3654b0d2cb0670.tar.gz

diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon.conf.sample b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon.conf.sample new file mode 100644 index 000000000..2948a4a35 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/racoon.conf.sample
@@ -0,0 +1,40 @@
		1	#
		2	# NOTE: This file will not be used if you use racoon-tool(8) to manage your
		3	# IPsec connections. racoon-tool will process racoon-tool.conf(5) and
		4	# generate a configuration (/var/lib/racoon/racoon.conf) and use it, instead
		5	# of this file.
		6	#
		7	# Simple racoon.conf
		8	#
		9	#
		10	# Please look in /usr/share/doc/racoon/examples for
		11	# examples that come with the source.
		12	#
		13	# Please read racoon.conf(5) for details, and alsoread setkey(8).
		14	#
		15	#
		16	# Also read the Linux IPSEC Howto up at
		17	# http://www.ipsec-howto.org/t1.html
		18	#
		19	log notify;
		20	path pre_shared_key "/etc/racoon/psk.txt";
		21	path certificate "/etc/racoon/certs";
		22
		23	#remote 172.31.1.1 {
		24	# exchange_mode main,aggressive;
		25	# proposal {
		26	# encryption_algorithm 3des;
		27	# hash_algorithm sha1;
		28	# authentication_method pre_shared_key;
		29	# dh_group modp1024;
		30	# }
		31	# generate_policy off;
		32	#}
		33	#
		34	#sainfo address 192.168.203.10[any] any address 192.168.22.0/24[any] any {
		35	# pfs_group modp768;
		36	# encryption_algorithm 3des;
		37	# authentication_algorithm hmac_md5;
		38	# compression_algorithm deflate;
		39	#}
		40


diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb index 8cc55ef8a..7519d8376 100644 --- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
@@ -15,6 +15,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
15	file://racoon-check-invalid-ivm.patch \	15	file://racoon-check-invalid-ivm.patch \
16	file://glibc-2.20.patch \	16	file://glibc-2.20.patch \
17	file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \	17	file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \
		18	file://racoon.conf.sample \
18	"	19	"
19	SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"	20	SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
20	SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"	21	SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"
@@ -54,6 +55,7 @@ EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \
54	--enable-shared \	55	--enable-shared \
55	--enable-dpd \	56	--enable-dpd \
56	--enable-natt=yes \	57	--enable-natt=yes \
		58	--sysconfdir=${sysconfdir}/racoon \
57	${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"	59	${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"
58		60
59	# See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527	61	# See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527
@@ -62,3 +64,8 @@ CFLAGS += "-fno-strict-aliasing"
62	PACKAGECONFIG ??= ""	64	PACKAGECONFIG ??= ""
63	PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,"	65	PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,"
64	PACKAGECONFIG[selinux] = "--enable-security-context,--disable-security-context,libselinux,"	66	PACKAGECONFIG[selinux] = "--enable-security-context,--disable-security-context,libselinux,"
		67
		68	do_install_append() {
		69	install -d ${D}${sysconfdir}/racoon
		70	install -m 0644 ${WORKDIR}/racoon.conf.sample ${D}${sysconfdir}/racoon/racoon.conf
		71	}