rpms/openswan/devel openswan-2.6.16-examples.patch, NONE, 1.1 .cvsignore, 1.22, 1.23 openswan.spec, 1.64, 1.65 sources, 1.21, 1.22 openswan-2.6-examples.patch, 1.2, NONE openswan-2.6-intwarning.patch, 1.1, NONE
avesh agarwal
avesh at fedoraproject.org
Tue Sep 9 21:03:00 UTC 2008
Author: avesh
Update of /cvs/pkgs/rpms/openswan/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv23977
Modified Files:
.cvsignore openswan.spec sources
Added Files:
openswan-2.6.16-examples.patch
Removed Files:
openswan-2.6-examples.patch openswan-2.6-intwarning.patch
Log Message:
* Tue Sep 09 2008 Avesh Agarwal <avagarwa at redhat.com> - 2.6.16-1
- new upstream release
openswan-2.6.16-examples.patch:
--- NEW FILE openswan-2.6.16-examples.patch ---
diff -urN openswan-2.6.16.orig/doc/example-configs/l2tp-cert.conf openswan-2.6.16/doc/example-configs/l2tp-cert.conf
--- openswan-2.6.16.orig/doc/example-configs/l2tp-cert.conf 1969-12-31 19:00:00.000000000 -0500
+++ openswan-2.6.16/doc/example-configs/l2tp-cert.conf 2008-09-09 16:23:29.000000000 -0400
@@ -0,0 +1,38 @@
+conn l2tp-X.509
+ #
+ # Configuration for one user with any type of IPsec/L2TP client
+ # including the updated Windows 2000/XP (MS KB Q818043), but
+ # excluding the non-updated Windows 2000/XP.
+ #
+ #
+ # Use a certificate. Disable Perfect Forward Secrecy.
+ #
+ authby=rsasig
+ pfs=no
+ auto=add
+ # we cannot rekey for %any, let client rekey
+ rekey=no
+ # Set ikelifetime and keylife to same defaults windows has
+ ikelifetime=8h
+ keylife=1h
+ # l2tp-over-ipsec is transport mode
+ # See http://bugs.xelerance.com/view.php?id=466
+ type=transport
+ #
+ left=%defaultroute
+ # or you can use: left=YourIPAddress
+ leftrsasigkey=%cert
+ leftcert=/etc/ipsec.d/certs/YourGatewayCertHere.pem
+ leftprotoport=17/1701
+ #
+ # The remote user.
+ #
+ right=%any
+ rightca=%same
+ rightrsasigkey=%cert
+ # Using the magic port of "0" means "any one single port". This is
+ # a work around required for Apple OSX clients that use a randomly
+ # high port, but propose "0" instead of their port.
+ rightprotoport=17/0
+ rightsubnet=vhost:%priv,%no
+
diff -urN openswan-2.6.16.orig/doc/example-configs/l2tp-psk.conf openswan-2.6.16/doc/example-configs/l2tp-psk.conf
--- openswan-2.6.16.orig/doc/example-configs/l2tp-psk.conf 1969-12-31 19:00:00.000000000 -0500
+++ openswan-2.6.16/doc/example-configs/l2tp-psk.conf 2008-09-09 16:23:29.000000000 -0400
@@ -0,0 +1,43 @@
+conn L2TP-PSK-NAT
+ rightsubnet=vhost:%priv
+ also=L2TP-PSK-noNAT
+
+conn L2TP-PSK-noNAT
+ #
+ # Configuration for one user with any type of IPsec/L2TP client
+ # including the updated Windows 2000/XP (MS KB Q818043), but
+ # excluding the non-updated Windows 2000/XP.
+ #
+ #
+ # Use a Preshared Key. Disable Perfect Forward Secrecy.
+ #
+ # PreSharedSecret needs to be specified in /etc/ipsec.secrets as
+ # YourIPAddress %any: "sharedsecret"
+ authby=secret
+ pfs=no
+ auto=add
+ keyingtries=3
+ # we cannot rekey for %any, let client rekey
+ rekey=no
+ # Set ikelifetime and keylife to same defaults windows has
+ ikelifetime=8h
+ keylife=1h
+ # l2tp-over-ipsec is transport mode
+ type=transport
+ #
+ left=%defaultroute
+ # or you can use: left=YourIPAddress
+ #
+ # For updated Windows 2000/XP clients,
+ # to support old clients as well, use leftprotoport=17/%any
+ leftprotoport=17/1701
+ #
+ # The remote user.
+ #
+ right=%any
+ # Using the magic port of "0" means "any one single port". This is
+ # a work around required for Apple OSX clients that use a randomly
+ # high port, but propose "0" instead of their port.
+ rightprotoport=17/0
+
+
diff -urN openswan-2.6.16.orig/doc/example-configs/linux-linux.conf openswan-2.6.16/doc/example-configs/linux-linux.conf
--- openswan-2.6.16.orig/doc/example-configs/linux-linux.conf 1969-12-31 19:00:00.000000000 -0500
+++ openswan-2.6.16/doc/example-configs/linux-linux.conf 2008-09-09 16:23:29.000000000 -0400
@@ -0,0 +1,19 @@
+conn linux-to-linux
+ #
+ # Simple use raw RSA keys
+ # After starting openswan, run: ipsec showhostkey --left (or --right)
+ # and fill in the connection similarly to the example below.
+ #
+ left=1.2.3.4
+ # optional
+ # leftsubnet=10.0.1.0/24
+ leftid=@bofh.xelerance.com
+ leftrsasigkey=0sAQPWTXt8DDlEhTZJ91ngNMxTSyuos6JZxXQmtRcwUl6ppUCcuuWvjXrF/qiz6eiL1LMlpGJyG1oVhtFhTaFJl7ZkF/4J1B9LCFzYxvYI97AnLuC0op5pVAZ1SZx29+aRjeMcKC4zbZ6dMMjUdn9H1gqG9rpE0MBEFNSVLEu9U8rtlz14RfxQAQ9ePj64HnGLfgJlDB0VYhKEIcRihy72bvjZ4eoX16S1EY1FgnHyrveZPxRi8sgn6Q19RytEzSmUAlGjvMDhNfenq6WCSYMeqgj0jFSArTNBQmR2QBkUG6NSOXfb+18c6jDPicGmbmWfoRx/PUJo46WiRF4RRmsxnFpbHpklILFzEJ+/k6qHVAekpVfp
+ # The remote user.
+ #
+ right=5.6.7.8
+ rightid=@tla.xelerance.com
+ # optional
+ # rightsubnet=10.0.2.0/24
+ rightrsasigkey=0sAQNxf6caKULJklYZycuo66Ko0U+iHaJUDr0QZHnG4MJ9IRNYi5H6kPxcwKIXkg+OGo+NeUyyWDEc+ox27BFYViAHQNEyBRLZu0kyE681h+cHm7lfCSy0AOEBSCyZF3aGcL8GWxVhtimpJQ4tNxXZg7tLX5sfYw8mZnUBjkHvyccIred/q3cNWbDlq2WU4TL+NBb5FnxXi9Hk/SRV7sMe56fvZuXkcJu4e2C7uocltzzF1b0BZx7yeXwHjzqAWnW/UA54fbSTvzgnrpSC+FMuhWTI1EdxcqGaOFIjGWWGV2nxg/QaPU9i8vpwFwrEEdCJTiqlbYYNudblg4vYthnVNez0/RkfZHfhAaHdbJRSaQzOu88h
+ auto=start
diff -urN openswan-2.6.16.orig/doc/example-configs/oe-exclude-dns.conf openswan-2.6.16/doc/example-configs/oe-exclude-dns.conf
--- openswan-2.6.16.orig/doc/example-configs/oe-exclude-dns.conf 1969-12-31 19:00:00.000000000 -0500
+++ openswan-2.6.16/doc/example-configs/oe-exclude-dns.conf 2008-09-09 16:23:29.000000000 -0400
@@ -0,0 +1,9 @@
+conn let-my-dns-go
+ left=%defaultroute
+ leftnexthop=%defaultroute
+ leftprotoport=17/%any
+ right=0.0.0.0
+ rightsubnet=0.0.0.0/0
+ rightprotoport=17/53
+ type=passthrough
+ auto=route
diff -urN openswan-2.6.16.orig/doc/example-configs/sysctl.conf openswan-2.6.16/doc/example-configs/sysctl.conf
--- openswan-2.6.16.orig/doc/example-configs/sysctl.conf 1969-12-31 19:00:00.000000000 -0500
+++ openswan-2.6.16/doc/example-configs/sysctl.conf 2008-09-09 16:23:29.000000000 -0400
@@ -0,0 +1,23 @@
+
+# example entries for /etc/sysctl.conf
+# forwarding is needed for subnet or l2tp connections
+net.ipv4.ip_forward = 1
+
+# rp_filter is stupid and cannot deal decrypted packets "appearing out of
+# nowhere"
+net.ipv4.conf.default.rp_filter = 0
+
+# when using 1 interface for two networks, and in some other cases with
+# NETKEY, the kernel thinks it can be clever but breaks things.
+net.ipv4.conf.all.send_redirects = 0
+net.ipv4.conf.default.send_redirects = 0
+net.ipv4.icmp_ignore_bogus_error_responses = 1
+net.ipv4.conf.all.log_martians = 0
+net.ipv4.conf.default.log_martians = 0
+
+# these are non-ipsec specific security policies you should use
+net.ipv4.conf.default.accept_source_route = 0
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.default.accept_redirects = 0
+
+
diff -urN openswan-2.6.16.orig/doc/example-configs/xauth.conf openswan-2.6.16/doc/example-configs/xauth.conf
--- openswan-2.6.16.orig/doc/example-configs/xauth.conf 1969-12-31 19:00:00.000000000 -0500
+++ openswan-2.6.16/doc/example-configs/xauth.conf 2008-09-09 16:23:29.000000000 -0400
@@ -0,0 +1,34 @@
+conn xauthserver
+ #
+ left=1.2.3.4
+ leftcert=/etc/ipsec.d/certs/xauthserver.pem
+ leftxauthserver=yes
+ leftmodecfgserver=yes
+ #
+ right=%any
+ rightxauthclient=yes
+ rightmodecfgclient=yes
+ #
+ auto=add
+ rekey=yes
+ modecfgpull=yes
+ modecfgdns1=1.2.3.4
+ modecfgdns2=5.6.7.8
+ modecfgwins1=1.2.3.4
+ modecfgwins2=5.6.7.8
+
+conn xauthclient
+ #
+ left=1.2.3.4
+ leftxauthserver=yes
+ leftmodecfgserver=yes
+ #
+ right=%defaultroute
+ rightxauthclient=yes
+ rightmodecfgclient=yes
+ #
+ auto=add
+ # you probably can not rekey, it requires xauth password, and openswan does not
+ # cache it for you. Other clients might cache it and rekey to an openswan server
+ rekey=no
+ modecfgpull=yes
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/devel/.cvsignore,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- .cvsignore 5 Jul 2008 17:56:51 -0000 1.22
+++ .cvsignore 9 Sep 2008 21:02:30 -0000 1.23
@@ -6,3 +6,4 @@
openswan-2.6.09.tar.gz
openswan-2.6.14.tar.gz
openswan-2.6.15.tar.gz
+openswan-2.6.16.tar.gz
Index: openswan.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/devel/openswan.spec,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -r1.64 -r1.65
--- openswan.spec 5 Jul 2008 17:56:51 -0000 1.64
+++ openswan.spec 9 Sep 2008 21:02:30 -0000 1.65
@@ -1,6 +1,6 @@
Summary: Openswan IPSEC implementation
Name: openswan
-Version: 2.6.15
+Version: 2.6.16
Release: 1%{?dist}
License: GPLv2+
@@ -9,7 +9,7 @@
Source2: ipsec.conf
-Patch1: openswan-2.6-examples.patch
+Patch1: openswan-2.6.16-examples.patch
Patch2: openswan-2.6-relpath.patch
Patch3: openswan-2.6-noxmlto.patch
Patch4: openswan-2.6-selinux.patch
@@ -53,7 +53,7 @@
find doc -name .gitignore -print0 | xargs -0 rm -v
rm -rf programs/readwriteconf
-%patch1 -p1
+%patch1 -p1
%patch2 -p1 -b .relpath
%patch3 -p1 -b .noxmlto
%patch4 -p1 -b .selinux
@@ -109,7 +109,7 @@
rm -fr %{buildroot}/etc/rc.d/rc*
-rm -f %{buildroot}%{_sysconfdir}/ipsec.d/examples
+rm -fr %{buildroot}%{_sysconfdir}/ipsec.d/examples
%clean
rm -rf %{buildroot}
@@ -148,6 +148,9 @@
chkconfig --add ipsec || :
%changelog
+* Tue Sep 09 2008 Avesh Agarwal <avagarwa at redhat.com> - 2.6.16-1
+- new upstream release
+
* Sat Jul 05 2008 Steve Grubb <sgrubb at redhat.com> - 2.6.15-1
- new upstream release
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/openswan/devel/sources,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- sources 5 Jul 2008 17:56:51 -0000 1.21
+++ sources 9 Sep 2008 21:02:30 -0000 1.22
@@ -1 +1 @@
-767857e546a49f4f2183704343623411 openswan-2.6.15.tar.gz
+ef0ea8f9082df70c993a035904d538c7 openswan-2.6.16.tar.gz
--- openswan-2.6-examples.patch DELETED ---
--- openswan-2.6-intwarning.patch DELETED ---
More information about the fedora-extras-commits
mailing list