summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net/vpnc/Makefile4
-rw-r--r--net/vpnc/distinfo11
-rw-r--r--net/vpnc/patches/patch-aa61
-rw-r--r--net/vpnc/patches/patch-ac64
-rw-r--r--net/vpnc/patches/patch-ae47
5 files changed, 123 insertions, 64 deletions
diff --git a/net/vpnc/Makefile b/net/vpnc/Makefile
index fa6e328842a..1be86c6f75a 100644
--- a/net/vpnc/Makefile
+++ b/net/vpnc/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.25 2010/02/19 21:24:46 joerg Exp $
+# $NetBSD: Makefile,v 1.26 2011/03/05 17:46:41 cegger Exp $
#
DISTNAME= vpnc-0.5.3
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= net security
MASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/
diff --git a/net/vpnc/distinfo b/net/vpnc/distinfo
index 7e25831f7eb..912b4263e24 100644
--- a/net/vpnc/distinfo
+++ b/net/vpnc/distinfo
@@ -1,13 +1,16 @@
-$NetBSD: distinfo,v 1.13 2009/11/26 00:05:06 dmcmahill Exp $
+$NetBSD: distinfo,v 1.14 2011/03/05 17:46:41 cegger Exp $
SHA1 (vpnc-0.5.3.tar.gz) = 321527194e937371c83b5e7c38e46fca4f109304
RMD160 (vpnc-0.5.3.tar.gz) = 6f3926901e75dc98762f6ef45782930f2fb76a2f
Size (vpnc-0.5.3.tar.gz) = 98740 bytes
-SHA1 (patch-aa) = 09d912a32883bec22d80ef7c469b818ac1602d82
+SHA1 (patch-aa) = e482839f8419e2fc10ba2a19dfd7a7ca79e4e827
SHA1 (patch-ab) = 14aa011b36fcf1da54d506fd5398cfc55cb11748
-SHA1 (patch-ac) = 702fbfeea42eddbaf109ad42247e074ce7eb0f3b
+SHA1 (patch-ac) = 0b3fa6f10e26e418aa74c18bc43dad043d0fad6f
SHA1 (patch-ad) = 7e31f1804541eb4de9924edcc517304487aad0f2
-SHA1 (patch-ae) = d831819831a5861550c5924955cc270c58341d9d
+SHA1 (patch-ae) = ae3e4be379965911dec27b6bb407ae1af017d88e
SHA1 (patch-af) = d41aaab81061db058c4b38013f07815e1e8cf506
SHA1 (patch-ag) = 2c1a2b2e93e5f8e0a13d7b92c15088ab66e4aaa3
SHA1 (patch-ah) = 8180c569137f5d6de89b1a495dcba91dc374e2c2
+SHA1 (patch-ba) = 7cd58afdf4888ed9868644b071052ae9abcc5bfb
+SHA1 (patch-bb) = 015e3a6c3d0ec68a75694a03334d8116b381c46a
+SHA1 (patch-bc) = dd4817bfd05838cb863c8810e6b2c0194de3a3bf
diff --git a/net/vpnc/patches/patch-aa b/net/vpnc/patches/patch-aa
index 1ecbe53f71b..6604379014a 100644
--- a/net/vpnc/patches/patch-aa
+++ b/net/vpnc/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.6 2008/05/29 20:50:31 sketch Exp $
+$NetBSD: patch-aa,v 1.7 2011/03/05 17:46:41 cegger Exp $
---- config.c.orig 2007-09-10 22:39:48.000000000 +0200
-+++ config.c 2008-05-28 16:32:56.000000000 +0100
-@@ -267,12 +267,12 @@ static const char *config_def_app_versio
+--- config.c.orig 2008-11-19 20:36:12.000000000 +0000
++++ config.c
+@@ -173,12 +173,12 @@ static const char *config_def_app_versio
static const char *config_def_script(void)
{
@@ -17,23 +17,42 @@ $NetBSD: patch-aa,v 1.6 2008/05/29 20:50:31 sketch Exp $
}
static const char *config_def_vendor(void)
-@@ -538,7 +538,7 @@ static char *get_config_filename(const c
- {
- char *realname;
-
-- asprintf(&realname, "%s%s%s", index(name, '/') ? "" : "/etc/vpnc/", name, add_dot_conf ? ".conf" : "");
-+ asprintf(&realname, "%s%s%s", index(name, '/') ? "" : "@PKG_SYSCONFDIR@/vpnc/", name, add_dot_conf ? ".conf" : "");
- return realname;
+@@ -186,6 +186,16 @@ static const char *config_def_vendor(voi
+ return "cisco";
}
-@@ -757,8 +757,8 @@ void do_config(int argc, char **argv)
- }
-
- if (!got_conffile) {
-- read_config_file("/etc/vpnc/default.conf", config, 1);
-- read_config_file("/etc/vpnc.conf", config, 1);
-+ read_config_file("@PKG_SYSCONFDIR@/vpnc/default.conf", config, 1);
-+ read_config_file("@PKG_SYSCONFDIR@/vpnc.conf", config, 1);
++static const char *config_def_networks_list(void)
++{
++ return "";
++}
++
++static const char *config_def_dns_update(void)
++{
++ return "Yes";
++}
++
+ static const char *config_def_target_network(void)
+ {
+ return "0.0.0.0/0.0.0.0";
+@@ -448,6 +458,21 @@ static const struct config_names_s {
+ "Target network in dotted decimal or CIDR notation\n",
+ config_def_target_network
+ }, {
++ CONFIG_DNS_UPDATE, 1, 1,
++ "--dns-update",
++ "DNSUpdate",
++ "",
++ "DEPRECATED extension from Debian",
++ config_def_dns_update
++ }, {
++ CONFIG_TARGET_NETWORKS, 1, 1,
++ "--target-networks",
++ "Target Networks",
++ NULL,
++ "DEPRECATED extension from Debian",
++ config_def_networks_list
++ }, {
++
+ 0, 0, 0, NULL, NULL, NULL, NULL, NULL
}
-
- if (!print_config) {
+ };
diff --git a/net/vpnc/patches/patch-ac b/net/vpnc/patches/patch-ac
index 0019844abe0..8ad468cb58c 100644
--- a/net/vpnc/patches/patch-ac
+++ b/net/vpnc/patches/patch-ac
@@ -1,38 +1,34 @@
-$NetBSD: patch-ac,v 1.7 2009/02/04 21:51:27 drochner Exp $
+$NetBSD: patch-ac,v 1.8 2011/03/05 17:46:41 cegger Exp $
---- vpnc-script.in.orig 2009-02-04 14:40:43.000000000 +0100
+--- vpnc-script.in.orig 2011-03-01 14:40:25.000000000 +0000
+++ vpnc-script.in
-@@ -48,18 +48,19 @@ PATH=/sbin:/usr/sbin:$PATH
+@@ -94,7 +94,7 @@ do_ifconfig() {
+ DEV=$($IPROUTE route | grep ^default | sed 's/^.* dev \([[:alnum:]-]\+\).*$/\1/')
+ MTU=$(($($IPROUTE link show "$DEV" | grep mtu | sed 's/^.* mtu \([[:digit:]]\+\).*$/\1/') - 88))
+ else
+- MTU=1412
++ MTU=1390
+ fi
- OS="`uname -s`"
+ # Point to point interface require a netmask of 255.255.255.255 on some systems
+@@ -440,6 +440,20 @@ do_pre_init() {
+ }
--DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
--RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
-+STATEDIR=@VARBASE@/run/vpnc
-+DEFAULT_ROUTE_FILE=$STATEDIR/defaultroute
-+RESOLV_CONF_BACKUP=$STATEDIR/resolv.conf-backup
- FULL_SCRIPTNAME=@PREFIX@/sbin/vpnc
- SCRIPTNAME=`basename $FULL_SCRIPTNAME`
-
- # some systems, eg. Darwin & FreeBSD, prune /var/run on boot
--if [ ! -d "/var/run/vpnc" ]; then
-- mkdir -p /var/run/vpnc
-+if [ ! -d $STATEDIR ]; then
-+ mkdir -p $STATEDIR
- fi
-
- # stupid SunOS: no blubber in /usr/local/bin ... (on stdout)
--IPROUTE="`which ip | grep '^/' 2> /dev/null`"
-+IPROUTE="`command -v ip | grep '^/' 2> /dev/null`"
-
- if [ "$OS" = "Linux" ]; then
- ifconfig_syntax_ptp="pointopoint"
-@@ -163,7 +164,7 @@ else # use route command
- # isn't -n supposed to give --numeric output?
- # apperently not...
- # Get rid of lines containing IPv6 addresses (':')
-- netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
-+ netstat -r -n | awk '/:/ { next; } $2 ~ /^link/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
- }
-
- set_vpngateway_route() {
+ do_connect() {
++ if test "$TARGET_NETWORKS" ; then
++ i=0
++ for network in $TARGET_NETWORKS ; do
++ eval CISCO_SPLIT_INC_${i}_ADDR=`echo $network | cut -f1 -d/`
++ eval CISCO_SPLIT_INC_${i}_MASKLEN=`echo $network | cut -f2 -d/`
++ eval CISCO_SPLIT_INC_${i}_MASK=$( perl -e '$ARGV[0]=~s,.*/,,;$m=(2**$ARGV[0]-1)<<(32-$ARGV[0]);printf "%d.%d.%d.%d\n", $m>>24 & 0xff, $m>>16 & 0xff, $m>>8 & 0xff, $m & 0xff;' $network )
++ eval CISCO_SPLIT_INC_${i}_PROTOCOL=0
++ eval CISCO_SPLIT_INC_${i}_SPORT=0
++ eval CISCO_SPLIT_INC_${i}_DPORT=0
++ i=`expr $i + 1`
++ done
++ CISCO_SPLIT_INC=$i
++ fi
++
+ if [ -n "$CISCO_BANNER" ]; then
+ echo "Connect Banner:"
+ echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
diff --git a/net/vpnc/patches/patch-ae b/net/vpnc/patches/patch-ae
index 2958a489243..410ef6ee4ea 100644
--- a/net/vpnc/patches/patch-ae
+++ b/net/vpnc/patches/patch-ae
@@ -1,7 +1,7 @@
-$NetBSD: patch-ae,v 1.1 2008/01/09 12:25:41 hubertf Exp $
+$NetBSD: patch-ae,v 1.2 2011/03/05 17:46:41 cegger Exp $
---- vpnc.8.template.orig 2007-09-10 22:39:48.000000000 +0200
-+++ vpnc.8.template 2007-09-14 16:08:21.000000000 +0200
+--- vpnc.8.template.orig 2008-11-19 20:36:12.000000000 +0000
++++ vpnc.8.template
@@ -48,9 +48,9 @@ command line options
.IP \(bu
config file(s) specified on the command line
@@ -81,3 +81,44 @@ $NetBSD: patch-ae,v 1.1 2008/01/09 12:25:41 hubertf Exp $
See also the
.B \-\-print\-config
+@@ -187,6 +187,40 @@ Advanced features like manual setting of
+ disabling /etc/resolv.conf rewriting is documented in the README of the
+ vpnc package.
+
++.SH ADVANCED USAGE
++The vpnc-connect script shipped with this package some additional
++features:
++.IP "Custom route setting"
++By default, the default route is deleted after connection and replaced
++with the new one (going trough the VPN tunnel device). However, some
++people wish to limit the target address range to few IP ranges.
++This can be done using the config directive
++.B Target networks
++in the config file. For example:
++.RS
++.PD 0
++Target networks 123.234.210.0/24 10.1.0.0/16
++.PD
++.RE
++.IP "Multiple config profiles management"
++You can have multiple config files and select one on connection by
++specifying a short profile name instead of a config file path. In this
++case, the file
++.I @PKG_SYSCONFDIR@/vpnc/PROFILE.conf
++is used as config file (where PROFILE is the short profile name).
++.IP "/etc/resolv.conf update"
++If the package
++.B resolvconf
++is installed and the VPN gateway sends some DNS server data, the
++script will use resolution to integrate the received data into
++.I /etc/resolv.conf.
++To disable this behaviour, set the config directive
++.I DNSUpdate
++to the
++.I "no"
++value.
++
++
+ .SH TODO
+ .PD 0
+ Certificate support (Pre-Shared-Key + XAUTH is known to be insecure).