diff options
-rw-r--r-- | net/vpnc/Makefile | 4 | ||||
-rw-r--r-- | net/vpnc/distinfo | 11 | ||||
-rw-r--r-- | net/vpnc/patches/patch-aa | 61 | ||||
-rw-r--r-- | net/vpnc/patches/patch-ac | 64 | ||||
-rw-r--r-- | net/vpnc/patches/patch-ae | 47 |
5 files changed, 123 insertions, 64 deletions
diff --git a/net/vpnc/Makefile b/net/vpnc/Makefile index fa6e328842a..1be86c6f75a 100644 --- a/net/vpnc/Makefile +++ b/net/vpnc/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.25 2010/02/19 21:24:46 joerg Exp $ +# $NetBSD: Makefile,v 1.26 2011/03/05 17:46:41 cegger Exp $ # DISTNAME= vpnc-0.5.3 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= net security MASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/ diff --git a/net/vpnc/distinfo b/net/vpnc/distinfo index 7e25831f7eb..912b4263e24 100644 --- a/net/vpnc/distinfo +++ b/net/vpnc/distinfo @@ -1,13 +1,16 @@ -$NetBSD: distinfo,v 1.13 2009/11/26 00:05:06 dmcmahill Exp $ +$NetBSD: distinfo,v 1.14 2011/03/05 17:46:41 cegger Exp $ SHA1 (vpnc-0.5.3.tar.gz) = 321527194e937371c83b5e7c38e46fca4f109304 RMD160 (vpnc-0.5.3.tar.gz) = 6f3926901e75dc98762f6ef45782930f2fb76a2f Size (vpnc-0.5.3.tar.gz) = 98740 bytes -SHA1 (patch-aa) = 09d912a32883bec22d80ef7c469b818ac1602d82 +SHA1 (patch-aa) = e482839f8419e2fc10ba2a19dfd7a7ca79e4e827 SHA1 (patch-ab) = 14aa011b36fcf1da54d506fd5398cfc55cb11748 -SHA1 (patch-ac) = 702fbfeea42eddbaf109ad42247e074ce7eb0f3b +SHA1 (patch-ac) = 0b3fa6f10e26e418aa74c18bc43dad043d0fad6f SHA1 (patch-ad) = 7e31f1804541eb4de9924edcc517304487aad0f2 -SHA1 (patch-ae) = d831819831a5861550c5924955cc270c58341d9d +SHA1 (patch-ae) = ae3e4be379965911dec27b6bb407ae1af017d88e SHA1 (patch-af) = d41aaab81061db058c4b38013f07815e1e8cf506 SHA1 (patch-ag) = 2c1a2b2e93e5f8e0a13d7b92c15088ab66e4aaa3 SHA1 (patch-ah) = 8180c569137f5d6de89b1a495dcba91dc374e2c2 +SHA1 (patch-ba) = 7cd58afdf4888ed9868644b071052ae9abcc5bfb +SHA1 (patch-bb) = 015e3a6c3d0ec68a75694a03334d8116b381c46a +SHA1 (patch-bc) = dd4817bfd05838cb863c8810e6b2c0194de3a3bf diff --git a/net/vpnc/patches/patch-aa b/net/vpnc/patches/patch-aa index 1ecbe53f71b..6604379014a 100644 --- a/net/vpnc/patches/patch-aa +++ b/net/vpnc/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.6 2008/05/29 20:50:31 sketch Exp $ +$NetBSD: patch-aa,v 1.7 2011/03/05 17:46:41 cegger Exp $ ---- config.c.orig 2007-09-10 22:39:48.000000000 +0200 -+++ config.c 2008-05-28 16:32:56.000000000 +0100 -@@ -267,12 +267,12 @@ static const char *config_def_app_versio +--- config.c.orig 2008-11-19 20:36:12.000000000 +0000 ++++ config.c +@@ -173,12 +173,12 @@ static const char *config_def_app_versio static const char *config_def_script(void) { @@ -17,23 +17,42 @@ $NetBSD: patch-aa,v 1.6 2008/05/29 20:50:31 sketch Exp $ } static const char *config_def_vendor(void) -@@ -538,7 +538,7 @@ static char *get_config_filename(const c - { - char *realname; - -- asprintf(&realname, "%s%s%s", index(name, '/') ? "" : "/etc/vpnc/", name, add_dot_conf ? ".conf" : ""); -+ asprintf(&realname, "%s%s%s", index(name, '/') ? "" : "@PKG_SYSCONFDIR@/vpnc/", name, add_dot_conf ? ".conf" : ""); - return realname; +@@ -186,6 +186,16 @@ static const char *config_def_vendor(voi + return "cisco"; } -@@ -757,8 +757,8 @@ void do_config(int argc, char **argv) - } - - if (!got_conffile) { -- read_config_file("/etc/vpnc/default.conf", config, 1); -- read_config_file("/etc/vpnc.conf", config, 1); -+ read_config_file("@PKG_SYSCONFDIR@/vpnc/default.conf", config, 1); -+ read_config_file("@PKG_SYSCONFDIR@/vpnc.conf", config, 1); ++static const char *config_def_networks_list(void) ++{ ++ return ""; ++} ++ ++static const char *config_def_dns_update(void) ++{ ++ return "Yes"; ++} ++ + static const char *config_def_target_network(void) + { + return "0.0.0.0/0.0.0.0"; +@@ -448,6 +458,21 @@ static const struct config_names_s { + "Target network in dotted decimal or CIDR notation\n", + config_def_target_network + }, { ++ CONFIG_DNS_UPDATE, 1, 1, ++ "--dns-update", ++ "DNSUpdate", ++ "", ++ "DEPRECATED extension from Debian", ++ config_def_dns_update ++ }, { ++ CONFIG_TARGET_NETWORKS, 1, 1, ++ "--target-networks", ++ "Target Networks", ++ NULL, ++ "DEPRECATED extension from Debian", ++ config_def_networks_list ++ }, { ++ + 0, 0, 0, NULL, NULL, NULL, NULL, NULL } - - if (!print_config) { + }; diff --git a/net/vpnc/patches/patch-ac b/net/vpnc/patches/patch-ac index 0019844abe0..8ad468cb58c 100644 --- a/net/vpnc/patches/patch-ac +++ b/net/vpnc/patches/patch-ac @@ -1,38 +1,34 @@ -$NetBSD: patch-ac,v 1.7 2009/02/04 21:51:27 drochner Exp $ +$NetBSD: patch-ac,v 1.8 2011/03/05 17:46:41 cegger Exp $ ---- vpnc-script.in.orig 2009-02-04 14:40:43.000000000 +0100 +--- vpnc-script.in.orig 2011-03-01 14:40:25.000000000 +0000 +++ vpnc-script.in -@@ -48,18 +48,19 @@ PATH=/sbin:/usr/sbin:$PATH +@@ -94,7 +94,7 @@ do_ifconfig() { + DEV=$($IPROUTE route | grep ^default | sed 's/^.* dev \([[:alnum:]-]\+\).*$/\1/') + MTU=$(($($IPROUTE link show "$DEV" | grep mtu | sed 's/^.* mtu \([[:digit:]]\+\).*$/\1/') - 88)) + else +- MTU=1412 ++ MTU=1390 + fi - OS="`uname -s`" + # Point to point interface require a netmask of 255.255.255.255 on some systems +@@ -440,6 +440,20 @@ do_pre_init() { + } --DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute --RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup -+STATEDIR=@VARBASE@/run/vpnc -+DEFAULT_ROUTE_FILE=$STATEDIR/defaultroute -+RESOLV_CONF_BACKUP=$STATEDIR/resolv.conf-backup - FULL_SCRIPTNAME=@PREFIX@/sbin/vpnc - SCRIPTNAME=`basename $FULL_SCRIPTNAME` - - # some systems, eg. Darwin & FreeBSD, prune /var/run on boot --if [ ! -d "/var/run/vpnc" ]; then -- mkdir -p /var/run/vpnc -+if [ ! -d $STATEDIR ]; then -+ mkdir -p $STATEDIR - fi - - # stupid SunOS: no blubber in /usr/local/bin ... (on stdout) --IPROUTE="`which ip | grep '^/' 2> /dev/null`" -+IPROUTE="`command -v ip | grep '^/' 2> /dev/null`" - - if [ "$OS" = "Linux" ]; then - ifconfig_syntax_ptp="pointopoint" -@@ -163,7 +164,7 @@ else # use route command - # isn't -n supposed to give --numeric output? - # apperently not... - # Get rid of lines containing IPv6 addresses (':') -- netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }' -+ netstat -r -n | awk '/:/ { next; } $2 ~ /^link/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }' - } - - set_vpngateway_route() { + do_connect() { ++ if test "$TARGET_NETWORKS" ; then ++ i=0 ++ for network in $TARGET_NETWORKS ; do ++ eval CISCO_SPLIT_INC_${i}_ADDR=`echo $network | cut -f1 -d/` ++ eval CISCO_SPLIT_INC_${i}_MASKLEN=`echo $network | cut -f2 -d/` ++ eval CISCO_SPLIT_INC_${i}_MASK=$( perl -e '$ARGV[0]=~s,.*/,,;$m=(2**$ARGV[0]-1)<<(32-$ARGV[0]);printf "%d.%d.%d.%d\n", $m>>24 & 0xff, $m>>16 & 0xff, $m>>8 & 0xff, $m & 0xff;' $network ) ++ eval CISCO_SPLIT_INC_${i}_PROTOCOL=0 ++ eval CISCO_SPLIT_INC_${i}_SPORT=0 ++ eval CISCO_SPLIT_INC_${i}_DPORT=0 ++ i=`expr $i + 1` ++ done ++ CISCO_SPLIT_INC=$i ++ fi ++ + if [ -n "$CISCO_BANNER" ]; then + echo "Connect Banner:" + echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done diff --git a/net/vpnc/patches/patch-ae b/net/vpnc/patches/patch-ae index 2958a489243..410ef6ee4ea 100644 --- a/net/vpnc/patches/patch-ae +++ b/net/vpnc/patches/patch-ae @@ -1,7 +1,7 @@ -$NetBSD: patch-ae,v 1.1 2008/01/09 12:25:41 hubertf Exp $ +$NetBSD: patch-ae,v 1.2 2011/03/05 17:46:41 cegger Exp $ ---- vpnc.8.template.orig 2007-09-10 22:39:48.000000000 +0200 -+++ vpnc.8.template 2007-09-14 16:08:21.000000000 +0200 +--- vpnc.8.template.orig 2008-11-19 20:36:12.000000000 +0000 ++++ vpnc.8.template @@ -48,9 +48,9 @@ command line options .IP \(bu config file(s) specified on the command line @@ -81,3 +81,44 @@ $NetBSD: patch-ae,v 1.1 2008/01/09 12:25:41 hubertf Exp $ See also the .B \-\-print\-config +@@ -187,6 +187,40 @@ Advanced features like manual setting of + disabling /etc/resolv.conf rewriting is documented in the README of the + vpnc package. + ++.SH ADVANCED USAGE ++The vpnc-connect script shipped with this package some additional ++features: ++.IP "Custom route setting" ++By default, the default route is deleted after connection and replaced ++with the new one (going trough the VPN tunnel device). However, some ++people wish to limit the target address range to few IP ranges. ++This can be done using the config directive ++.B Target networks ++in the config file. For example: ++.RS ++.PD 0 ++Target networks 123.234.210.0/24 10.1.0.0/16 ++.PD ++.RE ++.IP "Multiple config profiles management" ++You can have multiple config files and select one on connection by ++specifying a short profile name instead of a config file path. In this ++case, the file ++.I @PKG_SYSCONFDIR@/vpnc/PROFILE.conf ++is used as config file (where PROFILE is the short profile name). ++.IP "/etc/resolv.conf update" ++If the package ++.B resolvconf ++is installed and the VPN gateway sends some DNS server data, the ++script will use resolution to integrate the received data into ++.I /etc/resolv.conf. ++To disable this behaviour, set the config directive ++.I DNSUpdate ++to the ++.I "no" ++value. ++ ++ + .SH TODO + .PD 0 + Certificate support (Pre-Shared-Key + XAUTH is known to be insecure). |