diff options
author | Dave Cobbley <david.j.cobbley@linux.intel.com> | 2018-08-14 20:05:37 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2018-08-23 04:26:31 +0300 |
commit | eb8dc40360f0cfef56fb6947cc817a547d6d9bc6 (patch) | |
tree | de291a73dc37168da6370e2cf16c347d1eba9df8 /meta-openembedded/meta-networking/recipes-connectivity/vpnc | |
parent | 9c3cf826d853102535ead04cebc2d6023eff3032 (diff) | |
download | openbmc-eb8dc40360f0cfef56fb6947cc817a547d6d9bc6.tar.xz |
[Subtree] Removing import-layers directory
As part of the move to subtrees, need to bring all the import layers
content to the top level.
Change-Id: I4a163d10898cbc6e11c27f776f60e1a470049d8f
Signed-off-by: Dave Cobbley <david.j.cobbley@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-openembedded/meta-networking/recipes-connectivity/vpnc')
12 files changed, 595 insertions, 0 deletions
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0001-search-for-log-help-in-build-dir.patch b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0001-search-for-log-help-in-build-dir.patch new file mode 100644 index 000000000..184c7943b --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0001-search-for-log-help-in-build-dir.patch @@ -0,0 +1,26 @@ +From 48e16e9ae7d8e4c42282bd82cbbd9a6d346a5c00 Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Sun, 2 Dec 2012 02:16:54 +0100 +Subject: [PATCH 1/8] search for log-help in build dir + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + makeman.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/makeman.pl b/makeman.pl +index cf241a1..2d73432 100755 +--- a/makeman.pl ++++ b/makeman.pl +@@ -30,7 +30,7 @@ my $vpnc = './vpnc'; + # indenting lists (those originally starting with an asterisk). I hope + # this pays off when converting the manpage to HTML or such. + +-open my $LONGHELP, '-|', "$vpnc --long-help"; ++open my $LONGHELP, '-|', "cat ./long-help"; + my $vpnc_options = ''; + my $relative_indent = 0; + my $indent_needed = 0; +-- +2.12.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0002-Fix-vpnc-install-for-cross-compile.patch b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0002-Fix-vpnc-install-for-cross-compile.patch new file mode 100644 index 000000000..6f00d3b89 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0002-Fix-vpnc-install-for-cross-compile.patch @@ -0,0 +1,49 @@ +From d565b4a5e0045f1e40e0e462920ed5b8faca9eec Mon Sep 17 00:00:00 2001 +From: Martin Jansa <Martin.Jansa@gmail.com> +Date: Sun, 2 Dec 2012 02:16:54 +0100 +Subject: [PATCH 2/8] Fix vpnc install for cross compile + +--- + Makefile | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/Makefile b/Makefile +index 69f5aca..a15782e 100644 +--- a/Makefile ++++ b/Makefile +@@ -133,21 +133,21 @@ install-common: all + else \ + install vpnc-script $(DESTDIR)$(ETCDIR); \ + fi +- install -m600 vpnc.conf $(DESTDIR)$(ETCDIR)/default.conf +- install -m755 vpnc-disconnect $(DESTDIR)$(SBINDIR) +- install -m755 pcf2vpnc $(DESTDIR)$(BINDIR) +- install -m644 vpnc.8 $(DESTDIR)$(MANDIR)/man8 +- install -m644 pcf2vpnc.1 $(DESTDIR)$(MANDIR)/man1 +- install -m644 cisco-decrypt.1 $(DESTDIR)$(MANDIR)/man1 +- install -m644 COPYING $(DESTDIR)$(DOCDIR) ++ install -m 600 vpnc.conf $(DESTDIR)$(ETCDIR)/default.conf ++ install -m 755 vpnc-disconnect $(DESTDIR)$(SBINDIR) ++ install -m 755 pcf2vpnc $(DESTDIR)$(BINDIR) ++ install -m 644 vpnc.8 $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 pcf2vpnc.1 $(DESTDIR)$(MANDIR)/man1 ++ install -m 644 cisco-decrypt.1 $(DESTDIR)$(MANDIR)/man1 ++ install -m 644 COPYING $(DESTDIR)$(DOCDIR) + + install : install-common +- install -m755 vpnc $(DESTDIR)$(SBINDIR) +- install -m755 cisco-decrypt $(DESTDIR)$(BINDIR) ++ install -m 755 vpnc $(DESTDIR)$(SBINDIR) ++ install -m 755 cisco-decrypt $(DESTDIR)$(BINDIR) + + install-strip : install-common +- install -s -m755 vpnc $(DESTDIR)$(SBINDIR) +- install -s -m755 cisco-decrypt $(DESTDIR)$(BINDIR) ++ install -s -m 755 vpnc $(DESTDIR)$(SBINDIR) ++ install -s -m 755 cisco-decrypt $(DESTDIR)$(BINDIR) + + uninstall : + rm -f $(DESTDIR)$(SBINDIR)/vpnc \ +-- +2.12.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0003-error.h-is-specific-to-glibc-on-linux.patch b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0003-error.h-is-specific-to-glibc-on-linux.patch new file mode 100644 index 000000000..bb7730647 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0003-error.h-is-specific-to-glibc-on-linux.patch @@ -0,0 +1,30 @@ +From 6b49020893f999df56392b49b1a289cb96a113a1 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 29 Mar 2017 22:08:17 -0700 +Subject: [PATCH 3/8] error.h is specific to glibc on linux + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + sysdep.h | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/sysdep.h b/sysdep.h +index 137bf6d..6a323f0 100644 +--- a/sysdep.h ++++ b/sysdep.h +@@ -37,9 +37,10 @@ int tun_read(int fd, unsigned char *buf, int len); + int tun_get_hwaddr(int fd, char *dev, uint8_t *hwaddr); + + /***************************************************************************/ +-#if defined(__linux__) || defined(__GLIBC__) ++#if defined(__linux__) ++#if defined(__GLIBC__) + #include <error.h> +- ++#endif + #define HAVE_VASPRINTF 1 + #define HAVE_ASPRINTF 1 + #define HAVE_ERROR 1 +-- +2.12.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0004-Use-pkgconfig-instead-of-libgcrypt-config.patch b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0004-Use-pkgconfig-instead-of-libgcrypt-config.patch new file mode 100644 index 000000000..f70a13898 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0004-Use-pkgconfig-instead-of-libgcrypt-config.patch @@ -0,0 +1,30 @@ +From 4d1dd61c04f52a7c796debbdea5fc9139ffa271d Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 29 Mar 2017 22:45:05 -0700 +Subject: [PATCH 4/8] Use pkgconfig instead of libgcrypt-config + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/Makefile b/Makefile +index a15782e..b537046 100644 +--- a/Makefile ++++ b/Makefile +@@ -63,10 +63,10 @@ RELEASE_VERSION := $(shell cat VERSION) + CC ?= gcc + CFLAGS ?= -O3 -g + CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings +-CFLAGS += $(shell libgcrypt-config --cflags) $(CRYPTO_CFLAGS) ++CFLAGS += $(shell pkg-config libgcrypt --cflags) $(CRYPTO_CFLAGS) + CPPFLAGS += -DVERSION=\"$(VERSION)\" + LDFLAGS ?= -g +-LIBS += $(shell libgcrypt-config --libs) $(CRYPTO_LDADD) ++LIBS += $(shell pkg-config libgcrypt --libs) $(CRYPTO_LDADD) + + ifeq ($(shell uname -s), SunOS) + LIBS += -lnsl -lresolv -lsocket +-- +2.12.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0005-include-sys-ttydefaults.h-for-CEOT-definition.patch b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0005-include-sys-ttydefaults.h-for-CEOT-definition.patch new file mode 100644 index 000000000..01783f45b --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0005-include-sys-ttydefaults.h-for-CEOT-definition.patch @@ -0,0 +1,30 @@ +From 1947ea776dc38c3377702dd89bd229670f4d948d Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 29 Mar 2017 23:06:52 -0700 +Subject: [PATCH 5/8] include sys/ttydefaults.h for CEOT definition + +Fixes + +config.c:146:25: error: use of undeclared identifier 'CEOT' + if (llen == 0 && c == CEOT) + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + config.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/config.c b/config.c +index 804faa7..1883d12 100644 +--- a/config.c ++++ b/config.c +@@ -31,6 +31,7 @@ + #include <sys/types.h> + #include <sys/utsname.h> + #include <sys/wait.h> ++#include <sys/ttydefaults.h> + + #include <gcrypt.h> + +-- +2.12.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0006-sysdep-Add-header-include-sequence-to-adjust-for-mus.patch b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0006-sysdep-Add-header-include-sequence-to-adjust-for-mus.patch new file mode 100644 index 000000000..fa89df279 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0006-sysdep-Add-header-include-sequence-to-adjust-for-mus.patch @@ -0,0 +1,40 @@ +From 56768fc0c2cbd6abcf28c9805ab516db8a0548d4 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 29 Mar 2017 23:09:47 -0700 +Subject: [PATCH 6/8] sysdep: Add header include sequence to adjust for musl + +--- + sysdep.h | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +diff --git a/sysdep.h b/sysdep.h +index 6a323f0..0122b95 100644 +--- a/sysdep.h ++++ b/sysdep.h +@@ -17,16 +17,20 @@ + * __SKYOS__ + * + */ ++/* hack to make sure kernel headers understand that libc (musl) ++ * does define IFF_LOWER_UP et al. ++ */ ++#define __UAPI_DEF_IF_NET_DEVICE_FLAGS_LOWER_UP_DORMANT_ECHO 0 + + #include <sys/types.h> + #include <sys/socket.h> +-#include <netinet/in.h> + + #if !defined(__CYGWIN__) +-#include <net/if.h> +-#include <net/if_arp.h> ++//#include <linux/if.h> ++//#include <net/if_arp.h> + #include <netinet/if_ether.h> + #endif ++#include <netinet/in.h> + + #include "config.h" + +-- +2.12.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0007-add-error-API-when-error.h-is-not-on-platform.patch b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0007-add-error-API-when-error.h-is-not-on-platform.patch new file mode 100644 index 000000000..de67b47a4 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0007-add-error-API-when-error.h-is-not-on-platform.patch @@ -0,0 +1,66 @@ +From b6a027fe4da6f66552b533f1314e5005b16c5455 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 29 Mar 2017 23:52:36 -0700 +Subject: [PATCH 7/8] add error() API when error.h is not on platform + +sign-off-by: Khem Raj <raj.khem@gmail.com> +--- + sysdep.c | 24 ++++++++++++++++++++++++ + sysdep.h | 2 ++ + 2 files changed, 26 insertions(+) + +diff --git a/sysdep.c b/sysdep.c +index d8f181d..2518ec1 100644 +--- a/sysdep.c ++++ b/sysdep.c +@@ -17,6 +17,7 @@ + GNU General Public License for more details. + */ + ++#define _GNU_SOURCE + #include <unistd.h> + #include <fcntl.h> + #include <stdlib.h> +@@ -794,3 +795,26 @@ int setenv(const char *name, const char *value, int overwrite) + return ret; + } + #endif ++ ++#ifndef _ERROR_H_ ++#define _ERROR_H_ ++#include <stdarg.h> ++#include <stdio.h> ++#include <errno.h> ++ ++void error(int status, int errnum, const char* format, ...) ++{ ++ va_list ap; ++ ++ fflush(stdout); ++ fprintf(stderr, "%s: ", program_invocation_name); ++ va_start(ap, format); ++ vfprintf(stderr, format, ap); ++ va_end(ap); ++ if (errnum) ++ fprintf(stderr, ":%d", errnum); ++ if (status) ++ exit(status); ++} ++#endif /* _ERROR_H_ */ ++ +diff --git a/sysdep.h b/sysdep.h +index 0122b95..4e60064 100644 +--- a/sysdep.h ++++ b/sysdep.h +@@ -44,6 +44,8 @@ int tun_get_hwaddr(int fd, char *dev, uint8_t *hwaddr); + #if defined(__linux__) + #if defined(__GLIBC__) + #include <error.h> ++#else ++void error(int status, int errnum, const char* format, ...); + #endif + #define HAVE_VASPRINTF 1 + #define HAVE_ASPRINTF 1 +-- +2.12.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0008-include-sysdep.h-before-net-if_tun.h.patch b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0008-include-sysdep.h-before-net-if_tun.h.patch new file mode 100644 index 000000000..62ffdb7c9 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0008-include-sysdep.h-before-net-if_tun.h.patch @@ -0,0 +1,36 @@ +From 7f01847d14a1a3af50f49499743b0551ddef1311 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Wed, 29 Mar 2017 23:54:01 -0700 +Subject: [PATCH 8/8] include sysdep.h before net/if_tun.h + +Fixes duplicate defines in header errors + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + sysdep.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sysdep.c b/sysdep.c +index 2518ec1..5624ef1 100644 +--- a/sysdep.c ++++ b/sysdep.c +@@ -57,6 +57,8 @@ + #include <sys/cygwin.h> + #endif + ++#include "sysdep.h" ++ + #if defined(__DragonFly__) + #include <net/tun/if_tun.h> + #elif defined(__linux__) +@@ -69,7 +71,6 @@ + #include <net/if_tun.h> + #endif + +-#include "sysdep.h" + + #if !defined(HAVE_VASPRINTF) || !defined(HAVE_ASPRINTF) || !defined(HAVE_ERROR) + #include <stdarg.h> +-- +2.12.1 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0009-reduce-lifetime-value.patch b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0009-reduce-lifetime-value.patch new file mode 100644 index 000000000..2bed55041 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/0009-reduce-lifetime-value.patch @@ -0,0 +1,42 @@ +From 39925f090c21ab571ebc6ec250696f7f7093a2a6 Mon Sep 17 00:00:00 2001 +From: Will Page <Will.Page@ni.com> +Date: Wed, 30 Aug 2017 18:14:00 -0700 +Subject: [PATCH 1/1] Reduce lifetime value to widely-compatible value + +Current proposed lifetime value (2147483 seconds, which equates to +MAXINT ms, or ~25 days) is rejected by Fortigate vpn devices because +"peer SA proposal does not match local policy". It seems default +policy for these devices constrains lifetime where similar VPN devices +don't. + +Reducing the lifetime from its current value to 28800 (exactly 8 hours) +causes it to start working with fortigate devices. +--- + vpnc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/vpnc.c b/vpnc.c +index 36dd0f3..3e0fcba 100644 +--- a/vpnc.c ++++ b/vpnc.c +@@ -1135,7 +1135,7 @@ static struct isakmp_attribute *make_transform_ike(int dh_group, int crypt, int + a->af = isakmp_attr_lots; + a->u.lots.length = 4; + a->u.lots.data = xallocc(a->u.lots.length); +- *((uint32_t *) a->u.lots.data) = htonl(2147483); ++ *((uint32_t *) a->u.lots.data) = htonl(28800); + a = new_isakmp_attribute_16(IKE_ATTRIB_LIFE_TYPE, IKE_LIFE_TYPE_SECONDS, a); + a = new_isakmp_attribute_16(IKE_ATTRIB_AUTH_METHOD, auth, a); + a = new_isakmp_attribute_16(IKE_ATTRIB_GROUP_DESC, dh_group, a); +@@ -2561,7 +2561,7 @@ static struct isakmp_attribute *make_transform_ipsec(struct sa_block *s, int dh_ + a->af = isakmp_attr_lots; + a->u.lots.length = 4; + a->u.lots.data = xallocc(a->u.lots.length); +- *((uint32_t *) a->u.lots.data) = htonl(2147483); ++ *((uint32_t *) a->u.lots.data) = htonl(28800); + a = new_isakmp_attribute_16(ISAKMP_IPSEC_ATTRIB_SA_LIFE_TYPE, IPSEC_LIFE_SECONDS, a); + + if (dh_group) +-- +2.7.4 + diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/default.conf b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/default.conf new file mode 100644 index 000000000..48b15eca6 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/default.conf @@ -0,0 +1,19 @@ +# Comment out the options you need. +# Verify your config with "vpnc --print-config". +# You might also try "vpnc --long-help" or look into the documentation. + +# Needed (you will be prompted if this is missing): +#IPSec gateway 10.1.2.3 +#IPSec ID YOURPEERSID +#IPSec secret YOURPEERSSECRET +#Xauth username YOURUSERNAME +#Xauth password YOURPASSWORD + +# Optional: +#UDP Encapsulate +#UDP Encapsulation Port 10000 +#Noninteractive +#No Detach +#Debug 99 +#Interface name tun0 +#Script /etc/vpnc/vpnc-script diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/long-help b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/long-help new file mode 100644 index 000000000..fbec25414 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc/long-help @@ -0,0 +1,168 @@ +Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files] + +Options: + --gateway <ip/hostname> + IP/name of your IPSec gateway + conf-variable: IPSec gateway <ip/hostname> + + --id <ASCII string> + your group name + conf-variable: IPSec ID <ASCII string> + + (configfile only option) + your group password (cleartext) + conf-variable: IPSec secret <ASCII string> + + (configfile only option) + your group password (obfuscated) + conf-variable: IPSec obfuscated secret <hex string> + + --username <ASCII string> + your username + conf-variable: Xauth username <ASCII string> + + (configfile only option) + your password (cleartext) + conf-variable: Xauth password <ASCII string> + + (configfile only option) + your password (obfuscated) + conf-variable: Xauth obfuscated password <hex string> + + --domain <ASCII string> + (NT-) Domain name for authentication + conf-variable: Domain <ASCII string> + + --xauth-inter + enable interactive extended authentication (for challenge response auth) + conf-variable: Xauth interactive + + --vendor <cisco/netscreen> + vendor of your IPSec gateway + Default: cisco + conf-variable: Vendor <cisco/netscreen> + + --natt-mode <natt/none/force-natt/cisco-udp> + Which NAT-Traversal Method to use: + * natt -- NAT-T as defined in RFC3947 + * none -- disable use of any NAT-T method + * force-natt -- always use NAT-T encapsulation even + without presence of a NAT device + (useful if the OS captures all ESP traffic) + * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000 + Note: cisco-tcp encapsulation is not yet supported + Default: natt + conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp> + + --script <command> + command is executed using system() to configure the interface, + routing and so on. Device name, IP, etc. are passed using enviroment + variables, see README. This script is executed right after ISAKMP is + done, but before tunneling is enabled. It is called when vpnc + terminates, too + Default: /etc/vpnc/vpnc-script + conf-variable: Script <command> + + --dh <dh1/dh2/dh5> + name of the IKE DH Group + Default: dh2 + conf-variable: IKE DH Group <dh1/dh2/dh5> + + --pfs <nopfs/dh1/dh2/dh5/server> + Diffie-Hellman group to use for PFS + Default: server + conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server> + + --enable-1des + enables weak single DES encryption + conf-variable: Enable Single DES + + --enable-no-encryption + enables using no encryption for data traffic (key exchanged must be encrypted) + conf-variable: Enable no encryption + + --application-version <ASCII string> + Application Version to report. Note: Default string is generated at runtime. + Default: Cisco Systems VPN Client 0.5.3-394:Linux + conf-variable: Application version <ASCII string> + + --ifname <ASCII string> + visible name of the TUN/TAP interface + conf-variable: Interface name <ASCII string> + + --ifmode <tun/tap> + mode of TUN/TAP interface: + * tun: virtual point to point interface (default) + * tap: virtual ethernet interface + Default: tun + conf-variable: Interface mode <tun/tap> + + --debug <0/1/2/3/99> + Show verbose debug messages + * 0: Do not print debug information. + * 1: Print minimal debug information. + * 2: Show statemachine and packet/payload type information. + * 3: Dump everything exluding authentication data. + * 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS). + conf-variable: Debug <0/1/2/3/99> + + --no-detach + Don't detach from the console after login + conf-variable: No Detach + + --pid-file <filename> + store the pid of background process in <filename> + Default: /var/run/vpnc/pid + conf-variable: Pidfile <filename> + + --local-addr <ip/hostname> + local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign) + Default: 0.0.0.0 + conf-variable: Local Addr <ip/hostname> + + --local-port <0-65535> + local ISAKMP port number to use (0 == use random port) + Default: 500 + conf-variable: Local Port <0-65535> + + --udp-port <0-65535> + Local UDP port number to use (0 == use random port). + This is only relevant if cisco-udp nat-traversal is used. + This is the _local_ port, the remote udp port is discovered automatically. + It is especially not the cisco-tcp port. + Default: 10000 + conf-variable: Cisco UDP Encapsulation Port <0-65535> + + --dpd-idle <0,10-86400> + Send DPD packet after not receiving anything for <idle> seconds. + Use 0 to disable DPD completely (both ways). + Default: 300 + conf-variable: DPD idle timeout (our side) <0,10-86400> + + --non-inter + Don't ask anything, exit on missing options + conf-variable: Noninteractive + + --auth-mode <psk/cert/hybrid> + Authentication mode: + * psk: pre-shared key (default) + * cert: server + client certificate (not implemented yet) + * hybrid: server certificate + xauth (if built with openssl support) + Default: psk + conf-variable: IKE Authmode <psk/cert/hybrid> + + --ca-file <filename> + filename and path to the CA-PEM-File + conf-variable: CA-File <filename> + + --ca-dir <directory> + path of the trusted CA-Directory + Default: /etc/ssl/certs + conf-variable: CA-Dir <directory> + + --target-network <target network/netmask> + Target network in dotted decimal or CIDR notation + Default: 0.0.0.0/0.0.0.0 + conf-variable: IPSEC target network <target network/netmask> + +Report bugs to vpnc@unix-ag.uni-kl.de diff --git a/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb new file mode 100644 index 000000000..ea2179985 --- /dev/null +++ b/meta-openembedded/meta-networking/recipes-connectivity/vpnc/vpnc_0.5.3.bb @@ -0,0 +1,59 @@ +SUMMARY = "A client for the Cisco3000 VPN Concentrator" +HOMEPAGE = "http://www.unix-ag.uni-kl.de/~massar/vpnc/" +AUTHOR = "Maurice Massar vpnc@unix-ag.uni-kl.de" +SECTION = "net" +LICENSE = "GPL-2.0+" +LIC_FILES_CHKSUM = "file://COPYING;md5=173b74cb8ac640a9992c03f3bce22a33" + +DEPENDS += "libgcrypt" + +PV .= "r550-2jnpr1" +SRCREV = "b1243d29e0c00312ead038b04a2cf5e2fa31d740" +SRC_URI = "git://github.com/ndpgroup/vpnc \ + file://long-help \ + file://default.conf \ + file://0001-search-for-log-help-in-build-dir.patch \ + file://0002-Fix-vpnc-install-for-cross-compile.patch \ + file://0003-error.h-is-specific-to-glibc-on-linux.patch \ + file://0004-Use-pkgconfig-instead-of-libgcrypt-config.patch \ + file://0005-include-sys-ttydefaults.h-for-CEOT-definition.patch \ + file://0006-sysdep-Add-header-include-sequence-to-adjust-for-mus.patch \ + file://0007-add-error-API-when-error.h-is-not-on-platform.patch \ + file://0008-include-sysdep.h-before-net-if_tun.h.patch \ + file://0009-reduce-lifetime-value.patch \ + " + +PACKAGECONFIG ?= "gnutls" + +PACKAGECONFIG[gnutls] = ",,gnutls" +PACKAGECONFIG[openssl] = ",,openssl" + +S = "${WORKDIR}/git" + +inherit perlnative pkgconfig + +#EXTRA_OEMAKE = "-e MAKEFLAGS=" + +do_configure_append () { + # Make sure we use our nativeperl wrapper + sed -i "1s:#!.*:#!/usr/bin/env nativeperl:" ${S}/*.pl + cp ${WORKDIR}/long-help ${S} +} + +do_install () { + sed -i s:m600:m\ 600:g Makefile + oe_runmake 'DESTDIR=${D}' 'PREFIX=/usr' install + rm -f ${D}${sysconfdir}/vpnc/vpnc.conf #This file is useless + install ${WORKDIR}/default.conf ${D}${sysconfdir}/vpnc/default.conf +} + +SYSROOT_PREPROCESS_FUNCS += "vpnc_sysroot_preprocess" + +vpnc_sysroot_preprocess () { + install -d ${SYSROOT_DESTDIR}${sysconfdir}/vpnc + install -m 755 ${D}${sysconfdir}/vpnc/vpnc-script ${SYSROOT_DESTDIR}${sysconfdir}/vpnc +} + +CONFFILES_${PN} = "${sysconfdir}/vpnc/default.conf" +RDEPENDS_${PN} = "perl-module-io-file" +RRECOMMENDS_${PN} = "kernel-module-tun" |