Date: Thu, 18 Dec 2003 14:29:33 +0100 (CET) From: Christian Lackas <delta@lackas.net> To: FreeBSD-gnats-submit@FreeBSD.org Cc: krion@FreeBSD.org Subject: ports/60364: update of port security/vpnc Message-ID: <200312181329.hBIDTX2j047555@zel726.zel.kfa-juelich.de> Resent-Message-ID: <200312181330.hBIDUDUd067929@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 60364 >Category: ports >Synopsis: update of port security/vpnc >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Dec 18 05:30:13 PST 2003 >Closed-Date: >Last-Modified: >Originator: Christian Lackas >Release: FreeBSD 4.9-STABLE i386 >Organization: Research Center Jülich >Environment: System: FreeBSD zel726.zel.kfa-juelich.de 4.9-STABLE FreeBSD 4.9-STABLE #12: Tue Dec 16 18:33:37 CET 2003 root@zel726.zel.kfa-juelich.de:/usr/obj/usr/src/sys/DELTA i386 >Description: Fixing some bugs in the ports, e.g. - using PREFIX/CC/CFLAGS (with help from Markus Brueffer) - added a man-page - installing additional docs - fixed installing with 0666 - sample start script now works and actually contains an usefull example - fixed install target - added a comment (in pkg-message) about ESP "Protocol not supported" The typo mentioned in http://www.freebsd.org/cgi/getmsg.cgi?fetch=793977+0+current/cvs-ports ist also fixed in this update. >How-To-Repeat: N/A >Fix: There is a tgz-file and a patch available at http://www.lackas.net/freebsd/ And I also append a shar file with the complete new port (same as tgz-file) # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # vpnc # vpnc/Makefile # vpnc/distinfo # vpnc/pkg-descr # vpnc/pkg-message # vpnc/pkg-plist # vpnc/files # vpnc/files/patch-Makefile # vpnc/files/patch-vpnc.c # vpnc/files/vpnc.8 # vpnc/files/vpnc.sh # echo c - vpnc mkdir -p vpnc > /dev/null 2>&1 echo x - vpnc/Makefile sed 's/^X//' >vpnc/Makefile << 'END-of-vpnc/Makefile' X# New ports collection makefile for: vpnc X# Date created: 15 December 2003 X# Whom: Christian Lackas X# X# $FreeBSD$ X# X XPORTNAME= vpnc XPORTVERSION= 0.2 XPORTREVISION= 1 XCATEGORIES= security XMASTER_SITES= http://www.unix-ag.uni-kl.de/~massar/vpnc/ XDISTNAME= ${PORTNAME}-${PORTVERSION}-rm+zomb-pre6 X XMAINTAINER= delta@lackas.net XCOMMENT= "Client for Cisco 3000 VPN Concentrator" X XLIB_DEPENDS= gcrypt.6:${PORTSDIR}/security/libgcrypt X XUSE_GMAKE= yes XUSE_REINPLACE= yes XALL_TARGET= vpnc X XMAN8=vpnc.8 X Xdo-install: X @${INSTALL_PROGRAM} -m 751 ${WRKSRC}/vpnc ${PREFIX}/sbin/vpnc X @${INSTALL_SCRIPT} -m 755 ${FILESDIR}/vpnc.sh ${PREFIX}/etc/rc.d/vpnc.sh.sample X @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${PREFIX}/etc/rc.d/vpnc.sh.sample X @${INSTALL_DATA} -m 600 ${WRKSRC}/vpnc.conf ${PREFIX}/etc/vpnc.conf.sample X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X @${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR} X @${INSTALL_DATA} ${WRKSRC}/ChangeLog ${DOCSDIR} X @${INSTALL_DATA} ${WRKSRC}/TODO ${DOCSDIR} X.endif X.if !defined(NO_INSTALL_MANPAGES) X @${INSTALL_MAN} ${FILESDIR}/vpnc.8 ${PREFIX}/man/man8 X.endif X @${CAT} ${PKGMESSAGE} X Xpost-patch: X @${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/vpnc.c X @${REINPLACE_CMD} -e 's|%%CC%%|${CC}|;s|%%CFLAGS%%|${CFLAGS}|' ${WRKSRC}/Makefile X X.include <bsd.port.mk> END-of-vpnc/Makefile echo x - vpnc/distinfo sed 's/^X//' >vpnc/distinfo << 'END-of-vpnc/distinfo' XMD5 (vpnc-0.2-rm+zomb-pre6.tar.gz) = e2061c70455f333b2ee9089c6e25adec END-of-vpnc/distinfo echo x - vpnc/pkg-descr sed 's/^X//' >vpnc/pkg-descr << 'END-of-vpnc/pkg-descr' XVPNC - Client for Cisco 3000 VPN Concentrator X XA VPN client compatible with Cisco's EasyVPN equipment. XSupports IPSec (ESP) with Mode Configuration and Xauth. Supports only Xshared-secret IPSec authentication, 3DES, MD5, and IP tunneling. XIt runs entirely in userspace X XWWW: http://www.unix-ag.uni-kl.de/~massar/vpnc/ END-of-vpnc/pkg-descr echo x - vpnc/pkg-message sed 's/^X//' >vpnc/pkg-message << 'END-of-vpnc/pkg-message' XIf vpnc fails with X X socket(SOCK_RAW): Protocol not supported X Xcheck your kernel configuration. The ESP protocol Xis only enabled for FAST_IPSEC (this cannot be Xconfigured together with IPSEC). See LINT for Xfurther details. END-of-vpnc/pkg-message echo x - vpnc/pkg-plist sed 's/^X//' >vpnc/pkg-plist << 'END-of-vpnc/pkg-plist' Xsbin/vpnc Xetc/vpnc.conf.sample Xetc/rc.d/vpnc.sh.sample X%%PORTDOCS%%%%DOCSDIR%%/README X%%PORTDOCS%%%%DOCSDIR%%/ChangeLog X%%PORTDOCS%%%%DOCSDIR%%/TODO X%%PORTDOCS%%@dirrm %%DOCSDIR%% END-of-vpnc/pkg-plist echo c - vpnc/files mkdir -p vpnc/files > /dev/null 2>&1 echo x - vpnc/files/patch-Makefile sed 's/^X//' >vpnc/files/patch-Makefile << 'END-of-vpnc/files/patch-Makefile' X--- Makefile.orig Sun Nov 2 01:21:39 2003 X+++ Makefile Wed Dec 17 09:56:14 2003 X@@ -15,14 +15,14 @@ X # along with this program; if not, write to the Free Software X # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA X X-CC=gcc X-CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags) X-LDFLAGS=-g $(shell libgcrypt-config --libs) X+CC=%%CC%% X+CFLAGS=-W -Wall %%CFLAGS%% '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags) X+LDFLAGS=$(shell libgcrypt-config --libs) X X ifeq ($(shell uname -s), Linux) X SYSDEP=sysdep-linux.o X endif X-ifeq ($(shell uname -s), NetBSD) X+ifeq ($(shell uname -s), FreeBSD) X CFLAGS += -DSOCKADDR_IN_SIN_LEN X SYSDEP=sysdep-bsd.o X endif END-of-vpnc/files/patch-Makefile echo x - vpnc/files/patch-vpnc.c sed 's/^X//' >vpnc/files/patch-vpnc.c << 'END-of-vpnc/files/patch-vpnc.c' X--- vpnc.c.orig Tue Dec 16 00:25:01 2003 X+++ vpnc.c Tue Dec 16 00:25:33 2003 X@@ -2007,7 +2007,7 @@ X else X read_config_file (argv[i], config, 0); X X- read_config_file ("/etc/vpnc.conf", config, 1); X+ read_config_file ("%%PREFIX%%/etc/vpnc.conf", config, 1); X X if (!config[CONFIG_IKE_DH]) X config[CONFIG_IKE_DH] = "dh2"; END-of-vpnc/files/patch-vpnc.c echo x - vpnc/files/vpnc.8 sed 's/^X//' >vpnc/files/vpnc.8 << 'END-of-vpnc/files/vpnc.8' X.\" Process this file with X.\" groff -man -Tascii vpnc.8 X.\" X.TH VPNC 8 "December 2003" FreeBSD "vpnc" X.SH NAME Xvpnc \- Client for Cisco 3000 VPN Concentrator X.SH SYNOPSIS X.B vpnc [ --gateway X.I IP-or-hostname X.B ] [ --id X.I IPSec group Id X.B ] [ --username X.I name X.B ] [ --ifname X.I name X.B ] [ --local-port X.I port number X.B ] [ --pid-file X.I filename X.B ] [ --dh X.I IKE DH group X.B ] [ --pfs X.I PFS group X.B ] [ --non-inter ] [ --debug ] [ --no-detach ] [ --print-config ] X.SH DESCRIPTION X.B vpnc Xis a VPN client for the Cisco 3000 VPN Concentrator, Xcreating a IPSec-like connection as a tunneling Xnetwork device for the local system. It uses the XTUN/TAP driver in Linux kernel 2.4 and above and Xdevice X.BR tun (4) Xon BSD. X XThe vpnc daemon by it self does not set any routes. The user Xhas to do it on its own, e.g. for a full tunnel under FreeBSD X X.RS X.PD 0 Xroute add -host VPNGATEWAY ROUTER X.P Xroute delete default X.P Xroute add default -interface tun0 X.PD X.RE X.SH CONFIGURATION XThe daemon reads configuration data from the following places: X.PD 0 X.IP "- command line options" X.IP "- config file(s) specified on the command line" X.IP "- PREFIX/etc/vpnc.conf" X.IP "- prompting the user if not found above" X.PD X.SH OPTIONS X.IP "--gateway IP-or-hostname" XIP address or hostname of the VPN gateway X.IP "--id IPSec group Id" XID of the IPSec group X.IP "--username name" Xyour user credentials X.IP "--ifname name" Xname of the tun-interface to use X.IP "--local-port port number" Xuse this port for the connection <0-65535>, use 0 for random X.IP "--pid-file filename" Xstore the pid of background process there X.IP "--dh IKE DH group" Xname of the IKE DH Group <dh1/dh2/dh5> X.IP "--pfs PFS group" XPerfect Forward Secrecy <nopfs/dh1/dh2/dh5> X.IP "--non-inter" Xnon interactive mode, don't ask any questions X.IP "--debug nr" Xset debugging level <0/1/2/3/99> X.IP "--no-detach" Xdo not send daemon to background X.IP "--print-config" Xprints your configuration; output can be used as vpnc.conf X X.SH FILES X.I PREFIX/etc/vpnc.conf X.RS XThe default configuration file. See X.BR EXAMPLES Xfor further details. X.RE X X.SH EXAMPLES XThis is an example vpnc.conf: X X.RS X.PD 0 XIKE DH Group dh2 X.P XPerfect Forward Secrecy nopfs X.P XIPSec gateway vpn.rwth-aachen.de X.P XIPSec ID MoPS X.P XIPSec secret mopsWLAN X.P XXauth username abcdef X.P XXauth passwort 123456 X.PD X.RE X XThe values start exactly one space after the keywords, and run to the end of Xline. This lets you put any kind of weird character (except EOL and NUL) in Xyour strings, but it does mean you can't add comments after a string, or spaces Xbefore them. X XSee also the X.B --print-config Xoption to generate a config file. X X.SH TODO XRe-keying is no implemented yet (default rekey-intervall is 8 hours). X X.SH AUTHOR XThis man-page has been written by Christian Lackas <delta(at)lackas.net>, Xbased on the Debian man-page Xby Eduard Bloch <blade(at)debian.org> and the vpnc README by XMaurice Massar <vpnc(at)unix-ag.uni-kl.de> X X.SH "SEE ALSO" X.BR tun (4), X.BR route (1), X.BR http://www.unix-ag.uni-kl.de/~massar/vpnc/ END-of-vpnc/files/vpnc.8 echo x - vpnc/files/vpnc.sh sed 's/^X//' >vpnc/files/vpnc.sh << 'END-of-vpnc/files/vpnc.sh' X#! /bin/sh X XPREFIX=%%PREFIX%% XPIDFILE=/var/run/vpnc.pid X X# change these variables and activate comments X# below to get a full tunnel XVPNGATEWAY=vpn.rwth-aachen.de XROUTER=192.168.111.2 X Xcase "$1" in Xstart) X [ -x ${PREFIX}/sbin/vpnc ] && ${PREFIX}/sbin/vpnc --pid-file ${PIDFILE} && X # route add -host ${VPNGATEWAY} ${ROUTER} X # route delete default && X # route add default -interface tun0 && X echo -n ' vpnc' X ;; Xstop) X kill `cat ${PIDFILE}` X # route delete default && X # route add default ${ROUTER} X ;; X*) X echo "Usage: `basename $0` {start|stop}" >&2 X ;; Xesac X Xexit 0 END-of-vpnc/files/vpnc.sh exit >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312181329.hBIDTX2j047555>