diff options
Diffstat (limited to 'net-firewall/ipsec-tools/files')
| -rw-r--r-- | net-firewall/ipsec-tools/files/ipsec-tools.conf | 26 | ||||
| -rw-r--r-- | net-firewall/ipsec-tools/files/racoon.conf.d-r1 | 27 | ||||
| -rw-r--r-- | net-firewall/ipsec-tools/files/racoon.init.d-r2 | 57 |
3 files changed, 110 insertions, 0 deletions
diff --git a/net-firewall/ipsec-tools/files/ipsec-tools.conf b/net-firewall/ipsec-tools/files/ipsec-tools.conf new file mode 100644 index 000000000000..bfff04af069a --- /dev/null +++ b/net-firewall/ipsec-tools/files/ipsec-tools.conf @@ -0,0 +1,26 @@ +#!/usr/sbin/setkey -f +# +# THIS IS A SAMPLE FILE! +# +# This is a sample file to test Gentoo's ipsec-tools out of the box. +# Do not use it in production. See: http://www.ipsec-howto.org/ +# +flush; +spdflush; + +# +# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon. +# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6; +#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b; +#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; +#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; + +# +# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer +# +#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require; +#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require; +spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require; +spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require; diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d-r1 b/net-firewall/ipsec-tools/files/racoon.conf.d-r1 new file mode 100644 index 000000000000..b59afbc75405 --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.conf.d-r1 @@ -0,0 +1,27 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d-r1,v 1.1 2012/09/28 00:45:26 blueness Exp $ + +# Config file for /etc/init.d/racoon + +# See the man page or run `racoon --help` for valid command-line options +# RACOON_OPTS="-d" + +RACOON_CONF="/etc/racoon/racoon.conf" +RACOON_PSK_FILE="/etc/racoon/psk.txt" + +# The amount of time in ms for start-stop-daemon to wait before a timeout +# Racoon can sometimes be slow. We'll wait 1 sec. Bug #435398. + +RACOON_WAIT="1000" + +# The setkey config file. Don't name it ipsec.conf as this clashes +# with strongswan. We'll follow debian's naming. Bug #436144. + +SETKEY_CONF="/etc/ipsec-tools.conf" + +# Comment or remove the following if you don't want the policy tables +# to be flushed when racoon is stopped. + +RACOON_RESET_TABLES="true" + diff --git a/net-firewall/ipsec-tools/files/racoon.init.d-r2 b/net-firewall/ipsec-tools/files/racoon.init.d-r2 new file mode 100644 index 000000000000..aeed27d2287c --- /dev/null +++ b/net-firewall/ipsec-tools/files/racoon.init.d-r2 @@ -0,0 +1,57 @@ +#!/sbin/runscript +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + before netmount + use net +} + +checkconfig() { + if [ ! -e ${SETKEY_CONF} ] ; then + eerror "You need to configure setkey before starting racoon." + return 1 + fi + if [ ! -e ${RACOON_CONF} ] ; then + eerror "You need a configuration file to start racoon." + return 1 + fi + if [ ! -z ${RACOON_PSK_FILE} ] ; then + if [ ! -f ${RACOON_PSK_FILE} ] ; then + eerror "PSK file not found as specified." + eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." + return 1 + fi + case "`ls -Lldn ${RACOON_PSK_FILE}`" in + -r--------*) + ;; + *) + eerror "Your defined PSK file should be mode 400 for security!" + return 1 + ;; + esac + fi +} + +command=/usr/sbin/racoon +command_args="-f ${RACOON_CONF} ${RACOON_OPTS}" +pidfile=/var/run/racoon.pid +start_stop_daemon_args="--wait ${RACOON_WAIT}" + +start_pre() { + checkconfig || return 1 + einfo "Loading ipsec policies from ${SETKEY_CONF}." + /usr/sbin/setkey -f ${SETKEY_CONF} + if [ $? -eq 1 ] ; then + eerror "Error while loading ipsec policies" + fi +} + +stop_post() { + if [ -n "${RACOON_RESET_TABLES}" ]; then + ebegin "Flushing policy entries" + /usr/sbin/setkey -F + /usr/sbin/setkey -FP + eend $? + fi +} |