[][openwrt][common][crypto][Remove ipsec service in strongswan]
[Description]
Remove ipsec service in strongswan.
strongswan-ipsec is now deprecated. swanctl is recommanded.
Additionally, ipsec service will conflict with swanctl. So,
use strongswan-ipsec only for loading ipsec.conf now.
[Release-log]
N/A
Change-Id: I1d7b9757fc48635351989848d7592d0aace21f4a
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/8258765
diff --git a/openwrt_patches-21.02/108-strongswan-add-uci-support.patch b/openwrt_patches-21.02/108-strongswan-add-uci-support.patch
index 218c5b6..354ace2 100644
--- a/openwrt_patches-21.02/108-strongswan-add-uci-support.patch
+++ b/openwrt_patches-21.02/108-strongswan-add-uci-support.patch
@@ -1,21 +1,48 @@
--- a/feeds/packages/net/strongswan/Makefile
+++ b/feeds/packages/net/strongswan/Makefile
-@@ -544,6 +544,8 @@ define Package/strongswan-ipsec/install
- $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
- $(INSTALL_DIR) $(1)/etc/init.d
- $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
+@@ -259,6 +259,7 @@ $(call Package/strongswan/Default)
+ TITLE+= (default)
+ DEPENDS:= strongswan \
+ +strongswan-charon \
++ +strongswan-ipsec \
+ +strongswan-mod-aes \
+ +strongswan-mod-attr \
+ +strongswan-mod-connmark \
+@@ -536,25 +537,8 @@ define Package/strongswan-ipsec/conffile
+ endef
+
+ define Package/strongswan-ipsec/install
+- $(INSTALL_DIR) $(1)/etc/ $(1)/usr/sbin
+- $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/
+- echo -e "\ninclude /var/ipsec/ipsec.conf" >> $(1)/etc/ipsec.conf
+- $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/
+- echo -e "\ninclude /var/ipsec/ipsec.secrets" >> $(1)/etc/ipsec.secrets
+- $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
+- $(INSTALL_DIR) $(1)/etc/init.d
+- $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
+- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
+-endef
+-
+-define Package/strongswan-ipsec/postinst
+-#!/bin/sh
+-
+-[ -z "$${IPKG_INSTROOT}" ] || exit 0
+-
+-opkg list-changed-conffiles | grep -qx /etc/ipsec.conf || {
+- rm -f /etc/ipsec.conf-opkg
+-}
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/config/ipsec
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
endef
+ define Package/strongswan-libnttfft/install
--- /dev/null
+++ b/feeds/packages/net/strongswan/files/ipsec.conf
@@ -0,0 +1,28 @@
+config 'ipsec'
+
+config 'remote' 'TEST'
-+ option 'enabled' '1'
++ option 'enabled' '0'
+ option 'gateway' '10.10.20.253'
+ option 'authentication_method' 'psk'
+ option 'pre_shared_key' '123456789'