[][Support UCI Settings for IPSec]
[Description]
Add ipsec.conf to support UCI settings for IPSec.
[Release-log]
N/A
Change-Id: I25d73d0237b00c6c15aac08c0f8a90229829a1db
Reviewed-on: https://gerrit.mediatek.inc/c/openwrt/feeds/mtk_openwrt_feeds/+/4747403
diff --git a/openwrt_patches-21.02/107-strongswan-add-uci-support.patch b/openwrt_patches-21.02/107-strongswan-add-uci-support.patch
new file mode 100644
index 0000000..cff3b8e
--- /dev/null
+++ b/openwrt_patches-21.02/107-strongswan-add-uci-support.patch
@@ -0,0 +1,42 @@
+--- a/feeds/packages/net/strongswan/files/ipsec.conf
++++ b/feeds/packages/net/strongswan/files/ipsec.conf
+@@ -0,0 +1,28 @@
++config 'ipsec'
++
++config 'remote' 'TEST'
++ option 'enabled' '1'
++ option 'gateway' '10.10.20.253'
++ option 'authentication_method' 'psk'
++ option 'pre_shared_key' '123456789'
++ list 'crypto_proposal' 'phase_1_settings'
++ list 'tunnel' 'TUNNEL'
++
++config 'crypto_proposal' 'phase_1_settings'
++ option 'encryption_algorithm' 'aes128'
++ option 'hash_algorithm' 'sha1'
++ option 'dh_group' 'modp768'
++
++config 'tunnel' 'TUNNEL'
++ option 'mode' 'add'
++ option 'local_subnet' '192.168.1.0/24'
++ option 'remote_subnet' '192.168.2.0/24'
++ option 'crypto_proposal' 'phase_2_settings'
++ option 'keyexchange' 'ikev2'
++ option 'ikelifetime' '10800'
++ option 'lifetime' '3600'
++
++config 'crypto_proposal' 'phase_2_settings'
++ option 'encryption_algorithm' 'aes128'
++ option 'hash_algorithm' 'sha1'
++ option 'dh_group' 'modp768'
+--- a/feeds/packages/net/strongswan/Makefile
++++ b/feeds/packages/net/strongswan/Makefile
+@@ -505,6 +505,8 @@
+ $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec
++ $(INSTALL_DIR) $(1)/etc/config
++ $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/config/ipsec
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/
+ endef
+