developer | 773a9c2 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 1 | --- a/feeds/packages/net/strongswan/Makefile |
| 2 | +++ b/feeds/packages/net/strongswan/Makefile |
developer | af0399b | 2023-11-15 14:13:49 +0800 | [diff] [blame] | 3 | @@ -259,6 +259,7 @@ $(call Package/strongswan/Default) |
| 4 | TITLE+= (default) |
| 5 | DEPENDS:= strongswan \ |
| 6 | +strongswan-charon \ |
| 7 | + +strongswan-ipsec \ |
| 8 | +strongswan-mod-aes \ |
| 9 | +strongswan-mod-attr \ |
| 10 | +strongswan-mod-connmark \ |
| 11 | @@ -536,25 +537,8 @@ define Package/strongswan-ipsec/conffile |
| 12 | endef |
| 13 | |
| 14 | define Package/strongswan-ipsec/install |
| 15 | - $(INSTALL_DIR) $(1)/etc/ $(1)/usr/sbin |
| 16 | - $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/ipsec.conf $(1)/etc/ |
| 17 | - echo -e "\ninclude /var/ipsec/ipsec.conf" >> $(1)/etc/ipsec.conf |
| 18 | - $(INSTALL_CONF) ./files/ipsec.secrets $(1)/etc/ |
| 19 | - echo -e "\ninclude /var/ipsec/ipsec.secrets" >> $(1)/etc/ipsec.secrets |
| 20 | - $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/ |
| 21 | - $(INSTALL_DIR) $(1)/etc/init.d |
| 22 | - $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec |
| 23 | - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/ |
| 24 | -endef |
| 25 | - |
| 26 | -define Package/strongswan-ipsec/postinst |
| 27 | -#!/bin/sh |
| 28 | - |
| 29 | -[ -z "$${IPKG_INSTROOT}" ] || exit 0 |
| 30 | - |
| 31 | -opkg list-changed-conffiles | grep -qx /etc/ipsec.conf || { |
| 32 | - rm -f /etc/ipsec.conf-opkg |
| 33 | -} |
developer | 773a9c2 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 34 | + $(INSTALL_DIR) $(1)/etc/config |
| 35 | + $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/config/ipsec |
developer | 773a9c2 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 36 | endef |
| 37 | |
developer | af0399b | 2023-11-15 14:13:49 +0800 | [diff] [blame] | 38 | define Package/strongswan-libnttfft/install |
developer | 773a9c2 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 39 | --- /dev/null |
| 40 | +++ b/feeds/packages/net/strongswan/files/ipsec.conf |
developer | 0943999 | 2024-01-16 19:49:03 +0800 | [diff] [blame^] | 41 | @@ -0,0 +1,38 @@ |
developer | 773a9c2 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 42 | +config 'ipsec' |
| 43 | + |
| 44 | +config 'remote' 'TEST' |
developer | af0399b | 2023-11-15 14:13:49 +0800 | [diff] [blame] | 45 | + option 'enabled' '0' |
developer | 773a9c2 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 46 | + option 'gateway' '10.10.20.253' |
| 47 | + option 'authentication_method' 'psk' |
| 48 | + option 'pre_shared_key' '123456789' |
developer | 0943999 | 2024-01-16 19:49:03 +0800 | [diff] [blame^] | 49 | + option 'mode' 'tunnel' |
developer | 773a9c2 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 50 | + list 'crypto_proposal' 'phase_1_settings' |
| 51 | + list 'tunnel' 'TUNNEL' |
developer | 0943999 | 2024-01-16 19:49:03 +0800 | [diff] [blame^] | 52 | + list 'transport' 'TRANSPORT' |
developer | 773a9c2 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 53 | + |
| 54 | +config 'crypto_proposal' 'phase_1_settings' |
| 55 | + option 'encryption_algorithm' 'aes128' |
| 56 | + option 'hash_algorithm' 'sha1' |
| 57 | + option 'dh_group' 'modp768' |
| 58 | + |
| 59 | +config 'tunnel' 'TUNNEL' |
| 60 | + option 'mode' 'add' |
developer | 0943999 | 2024-01-16 19:49:03 +0800 | [diff] [blame^] | 61 | + list 'local_subnet' '192.168.1.0/24' |
| 62 | + list 'remote_subnet' '192.168.2.0/24' |
| 63 | + list 'crypto_proposal' 'phase_2_settings' |
developer | 773a9c2 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 64 | + option 'keyexchange' 'ikev2' |
| 65 | + option 'ikelifetime' '10800' |
| 66 | + option 'lifetime' '3600' |
| 67 | + |
developer | 0943999 | 2024-01-16 19:49:03 +0800 | [diff] [blame^] | 68 | +config tunnel 'TRANSPORT' |
| 69 | + option keyexchange 'ikev2' |
| 70 | + option ikelifetime '10800' |
| 71 | + option lifetime '3600' |
| 72 | + option startaction 'none' |
| 73 | + option hw_offload 'packet' |
| 74 | + list crypto_proposal 'phase_2_settings' |
| 75 | + |
developer | 773a9c2 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 76 | +config 'crypto_proposal' 'phase_2_settings' |
| 77 | + option 'encryption_algorithm' 'aes128' |
| 78 | + option 'hash_algorithm' 'sha1' |
| 79 | + option 'dh_group' 'modp768' |
| 80 | --- a/feeds/packages/net/strongswan/files/swanctl.init |
| 81 | +++ b/feeds/packages/net/strongswan/files/swanctl.init |
| 82 | @@ -241,6 +241,7 @@ config_child() { |
| 83 | local if_id |
| 84 | local rekeytime |
| 85 | local rekeybytes |
| 86 | + local replay_window |
| 87 | local lifebytes |
| 88 | local rekeypackets |
| 89 | local lifepackets |
| 90 | @@ -258,6 +259,7 @@ config_child() { |
| 91 | config_get interface "$conf" interface "" |
| 92 | config_get hw_offload "$conf" hw_offload "" |
| 93 | config_get priority "$conf" priority "" |
| 94 | + config_get replay_window "$conf" replay_window 32 |
| 95 | config_get rekeybytes "$conf" rekeybytes "" |
| 96 | config_get lifebytes "$conf" lifebytes "" |
| 97 | config_get rekeypackets "$conf" rekeypackets "" |
| 98 | @@ -323,7 +325,7 @@ config_child() { |
| 99 | esac |
| 100 | |
| 101 | case "$hw_offload" in |
| 102 | - yes|no|auto|"") |
| 103 | + yes|no|auto|crypto|packet|"") |
| 104 | ;; |
| 105 | *) |
| 106 | fatal "hw_offload value $hw_offload invalid" |
| 107 | @@ -339,6 +341,7 @@ config_child() { |
| 108 | [ -n "$remote_subnet" ] && swanctl_xappend4 "remote_ts = $remote_subnet" |
| 109 | |
| 110 | [ -n "$hw_offload" ] && swanctl_xappend4 "hw_offload = $hw_offload" |
| 111 | + [ -n "$replay_window" ] && swanctl_xappend4 "replay_window = $replay_window" |
| 112 | [ $ipcomp -eq 1 ] && swanctl_xappend4 "ipcomp = 1" |
| 113 | [ -n "$interface" ] && swanctl_xappend4 "interface = $interface" |
| 114 | [ -n "$priority" ] && swanctl_xappend4 "priority = $priority" |