| developer | 82183d8 | 2023-10-13 12:08:31 +0800 | [diff] [blame] | 1 | --- a/feeds/packages/net/strongswan/Makefile |
| 2 | +++ b/feeds/packages/net/strongswan/Makefile |
| 3 | @@ -544,6 +544,8 @@ define Package/strongswan-ipsec/install |
| 4 | $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/ |
| 5 | $(INSTALL_DIR) $(1)/etc/init.d |
| 6 | $(INSTALL_BIN) ./files/ipsec.init $(1)/etc/init.d/ipsec |
| 7 | + $(INSTALL_DIR) $(1)/etc/config |
| 8 | + $(INSTALL_DATA) ./files/ipsec.conf $(1)/etc/config/ipsec |
| 9 | $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/ipsec $(1)/usr/sbin/ |
| 10 | endef |
| 11 | |
| 12 | --- /dev/null |
| 13 | +++ b/feeds/packages/net/strongswan/files/ipsec.conf |
| 14 | @@ -0,0 +1,28 @@ |
| 15 | +config 'ipsec' |
| 16 | + |
| 17 | +config 'remote' 'TEST' |
| 18 | + option 'enabled' '1' |
| 19 | + option 'gateway' '10.10.20.253' |
| 20 | + option 'authentication_method' 'psk' |
| 21 | + option 'pre_shared_key' '123456789' |
| 22 | + list 'crypto_proposal' 'phase_1_settings' |
| 23 | + list 'tunnel' 'TUNNEL' |
| 24 | + |
| 25 | +config 'crypto_proposal' 'phase_1_settings' |
| 26 | + option 'encryption_algorithm' 'aes128' |
| 27 | + option 'hash_algorithm' 'sha1' |
| 28 | + option 'dh_group' 'modp768' |
| 29 | + |
| 30 | +config 'tunnel' 'TUNNEL' |
| 31 | + option 'mode' 'add' |
| 32 | + option 'local_subnet' '192.168.1.0/24' |
| 33 | + option 'remote_subnet' '192.168.2.0/24' |
| 34 | + option 'crypto_proposal' 'phase_2_settings' |
| 35 | + option 'keyexchange' 'ikev2' |
| 36 | + option 'ikelifetime' '10800' |
| 37 | + option 'lifetime' '3600' |
| 38 | + |
| 39 | +config 'crypto_proposal' 'phase_2_settings' |
| 40 | + option 'encryption_algorithm' 'aes128' |
| 41 | + option 'hash_algorithm' 'sha1' |
| 42 | + option 'dh_group' 'modp768' |
| 43 | --- a/feeds/packages/net/strongswan/files/swanctl.init |
| 44 | +++ b/feeds/packages/net/strongswan/files/swanctl.init |
| 45 | @@ -241,6 +241,7 @@ config_child() { |
| 46 | local if_id |
| 47 | local rekeytime |
| 48 | local rekeybytes |
| 49 | + local replay_window |
| 50 | local lifebytes |
| 51 | local rekeypackets |
| 52 | local lifepackets |
| 53 | @@ -258,6 +259,7 @@ config_child() { |
| 54 | config_get interface "$conf" interface "" |
| 55 | config_get hw_offload "$conf" hw_offload "" |
| 56 | config_get priority "$conf" priority "" |
| 57 | + config_get replay_window "$conf" replay_window 32 |
| 58 | config_get rekeybytes "$conf" rekeybytes "" |
| 59 | config_get lifebytes "$conf" lifebytes "" |
| 60 | config_get rekeypackets "$conf" rekeypackets "" |
| 61 | @@ -323,7 +325,7 @@ config_child() { |
| 62 | esac |
| 63 | |
| 64 | case "$hw_offload" in |
| 65 | - yes|no|auto|"") |
| 66 | + yes|no|auto|crypto|packet|"") |
| 67 | ;; |
| 68 | *) |
| 69 | fatal "hw_offload value $hw_offload invalid" |
| 70 | @@ -339,6 +341,7 @@ config_child() { |
| 71 | [ -n "$remote_subnet" ] && swanctl_xappend4 "remote_ts = $remote_subnet" |
| 72 | |
| 73 | [ -n "$hw_offload" ] && swanctl_xappend4 "hw_offload = $hw_offload" |
| 74 | + [ -n "$replay_window" ] && swanctl_xappend4 "replay_window = $replay_window" |
| 75 | [ $ipcomp -eq 1 ] && swanctl_xappend4 "ipcomp = 1" |
| 76 | [ -n "$interface" ] && swanctl_xappend4 "interface = $interface" |
| 77 | [ -n "$priority" ] && swanctl_xappend4 "priority = $priority" |