The Openswan and UCI configuration file formats are very similar.
Implement the conversion from UCI to IPsec configuration file format in
the ipsec init script and store the converted information in
/etc/ipsec.uci.{conf,secrets} then reference these files from
/etc/ipsec.{conf,secrets}. This scheme allows for
backwards-compatibility during upgrades (since the original
configuration is preserved) and allows for users to implement any exotic
configurations that they require without conflicting with the
configuration in UCI.
Also add a nearly empty ipsec config file which enables nat_traversal.
This option should be safe in all configurations and is required in
many, which makes it a good default.
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@29585 3c298f89-4303-0410-b956-a3cf2f4a3e73
The /etc/ipsec.d directory holds the certificates and CRLs used for
IPsec, many of which may have been uploaded by users. /etc/ipsec.conf
and /etc/ipsec.secrets hold user configuration for the IPsec daemons.
Add a keep.d file to preserve these files/directories across upgrades.
Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@29584 3c298f89-4303-0410-b956-a3cf2f4a3e73