* make strongswan4-default & strongswan4-minimal installable again
* mark strongswan4-full as DEVEL (closes: #9508)
git-svn-id: svn://svn.openwrt.org/openwrt/packages@28517 3c298f89-4303-0410-b956-a3cf2f4a3e73
Private libraries moved from /usr/lib to /usr/lib/ipsec.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@28016 3c298f89-4303-0410-b956-a3cf2f4a3e73
Update version of strongswan4 package from 4.5.1 to 4.5.2.
Add new strongswan4 plugins: coupling, duplicheck, whitelist.
Add strongswan4-libfast package and make build dependencies on
clearsilver and fcgi conditional. Previously libfast was being built,
but not packaged. Now libfast will only be built when the it's package
is selected.
Remove ipsec.conf and strongswan.conf and use configuration files from
upstream instead. The previously provided strongswan.conf was not
functional.
Omit strongswan4-mod-kernel-klips from strongswan4-full meta package in
favor of strongswan4-mod-kernel-netlink. Only one of these two kernel
interfaces should be installed.
Omit strongswan4-mod-socket-default from strongswan4-full meta package
in favor of strongswan4-mod-socket-raw. Only the raw socket allows
charon to run while pluto is also running.
Make all build dependencies on libraries required by strongswan4 plugins
conditional.
Signed-off-by: Lars Hjersted <lars@hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@27092 3c298f89-4303-0410-b956-a3cf2f4a3e73
This patch updates the strongswan4 package from 4.3.7 to 4.5.1. I have
added the following plugins which get built as strongswan4-mod-<plugin>
packages:
constraints - X.509 constraint checking
dhcp - DHCP-based IP and DNS
farp - Fake arp responses
led - LED blink on IKE activity
revocation - X.509 revocation checking
socket-default - Default socket for IKEv2
socket-raw - RAW socket of IKEv1 and IKEv2
xauth - XAUTH authentication
Upstream default plugins were added to the strongswan4-default meta
package. "socket-default" and "kernel-netlink" plugins were added to the
strongswan4-minimal meta package since a socket and a kernel interface are
required for a working setup and these are the upstream defaults in this
case. The whack command was moved to strongswan4-app-pluto.
The 202-clone.patch has been fixed upstream so it can be removed. The
other patches were rebased for the new strongswan4 release.
I have been using strongswan 4.5.1 with backfire and trunk for a couple
weeks now. There are some missing kernel modules in trunk that are
required for strongswan4 to work (also true for 4.3.7). There are already
a couple of tickets on trac addressing these kernel modules:
https://dev.openwrt.org/ticket/9234https://dev.openwrt.org/ticket/8928
I also have my own patch that just packages all of the missing modules
into a single kmod-crypto-ipsec package. It would be nice to get some
discussion how these modules should be packaged so we can get working
ipsec support in trunk.
Signed-off-by: Lars Hjersted <lars at hjersted.com>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@26789 3c298f89-4303-0410-b956-a3cf2f4a3e73
