diff options
author | vsevolod <vsevolod@FreeBSD.org> | 2005-09-05 14:13:42 +0000 |
---|---|---|
committer | vsevolod <vsevolod@FreeBSD.org> | 2005-09-05 14:13:42 +0000 |
commit | f3d99f187623e68fe452883ded1426c11d712fd6 (patch) | |
tree | 6a36aa7450e0f72e0bd4cbe9736a41b3ae113c2d /security/ipsec-tools | |
parent | d61be1ae64a2b44cedac8040748a3ea3dec3f69b (diff) | |
download | FreeBSD-ports-f3d99f187623e68fe452883ded1426c11d712fd6.zip FreeBSD-ports-f3d99f187623e68fe452883ded1426c11d712fd6.tar.gz |
Add IPSec tools port - the new "official" version of racoon,
is the only one which is maintained and have lots of new features.
PR: 85544
Submitted by: VANHULLEBUS Yvan <vanhu@netasq.com>
Approved by: perky (mentor)
Diffstat (limited to 'security/ipsec-tools')
-rw-r--r-- | security/ipsec-tools/Makefile | 63 | ||||
-rw-r--r-- | security/ipsec-tools/distinfo | 2 | ||||
-rw-r--r-- | security/ipsec-tools/files/racoon.sh | 42 | ||||
-rw-r--r-- | security/ipsec-tools/pkg-descr | 26 | ||||
-rw-r--r-- | security/ipsec-tools/pkg-plist | 51 |
5 files changed, 184 insertions, 0 deletions
diff --git a/security/ipsec-tools/Makefile b/security/ipsec-tools/Makefile new file mode 100644 index 0000000..f2ea6fb --- /dev/null +++ b/security/ipsec-tools/Makefile @@ -0,0 +1,63 @@ +# New ports collection makefile for: ipsec-tools +# Date created: 20 dec 2004 +# Whom: vanhu +# +# $FreeBSD$ + +# TODO: - better list of master sites +# - configurable --enable-xxx +# - libipsec issue ? +# - cleanup... +# - SYSCONFDIR +# - $LOCALBASE/sbin/setkey Vs /usr/sbin/setkey + +PORTNAME= ipsec-tools +PORTVERSION= 0.6 +CATEGORIES= security net +MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} +MASTER_SITE_SUBDIR= ipsec-tools + +MAINTAINER= vanhu@netasq.com +COMMENT= KAME racoon IKE daemon, ipsec-tools version + +CONFLICTS= racoon-[0-9]* + +USE_RC_SUBR= yes +USE_OPENSSL= yes +USE_BZIP2= yes + +WRKSRC= ${WRKDIR}/${DISTNAME} +GNU_CONFIGURE= yes +USE_LIBTOOL_VER= 15 +INSTALLS_SHLIB= yes +LDFLAGS+= -L${LOCALBASE}/lib +CONFIGURE_ARGS+=--enable-debug --enable-dpd --enable-natt=kernel \ + --enable-frag --enable-ipv6 --enable-shared \ + --sysconfdir=${LOCALBASE}/etc \ + --with-pkgversion=freebsd-${PORTVERSION} \ + +MAN3= ipsec_set_policy.3 ipsec_strerror.3 +MAN5= racoon.conf.5 +MAN8= racoon.8 racoonctl.8 setkey.8 plainrsa-gen.8 + +RC_SCRIPTS_SUB= PREFIX=${PREFIX} \ + RC_SUBR=${RC_SUBR} + +PORTDOCS= * + +post-install: + @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ + ${FILESDIR}/racoon.sh > ${PREFIX}/etc/rc.d/racoon.sh + @${CHMOD} +x ${PREFIX}/etc/rc.d/racoon.sh + @if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && ${ECHO_CMD} ipsec` ]; then \ + ${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \ + ${ECHO_MSG} " You must build the kernel if you want to run racoon on the host"; \ + fi ; + @${MKDIR} ${EXAMPLESDIR} + @${CP} -r ${WRKSRC}/src/racoon/samples/* ${EXAMPLESDIR} +.if !defined(NOPORTDOCS) + @${MKDIR} ${DOCSDIR} + @${INSTALL_DATA} ${WRKSRC}/src/racoon/doc/* ${DOCSDIR} +.endif + +.include <bsd.port.mk> diff --git a/security/ipsec-tools/distinfo b/security/ipsec-tools/distinfo new file mode 100644 index 0000000..08cfa98 --- /dev/null +++ b/security/ipsec-tools/distinfo @@ -0,0 +1,2 @@ +MD5 (ipsec-tools-0.6.tar.bz2) = 0487458fe95defb609faa6b05cd9b0af +SIZE (ipsec-tools-0.6.tar.bz2) = 660938 diff --git a/security/ipsec-tools/files/racoon.sh b/security/ipsec-tools/files/racoon.sh new file mode 100644 index 0000000..0c61558 --- /dev/null +++ b/security/ipsec-tools/files/racoon.sh @@ -0,0 +1,42 @@ +#!/bin/sh + +# Start or stop racoon +# $FreeBSD: /tmp/pcvs/ports/security/ipsec-tools/files/Attic/racoon.sh,v 1.1 2005-09-05 14:13:42 vsevolod Exp $ + +# PROVIDE: racoon +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: FreeBSD shutdown +# +# NOTE for FreeBSD 5.0+: +# If you want this script to start with the base rc scripts +# move racoon.sh to /etc/rc.d/racoon + +prefix=%%PREFIX%% + +# Define these racoon_* variables in one of these files: +# /etc/rc.conf +# /etc/rc.conf.local +# /etc/rc.conf.d/racoon +# +# DO NOT CHANGE THESE DEFAULT VALUES HERE +# +[ -z "$racoon_enable" ] && racoon_enable="YES" # Enable racoon +#racoon_program="${prefix}/sbin/racoon" # Location of racoon +#racoon_flags="" # Flags to racoon program + +. %%RC_SUBR%% + +name="racoon" +rcvar=`set_rcvar` +command="${prefix}/sbin/racoon" +pidfile="/var/run/racoon.pid" +required_files="${prefix}/etc/racoon/racoon.conf" +stop_postcmd="racoon_poststop" + +racoon_poststop() { + /bin/rm -f ${pidfile} +} + +load_rc_config $name +run_rc_command "$1" diff --git a/security/ipsec-tools/pkg-descr b/security/ipsec-tools/pkg-descr new file mode 100644 index 0000000..f9fc40f --- /dev/null +++ b/security/ipsec-tools/pkg-descr @@ -0,0 +1,26 @@ +racoon speaks IKE (ISAKMP/Oakley) key management protocol, to +establish security association with other hosts. + +This is the IPSec-tools version of racoon. + +Enchancements: +- Support of NAT-T. +- Support of IKE fragmentation. +- Support of many authentication algorithms. +- Tons of bugfixes. + +Known issues: +- Too many use of dynamic memory allocation, which leads to memory leak. +- Non-threaded implementation. Simultaneous key negotiation performance + should be improved. +- Cannot negotiate keys for per-socket policy. +- Cryptic configuration syntax - blame IPsec specification too... +- Needs more documentation. + +Design choice, not a bug: +- racoon negotiate IPsec keys only. It does not negotiate policy. Policy must + be configured into the kernel separately from racoon. If you want to + support roaming clients, you may need to have a mechanism to put policy + for the roaming client after phase 1 finishes. + +WWW: http://www.kame.net/ and http://ipsec-tools.sf.net diff --git a/security/ipsec-tools/pkg-plist b/security/ipsec-tools/pkg-plist new file mode 100644 index 0000000..fdda9c0 --- /dev/null +++ b/security/ipsec-tools/pkg-plist @@ -0,0 +1,51 @@ +sbin/racoon +sbin/setkey +etc/rc.d/racoon.sh +include/libipsec/libpfkey.h +include/racoon/admin.h +include/racoon/evt.h +include/racoon/gcmalloc.h +include/racoon/ipsec_doi.h +include/racoon/isakmp.h +include/racoon/isakmp_cfg.h +include/racoon/isakmp_unity.h +include/racoon/isakmp_var.h +include/racoon/isakmp_xauth.h +include/racoon/misc.h +include/racoon/racoonctl.h +include/racoon/schedule.h +include/racoon/sockmisc.h +include/racoon/var.h +include/racoon/vmbuf.h +lib/libipsec.so.0 +lib/libipsec.so +lib/libipsec.a +lib/libracoon.a +lib/libracoon.so +lib/libracoon.so.0 +sbin/plainrsa-gen +sbin/racoonctl +%%EXAMPLESDIR%%/psk.txt +%%EXAMPLESDIR%%/psk.txt.in +%%EXAMPLESDIR%%/psk.txt.sample +%%EXAMPLESDIR%%/racoon.conf +%%EXAMPLESDIR%%/racoon.conf.in +%%EXAMPLESDIR%%/racoon.conf.sample +%%EXAMPLESDIR%%/racoon.conf.sample-gssapi +%%EXAMPLESDIR%%/racoon.conf.sample-inherit +%%EXAMPLESDIR%%/racoon.conf.sample-natt +%%EXAMPLESDIR%%/racoon.conf.sample-plainrsa +%%EXAMPLESDIR%%/roadwarrior/README +%%EXAMPLESDIR%%/roadwarrior/client/phase1-down.sh +%%EXAMPLESDIR%%/roadwarrior/client/phase1-up.sh +%%EXAMPLESDIR%%/roadwarrior/client/racoon.conf +%%EXAMPLESDIR%%/roadwarrior/server/racoon.conf +%%EXAMPLESDIR%%/roadwarrior/server/racoon.conf-radius +@unexec rmdir %D/etc/racoon 2>/dev/null || true +@dirrm include/racoon +@dirrm include/libipsec +@dirrm %%EXAMPLESDIR%%/roadwarrior/server +@dirrm %%EXAMPLESDIR%%/roadwarrior/client +@dirrm %%EXAMPLESDIR%%/roadwarrior +@dirrm %%EXAMPLESDIR%% +@unexec rmdir %D/var/racoon 2>/dev/null || true |