From 2a44b0eb13036701d6265bbffc633fa0deb81bfa Mon Sep 17 00:00:00 2001
From: Renato Botelho <renato@netgate.com>
Date: Wed, 20 Jan 2016 15:15:11 -0200
Subject: Fix #4178:

- Stop moving unity .so file around to make it not being loaded
- Include all modules default .conf file from strongswan.d/charon
- After default files are included, define custom settings
- When unity is disabled, add a rule to make strongswan to not load it
---
 src/etc/inc/vpn.inc | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/src/etc/inc/vpn.inc b/src/etc/inc/vpn.inc
index 1052720..d3bcb47 100644
--- a/src/etc/inc/vpn.inc
+++ b/src/etc/inc/vpn.inc
@@ -434,19 +434,7 @@ function vpn_ipsec_configure($restart = false) {
 		$i_dont_care_about_security_and_use_aggressive_mode_psk = "i_dont_care_about_security_and_use_aggressive_mode_psk=yes";
 	}
 
-	$unity_enabled = 'yes';
-	if (isset($config['ipsec']['unityplugin'])) {
-		$unity_enabled = 'no';
-		if (file_exists("/usr/local/lib/ipsec/plugins/libstrongswan-unity.so")) {
-			conf_mount_rw();
-			mwexec("mv /usr/local/lib/ipsec/plugins/libstrongswan-unity.so /usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED");
-			conf_mount_ro();
-		}
-	} else if (file_exists("/usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED")) {
-		conf_mount_rw();
-		mwexec("mv /usr/local/lib/ipsec/plugins/libstrongswan-unity.MOVED /usr/local/lib/ipsec/plugins/libstrongswan-unity.so");
-		conf_mount_ro();
-	}
+	$unity_enabled = isset($config['ipsec']['unityplugin']) ? 'no' : 'yes';
 
 	$makebeforebreak = '';
 	if (isset($config['ipsec']['makebeforebreak'])) {
@@ -487,6 +475,7 @@ charon {
 	ikesa_table_segments = 4
 	init_limit_half_open = 1000
 	install_routes = no
+	load_modular = yes
 	{$i_dont_care_about_security_and_use_aggressive_mode_psk}
 	{$accept_unencrypted}
 	cisco_unity = {$unity_enabled}
@@ -507,10 +496,17 @@ charon {
 	}
 
 	plugins {
+		# Load defaults
+		include {$g['varetc_path']}/ipsec/strongswan.d/charon/*.conf
+
 		stroke {
 			secrets_file = {$g['varetc_path']}/ipsec/ipsec.secrets
 		}
 
+		unity {
+			load = {$unity_enabled}
+		}
+
 EOD;
 
 	/* Find RADIUS servers designated for Mobile IPsec user auth */
-- 
cgit v1.1