aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2015-07-13 14:16:04 +0300
committerTimo Teräs <timo.teras@iki.fi>2015-07-14 05:08:35 +0000
commit7ce589bdb789cd6f3dd6f18a522ef660a74e134b (patch)
treecc154a3740f5df5a4868fdabe203dbeec24f449a
parent084c3ad2d7e5817e4ef3b034f9d1e8d5727023af (diff)
downloadalpine_aports-7ce589bdb789cd6f3dd6f18a522ef660a74e134b.tar.bz2
alpine_aports-7ce589bdb789cd6f3dd6f18a522ef660a74e134b.tar.xz
alpine_aports-7ce589bdb789cd6f3dd6f18a522ef660a74e134b.zip
main/strongswan: ikev1 grekey
interoperability fix to work with Alpine patched ipsec-tools (will probably be removed after a migration period) (cherry picked from commit 2a4023dfee4f68916ac96d02fc41874d7286d625)
Diffstat
-rw-r--r--main/strongswan/1000-support-gre-key-in-ikev1.patch507
-rw-r--r--main/strongswan/APKBUILD6
2 files changed, 512 insertions, 1 deletions
diff --git a/main/strongswan/1000-support-gre-key-in-ikev1.patch b/main/strongswan/1000-support-gre-key-in-ikev1.patch
new file mode 100644
index 0000000000..72cdd8b825
--- /dev/null
+++ b/main/strongswan/1000-support-gre-key-in-ikev1.patch
@@ -0,0 +1,507 @@
1From f69e2daf4c4ccc57c14fd73d6b7320c5359758c8 Mon Sep 17 00:00:00 2001
2From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3Date: Mon, 13 Jul 2015 14:03:49 +0300
4Subject: [PATCH] support gre key in ikev1
5
6this implements gre key negotiation in ikev1 similarly to the
7ipsec-tools patch in alpine.
8
9the from/to port pair is internally used as gre key for gre
10protocol traffic selectors. since from/to pairs 0/0xffff and
110xffff/0 have special meaning, the gre keys 0xffff and 0xffff0000
12will not work.
13
14this is not standard compliant, and should probably not be upstreamed
15or used widely, but it is applied for interoperability with alpine
16racoon for the time being.
17---
18 src/libcharon/encoding/payloads/id_payload.c | 68 +++++++++++++++++-----
19 src/libcharon/encoding/payloads/id_payload.h | 6 +-
20 src/libcharon/plugins/stroke/stroke_config.c | 5 ++
21 src/libcharon/plugins/unity/unity_narrow.c | 2 +-
22 src/libcharon/plugins/vici/vici_config.c | 9 ++-
23 src/libcharon/sa/ikev1/tasks/quick_mode.c | 16 ++---
24 .../plugins/kernel_netlink/kernel_netlink_ipsec.c | 40 ++++++++++---
25 src/libstrongswan/selectors/traffic_selector.c | 33 ++++++++++-
26 src/libstrongswan/selectors/traffic_selector.h | 31 ++++++++++
27 9 files changed, 171 insertions(+), 39 deletions(-)
28
29diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c
30index bb8aab7..2cf08e9 100644
31--- a/src/libcharon/encoding/payloads/id_payload.c
32+++ b/src/libcharon/encoding/payloads/id_payload.c
33@@ -245,18 +245,20 @@ METHOD(id_payload_t, get_identification, identification_t*,
34 * Create a traffic selector from an range ID
35 */
36 static traffic_selector_t *get_ts_from_range(private_id_payload_t *this,
37- ts_type_t type)
38+ ts_type_t type,
39+ u_int16_t from_port, u_int16_t to_port)
40 {
41 return traffic_selector_create_from_bytes(this->protocol_id, type,
42- chunk_create(this->id_data.ptr, this->id_data.len / 2), this->port,
43- chunk_skip(this->id_data, this->id_data.len / 2), this->port ?: 65535);
44+ chunk_create(this->id_data.ptr, this->id_data.len / 2), from_port,
45+ chunk_skip(this->id_data, this->id_data.len / 2), to_port);
46 }
47
48 /**
49 * Create a traffic selector from an subnet ID
50 */
51 static traffic_selector_t *get_ts_from_subnet(private_id_payload_t *this,
52- ts_type_t type)
53+ ts_type_t type,
54+ u_int16_t from_port, u_int16_t to_port)
55 {
56 traffic_selector_t *ts;
57 chunk_t net, netmask;
58@@ -269,7 +271,7 @@ static traffic_selector_t *get_ts_from_subnet(private_id_payload_t *this,
59 netmask.ptr[i] = (netmask.ptr[i] ^ 0xFF) | net.ptr[i];
60 }
61 ts = traffic_selector_create_from_bytes(this->protocol_id, type,
62- net, this->port, netmask, this->port ?: 65535);
63+ net, from_port, netmask, to_port);
64 chunk_free(&netmask);
65 return ts;
66 }
67@@ -278,51 +280,76 @@ static traffic_selector_t *get_ts_from_subnet(private_id_payload_t *this,
68 * Create a traffic selector from an IP ID
69 */
70 static traffic_selector_t *get_ts_from_ip(private_id_payload_t *this,
71- ts_type_t type)
72+ ts_type_t type,
73+ u_int16_t from_port, u_int16_t to_port)
74 {
75 return traffic_selector_create_from_bytes(this->protocol_id, type,
76- this->id_data, this->port, this->id_data, this->port ?: 65535);
77+ this->id_data, from_port, this->id_data, to_port);
78 }
79
80 METHOD(id_payload_t, get_ts, traffic_selector_t*,
81- private_id_payload_t *this)
82+ private_id_payload_t *this, id_payload_t *other_, bool initiator)
83 {
84+ private_id_payload_t *other = (private_id_payload_t *) other_;
85+ u_int16_t from_port, to_port;
86+
87+ if (other && this->protocol_id == IPPROTO_GRE && other->protocol_id == IPPROTO_GRE)
88+ {
89+ if (initiator)
90+ {
91+ from_port = this->port;
92+ to_port = other->port;
93+ }
94+ else
95+ {
96+ from_port = other->port;
97+ to_port = this->port;
98+ }
99+ if (from_port == 0 && to_port == 0)
100+ to_port = 0xffff;
101+ }
102+ else
103+ {
104+ from_port = this->port;
105+ to_port = this->port ?: 0xffff;
106+ }
107+
108 switch (this->id_type)
109 {
110 case ID_IPV4_ADDR_SUBNET:
111 if (this->id_data.len == 8)
112 {
113- return get_ts_from_subnet(this, TS_IPV4_ADDR_RANGE);
114+ return get_ts_from_subnet(this, TS_IPV4_ADDR_RANGE, from_port, to_port);
115 }
116 break;
117 case ID_IPV6_ADDR_SUBNET:
118 if (this->id_data.len == 32)
119 {
120- return get_ts_from_subnet(this, TS_IPV6_ADDR_RANGE);
121+ return get_ts_from_subnet(this, TS_IPV6_ADDR_RANGE, from_port, to_port);
122 }
123 break;
124 case ID_IPV4_ADDR_RANGE:
125 if (this->id_data.len == 8)
126 {
127- return get_ts_from_range(this, TS_IPV4_ADDR_RANGE);
128+ return get_ts_from_range(this, TS_IPV4_ADDR_RANGE, from_port, to_port);
129 }
130 break;
131 case ID_IPV6_ADDR_RANGE:
132 if (this->id_data.len == 32)
133 {
134- return get_ts_from_range(this, TS_IPV6_ADDR_RANGE);
135+ return get_ts_from_range(this, TS_IPV6_ADDR_RANGE, from_port, to_port);
136 }
137 break;
138 case ID_IPV4_ADDR:
139 if (this->id_data.len == 4)
140 {
141- return get_ts_from_ip(this, TS_IPV4_ADDR_RANGE);
142+ return get_ts_from_ip(this, TS_IPV4_ADDR_RANGE, from_port, to_port);
143 }
144 break;
145 case ID_IPV6_ADDR:
146 if (this->id_data.len == 16)
147 {
148- return get_ts_from_ip(this, TS_IPV6_ADDR_RANGE);
149+ return get_ts_from_ip(this, TS_IPV6_ADDR_RANGE, from_port, to_port);
150 }
151 break;
152 default:
153@@ -397,7 +424,7 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type,
154 /*
155 * Described in header.
156 */
157-id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts)
158+id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts, bool initiator)
159 {
160 private_id_payload_t *this;
161 u_int8_t mask;
162@@ -460,8 +487,17 @@ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts)
163 ts->get_from_address(ts), ts->get_to_address(ts));
164 net->destroy(net);
165 }
166- this->port = ts->get_from_port(ts);
167 this->protocol_id = ts->get_protocol(ts);
168+ if (initiator || this->protocol_id != IPPROTO_GRE)
169+ {
170+ this->port = ts->get_from_port(ts);
171+ }
172+ else
173+ {
174+ this->port = ts->get_to_port(ts);
175+ if (this->port == 0xffff && ts->get_from_port(ts) == 0)
176+ this->port = 0;
177+ }
178 this->payload_length += this->id_data.len;
179
180 return &this->public;
181diff --git a/src/libcharon/encoding/payloads/id_payload.h b/src/libcharon/encoding/payloads/id_payload.h
182index df1d075..7558e91 100644
183--- a/src/libcharon/encoding/payloads/id_payload.h
184+++ b/src/libcharon/encoding/payloads/id_payload.h
185@@ -48,11 +48,11 @@ struct id_payload_t {
186 identification_t *(*get_identification) (id_payload_t *this);
187
188 /**
189- * Creates a traffic selector form a ID_ADDR_SUBNET/RANGE identity.
190+ * Creates a traffic selector form a ID_ADDR_SUBNET/RANGE identity pair.
191 *
192 * @return traffic selector, NULL on failure
193 */
194- traffic_selector_t* (*get_ts)(id_payload_t *this);
195+ traffic_selector_t* (*get_ts)(id_payload_t *this, id_payload_t *other, bool initiator);
196
197 /**
198 * Get encoded payload without fixed payload header (used for IKEv1).
199@@ -91,6 +91,6 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type,
200 * @param ts traffic selector
201 * @return PLV1_ID id_paylad_t object.
202 */
203-id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts);
204+id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts, bool initiator);
205
206 #endif /** ID_PAYLOAD_H_ @}*/
207diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c
208index 55ec7cd..87a1d08 100644
209--- a/src/libcharon/plugins/stroke/stroke_config.c
210+++ b/src/libcharon/plugins/stroke/stroke_config.c
211@@ -1032,6 +1032,11 @@ static bool parse_protoport(char *token, u_int16_t *from_port,
212 *from_port = 0xffff;
213 *to_port = 0;
214 }
215+ else if (*port && *protocol == IPPROTO_GRE)
216+ {
217+ p = strtol(port, &endptr, 0);
218+ traffic_selector_split_grekey(p, from_port, to_port);
219+ }
220 else if (*port)
221 {
222 svc = getservbyname(port, NULL);
223diff --git a/src/libcharon/plugins/unity/unity_narrow.c b/src/libcharon/plugins/unity/unity_narrow.c
224index 227d24b..7749d8c 100644
225--- a/src/libcharon/plugins/unity/unity_narrow.c
226+++ b/src/libcharon/plugins/unity/unity_narrow.c
227@@ -247,7 +247,7 @@ METHOD(listener_t, message, bool,
228 if (!first)
229 {
230 id_payload = (id_payload_t*)payload;
231- tsr = id_payload->get_ts(id_payload);
232+ tsr = id_payload->get_ts(id_payload, NULL, FALSE);
233 break;
234 }
235 first = FALSE;
236diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
237index 3c4e3ec..9495d4d 100644
238--- a/src/libcharon/plugins/vici/vici_config.c
239+++ b/src/libcharon/plugins/vici/vici_config.c
240@@ -586,8 +586,13 @@ CALLBACK(parse_ts, bool,
241 }
242 else if (*port && !streq(port, "any"))
243 {
244- svc = getservbyname(port, NULL);
245- if (svc)
246+ if (proto == IPPROTO_GRE)
247+ {
248+ p = strtol(port, &end, 0);
249+ if (*end) return FALSE;
250+ traffic_selector_split_grekey(p, &from, &to);
251+ }
252+ else if ((svc = getservbyname(port, NULL)) != NULL)
253 {
254 from = to = ntohs(svc->s_port);
255 }
256diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c
257index 96edfd8..c0830dd 100644
258--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
259+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
260@@ -536,9 +536,9 @@ static void add_ts(private_quick_mode_t *this, message_t *message)
261 {
262 id_payload_t *id_payload;
263
264- id_payload = id_payload_create_from_ts(this->tsi);
265+ id_payload = id_payload_create_from_ts(this->tsi, TRUE);
266 message->add_payload(message, &id_payload->payload_interface);
267- id_payload = id_payload_create_from_ts(this->tsr);
268+ id_payload = id_payload_create_from_ts(this->tsr, FALSE);
269 message->add_payload(message, &id_payload->payload_interface);
270 }
271
272@@ -549,7 +549,7 @@ static bool get_ts(private_quick_mode_t *this, message_t *message)
273 {
274 traffic_selector_t *tsi = NULL, *tsr = NULL;
275 enumerator_t *enumerator;
276- id_payload_t *id_payload;
277+ id_payload_t *idi = NULL, *idr = NULL;
278 payload_t *payload;
279 host_t *hsi, *hsr;
280 bool first = TRUE;
281@@ -559,20 +559,22 @@ static bool get_ts(private_quick_mode_t *this, message_t *message)
282 {
283 if (payload->get_type(payload) == PLV1_ID)
284 {
285- id_payload = (id_payload_t*)payload;
286-
287 if (first)
288 {
289- tsi = id_payload->get_ts(id_payload);
290+ idi = (id_payload_t*)payload;
291 first = FALSE;
292 }
293 else
294 {
295- tsr = id_payload->get_ts(id_payload);
296+ idr = (id_payload_t*)payload;
297 break;
298 }
299 }
300 }
301+ if (idi && idr) {
302+ tsi = idi->get_ts(idi, idr, TRUE);
303+ tsr = idr->get_ts(idr, idi, FALSE);
304+ }
305 enumerator->destroy(enumerator);
306
307 /* create host2host selectors if ID payloads missing */
308diff --git a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
309index f22e07d..e43df3f 100644
310--- a/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
311+++ b/src/libhydra/plugins/kernel_netlink/kernel_netlink_ipsec.c
312@@ -743,7 +743,18 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src,
313 ts2subnet(src, &sel.saddr, &sel.prefixlen_s);
314 ts2ports(dst, &sel.dport, &sel.dport_mask);
315 ts2ports(src, &sel.sport, &sel.sport_mask);
316- if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) &&
317+ if (sel.proto == IPPROTO_GRE)
318+ {
319+ sel.sport = htons(src->get_from_port(src));
320+ sel.dport = htons(src->get_to_port(src));
321+ sel.sport_mask = ~0;
322+ sel.dport_mask = ~0;
323+ if (sel.sport == htons(0) && sel.dport == htons(0xffff))
324+ {
325+ sel.sport = sel.dport = sel.sport_mask = sel.dport_mask = 0;
326+ }
327+ }
328+ else if ((sel.proto == IPPROTO_ICMP || sel.proto == IPPROTO_ICMPV6) &&
329 (sel.dport || sel.sport))
330 {
331 /* the ICMP type is encoded in the most significant 8 bits and the ICMP
332@@ -767,7 +778,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
333 {
334 u_char *addr;
335 u_int8_t prefixlen;
336- u_int16_t port = 0;
337+ u_int16_t from_port = 0, to_port = 65535;
338 host_t *host = NULL;
339
340 if (src)
341@@ -776,7 +787,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
342 prefixlen = sel->prefixlen_s;
343 if (sel->sport_mask)
344 {
345- port = ntohs(sel->sport);
346+ from_port = to_port = ntohs(sel->sport);
347 }
348 }
349 else
350@@ -785,14 +796,27 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
351 prefixlen = sel->prefixlen_d;
352 if (sel->dport_mask)
353 {
354- port = ntohs(sel->dport);
355+ from_port = to_port = ntohs(sel->dport);
356+ }
357+ }
358+ if (sel->proto == IPPROTO_GRE)
359+ {
360+ if (sel->sport_mask)
361+ {
362+ from_port = ntohs(sel->sport);
363+ to_port = ntohs(sel->dport);
364+ }
365+ else
366+ {
367+ from_port = 0;
368+ to_port = 0xffff;
369 }
370 }
371- if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6)
372+ else if (sel->proto == IPPROTO_ICMP || sel->proto == IPPROTO_ICMPV6)
373 { /* convert ICMP[v6] message type and code as supplied by the kernel in
374 * source and destination ports (both in network order) */
375- port = (sel->sport >> 8) | (sel->dport & 0xff00);
376- port = ntohs(port);
377+ from_port = (sel->sport >> 8) | (sel->dport & 0xff00);
378+ from_port = to_port = ntohs(from_port);
379 }
380 /* The Linux 2.6 kernel does not set the selector's family field,
381 * so as a kludge we additionally test the prefix length.
382@@ -809,7 +833,7 @@ static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src)
383 if (host)
384 {
385 return traffic_selector_create_from_subnet(host, prefixlen,
386- sel->proto, port, port ?: 65535);
387+ sel->proto, from_port, to_port);
388 }
389 return NULL;
390 }
391diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c
392index 3b7f8c5..c593a3f 100644
393--- a/src/libstrongswan/selectors/traffic_selector.c
394+++ b/src/libstrongswan/selectors/traffic_selector.c
395@@ -209,6 +209,14 @@ static int print_icmp(printf_hook_data_t *data, u_int16_t port)
396 }
397
398 /**
399+ * Print GRE key
400+ */
401+static int print_grekey(printf_hook_data_t *data, u_int16_t from_port, u_int16_t to_port)
402+{
403+ return print_in_hook(data, "%d", traffic_selector_grekey(from_port, to_port));
404+}
405+
406+/**
407 * Described in header.
408 */
409 int traffic_selector_printf_hook(printf_hook_data_t *data,
410@@ -313,7 +321,11 @@ int traffic_selector_printf_hook(printf_hook_data_t *data,
411 /* build port string */
412 if (has_ports)
413 {
414- if (this->from_port == this->to_port)
415+ if (this->protocol == IPPROTO_GRE)
416+ {
417+ written += print_grekey(data, this->from_port, this->to_port);
418+ }
419+ else if (this->from_port == this->to_port)
420 {
421 struct servent *serv;
422
423@@ -398,7 +410,24 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*,
424 /* select protocol, which is not zero */
425 protocol = max(this->protocol, other->protocol);
426
427- if ((is_opaque(this) && is_opaque(other)) ||
428+ if (this->protocol == IPPROTO_GRE)
429+ {
430+ if (is_any(this))
431+ {
432+ from_port = other->from_port;
433+ to_port = other->to_port;
434+ }
435+ else if (is_any(other) ||
436+ (this->from_port == other->from_port &&
437+ this->to_port == other->to_port))
438+ {
439+ from_port = this->from_port;
440+ to_port = this->to_port;
441+ }
442+ else
443+ return NULL;
444+ }
445+ else if ((is_opaque(this) && is_opaque(other)) ||
446 (is_opaque(this) && is_any(other)) ||
447 (is_opaque(other) && is_any(this)))
448 {
449diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h
450index cf9a286..d458c68 100644
451--- a/src/libstrongswan/selectors/traffic_selector.h
452+++ b/src/libstrongswan/selectors/traffic_selector.h
453@@ -120,6 +120,9 @@ struct traffic_selector_t {
454 * 8 bits and the code in the least significant 8 bits. Use the utility
455 * functions to extract them.
456 *
457+ * If the protocol is GRE, the high 16-bits of the 32-bit GRE key is stored
458+ * in the from port. Use the utility function to merge and split them.
459+ *
460 * @return port
461 */
462 u_int16_t (*get_from_port) (traffic_selector_t *this);
463@@ -134,6 +137,9 @@ struct traffic_selector_t {
464 * 8 bits and the code in the least significant 8 bits. Use the utility
465 * functions to extract them.
466 *
467+ * If the protocol is GRE, the low 16-bits of the 32-bit GRE key is stored
468+ * in the to port. Use the utility function to merge and split them.
469+ *
470 * @return port
471 */
472 u_int16_t (*get_to_port) (traffic_selector_t *this);
473@@ -268,6 +274,31 @@ int traffic_selector_cmp(traffic_selector_t *a, traffic_selector_t *b,
474 void *opts);
475
476 /**
477+ * Reconstruct the 32-bit GRE KEY in host order from a from/to ports.
478+ *
479+ * @param from_port port number in host order
480+ * @param to_port port number in host order
481+ * @return GRE KEY in host order
482+ */
483+static inline u_int32_t traffic_selector_grekey(u_int16_t from_port, u_int16_t to_port)
484+{
485+ return (from_port << 16) | to_port;
486+}
487+
488+/**
489+ * Split 32-bit GRE KEY in host order to from/to ports.
490+ *
491+ * @param grekey grekey in host order
492+ * @param from_port from port in host order
493+ * @param to_port to port in host order
494+ */
495+static inline void traffic_selector_split_grekey(u_int32_t grekey, u_int16_t *from_port, u_int16_t *to_port)
496+{
497+ *from_port = grekey >> 16;
498+ *to_port = grekey & 0xffff;
499+}
500+
501+/**
502 * Create a new traffic selector using human readable params.
503 *
504 * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
505--
5062.4.5
507
diff --git a/main/strongswan/APKBUILD b/main/strongswan/APKBUILD
index b8701ddec5..f3a5493b30 100644
--- a/main/strongswan/APKBUILD
+++ b/main/strongswan/APKBUILD
@@ -3,7 +3,7 @@
3pkgname=strongswan 3pkgname=strongswan
4pkgver=5.3.2 4pkgver=5.3.2
5_pkgver=${pkgver//_rc/rc} 5_pkgver=${pkgver//_rc/rc}
6pkgrel=1 6pkgrel=2
7pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE" 7pkgdesc="IPsec-based VPN solution focused on security and ease of use, supporting IKEv1/IKEv2 and MOBIKE"
8url="http://www.strongswan.org/" 8url="http://www.strongswan.org/"
9arch="all" 9arch="all"
@@ -20,6 +20,7 @@ source="http://download.strongswan.org/$pkgname-$_pkgver.tar.bz2
20 0002-vici-send-certificates-for-ike-sa-events.patch 20 0002-vici-send-certificates-for-ike-sa-events.patch
21 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch 21 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
22 0004-vici-support-asynchronous-initiation.patch 22 0004-vici-support-asynchronous-initiation.patch
23 1000-support-gre-key-in-ikev1.patch
23 24
24 strongswan.initd 25 strongswan.initd
25 charon.initd" 26 charon.initd"
@@ -107,6 +108,7 @@ e553c5e9a895a2d95b1cbc33407d64a0 0001-charon-add-optional-source-and-remote-ove
1078bea05feac6f4e90c4973b2459864437 0002-vici-send-certificates-for-ike-sa-events.patch 1088bea05feac6f4e90c4973b2459864437 0002-vici-send-certificates-for-ike-sa-events.patch
108125c4e648f73b0dbdaa741ac13ed6d87 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch 109125c4e648f73b0dbdaa741ac13ed6d87 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
109f65811bd1ae6e7f98cf9d76928a0aa03 0004-vici-support-asynchronous-initiation.patch 110f65811bd1ae6e7f98cf9d76928a0aa03 0004-vici-support-asynchronous-initiation.patch
111b9f874287c35cce075b761087c28ab50 1000-support-gre-key-in-ikev1.patch
11085ebc1b6c6b9c0c6640d8136e97da8e1 strongswan.initd 11285ebc1b6c6b9c0c6640d8136e97da8e1 strongswan.initd
1117962a720ebef6892d80a3cbdab72c204 charon.initd" 1137962a720ebef6892d80a3cbdab72c204 charon.initd"
112sha256sums="a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225 strongswan-5.3.2.tar.bz2 114sha256sums="a4a9bc8c4e42bdc4366a87a05a02bf9f425169a7ab0c6f4482d347e44acbf225 strongswan-5.3.2.tar.bz2
@@ -114,6 +116,7 @@ a472df28677d4f43a063926a65b52b317dfca0b74f8c6a2e3bf852b94fbf5f0f 0001-charon-ad
114c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb 0002-vici-send-certificates-for-ike-sa-events.patch 116c1cfe3d1e3345238e125a46a492f8dc0800aa3dc75aea060d54cdbab35fd60cb 0002-vici-send-certificates-for-ike-sa-events.patch
1154e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch 1174e08d4fe01717de0601411b4756141394ced2d3107adc47f2c2beac2f92a967e 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
11642171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c 0004-vici-support-asynchronous-initiation.patch 11842171ee35e7679fe3d4efb80fdb121b0a7ea8df5cf3395bbcccb97d56327027c 0004-vici-support-asynchronous-initiation.patch
119ec58de15c3856a2fd9ea003b7e78a7434dad54f9a4c54d499b09a6eef3761d18 1000-support-gre-key-in-ikev1.patch
117ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f strongswan.initd 120ad43d1ed2585d84e12ad1e67fbdfe93983c424c5c64b230d5027c0aae496c65f strongswan.initd
11897b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73 charon.initd" 12197b018796f0f15106b70694449cff36e8fc586292aab09ef83a05c0c13142e73 charon.initd"
119sha512sums="60b17645c00769d497f4cea2229b41a217c29fe1109b58be256a0d4a6ccf4765348b9eb89466539c2528756344c2fa969f25ea1cd8856d56c5d55aa78e632e68 strongswan-5.3.2.tar.bz2 122sha512sums="60b17645c00769d497f4cea2229b41a217c29fe1109b58be256a0d4a6ccf4765348b9eb89466539c2528756344c2fa969f25ea1cd8856d56c5d55aa78e632e68 strongswan-5.3.2.tar.bz2
@@ -121,5 +124,6 @@ sha512sums="60b17645c00769d497f4cea2229b41a217c29fe1109b58be256a0d4a6ccf4765348b
121ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c 0002-vici-send-certificates-for-ike-sa-events.patch 124ca6eec72f75f243234baa1b361ab6dba82a810d1efb01dbcfd16cd7ce104c3f18fb932c1f6f280a566bfcbe16bc67d7d55e024f72c9eef82a62fe78505293c5c 0002-vici-send-certificates-for-ike-sa-events.patch
1222e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch 1252e28af9043cab41f16c57f41ccb65b6591ec32d50a811bd393c4dcf7f0ffe81fac67679c41b716dfc74fca9ebedd178fe0b572b1c2cda3ccc685a0ad0d02f65a 0003-vici-add-support-rekeying-events-and-individual-sa-s.patch
12339e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116 0004-vici-support-asynchronous-initiation.patch 12639e4a9839b2f6f42f662620b20697c684b90949622f8cc21c393ca55ab40e669befd1d2055e0f0c799cf37733a37bbf4df2b9cebc984a45bb66ecba6fa0ef116 0004-vici-support-asynchronous-initiation.patch
127723aad9269ae7da54b1d551b290c80951c3b779737353fa845c00d190c9ef6c6bc406d8ed22254a27844985b7ffaa12b99acce91ec0b192caf639c81b06bf771 1000-support-gre-key-in-ikev1.patch
124b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64 strongswan.initd 128b56008c07b804dacb3441d3802880058986ab7b314297fe485649a771861885b9232f9fd53b94faa3388a5e9330e2b38a86af5c04f3ff119199720043967ec64 strongswan.initd
1256f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79 charon.initd" 1296f3abaaa8da0925f06cdd184fdf534518e40c49533dba427dbf31dbe88172e5626bdc9aadf798d791f82fbded08801c1f565d514e2c289e1f28448d0c2e72b79 charon.initd"
© 2015 Mike Crute