summaryrefslogtreecommitdiff
path: root/recipes/vpnc/files
diff options
context:
space:
mode:
authorDenys Dmytriyenko <denis@denix.org>2009-03-17 14:32:59 -0400
committerDenys Dmytriyenko <denis@denix.org>2009-03-17 14:32:59 -0400
commit709c4d66e0b107ca606941b988bad717c0b45d9b (patch)
tree37ee08b1eb308f3b2b6426d5793545c38396b838 /recipes/vpnc/files
parentfa6cd5a3b993f16c27de4ff82b42684516d433ba (diff)
rename packages/ to recipes/ per earlier agreement
See links below for more details: http://thread.gmane.org/gmane.comp.handhelds.openembedded/21326 http://thread.gmane.org/gmane.comp.handhelds.openembedded/21816 Signed-off-by: Denys Dmytriyenko <denis@denix.org> Acked-by: Mike Westerhof <mwester@dls.net> Acked-by: Philip Balister <philip@balister.org> Acked-by: Khem Raj <raj.khem@gmail.com> Acked-by: Marcin Juszkiewicz <hrw@openembedded.org> Acked-by: Koen Kooi <koen@openembedded.org> Acked-by: Frans Meulenbroeks <fransmeulenbroeks@gmail.com>
Diffstat (limited to 'recipes/vpnc/files')
-rw-r--r--recipes/vpnc/files/attribute.patch12
-rw-r--r--recipes/vpnc/files/default.conf19
-rw-r--r--recipes/vpnc/files/makeman.patch11
-rw-r--r--recipes/vpnc/files/vpnc-install.patch35
-rw-r--r--recipes/vpnc/files/vpnc-script.patch30
-rw-r--r--recipes/vpnc/files/vpnc0.5.1--long-help173
-rw-r--r--recipes/vpnc/files/vpnc0.5.3--long-help168
7 files changed, 448 insertions, 0 deletions
diff --git a/recipes/vpnc/files/attribute.patch b/recipes/vpnc/files/attribute.patch
new file mode 100644
index 0000000000..8cf0fe5485
--- /dev/null
+++ b/recipes/vpnc/files/attribute.patch
@@ -0,0 +1,12 @@
+--- vpnc-0.2-rm+zomb-pre6/vpnc.c~ 2003-11-01 16:21:47.000000000 -0800
++++ vpnc-0.2-rm+zomb-pre6/vpnc.c 2003-11-14 23:23:43.000000000 -0800
+@@ -1193,7 +1193,8 @@
+ ? "\n" : "")));
+ break;
+ default:
+- reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
++ //reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED;
++ DEBUG(1, printf("Unknow attribute: ap->type: %d. Continuing anyway.\n", ap->type));
+ }
+ DEBUG(2, printf("S5.5\n"));
+ if (reject != 0)
diff --git a/recipes/vpnc/files/default.conf b/recipes/vpnc/files/default.conf
new file mode 100644
index 0000000000..48b15eca6e
--- /dev/null
+++ b/recipes/vpnc/files/default.conf
@@ -0,0 +1,19 @@
+# Comment out the options you need.
+# Verify your config with "vpnc --print-config".
+# You might also try "vpnc --long-help" or look into the documentation.
+
+# Needed (you will be prompted if this is missing):
+#IPSec gateway 10.1.2.3
+#IPSec ID YOURPEERSID
+#IPSec secret YOURPEERSSECRET
+#Xauth username YOURUSERNAME
+#Xauth password YOURPASSWORD
+
+# Optional:
+#UDP Encapsulate
+#UDP Encapsulation Port 10000
+#Noninteractive
+#No Detach
+#Debug 99
+#Interface name tun0
+#Script /etc/vpnc/vpnc-script
diff --git a/recipes/vpnc/files/makeman.patch b/recipes/vpnc/files/makeman.patch
new file mode 100644
index 0000000000..decc86f120
--- /dev/null
+++ b/recipes/vpnc/files/makeman.patch
@@ -0,0 +1,11 @@
+--- vpnc-0.5.1/makeman.pl.old 2008-03-16 02:17:59.000000000 -0500
++++ vpnc-0.5.1/makeman.pl 2008-03-16 02:29:34.000000000 -0500
+@@ -29,7 +29,7 @@ my $vpnc = './vpnc';
+ # indenting lists (those originally starting with an asterisk). I hope
+ # this pays off when converting the manpage to HTML or such.
+
+-open my $LONGHELP, '-|', "$vpnc --long-help";
++open my $LONGHELP, '-|', "cat ../vpnc*--long-help";
+ my $vpnc_options = '';
+ my $relative_indent = 0;
+ my $indent_needed = 0;
diff --git a/recipes/vpnc/files/vpnc-install.patch b/recipes/vpnc/files/vpnc-install.patch
new file mode 100644
index 0000000000..3de65ec35e
--- /dev/null
+++ b/recipes/vpnc/files/vpnc-install.patch
@@ -0,0 +1,35 @@
+--- a/Makefile~ 2009-01-20 18:44:30.000000000 +0100
++++ b/Makefile 2009-01-20 18:44:30.000000000 +0100
+@@ -119,21 +119,21 @@
+ else \
+ install vpnc-script $(DESTDIR)$(ETCDIR); \
+ fi
+- install -m600 vpnc.conf $(DESTDIR)$(ETCDIR)/default.conf
+- install -m755 vpnc-disconnect $(DESTDIR)$(SBINDIR)
+- install -m755 pcf2vpnc $(DESTDIR)$(BINDIR)
+- install -m644 vpnc.8 $(DESTDIR)$(MANDIR)/man8
+- install -m644 pcf2vpnc.1 $(DESTDIR)$(MANDIR)/man1
+- install -m644 cisco-decrypt.1 $(DESTDIR)$(MANDIR)/man1
+- install -m644 COPYING $(DESTDIR)$(DOCDIR)
++ install -m 600 vpnc.conf $(DESTDIR)$(ETCDIR)/default.conf
++ install -m 755 vpnc-disconnect $(DESTDIR)$(SBINDIR)
++ install -m 755 pcf2vpnc $(DESTDIR)$(BINDIR)
++ install -m 644 vpnc.8 $(DESTDIR)$(MANDIR)/man8
++ install -m 644 pcf2vpnc.1 $(DESTDIR)$(MANDIR)/man1
++ install -m 644 cisco-decrypt.1 $(DESTDIR)$(MANDIR)/man1
++ install -m 644 COPYING $(DESTDIR)$(DOCDIR)
+
+ install : install-common
+- install -m755 vpnc $(DESTDIR)$(SBINDIR)
+- install -m755 cisco-decrypt $(DESTDIR)$(BINDIR)
++ install -m 755 vpnc $(DESTDIR)$(SBINDIR)
++ install -m 755 cisco-decrypt $(DESTDIR)$(BINDIR)
+
+ install-strip : install-common
+- install -s -m755 vpnc $(DESTDIR)$(SBINDIR)
+- install -s -m755 cisco-decrypt $(DESTDIR)$(BINDIR)
++ install -s -m 755 vpnc $(DESTDIR)$(SBINDIR)
++ install -s -m 755 cisco-decrypt $(DESTDIR)$(BINDIR)
+
+ uninstall :
+ rm -f $(DESTDIR)$(SBINDIR)/vpnc \
diff --git a/recipes/vpnc/files/vpnc-script.patch b/recipes/vpnc/files/vpnc-script.patch
new file mode 100644
index 0000000000..f50e41d575
--- /dev/null
+++ b/recipes/vpnc/files/vpnc-script.patch
@@ -0,0 +1,30 @@
+--- vpnc-0.3.3.orig/vpnc-script 2005-05-05 19:05:18.000000000 +0200
++++ vpnc-0.3.3/vpnc-script 2006-02-07 23:31:50.000000000 +0100
+@@ -19,6 +19,7 @@
+ #set -x
+
+ OS="`uname -s`"
++mkdir -p /var/run/vpnc
+ DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
+ RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
+
+@@ -219,7 +220,8 @@
+ do_ifconfig
+ set_vpngateway_route
+ if [ -n "$CISCO_SPLIT_INC" ]; then
+- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
++ CISCO_SPLIT_INC0=`expr "$CISCO_SPLIT_INC" - 1`
++ for i in `seq 0 "$CISCO_SPLIT_INC0"` ; do
+ eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
+ eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
+ eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
+@@ -239,7 +241,8 @@
+
+ do_disconnect() {
+ if [ -n "$CISCO_SPLIT_INC" ]; then
+- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
++ CISCO_SPLIT_INC0=`expr "$CISCO_SPLIT_INC" - 1`
++ for i in `seq 0 "$CISCO_SPLIT_INC0"` ; do
+ eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
+ eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
+ eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
diff --git a/recipes/vpnc/files/vpnc0.5.1--long-help b/recipes/vpnc/files/vpnc0.5.1--long-help
new file mode 100644
index 0000000000..4afa2b75d2
--- /dev/null
+++ b/recipes/vpnc/files/vpnc0.5.1--long-help
@@ -0,0 +1,173 @@
+Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files]
+
+Options:
+ --gateway <ip/hostname>
+ IP/name of your IPSec gateway
+ conf-variable: IPSec gateway <ip/hostname>
+
+ --id <ASCII string>
+ your group name
+ conf-variable: IPSec ID <ASCII string>
+
+ (configfile only option)
+ your group password (cleartext)
+ conf-variable: IPSec secret <ASCII string>
+
+ (configfile only option)
+ your group password (obfuscated)
+ conf-variable: IPSec obfuscated secret <hex string>
+
+ --username <ASCII string>
+ your username
+ conf-variable: Xauth username <ASCII string>
+
+ (configfile only option)
+ your password (cleartext)
+ conf-variable: Xauth password <ASCII string>
+
+ (configfile only option)
+ your password (obfuscated)
+ conf-variable: Xauth obfuscated password <hex string>
+
+ --domain <ASCII string>
+ (NT-) Domain name for authentication
+ conf-variable: Domain <ASCII string>
+
+ --xauth-inter
+ enable interactive extended authentication (for challenge response auth)
+ conf-variable: Xauth interactive
+
+ --vendor <cisco/netscreen>
+ vendor of your IPSec gateway
+ Default: cisco
+ conf-variable: Vendor <cisco/netscreen>
+
+ --natt-mode <natt/none/force-natt/cisco-udp>
+ Which NAT-Traversal Method to use:
+ * natt -- NAT-T as defined in RFC3947
+ * none -- disable use of any NAT-T method
+ * force-natt -- always use NAT-T encapsulation even
+ without presence of a NAT device
+ (useful if the OS captures all ESP traffic)
+ * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000
+ Note: cisco-tcp encapsulation is not yet supported
+ Default: natt
+ conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp>
+
+ --script <command>
+ command is executed using system() to configure the interface,
+ routing and so on. Device name, IP, etc. are passed using enviroment
+ variables, see README. This script is executed right after ISAKMP is
+ done, but before tunneling is enabled. It is called when vpnc
+ terminates, too
+ Default: /etc/vpnc/vpnc-script
+ conf-variable: Script <command>
+
+ --dh <dh1/dh2/dh5>
+ name of the IKE DH Group
+ Default: dh2
+ conf-variable: IKE DH Group <dh1/dh2/dh5>
+
+ --pfs <nopfs/dh1/dh2/dh5/server>
+ Diffie-Hellman group to use for PFS
+ Default: server
+ conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server>
+
+ --enable-1des
+ enables weak single DES encryption
+ conf-variable: Enable Single DES
+
+ --enable-no-encryption
+ enables using no encryption for data traffic (key exchanged must be encrypted)
+ conf-variable: Enable no encryption
+
+ --application-version <ASCII string>
+ Application Version to report. Note: Default string is generated at runtime.
+ Default: Cisco Systems VPN Client 0.5.1:Linux
+ conf-variable: Application version <ASCII string>
+
+ --ifname <ASCII string>
+ visible name of the TUN/TAP interface
+ conf-variable: Interface name <ASCII string>
+
+ --ifmode <tun/tap>
+ mode of TUN/TAP interface:
+ * tun: virtual point to point interface (default)
+ * tap: virtual ethernet interface
+ Default: tun
+ conf-variable: Interface mode <tun/tap>
+
+ --debug <0/1/2/3/99>
+ Show verbose debug messages
+ * 0: Do not print debug information.
+ * 1: Print minimal debug information.
+ * 2: Show statemachine and packet/payload type information.
+ * 3: Dump everything exluding authentication data.
+ * 99: Dump everything including authentication data (e.g. passwords).
+ conf-variable: Debug <0/1/2/3/99>
+
+ --no-detach
+ Don't detach from the console after login
+ conf-variable: No Detach
+
+ --pid-file <filename>
+ store the pid of background process in <filename>
+ Default: /var/run/vpnc/pid
+ conf-variable: Pidfile <filename>
+
+ --local-addr <ip/hostname>
+ local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign)
+ Default: 0.0.0.0
+ conf-variable: Local Addr <ip/hostname>
+
+ --local-port <0-65535>
+ local ISAKMP port number to use (0 == use random port)
+ Default: 500
+ conf-variable: Local Port <0-65535>
+
+ --udp-port <0-65535>
+ Local UDP port number to use (0 == use random port).
+ This is only relevant if cisco-udp nat-traversal is used.
+ This is the _local_ port, the remote udp port is discovered automatically.
+ It is especially not the cisco-tcp port.
+ Default: 10000
+ conf-variable: Cisco UDP Encapsulation Port <0-65535>
+
+ --dpd-idle <0,10-86400>
+ Send DPD packet after not receiving anything for <idle> seconds.
+ Use 0 to disable DPD completely (both ways).
+ Default: 300
+ conf-variable: DPD idle timeout (our side) <0,10-86400>
+
+ --non-inter
+ Don't ask anything, exit on missing options
+ conf-variable: Noninteractive
+
+ --auth-mode <psk/cert/hybrid>
+ Authentication mode:
+ * psk: pre-shared key (default)
+ * cert: server + client certificate (not implemented yet)
+ * hybrid: server certificate + xauth (if built with openssl support)
+ Default: psk
+ conf-variable: IKE Authmode <psk/cert/hybrid>
+
+ --ca-file <filename>
+ filename and path to the CA-PEM-File
+ conf-variable: CA-File <filename>
+
+ --ca-dir <directory>
+ path of the trusted CA-Directory
+ Default: /etc/ssl/certs
+ conf-variable: CA-Dir <directory>
+
+ --dns-update
+ DEPRECATED extension, see README.Debian for details
+ Default: Yes
+ conf-variable: DNSUpdate
+
+ --target-networks
+ DEPRECATED extension, see README.Debian for details
+ Default:
+ conf-variable: Target Networks
+
+Report bugs to vpnc@unix-ag.uni-kl.de
diff --git a/recipes/vpnc/files/vpnc0.5.3--long-help b/recipes/vpnc/files/vpnc0.5.3--long-help
new file mode 100644
index 0000000000..fbec254144
--- /dev/null
+++ b/recipes/vpnc/files/vpnc0.5.3--long-help
@@ -0,0 +1,168 @@
+Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files]
+
+Options:
+ --gateway <ip/hostname>
+ IP/name of your IPSec gateway
+ conf-variable: IPSec gateway <ip/hostname>
+
+ --id <ASCII string>
+ your group name
+ conf-variable: IPSec ID <ASCII string>
+
+ (configfile only option)
+ your group password (cleartext)
+ conf-variable: IPSec secret <ASCII string>
+
+ (configfile only option)
+ your group password (obfuscated)
+ conf-variable: IPSec obfuscated secret <hex string>
+
+ --username <ASCII string>
+ your username
+ conf-variable: Xauth username <ASCII string>
+
+ (configfile only option)
+ your password (cleartext)
+ conf-variable: Xauth password <ASCII string>
+
+ (configfile only option)
+ your password (obfuscated)
+ conf-variable: Xauth obfuscated password <hex string>
+
+ --domain <ASCII string>
+ (NT-) Domain name for authentication
+ conf-variable: Domain <ASCII string>
+
+ --xauth-inter
+ enable interactive extended authentication (for challenge response auth)
+ conf-variable: Xauth interactive
+
+ --vendor <cisco/netscreen>
+ vendor of your IPSec gateway
+ Default: cisco
+ conf-variable: Vendor <cisco/netscreen>
+
+ --natt-mode <natt/none/force-natt/cisco-udp>
+ Which NAT-Traversal Method to use:
+ * natt -- NAT-T as defined in RFC3947
+ * none -- disable use of any NAT-T method
+ * force-natt -- always use NAT-T encapsulation even
+ without presence of a NAT device
+ (useful if the OS captures all ESP traffic)
+ * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000
+ Note: cisco-tcp encapsulation is not yet supported
+ Default: natt
+ conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp>
+
+ --script <command>
+ command is executed using system() to configure the interface,
+ routing and so on. Device name, IP, etc. are passed using enviroment
+ variables, see README. This script is executed right after ISAKMP is
+ done, but before tunneling is enabled. It is called when vpnc
+ terminates, too
+ Default: /etc/vpnc/vpnc-script
+ conf-variable: Script <command>
+
+ --dh <dh1/dh2/dh5>
+ name of the IKE DH Group
+ Default: dh2
+ conf-variable: IKE DH Group <dh1/dh2/dh5>
+
+ --pfs <nopfs/dh1/dh2/dh5/server>
+ Diffie-Hellman group to use for PFS
+ Default: server
+ conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server>
+
+ --enable-1des
+ enables weak single DES encryption
+ conf-variable: Enable Single DES
+
+ --enable-no-encryption
+ enables using no encryption for data traffic (key exchanged must be encrypted)
+ conf-variable: Enable no encryption
+
+ --application-version <ASCII string>
+ Application Version to report. Note: Default string is generated at runtime.
+ Default: Cisco Systems VPN Client 0.5.3-394:Linux
+ conf-variable: Application version <ASCII string>
+
+ --ifname <ASCII string>
+ visible name of the TUN/TAP interface
+ conf-variable: Interface name <ASCII string>
+
+ --ifmode <tun/tap>
+ mode of TUN/TAP interface:
+ * tun: virtual point to point interface (default)
+ * tap: virtual ethernet interface
+ Default: tun
+ conf-variable: Interface mode <tun/tap>
+
+ --debug <0/1/2/3/99>
+ Show verbose debug messages
+ * 0: Do not print debug information.
+ * 1: Print minimal debug information.
+ * 2: Show statemachine and packet/payload type information.
+ * 3: Dump everything exluding authentication data.
+ * 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS).
+ conf-variable: Debug <0/1/2/3/99>
+
+ --no-detach
+ Don't detach from the console after login
+ conf-variable: No Detach
+
+ --pid-file <filename>
+ store the pid of background process in <filename>
+ Default: /var/run/vpnc/pid
+ conf-variable: Pidfile <filename>
+
+ --local-addr <ip/hostname>
+ local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign)
+ Default: 0.0.0.0
+ conf-variable: Local Addr <ip/hostname>
+
+ --local-port <0-65535>
+ local ISAKMP port number to use (0 == use random port)
+ Default: 500
+ conf-variable: Local Port <0-65535>
+
+ --udp-port <0-65535>
+ Local UDP port number to use (0 == use random port).
+ This is only relevant if cisco-udp nat-traversal is used.
+ This is the _local_ port, the remote udp port is discovered automatically.
+ It is especially not the cisco-tcp port.
+ Default: 10000
+ conf-variable: Cisco UDP Encapsulation Port <0-65535>
+
+ --dpd-idle <0,10-86400>
+ Send DPD packet after not receiving anything for <idle> seconds.
+ Use 0 to disable DPD completely (both ways).
+ Default: 300
+ conf-variable: DPD idle timeout (our side) <0,10-86400>
+
+ --non-inter
+ Don't ask anything, exit on missing options
+ conf-variable: Noninteractive
+
+ --auth-mode <psk/cert/hybrid>
+ Authentication mode:
+ * psk: pre-shared key (default)
+ * cert: server + client certificate (not implemented yet)
+ * hybrid: server certificate + xauth (if built with openssl support)
+ Default: psk
+ conf-variable: IKE Authmode <psk/cert/hybrid>
+
+ --ca-file <filename>
+ filename and path to the CA-PEM-File
+ conf-variable: CA-File <filename>
+
+ --ca-dir <directory>
+ path of the trusted CA-Directory
+ Default: /etc/ssl/certs
+ conf-variable: CA-Dir <directory>
+
+ --target-network <target network/netmask>
+ Target network in dotted decimal or CIDR notation
+ Default: 0.0.0.0/0.0.0.0
+ conf-variable: IPSEC target network <target network/netmask>
+
+Report bugs to vpnc@unix-ag.uni-kl.de