diff options
Diffstat (limited to 'recipes/vpnc/files')
-rw-r--r-- | recipes/vpnc/files/attribute.patch | 12 | ||||
-rw-r--r-- | recipes/vpnc/files/default.conf | 19 | ||||
-rw-r--r-- | recipes/vpnc/files/makeman.patch | 11 | ||||
-rw-r--r-- | recipes/vpnc/files/vpnc-install.patch | 35 | ||||
-rw-r--r-- | recipes/vpnc/files/vpnc-script.patch | 30 | ||||
-rw-r--r-- | recipes/vpnc/files/vpnc0.5.1--long-help | 173 | ||||
-rw-r--r-- | recipes/vpnc/files/vpnc0.5.3--long-help | 168 |
7 files changed, 448 insertions, 0 deletions
diff --git a/recipes/vpnc/files/attribute.patch b/recipes/vpnc/files/attribute.patch new file mode 100644 index 0000000000..8cf0fe5485 --- /dev/null +++ b/recipes/vpnc/files/attribute.patch @@ -0,0 +1,12 @@ +--- vpnc-0.2-rm+zomb-pre6/vpnc.c~ 2003-11-01 16:21:47.000000000 -0800 ++++ vpnc-0.2-rm+zomb-pre6/vpnc.c 2003-11-14 23:23:43.000000000 -0800 +@@ -1193,7 +1193,8 @@ + ? "\n" : ""))); + break; + default: +- reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED; ++ //reject = ISAKMP_N_ATTRIBUTES_NOT_SUPPORTED; ++ DEBUG(1, printf("Unknow attribute: ap->type: %d. Continuing anyway.\n", ap->type)); + } + DEBUG(2, printf("S5.5\n")); + if (reject != 0) diff --git a/recipes/vpnc/files/default.conf b/recipes/vpnc/files/default.conf new file mode 100644 index 0000000000..48b15eca6e --- /dev/null +++ b/recipes/vpnc/files/default.conf @@ -0,0 +1,19 @@ +# Comment out the options you need. +# Verify your config with "vpnc --print-config". +# You might also try "vpnc --long-help" or look into the documentation. + +# Needed (you will be prompted if this is missing): +#IPSec gateway 10.1.2.3 +#IPSec ID YOURPEERSID +#IPSec secret YOURPEERSSECRET +#Xauth username YOURUSERNAME +#Xauth password YOURPASSWORD + +# Optional: +#UDP Encapsulate +#UDP Encapsulation Port 10000 +#Noninteractive +#No Detach +#Debug 99 +#Interface name tun0 +#Script /etc/vpnc/vpnc-script diff --git a/recipes/vpnc/files/makeman.patch b/recipes/vpnc/files/makeman.patch new file mode 100644 index 0000000000..decc86f120 --- /dev/null +++ b/recipes/vpnc/files/makeman.patch @@ -0,0 +1,11 @@ +--- vpnc-0.5.1/makeman.pl.old 2008-03-16 02:17:59.000000000 -0500 ++++ vpnc-0.5.1/makeman.pl 2008-03-16 02:29:34.000000000 -0500 +@@ -29,7 +29,7 @@ my $vpnc = './vpnc'; + # indenting lists (those originally starting with an asterisk). I hope + # this pays off when converting the manpage to HTML or such. + +-open my $LONGHELP, '-|', "$vpnc --long-help"; ++open my $LONGHELP, '-|', "cat ../vpnc*--long-help"; + my $vpnc_options = ''; + my $relative_indent = 0; + my $indent_needed = 0; diff --git a/recipes/vpnc/files/vpnc-install.patch b/recipes/vpnc/files/vpnc-install.patch new file mode 100644 index 0000000000..3de65ec35e --- /dev/null +++ b/recipes/vpnc/files/vpnc-install.patch @@ -0,0 +1,35 @@ +--- a/Makefile~ 2009-01-20 18:44:30.000000000 +0100 ++++ b/Makefile 2009-01-20 18:44:30.000000000 +0100 +@@ -119,21 +119,21 @@ + else \ + install vpnc-script $(DESTDIR)$(ETCDIR); \ + fi +- install -m600 vpnc.conf $(DESTDIR)$(ETCDIR)/default.conf +- install -m755 vpnc-disconnect $(DESTDIR)$(SBINDIR) +- install -m755 pcf2vpnc $(DESTDIR)$(BINDIR) +- install -m644 vpnc.8 $(DESTDIR)$(MANDIR)/man8 +- install -m644 pcf2vpnc.1 $(DESTDIR)$(MANDIR)/man1 +- install -m644 cisco-decrypt.1 $(DESTDIR)$(MANDIR)/man1 +- install -m644 COPYING $(DESTDIR)$(DOCDIR) ++ install -m 600 vpnc.conf $(DESTDIR)$(ETCDIR)/default.conf ++ install -m 755 vpnc-disconnect $(DESTDIR)$(SBINDIR) ++ install -m 755 pcf2vpnc $(DESTDIR)$(BINDIR) ++ install -m 644 vpnc.8 $(DESTDIR)$(MANDIR)/man8 ++ install -m 644 pcf2vpnc.1 $(DESTDIR)$(MANDIR)/man1 ++ install -m 644 cisco-decrypt.1 $(DESTDIR)$(MANDIR)/man1 ++ install -m 644 COPYING $(DESTDIR)$(DOCDIR) + + install : install-common +- install -m755 vpnc $(DESTDIR)$(SBINDIR) +- install -m755 cisco-decrypt $(DESTDIR)$(BINDIR) ++ install -m 755 vpnc $(DESTDIR)$(SBINDIR) ++ install -m 755 cisco-decrypt $(DESTDIR)$(BINDIR) + + install-strip : install-common +- install -s -m755 vpnc $(DESTDIR)$(SBINDIR) +- install -s -m755 cisco-decrypt $(DESTDIR)$(BINDIR) ++ install -s -m 755 vpnc $(DESTDIR)$(SBINDIR) ++ install -s -m 755 cisco-decrypt $(DESTDIR)$(BINDIR) + + uninstall : + rm -f $(DESTDIR)$(SBINDIR)/vpnc \ diff --git a/recipes/vpnc/files/vpnc-script.patch b/recipes/vpnc/files/vpnc-script.patch new file mode 100644 index 0000000000..f50e41d575 --- /dev/null +++ b/recipes/vpnc/files/vpnc-script.patch @@ -0,0 +1,30 @@ +--- vpnc-0.3.3.orig/vpnc-script 2005-05-05 19:05:18.000000000 +0200 ++++ vpnc-0.3.3/vpnc-script 2006-02-07 23:31:50.000000000 +0100 +@@ -19,6 +19,7 @@ + #set -x + + OS="`uname -s`" ++mkdir -p /var/run/vpnc + DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute + RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup + +@@ -219,7 +220,8 @@ + do_ifconfig + set_vpngateway_route + if [ -n "$CISCO_SPLIT_INC" ]; then +- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do ++ CISCO_SPLIT_INC0=`expr "$CISCO_SPLIT_INC" - 1` ++ for i in `seq 0 "$CISCO_SPLIT_INC0"` ; do + eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}" + eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}" + eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}" +@@ -239,7 +241,8 @@ + + do_disconnect() { + if [ -n "$CISCO_SPLIT_INC" ]; then +- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do ++ CISCO_SPLIT_INC0=`expr "$CISCO_SPLIT_INC" - 1` ++ for i in `seq 0 "$CISCO_SPLIT_INC0"` ; do + eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}" + eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}" + eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}" diff --git a/recipes/vpnc/files/vpnc0.5.1--long-help b/recipes/vpnc/files/vpnc0.5.1--long-help new file mode 100644 index 0000000000..4afa2b75d2 --- /dev/null +++ b/recipes/vpnc/files/vpnc0.5.1--long-help @@ -0,0 +1,173 @@ +Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files] + +Options: + --gateway <ip/hostname> + IP/name of your IPSec gateway + conf-variable: IPSec gateway <ip/hostname> + + --id <ASCII string> + your group name + conf-variable: IPSec ID <ASCII string> + + (configfile only option) + your group password (cleartext) + conf-variable: IPSec secret <ASCII string> + + (configfile only option) + your group password (obfuscated) + conf-variable: IPSec obfuscated secret <hex string> + + --username <ASCII string> + your username + conf-variable: Xauth username <ASCII string> + + (configfile only option) + your password (cleartext) + conf-variable: Xauth password <ASCII string> + + (configfile only option) + your password (obfuscated) + conf-variable: Xauth obfuscated password <hex string> + + --domain <ASCII string> + (NT-) Domain name for authentication + conf-variable: Domain <ASCII string> + + --xauth-inter + enable interactive extended authentication (for challenge response auth) + conf-variable: Xauth interactive + + --vendor <cisco/netscreen> + vendor of your IPSec gateway + Default: cisco + conf-variable: Vendor <cisco/netscreen> + + --natt-mode <natt/none/force-natt/cisco-udp> + Which NAT-Traversal Method to use: + * natt -- NAT-T as defined in RFC3947 + * none -- disable use of any NAT-T method + * force-natt -- always use NAT-T encapsulation even + without presence of a NAT device + (useful if the OS captures all ESP traffic) + * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000 + Note: cisco-tcp encapsulation is not yet supported + Default: natt + conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp> + + --script <command> + command is executed using system() to configure the interface, + routing and so on. Device name, IP, etc. are passed using enviroment + variables, see README. This script is executed right after ISAKMP is + done, but before tunneling is enabled. It is called when vpnc + terminates, too + Default: /etc/vpnc/vpnc-script + conf-variable: Script <command> + + --dh <dh1/dh2/dh5> + name of the IKE DH Group + Default: dh2 + conf-variable: IKE DH Group <dh1/dh2/dh5> + + --pfs <nopfs/dh1/dh2/dh5/server> + Diffie-Hellman group to use for PFS + Default: server + conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server> + + --enable-1des + enables weak single DES encryption + conf-variable: Enable Single DES + + --enable-no-encryption + enables using no encryption for data traffic (key exchanged must be encrypted) + conf-variable: Enable no encryption + + --application-version <ASCII string> + Application Version to report. Note: Default string is generated at runtime. + Default: Cisco Systems VPN Client 0.5.1:Linux + conf-variable: Application version <ASCII string> + + --ifname <ASCII string> + visible name of the TUN/TAP interface + conf-variable: Interface name <ASCII string> + + --ifmode <tun/tap> + mode of TUN/TAP interface: + * tun: virtual point to point interface (default) + * tap: virtual ethernet interface + Default: tun + conf-variable: Interface mode <tun/tap> + + --debug <0/1/2/3/99> + Show verbose debug messages + * 0: Do not print debug information. + * 1: Print minimal debug information. + * 2: Show statemachine and packet/payload type information. + * 3: Dump everything exluding authentication data. + * 99: Dump everything including authentication data (e.g. passwords). + conf-variable: Debug <0/1/2/3/99> + + --no-detach + Don't detach from the console after login + conf-variable: No Detach + + --pid-file <filename> + store the pid of background process in <filename> + Default: /var/run/vpnc/pid + conf-variable: Pidfile <filename> + + --local-addr <ip/hostname> + local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign) + Default: 0.0.0.0 + conf-variable: Local Addr <ip/hostname> + + --local-port <0-65535> + local ISAKMP port number to use (0 == use random port) + Default: 500 + conf-variable: Local Port <0-65535> + + --udp-port <0-65535> + Local UDP port number to use (0 == use random port). + This is only relevant if cisco-udp nat-traversal is used. + This is the _local_ port, the remote udp port is discovered automatically. + It is especially not the cisco-tcp port. + Default: 10000 + conf-variable: Cisco UDP Encapsulation Port <0-65535> + + --dpd-idle <0,10-86400> + Send DPD packet after not receiving anything for <idle> seconds. + Use 0 to disable DPD completely (both ways). + Default: 300 + conf-variable: DPD idle timeout (our side) <0,10-86400> + + --non-inter + Don't ask anything, exit on missing options + conf-variable: Noninteractive + + --auth-mode <psk/cert/hybrid> + Authentication mode: + * psk: pre-shared key (default) + * cert: server + client certificate (not implemented yet) + * hybrid: server certificate + xauth (if built with openssl support) + Default: psk + conf-variable: IKE Authmode <psk/cert/hybrid> + + --ca-file <filename> + filename and path to the CA-PEM-File + conf-variable: CA-File <filename> + + --ca-dir <directory> + path of the trusted CA-Directory + Default: /etc/ssl/certs + conf-variable: CA-Dir <directory> + + --dns-update + DEPRECATED extension, see README.Debian for details + Default: Yes + conf-variable: DNSUpdate + + --target-networks + DEPRECATED extension, see README.Debian for details + Default: + conf-variable: Target Networks + +Report bugs to vpnc@unix-ag.uni-kl.de diff --git a/recipes/vpnc/files/vpnc0.5.3--long-help b/recipes/vpnc/files/vpnc0.5.3--long-help new file mode 100644 index 0000000000..fbec254144 --- /dev/null +++ b/recipes/vpnc/files/vpnc0.5.3--long-help @@ -0,0 +1,168 @@ +Usage: vpnc [--version] [--print-config] [--help] [--long-help] [options] [config files] + +Options: + --gateway <ip/hostname> + IP/name of your IPSec gateway + conf-variable: IPSec gateway <ip/hostname> + + --id <ASCII string> + your group name + conf-variable: IPSec ID <ASCII string> + + (configfile only option) + your group password (cleartext) + conf-variable: IPSec secret <ASCII string> + + (configfile only option) + your group password (obfuscated) + conf-variable: IPSec obfuscated secret <hex string> + + --username <ASCII string> + your username + conf-variable: Xauth username <ASCII string> + + (configfile only option) + your password (cleartext) + conf-variable: Xauth password <ASCII string> + + (configfile only option) + your password (obfuscated) + conf-variable: Xauth obfuscated password <hex string> + + --domain <ASCII string> + (NT-) Domain name for authentication + conf-variable: Domain <ASCII string> + + --xauth-inter + enable interactive extended authentication (for challenge response auth) + conf-variable: Xauth interactive + + --vendor <cisco/netscreen> + vendor of your IPSec gateway + Default: cisco + conf-variable: Vendor <cisco/netscreen> + + --natt-mode <natt/none/force-natt/cisco-udp> + Which NAT-Traversal Method to use: + * natt -- NAT-T as defined in RFC3947 + * none -- disable use of any NAT-T method + * force-natt -- always use NAT-T encapsulation even + without presence of a NAT device + (useful if the OS captures all ESP traffic) + * cisco-udp -- Cisco proprietary UDP encapsulation, commonly over Port 10000 + Note: cisco-tcp encapsulation is not yet supported + Default: natt + conf-variable: NAT Traversal Mode <natt/none/force-natt/cisco-udp> + + --script <command> + command is executed using system() to configure the interface, + routing and so on. Device name, IP, etc. are passed using enviroment + variables, see README. This script is executed right after ISAKMP is + done, but before tunneling is enabled. It is called when vpnc + terminates, too + Default: /etc/vpnc/vpnc-script + conf-variable: Script <command> + + --dh <dh1/dh2/dh5> + name of the IKE DH Group + Default: dh2 + conf-variable: IKE DH Group <dh1/dh2/dh5> + + --pfs <nopfs/dh1/dh2/dh5/server> + Diffie-Hellman group to use for PFS + Default: server + conf-variable: Perfect Forward Secrecy <nopfs/dh1/dh2/dh5/server> + + --enable-1des + enables weak single DES encryption + conf-variable: Enable Single DES + + --enable-no-encryption + enables using no encryption for data traffic (key exchanged must be encrypted) + conf-variable: Enable no encryption + + --application-version <ASCII string> + Application Version to report. Note: Default string is generated at runtime. + Default: Cisco Systems VPN Client 0.5.3-394:Linux + conf-variable: Application version <ASCII string> + + --ifname <ASCII string> + visible name of the TUN/TAP interface + conf-variable: Interface name <ASCII string> + + --ifmode <tun/tap> + mode of TUN/TAP interface: + * tun: virtual point to point interface (default) + * tap: virtual ethernet interface + Default: tun + conf-variable: Interface mode <tun/tap> + + --debug <0/1/2/3/99> + Show verbose debug messages + * 0: Do not print debug information. + * 1: Print minimal debug information. + * 2: Show statemachine and packet/payload type information. + * 3: Dump everything exluding authentication data. + * 99: Dump everything INCLUDING AUTHENTICATION data (e.g. PASSWORDS). + conf-variable: Debug <0/1/2/3/99> + + --no-detach + Don't detach from the console after login + conf-variable: No Detach + + --pid-file <filename> + store the pid of background process in <filename> + Default: /var/run/vpnc/pid + conf-variable: Pidfile <filename> + + --local-addr <ip/hostname> + local IP to use for ISAKMP / ESP / ... (0.0.0.0 == automatically assign) + Default: 0.0.0.0 + conf-variable: Local Addr <ip/hostname> + + --local-port <0-65535> + local ISAKMP port number to use (0 == use random port) + Default: 500 + conf-variable: Local Port <0-65535> + + --udp-port <0-65535> + Local UDP port number to use (0 == use random port). + This is only relevant if cisco-udp nat-traversal is used. + This is the _local_ port, the remote udp port is discovered automatically. + It is especially not the cisco-tcp port. + Default: 10000 + conf-variable: Cisco UDP Encapsulation Port <0-65535> + + --dpd-idle <0,10-86400> + Send DPD packet after not receiving anything for <idle> seconds. + Use 0 to disable DPD completely (both ways). + Default: 300 + conf-variable: DPD idle timeout (our side) <0,10-86400> + + --non-inter + Don't ask anything, exit on missing options + conf-variable: Noninteractive + + --auth-mode <psk/cert/hybrid> + Authentication mode: + * psk: pre-shared key (default) + * cert: server + client certificate (not implemented yet) + * hybrid: server certificate + xauth (if built with openssl support) + Default: psk + conf-variable: IKE Authmode <psk/cert/hybrid> + + --ca-file <filename> + filename and path to the CA-PEM-File + conf-variable: CA-File <filename> + + --ca-dir <directory> + path of the trusted CA-Directory + Default: /etc/ssl/certs + conf-variable: CA-Dir <directory> + + --target-network <target network/netmask> + Target network in dotted decimal or CIDR notation + Default: 0.0.0.0/0.0.0.0 + conf-variable: IPSEC target network <target network/netmask> + +Report bugs to vpnc@unix-ag.uni-kl.de |