Date: Wed, 31 Aug 2005 20:32:04 GMT From: VANHULLEBUS Yvan <vanhu@netasq.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/85544: New port: security/ipsec-tools Message-ID: <200508312032.j7VKW4IN021544@www.freebsd.org> Resent-Message-ID: <200508312040.j7VKe5Gj098365@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 85544 >Category: ports >Synopsis: New port: security/ipsec-tools >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Wed Aug 31 20:40:05 GMT 2005 >Closed-Date: >Last-Modified: >Originator: VANHULLEBUS Yvan >Release: FreeBSD6 >Organization: NETASQ >Environment: -- >Description: IPSec tools port: ipsec-tools is the new "official" version of racoon, is the only one which is maintained and have lots of new features. >How-To-Repeat: -- >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # ipsec-tools # ipsec-tools/files # ipsec-tools/files/racoon.sh # ipsec-tools/pkg-descr # ipsec-tools/pkg-plist # ipsec-tools/distinfo # ipsec-tools/Makefile # echo c - ipsec-tools mkdir -p ipsec-tools > /dev/null 2>&1 echo c - ipsec-tools/files mkdir -p ipsec-tools/files > /dev/null 2>&1 echo x - ipsec-tools/files/racoon.sh sed 's/^X//' >ipsec-tools/files/racoon.sh << 'END-of-ipsec-tools/files/racoon.sh' X#!/bin/sh X X# Start or stop racoon X# $FreeBSD: ports/security/racoon/files/racoon.sh,v 1.2 2004/01/06 15:31:09 sumikawa Exp $ X X# PROVIDE: racoon X# REQUIRE: DAEMON X# BEFORE: LOGIN X# KEYWORD: FreeBSD shutdown X# X# NOTE for FreeBSD 5.0+: X# If you want this script to start with the base rc scripts X# move racoon.sh to /etc/rc.d/racoon X Xprefix=%%PREFIX%% X X# Define these racoon_* variables in one of these files: X# /etc/rc.conf X# /etc/rc.conf.local X# /etc/rc.conf.d/racoon X# X# DO NOT CHANGE THESE DEFAULT VALUES HERE X# X[ -z "$racoon_enable" ] && racoon_enable="YES" # Enable racoon X#racoon_program="${prefix}/sbin/racoon" # Location of racoon X#racoon_flags="" # Flags to racoon program X X. %%RC_SUBR%% X Xname="racoon" Xrcvar=`set_rcvar` Xcommand="${prefix}/sbin/racoon" Xpidfile="/var/run/racoon.pid" Xrequired_files="${prefix}/etc/racoon/racoon.conf" Xstop_postcmd="racoon_poststop" X Xracoon_poststop() { X /bin/rm -f ${pidfile} X} X Xload_rc_config $name Xrun_rc_command "$1" END-of-ipsec-tools/files/racoon.sh echo x - ipsec-tools/pkg-descr sed 's/^X//' >ipsec-tools/pkg-descr << 'END-of-ipsec-tools/pkg-descr' Xracoon speaks IKE (ISAKMP/Oakley) key management protocol, to Xestablish security association with other hosts. X XThis is the IPSec-tools version of racoon. X XKnown issues: X- Too many use of dynamic memory allocation, which leads to memory leak. X- Non-threaded implementation. Simultaneous key negotiation performance X should be improved. X- Cannot negotiate keys for per-socket policy. X- Cryptic configuration syntax - blame IPsec specification too... X- Needs more documentation. X XDesign choice, not a bug: X- racoon negotiate IPsec keys only. It does not negotiate policy. Policy must X be configured into the kernel separately from racoon. If you want to X support roaming clients, you may need to have a mechanism to put policy X for the roaming client after phase 1 finishes. X XWWW: http://www.kame.net/ and http://ipsec-tools.sf.net END-of-ipsec-tools/pkg-descr echo x - ipsec-tools/pkg-plist sed 's/^X//' >ipsec-tools/pkg-plist << 'END-of-ipsec-tools/pkg-plist' Xetc/rc.d/racoon.sh Xinclude/libipsec/libpfkey.h Xinclude/racoon/admin.h Xinclude/racoon/evt.h Xinclude/racoon/gcmalloc.h Xinclude/racoon/ipsec_doi.h Xinclude/racoon/isakmp.h Xinclude/racoon/isakmp_cfg.h Xinclude/racoon/isakmp_unity.h Xinclude/racoon/isakmp_var.h Xinclude/racoon/isakmp_xauth.h Xinclude/racoon/misc.h Xinclude/racoon/racoonctl.h Xinclude/racoon/schedule.h Xinclude/racoon/sockmisc.h Xinclude/racoon/var.h Xinclude/racoon/vmbuf.h Xlib/libipsec.a Xlib/libipsec.la Xlib/libipsec.so Xlib/libipsec.so.0 Xlib/libracoon.a Xlib/libracoon.la Xlib/libracoon.so Xlib/libracoon.so.0 Xman/man3/ipsec_set_policy.3 Xman/man3/ipsec_strerror.3 Xman/man5/racoon.conf.5.gz Xman/man8/plainrsa-gen.8 Xman/man8/racoon.8.gz Xman/man8/racoonctl.8 Xman/man8/setkey.8 Xsbin/plainrsa-gen Xsbin/racoon Xsbin/racoonctl Xsbin/setkey X@dirrm var/racoon X@dirrm var X@dirrm share/nls/en_US.US-ASCII X@dirrm share/nls/POSIX X@dirrm include/racoon X@dirrm include/libipsec END-of-ipsec-tools/pkg-plist echo x - ipsec-tools/distinfo sed 's/^X//' >ipsec-tools/distinfo << 'END-of-ipsec-tools/distinfo' XMD5 (ipsec-tools-0.6.tar.bz2) = 0487458fe95defb609faa6b05cd9b0af XSIZE (ipsec-tools-0.6.tar.bz2) = 660938 END-of-ipsec-tools/distinfo echo x - ipsec-tools/Makefile sed 's/^X//' >ipsec-tools/Makefile << 'END-of-ipsec-tools/Makefile' X# New ports collection makefile for: ipsec-tools X# Date created: 20 dec 2004 X# Whom: vanhu X# X X# TODO: - better list of master sites X# - configurable --enable-xxx X# - libipsec issue ? X# - cleanup... X# - SYSCONFDIR X# - $LOCALBASE/sbin/setkey Vs /usr/sbin/setkey X X XPORTNAME= ipsec-tools XPORTVERSION= 0.6 XCATEGORIES= security net XMASTER_SITES= http://switch.dl.sourceforge.net/sourceforge/ipsec-tools/ \ X http://ovh.dl.sourceforge.net/sourceforge/ipsec-tools/ XUSE_BZIP2= yes X XMAINTAINER= vanhu@netasq.com XCOMMENT= KAME racoon IKE daemon, ipsec-tools version X XUSE_RC_SUBR= YES XUSE_OPENSSL= YES X XWRKSRC= ${WRKDIR}/${DISTNAME} XGNU_CONFIGURE= yes XLDFLAGS+= -L${LOCALBASE}/lib XCONFIGURE_ARGS+=--enable-debug XCONFIGURE_ARGS+=--enable-dpd XCONFIGURE_ARGS+=--enable-natt=kernel XCONFIGURE_ARGS+=--enable-frag XCONFIGURE_ARGS+=--enable-ipv6 XCONFIGURE_ARGS+=--enable-shared XCONFIGURE_ARGS+=--sysconfdir=${LOCALBASE}/etc XCONFIGURE_ARGS+=--with-pkgversion=freebsd-${PORTVERSION} X XMAN5= racoon.conf.5 XMAN8= racoon.8 X XRC_SCRIPTS_SUB= PREFIX=${PREFIX} \ X RC_SUBR=${RC_SUBR} X Xpre-patch: X# ${MV} ${WRKSRC}/racoon.8 ${WRKSRC}/racoon.8.in X X Xpost-install: X @${SED} ${RC_SCRIPTS_SUB:S/$/!g/:S/^/ -e s!%%/:S/=/%%!/} \ X ${FILESDIR}/racoon.sh > ${PREFIX}/etc/rc.d/racoon.sh X @${CHMOD} +x ${PREFIX}/etc/rc.d/racoon.sh X @if [ -z `/sbin/sysctl -a | ${GREP} -q ipsec && echo ipsec` ]; then \ X ${ECHO_MSG} "WARNING: IPsec feature is disabled on this host"; \ X ${ECHO_MSG} " You must build the kernel if you want to run racoon on the host"; \ X fi ; X X.include <bsd.port.mk> END-of-ipsec-tools/Makefile exit >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508312032.j7VKW4IN021544>