works for me on @i386.
regards,
Le Thu, 3 Apr 2008 17:28:56 -0400,
Okan Demirmen <[EMAIL PROTECTED]> a écrit :
> On Mon 2008.03.31 at 10:06 -0400, Okan Demirmen wrote:
> > it seems an update to security/vpnc has been tossed around for a
> > while now. so, i chose the latest one (from Thomas Schoeller, with
> > comments from others) and have been running with it for about 2
> > months now. confirmed it works on i386 and amd64; my sparc64 is not
> > currently in a net-location to test functionality, but it compiles.
> >
> > - update to 0.5.1
> > - adds a sample split vpn script
> >
> > one thing i did take out was the work-around for amd64 (-O0). i'm
> > unsure why that was in there, for i have vpnc running on amd64
> > without it. can someone provide the failure details?
> >
> > final comments, oks?
>
> i've only gotten one response, that sparc64 works (thanks!). other
> vpnc users out there?
>
> > Index: Makefile
> > ===================================================================
> > RCS file: /cvs/ports/security/vpnc/Makefile,v
> > retrieving revision 1.12
> > diff -u -p -r1.12 Makefile
> > --- Makefile 15 Sep 2007 23:30:01 -0000 1.12
> > +++ Makefile 31 Mar 2008 13:58:49 -0000
> > @@ -2,8 +2,7 @@
> >
> > COMMENT= client for Cisco 3000 VPN concentrators
> >
> > -DISTNAME= vpnc-0.3.3
> > -PKGNAME= ${DISTNAME}p1
> > +DISTNAME= vpnc-0.5.1
> > CATEGORIES= security net
> >
> > HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/
> > @@ -25,6 +24,7 @@ NO_REGRESS= Yes
> > do-configure:
> > @perl -pi -e "s,/etc,${SYSCONFDIR},g"
> > ${WRKSRC}/{README,config.c} @sed -e "s,%%PREFIX%%,${PREFIX},g"
> > ${FILESDIR}/vpnc.sh > ${WRKBUILD}/vpnc.sh
> > + @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/split.sh >
> > ${WRKBUILD}/split.sh
> > do-install:
> > ${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin
> > @@ -33,6 +33,7 @@ do-install:
> > ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc
> > ${INSTALL_DATA} ${WRKBUILD}/vpnc.conf
> > ${PREFIX}/share/examples/vpnc ${INSTALL_DATA}
> > ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc
> > + ${INSTALL_DATA} ${WRKBUILD}/split.sh
> > ${PREFIX}/share/examples/vpnc ${INSTALL_DATA} ${WRKBUILD}/vpnc.sh
> > ${PREFIX}/share/examples/vpnc ${INSTALL_MAN} ${WRKBUILD}/vpnc.8
> > ${PREFIX}/man/man8
> > Index: distinfo
> > ===================================================================
> > RCS file: /cvs/ports/security/vpnc/distinfo,v
> > retrieving revision 1.6
> > diff -u -p -r1.6 distinfo
> > --- distinfo 5 Apr 2007 17:26:10 -0000 1.6
> > +++ distinfo 31 Mar 2008 13:58:49 -0000
> > @@ -1,5 +1,5 @@
> > -MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag==
> > -RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo=
> > -SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo=
> > -SHA256 (vpnc-0.3.3.tar.gz) =
> > vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c= -SIZE
> > (vpnc-0.3.3.tar.gz) = 59939 +MD5 (vpnc-0.5.1.tar.gz) =
> > eo6U2+lPOaT9ibcuASX2bw== +RMD160 (vpnc-0.5.1.tar.gz) =
> > dt1aOji9IQnPjh+62F4nYuhImDI= +SHA1 (vpnc-0.5.1.tar.gz) =
> > 78cdugOqQJRa815LB02Z+SL/f/0= +SHA256 (vpnc-0.5.1.tar.gz) =
> > 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0= +SIZE
> > (vpnc-0.5.1.tar.gz) = 91496 Index: files/split.sh
> > ===================================================================
> > RCS file: files/split.sh
> > diff -N files/split.sh
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ files/split.sh 31 Mar 2008 13:58:49 -0000
> > @@ -0,0 +1,19 @@
> > +#!/bin/sh
> > +
> > +# this effectively disables changes to /etc/resolv.conf
> > +INTERNAL_IP4_DNS=
> > +
> > +# This sets up split networking regardless
> > +# of the concentrators specifications.
> > +# You can add as many routes as you want,
> > +# but you must set the counter $CISCO_SPLIT_INC
> > +# accordingly
> > +CISCO_SPLIT_INC=1
> > +CISCO_SPLIT_INC_0_ADDR=10.0.0.0
> > +CISCO_SPLIT_INC_0_MASK=255.255.0.0
> > +CISCO_SPLIT_INC_0_MASKLEN=16
> > +CISCO_SPLIT_INC_0_PROTOCOL=0
> > +CISCO_SPLIT_INC_0_SPORT=0
> > +CISCO_SPLIT_INC_0_DPORT=0
> > +
> > +. /etc/vpnc/vpnc-script
> > Index: patches/patch-Makefile
> > ===================================================================
> > RCS file: /cvs/ports/security/vpnc/patches/patch-Makefile,v
> > retrieving revision 1.3
> > diff -u -p -r1.3 patch-Makefile
> > --- patches/patch-Makefile 11 Nov 2005 19:38:07 -0000
> > 1.3 +++ patches/patch-Makefile 31 Mar 2008 13:58:49 -0000
> > @@ -1,16 +1,18 @@
> > $OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $
> > ---- Makefile.orig Sun May 1 22:30:35 2005
> > -+++ Makefile Fri Nov 4 00:03:54 2005
> > -@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
> > - SBINDIR=$(PREFIX)/sbin
> > - MANDIR=$(PREFIX)/share/man
> > +--- Makefile.orig Thu Sep 6 16:05:15 2007
> > ++++ Makefile Wed Sep 19 06:05:20 2007
> > +@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION)
> > + #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
> > + #OPENSSLLIBS = -lcrypto
> >
> > -CC=gcc
> > --CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell
> > libgcrypt-config --cflags) --LDFLAGS=-g $(shell libgcrypt-config
> > --libs) -+CC?=gcc
> > -+CFLAGS+=-W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell
> > libgcrypt-config --cflags) -+LDFLAGS+=$(shell libgcrypt-config
> > --libs) +-CFLAGS ?= -O3 -g
> > +-CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings
> > +-CFLAGS += $(shell libgcrypt-config --cflags)
> > ++CC ?= gcc
> > ++CFLAGS += -W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell
> > libgcrypt-config --cflags)
> > + CPPFLAGS += -DVERSION=\"$(VERSION)\" $(OPENSSL_GPL_VIOLATION)
> > +-LDFLAGS ?= -g
> > + LDFLAGS += $(shell libgcrypt-config --libs) $(OPENSSLLIBS)
> >
> > - ifeq ($(shell uname -s), Linux)
> > - SYSDEP=sysdep-linux.o
> > + ifeq ($(shell uname -s), SunOS)
> > Index: patches/patch-tunip_c
> > ===================================================================
> > RCS file: patches/patch-tunip_c
> > diff -N patches/patch-tunip_c
> > --- patches/patch-tunip_c 11 Nov 2005 19:38:07 -0000
> > 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000
> > @@ -1,21 +0,0 @@
> > -$OpenBSD: patch-tunip_c,v 1.3 2005/11/11 19:38:07 sturm Exp $
> > ---- tunip.c.orig Thu May 5 12:25:00 2005
> > -+++ tunip.c Fri Nov 4 00:09:30 2005
> > -@@ -436,7 +436,7 @@ int update_sa_addr(struct sa_desc *p)
> > - if (new_addr.sin_addr.s_addr !=
> > p->source.sin_addr.s_addr) {
> > - char addr1[16];
> > - p->source.sin_addr = new_addr.sin_addr;
> > -- strcpy(addr1, inet_ntoa(p->dest.sin_addr));
> > -+ strlcpy(addr1, inet_ntoa(p->dest.sin_addr),
> > sizeof(addr1));
> > - syslog(LOG_NOTICE,
> > - "local address for %s is %s", addr1,
> > inet_ntoa(p->source.sin_addr));
> > - return 1;
> > -@@ -844,7 +844,7 @@ static void vpnc_main_loop(struct peer_d
> > - || from.sin_addr.s_addr !=
> > peer->remote_sa->dest.sin_addr.s_addr) {
> > - /* remote end changed address */
> > - char addr1[16];
> > -- strcpy(addr1,
> > inet_ntoa(peer->remote_sa->dest.sin_addr));
> > -+ strlcpy(addr1,
> > inet_ntoa(peer->remote_sa->dest.sin_addr), sizeof(addr1));
> > - syslog(LOG_NOTICE,
> > - "spi %u: remote address
> > changed from %s to %s",
> > - peer->remote_sa->spi,
> > addr1, inet_ntoa(from.sin_addr)); Index: patches/patch-vpnc-script
> > ===================================================================
> > RCS file: /cvs/ports/security/vpnc/patches/patch-vpnc-script,v
> > retrieving revision 1.1
> > diff -u -p -r1.1 patch-vpnc-script
> > --- patches/patch-vpnc-script 11 Nov 2005 19:38:07
> > -0000 1.1 +++ patches/patch-vpnc-script 31 Mar 2008
> > 13:58:49 -0000 @@ -1,64 +1,26 @@
> > $OpenBSD: patch-vpnc-script,v 1.1 2005/11/11 19:38:07 sturm Exp $
> > ---- vpnc-script.orig Thu Nov 3 23:39:23 2005
> > -+++ vpnc-script Thu Nov 3 23:51:02 2005
> > -@@ -70,7 +70,7 @@ do_ifconfig() {
> > - ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS"
> > $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask
> > 255.255.255.255 mtu 1412 up
> > - }
> > +--- vpnc-script.orig Thu Sep 6 22:05:15 2007
> > ++++ vpnc-script Thu Sep 13 21:53:21 2007
> > +@@ -108,7 +108,7 @@ destroy_tun_device() {
> > +
> > + # =========== route handling ====================================
> >
> > -if [ -n "$IPROUTE" ]; then
> > +if [ -x "$IPROUTE" ]; then
> > fix_ip_get_output () {
> > - sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g'
> > - }
> > -@@ -117,7 +117,11 @@ if [ -n "$IPROUTE" ]; then
> > + sed 's/cache//;s/metric \?[0-9]\+
> > [0-9]\+//g;s/hoplimit [0-9]\+//g' }
> > - else
> > - get_default_gw() {
> > -- netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
> > -+ if [ "$OS" = "OpenBSD" ]; then
> > -+ netstat -r -n | grep '^default' | awk
> > '{print $2}' -+ else
> > -+ netstat -r -n | grep '^0.0.0.0' | awk
> > '{print $2}' -+ fi
> > - }
> > -
> > - set_vpngateway_route() {
> > -@@ -215,15 +219,21 @@ do_connect() {
> > - echo "$CISCO_BANNER" | while read LINE ; do echo
> > "|" "$LINE" ; done
> > - echo
> > - fi
> > --
> > -+
> > -+ if [ ! -d /var/run/vpnc ]; then
> > -+ mkdir /var/run/vpnc || exit $?
> > -+ fi
> > -+
> > - do_ifconfig
> > - set_vpngateway_route
> > - if [ -n "$CISCO_SPLIT_INC" ]; then
> > -- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
> > -+ i=0
> > -+ while [ $i -lt $CISCO_SPLIT_INC ]; do
> > - eval
> > NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
> > - eval
> > NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
> > - eval
> > NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
> > - set_network_route "$NETWORK" "$NETMASK"
> > "$NETMASKLEN" -+ i=`expr $i + 1`
> > - done
> > - for i in $INTERNAL_IP4_DNS ; do
> > - set_network_route "$i" "255.255.255.255"
> > "32" -@@ -239,11 +249,13 @@ do_connect() {
> > -
> > - do_disconnect() {
> > - if [ -n "$CISCO_SPLIT_INC" ]; then
> > -- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
> > -+ i=0
> > -+ while [ $i -lt $CISCO_SPLIT_INC ]; do
> > - eval
> > NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
> > - eval
> > NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
> > - eval
> > NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
> > - del_network_route "$NETWORK" "$NETMASK"
> > "$NETMASKLEN" -+ i=`expr $i + 1`
> > - done
> > - for i in $INTERNAL_IP4_DNS ; do
> > - del_network_route "$i" "255.255.255.255"
> > "32" +@@ -195,6 +195,13 @@ else # use route command
> > + case "$OS" in
> > + Linux|NetBSD) # and probably others...
> > + # routes are deleted automatically on
> > device shutdown ++ return
> > ++ ;;
> > ++ OpenBSD)
> > ++ # delete only routes that are present
> > ++ if [ `route -n get $1|grep $2|wc -l` -ne
> > 0 ]; then ++ route $route_syntax_del
> > -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw
> > "$INTERNAL_IP4_ADDRESS" ++ fi
> > + return
> > + ;;
> > + esac
> > Index: patches/patch-vpnc_c
> > ===================================================================
> > RCS file: /cvs/ports/security/vpnc/patches/patch-vpnc_c,v
> > retrieving revision 1.2
> > diff -u -p -r1.2 patch-vpnc_c
> > --- patches/patch-vpnc_c 11 Nov 2005 19:38:07 -0000
> > 1.2 +++ patches/patch-vpnc_c 31 Mar 2008 13:58:49 -0000
> > @@ -1,7 +1,7 @@
> > $OpenBSD: patch-vpnc_c,v 1.2 2005/11/11 19:38:07 sturm Exp $
> > ---- vpnc.c.orig Fri Nov 4 00:09:49 2005
> > -+++ vpnc.c Fri Nov 4 00:11:03 2005
> > -@@ -196,10 +196,11 @@ static void addenv(const void *name, con
> > +--- vpnc.c.orig Mon Sep 10 15:39:48 2007
> > ++++ vpnc.c Wed Sep 12 16:47:27 2007
> > +@@ -159,10 +159,11 @@ static void addenv(const void *name, const
> > char *value
> > oldval = getenv(name);
> > if (oldval != NULL) {
> > Index: patches/patch-vpnc_conf
> > ===================================================================
> > RCS file: patches/patch-vpnc_conf
> > diff -N patches/patch-vpnc_conf
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ patches/patch-vpnc_conf 31 Mar 2008 13:58:49 -0000
> > @@ -0,0 +1,10 @@
> > +$OpenBSD$
> > +--- vpnc.conf.orig Thu Sep 13 22:40:00 2007
> > ++++ vpnc.conf Thu Sep 13 22:39:04 2007
> > +@@ -4,3 +4,6 @@ IPSec secret <group-psk>
> > + IKE Authmode hybrid
> > + Xauth username <username>
> > + Xauth password <password>
> > ++
> > ++# run script to manipulate dns and routing settings
> > ++#Script /etc/vpnc/split.sh
> > Index: pkg/PLIST
> > ===================================================================
> > RCS file: /cvs/ports/security/vpnc/pkg/PLIST,v
> > retrieving revision 1.5
> > diff -u -p -r1.5 PLIST
> > --- pkg/PLIST 29 Jun 2006 17:26:15 -0000 1.5
> > +++ pkg/PLIST 31 Mar 2008 13:58:49 -0000
> > @@ -5,6 +5,10 @@ share/doc/vpnc/
> > share/doc/vpnc/README
> > share/examples/vpnc/
> > @sample ${SYSCONFDIR}/vpnc/
> > +share/examples/vpnc/split.sh
> > [EMAIL PROTECTED] 0755
> > [EMAIL PROTECTED] ${SYSCONFDIR}/vpnc/split.sh
> > [EMAIL PROTECTED]
> > share/examples/vpnc/vpnc-script
> > @mode 0755
> > @sample ${SYSCONFDIR}/vpnc/vpnc-script
> >
>
>
--
Pierre-Emmanuel André <pea at raveland.org>
GPG key: 0x7AE329DC
