Attachment #210512 for bug #243166

View | Details | Raw Unified | Return to bug 243166
Collapse All | Expand All




# Created by: Riaan Kruger <riaank@gmail.com>
# $FreeBSD$

PORTNAME=	strongswan
PORTVERSION=	5.8.2
PORTREVISION=	1
CATEGORIES=	security net-vpn
MASTER_SITES=	http://download.strongswan.org/ \
		http://download2.strongswan.org/

MAINTAINER=	strongswan@nanoteq.com
COMMENT=	Open Source IKEv2 IPsec-based VPN solution

LICENSE=	GPLv2
LICENSE_FILE=	${WRKSRC}/LICENSE

USES=		cpe libtool:keepla pkgconfig tar:bzip2 ssl
USE_RC_SUBR=	strongswan
USE_LDCONFIG=	${PREFIX}/lib/ipsec

GNU_CONFIGURE=	yes
INSTALL_TARGET=	install-strip

CONFIGURE_ARGS=	--enable-kernel-pfkey \
		--enable-kernel-pfroute  \
		--disable-kernel-netlink  \
		--disable-scripts  \
		--disable-gmp \
		--enable-openssl \
		--enable-eap-identity \
		--enable-eap-md5 \
		--enable-eap-tls \
		--enable-eap-mschapv2 \
		--enable-eap-peap \
		--enable-eap-ttls \
		--enable-md4 \
		--enable-blowfish \
		--enable-addrblock \
		--enable-whitelist \
		--enable-cmd \
		--with-group=wheel  \
		--with-lib-prefix=${PREFIX}

OPTIONS_DEFINE=	CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE GCM IKEV1 \
		IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MEDIATION MYSQL PKI \
		PKCS11 SCEP SMP SQLITE SWANCTL TESTVECTOR TPM UNBOUND UNITY \
		VICI XAUTH
OPTIONS_DEFINE_i386=	VIA
OPTIONS_DEFAULT=	BUILTIN CURL IKEV1 PKI SWANCTL VICI
OPTIONS_SINGLE=	PRINTF_HOOKS
OPTIONS_SINGLE_PRINTF_HOOKS=	BUILTIN LIBC VSTR
OPTIONS_SUB=	yes

# Description of options
BUILTIN_DESC=	Use builtin printf hooks
CURL_DESC=	Enable CURL to fetch CRL/OCSP
EAPAKA3GPP2_DESC=	Enable EAP AKA with 3gpp2 backend
EAPDYNAMIC_DESC=	Enable EAP dynamic proxy module
EAPRADIUS_DESC=		Enable EAP Radius proxy authentication
EAPSIMFILE_DESC=	Enable EAP SIM with file backend
GCM_DESC=		Enable GCM AEAD wrapper crypto plugin
IKEV1_DESC=	Enable IKEv1 support
IPSECKEY_DESC=	Enable authentication with IPSECKEY resource records with DNSSEC
KERNELLIBIPSEC_DESC=	Enable IPSec userland backend
LIBC_DESC=	Use libc printf hooks
LOADTESTER_DESC=	Enable load testing plugin
MEDIATION_DESC=		Enable IKEv2 Mediation Extension
PKCS11_DESC=	Enable PKCS11 token support
PKI_DESC=	Enable PKI tools
SCEP_DESC=	Enable Simple Certificate Enrollment Protocol
SMP_DESC=	Enable XML-based management protocol (DEPRECATED)
SWANCTL_DESC=	Install swanctl (requires VICI)
TESTVECTOR_DESC=	Enable crypto test vectors
TPM_DESC=	Enable TPM plugin
UNBOUND_DESC=	Enable DNSSEC-enabled resolver
UNITY_DESC=	Enable Cisco Unity extension plugin
VIA_DESC=	Enable VIA Padlock support
VICI_DESC=	Enable VICI management protocol
VSTR_DESC=	Use devel/vstr printf hooks
XAUTH_DESC=	Enable XAuth password verification

# Extra options
BUILTIN_CONFIGURE_ON=	--with-printf-hooks=builtin
CURL_CONFIGURE_ON=	--enable-curl
CURL_LIB_DEPENDS=	libcurl.so:ftp/curl
EAPAKA3GPP2_CONFIGURE_ON=	--enable-eap-aka --enable-eap-aka-3gpp2
EAPAKA3GPP2_LIB_DEPENDS=libgmp.so:math/gmp
EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic
EAPRADIUS_CONFIGURE_ON=	--enable-eap-radius
EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file
GCM_CONFIGURE_ON=	--enable-gcm
IKEV1_CONFIGURE_OFF=	--disable-ikev1
IPSECKEY_CONFIGURE_ON=	--enable-ipseckey
KERNELLIBIPSEC_CONFIGURE_ON=	--enable-kernel-libipsec
LDAP_CONFIGURE_ON=	--enable-ldap
LDAP_USE=		OPENLDAP=yes
LIBC_CONFIGURE_ON=	--with-printf-hooks=glibc
LOADTESTER_CONFIGURE_ON=--enable-load-tester
MEDIATION_CONFIGURE_ON=	--enable-mediation
MYSQL_CONFIGURE_ON=	--enable-mysql
MYSQL_USES=		mysql
PKCS11_CONFIGURE_ON=	--enable-pkcs11
PKI_CONFIGURE_OFF=	--disable-pki
SCEP_CONFIGURE_OFF=	--disable-scepclient
SMP_CONFIGURE_ON=	--enable-smp
SMP_LIB_DEPENDS=	libxml2.so:textproc/libxml2
SQLITE_CONFIGURE_ON=	--enable-sqlite
SQLITE_LIB_DEPENDS=	libsqlite3.so:databases/sqlite3
SWANCTL_CONFIGURE_ON=	--enable-swanctl
SWANCTL_IMPLIES=	VICI
TESTVECTOR_CONFIGURE_ON=--enable-test-vectors
TPM_CONFIGURE_ON=	--enable-tpm
UNBOUND_CONFIGURE_ON=	--enable-unbound
UNBOUND_LIB_DEPENDS=	libunbound.so:dns/unbound \
			libldns.so:dns/ldns
UNITY_CONFIGURE_ON=	--enable-unity
VIA_CONFIGURE_ON=	--enable-padlock
VICI_CONFIGURE_ON=	--enable-vici
VSTR_CONFIGURE_ON=	--with-printf-hooks=vstr
VSTR_LIB_DEPENDS=	libvstr.so:devel/vstr
XAUTH_CONFIGURE_ON=	--enable-xauth-eap \
			--enable-xauth-generic \
			--enable-xauth-pam

.include <bsd.port.options.mk>

.if ${PORT_OPTIONS:MEAPSIMFILE} || ${PORT_OPTIONS:MEAPAKA3GPP2}
PLIST_SUB+=	SIMAKA=""
.else
PLIST_SUB+=	SIMAKA="@comment "
.endif

.if ${PORT_OPTIONS:MMYSQL} || ${PORT_OPTIONS:MSQLITE}
CONFIGURE_ARGS+=	--enable-attr-sql --enable-sql
PLIST_SUB+=	SQL=""
.else
PLIST_SUB+=	SQL="@comment "
.endif

.if ${PORT_OPTIONS:MIKEV1} || ${PORT_OPTIONS:MXAUTH}
PLIST_SUB+=	XAUTHGEN=""
.else
PLIST_SUB+=	XAUTHGEN="@comment "
.endif

# Hack to disable VIA in plist of unsupported architectures
.if ! ${OPTIONS_DEFINE:MVIA}
PLIST_SUB+=	VIA="@comment "
.else
.endif

post-install:
.if ${PORT_OPTIONS:MVICI}
	${INSTALL_DATA} ${WRKSRC}/src/libcharon/plugins/vici/libvici.h \
		${STAGEDIR}${PREFIX}/include
.endif

.include <bsd.port.mk>




#!/bin/sh
# Start or stop strongswan
# $FreeBSD$

# PROVIDE: strongswan
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown

# strongswan_enable (bool):
#	Set it to "YES" to enable strongswan
#	Default is "NO"
# strongswan_interface (string):
#	Set the control interface to use.
#	Valid options are:
#	"stroke" for the old ipsec/startr interface
#	"vici" for the newer swanctl intrface
#	Default is "stroke"

. /etc/rc.subr

name=strongswan
desc="Strongswan IPsec startup script"
required_modules="ipsec"
rcvar=strongswan_enable

load_rc_config $name

: ${strongswan_enable:=NO}
: ${strongswan_interface:="stroke"}

extra_commands="reload statusall"

charon_command=%%PREFIX%%/libexec/ipsec/charon
charon_pidfile=/var/run/charon.pid
swanctl_command=%%PREFIX%%/sbin/swanctl

case $strongswan_interface in
[Ss][Tt][Rr][Oo][Kk][Ee])
	# "stroke"
	command="%%PREFIX%%/sbin/ipsec"
	start_precmd=command_args=start
	stop_cmd="${command} stop"
	status_cmd="${command} status"
	reload_cmd="${command} reload"
	statusall_cmd="${command} statusall"
	;;

[Vv][Ii][Cc][Ii])
	# "vici"
	command=/usr/sbin/daemon
	pidfile=/var/run/daemon-charon.pid
	command_args="-S -P ${pidfile} ${charon_command} --use-syslog"

	required_files=${charon_command}
	extra_commands="reload statusall"

	start_postcmd=${name}_swanctl_poststart
	status_cmd="${swanctl_command} --stats"
	reload_cmd=${name}_swanctl_reload
	statusall_cmd=${name}_swanctl_statusall
	;;

	*)
	# "default"
	warn "\$strongswan_interface setting is invalid - options supported are \"stroke\" or \"vici\"."
	exit 1
	;;
esac

strongswan_swanctl_poststart()
{
	local _waitmax=5

	# Need to wait for charon to finish startup,
	# else vici socket is unreadable
	while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do
		sleep 1
		_waitmax=$((_waitmax - 1))
	done

	${swanctl_command} --load-all --noprompt
}

strongswan_swanctl_reload()
{
	${swanctl_command} --reload-settings
	${swanctl_command} --load-all --noprompt
}

strongswan_swanctl_statusall()
{
	${swanctl_command} --stats
	${swanctl_command} --list-conns
	${swanctl_command} --list-sas
}

run_rc_command "$1"

Return to bug 243166

Lines 1-157 Link Here

(-)security/strongswan/Makefile (+1 lines)
1	# Created by: Riaan Kruger <riaank@gmail.com>	1	# Created by: Riaan Kruger <riaank@gmail.com>
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= strongswan	4	PORTNAME= strongswan
5	PORTVERSION= 5.8.2	5	PORTVERSION= 5.8.2
		6	PORTREVISION= 1
6	CATEGORIES= security net-vpn	7	CATEGORIES= security net-vpn
7	MASTER_SITES= http://download.strongswan.org/ \	8	MASTER_SITES= http://download.strongswan.org/ \
8	http://download2.strongswan.org/	9	http://download2.strongswan.org/
9		10
10	MAINTAINER= strongswan@nanoteq.com	11	MAINTAINER= strongswan@nanoteq.com
11	COMMENT= Open Source IKEv2 IPsec-based VPN solution	12	COMMENT= Open Source IKEv2 IPsec-based VPN solution
12		13
13	LICENSE= GPLv2	14	LICENSE= GPLv2
14	LICENSE_FILE= ${WRKSRC}/LICENSE	15	LICENSE_FILE= ${WRKSRC}/LICENSE
15		16
16	USES= cpe libtool:keepla pkgconfig tar:bzip2 ssl	17	USES= cpe libtool:keepla pkgconfig tar:bzip2 ssl
17	USE_RC_SUBR= strongswan	18	USE_RC_SUBR= strongswan
18	USE_LDCONFIG= ${PREFIX}/lib/ipsec	19	USE_LDCONFIG= ${PREFIX}/lib/ipsec
19		20
20	GNU_CONFIGURE= yes	21	GNU_CONFIGURE= yes
21	INSTALL_TARGET= install-strip	22	INSTALL_TARGET= install-strip
22		23
23	CONFIGURE_ARGS= --enable-kernel-pfkey \	24	CONFIGURE_ARGS= --enable-kernel-pfkey \
24	--enable-kernel-pfroute \	25	--enable-kernel-pfroute \
25	--disable-kernel-netlink \	26	--disable-kernel-netlink \
26	--disable-scripts \	27	--disable-scripts \
27	--disable-gmp \	28	--disable-gmp \
28	--enable-openssl \	29	--enable-openssl \
29	--enable-eap-identity \	30	--enable-eap-identity \
30	--enable-eap-md5 \	31	--enable-eap-md5 \
31	--enable-eap-tls \	32	--enable-eap-tls \
32	--enable-eap-mschapv2 \	33	--enable-eap-mschapv2 \
33	--enable-eap-peap \	34	--enable-eap-peap \
34	--enable-eap-ttls \	35	--enable-eap-ttls \
35	--enable-md4 \	36	--enable-md4 \
36	--enable-blowfish \	37	--enable-blowfish \
37	--enable-addrblock \	38	--enable-addrblock \
38	--enable-whitelist \	39	--enable-whitelist \
39	--enable-cmd \	40	--enable-cmd \
40	--with-group=wheel \	41	--with-group=wheel \
41	--with-lib-prefix=${PREFIX}	42	--with-lib-prefix=${PREFIX}
42		43
43	OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE GCM IKEV1 \	44	OPTIONS_DEFINE= CURL EAPAKA3GPP2 EAPDYNAMIC EAPRADIUS EAPSIMFILE GCM IKEV1 \
44	IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MEDIATION MYSQL PKI \	45	IPSECKEY KERNELLIBIPSEC LOADTESTER LDAP MEDIATION MYSQL PKI \
45	PKCS11 SCEP SMP SQLITE SWANCTL TESTVECTOR TPM UNBOUND UNITY \	46	PKCS11 SCEP SMP SQLITE SWANCTL TESTVECTOR TPM UNBOUND UNITY \
46	VICI XAUTH	47	VICI XAUTH
47	OPTIONS_DEFINE_i386= VIA	48	OPTIONS_DEFINE_i386= VIA
48	OPTIONS_DEFAULT= BUILTIN CURL IKEV1 PKI SWANCTL VICI	49	OPTIONS_DEFAULT= BUILTIN CURL IKEV1 PKI SWANCTL VICI
49	OPTIONS_SINGLE= PRINTF_HOOKS	50	OPTIONS_SINGLE= PRINTF_HOOKS
50	OPTIONS_SINGLE_PRINTF_HOOKS= BUILTIN LIBC VSTR	51	OPTIONS_SINGLE_PRINTF_HOOKS= BUILTIN LIBC VSTR
51	OPTIONS_SUB= yes	52	OPTIONS_SUB= yes
52		53
53	# Description of options	54	# Description of options
54	BUILTIN_DESC= Use builtin printf hooks	55	BUILTIN_DESC= Use builtin printf hooks
55	CURL_DESC= Enable CURL to fetch CRL/OCSP	56	CURL_DESC= Enable CURL to fetch CRL/OCSP
56	EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend	57	EAPAKA3GPP2_DESC= Enable EAP AKA with 3gpp2 backend
57	EAPDYNAMIC_DESC= Enable EAP dynamic proxy module	58	EAPDYNAMIC_DESC= Enable EAP dynamic proxy module
58	EAPRADIUS_DESC= Enable EAP Radius proxy authentication	59	EAPRADIUS_DESC= Enable EAP Radius proxy authentication
59	EAPSIMFILE_DESC= Enable EAP SIM with file backend	60	EAPSIMFILE_DESC= Enable EAP SIM with file backend
60	GCM_DESC= Enable GCM AEAD wrapper crypto plugin	61	GCM_DESC= Enable GCM AEAD wrapper crypto plugin
61	IKEV1_DESC= Enable IKEv1 support	62	IKEV1_DESC= Enable IKEv1 support
62	IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC	63	IPSECKEY_DESC= Enable authentication with IPSECKEY resource records with DNSSEC
63	KERNELLIBIPSEC_DESC= Enable IPSec userland backend	64	KERNELLIBIPSEC_DESC= Enable IPSec userland backend
64	LIBC_DESC= Use libc printf hooks	65	LIBC_DESC= Use libc printf hooks
65	LOADTESTER_DESC= Enable load testing plugin	66	LOADTESTER_DESC= Enable load testing plugin
66	MEDIATION_DESC= Enable IKEv2 Mediation Extension	67	MEDIATION_DESC= Enable IKEv2 Mediation Extension
67	PKCS11_DESC= Enable PKCS11 token support	68	PKCS11_DESC= Enable PKCS11 token support
68	PKI_DESC= Enable PKI tools	69	PKI_DESC= Enable PKI tools
69	SCEP_DESC= Enable Simple Certificate Enrollment Protocol	70	SCEP_DESC= Enable Simple Certificate Enrollment Protocol
70	SMP_DESC= Enable XML-based management protocol (DEPRECATED)	71	SMP_DESC= Enable XML-based management protocol (DEPRECATED)
71	SWANCTL_DESC= Install swanctl (requires VICI)	72	SWANCTL_DESC= Install swanctl (requires VICI)
72	TESTVECTOR_DESC= Enable crypto test vectors	73	TESTVECTOR_DESC= Enable crypto test vectors
73	TPM_DESC= Enable TPM plugin	74	TPM_DESC= Enable TPM plugin
74	UNBOUND_DESC= Enable DNSSEC-enabled resolver	75	UNBOUND_DESC= Enable DNSSEC-enabled resolver
75	UNITY_DESC= Enable Cisco Unity extension plugin	76	UNITY_DESC= Enable Cisco Unity extension plugin
76	VIA_DESC= Enable VIA Padlock support	77	VIA_DESC= Enable VIA Padlock support
77	VICI_DESC= Enable VICI management protocol	78	VICI_DESC= Enable VICI management protocol
78	VSTR_DESC= Use devel/vstr printf hooks	79	VSTR_DESC= Use devel/vstr printf hooks
79	XAUTH_DESC= Enable XAuth password verification	80	XAUTH_DESC= Enable XAuth password verification
80		81
81	# Extra options	82	# Extra options
82	BUILTIN_CONFIGURE_ON= --with-printf-hooks=builtin	83	BUILTIN_CONFIGURE_ON= --with-printf-hooks=builtin
83	CURL_CONFIGURE_ON= --enable-curl	84	CURL_CONFIGURE_ON= --enable-curl
84	CURL_LIB_DEPENDS= libcurl.so:ftp/curl	85	CURL_LIB_DEPENDS= libcurl.so:ftp/curl
85	EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka --enable-eap-aka-3gpp2	86	EAPAKA3GPP2_CONFIGURE_ON= --enable-eap-aka --enable-eap-aka-3gpp2
86	EAPAKA3GPP2_LIB_DEPENDS=libgmp.so:math/gmp	87	EAPAKA3GPP2_LIB_DEPENDS=libgmp.so:math/gmp
87	EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic	88	EAPDYNAMIC_CONFIGURE_ON=--enable-eap-dynamic
88	EAPRADIUS_CONFIGURE_ON= --enable-eap-radius	89	EAPRADIUS_CONFIGURE_ON= --enable-eap-radius
89	EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file	90	EAPSIMFILE_CONFIGURE_ON=--enable-eap-sim --enable-eap-sim-file
90	GCM_CONFIGURE_ON= --enable-gcm	91	GCM_CONFIGURE_ON= --enable-gcm
91	IKEV1_CONFIGURE_OFF= --disable-ikev1	92	IKEV1_CONFIGURE_OFF= --disable-ikev1
92	IPSECKEY_CONFIGURE_ON= --enable-ipseckey	93	IPSECKEY_CONFIGURE_ON= --enable-ipseckey
93	KERNELLIBIPSEC_CONFIGURE_ON= --enable-kernel-libipsec	94	KERNELLIBIPSEC_CONFIGURE_ON= --enable-kernel-libipsec
94	LDAP_CONFIGURE_ON= --enable-ldap	95	LDAP_CONFIGURE_ON= --enable-ldap
95	LDAP_USE= OPENLDAP=yes	96	LDAP_USE= OPENLDAP=yes
96	LIBC_CONFIGURE_ON= --with-printf-hooks=glibc	97	LIBC_CONFIGURE_ON= --with-printf-hooks=glibc
97	LOADTESTER_CONFIGURE_ON=--enable-load-tester	98	LOADTESTER_CONFIGURE_ON=--enable-load-tester
98	MEDIATION_CONFIGURE_ON= --enable-mediation	99	MEDIATION_CONFIGURE_ON= --enable-mediation
99	MYSQL_CONFIGURE_ON= --enable-mysql	100	MYSQL_CONFIGURE_ON= --enable-mysql
100	MYSQL_USES= mysql	101	MYSQL_USES= mysql
101	PKCS11_CONFIGURE_ON= --enable-pkcs11	102	PKCS11_CONFIGURE_ON= --enable-pkcs11
102	PKI_CONFIGURE_OFF= --disable-pki	103	PKI_CONFIGURE_OFF= --disable-pki
103	SCEP_CONFIGURE_OFF= --disable-scepclient	104	SCEP_CONFIGURE_OFF= --disable-scepclient
104	SMP_CONFIGURE_ON= --enable-smp	105	SMP_CONFIGURE_ON= --enable-smp
105	SMP_LIB_DEPENDS= libxml2.so:textproc/libxml2	106	SMP_LIB_DEPENDS= libxml2.so:textproc/libxml2
106	SQLITE_CONFIGURE_ON= --enable-sqlite	107	SQLITE_CONFIGURE_ON= --enable-sqlite
107	SQLITE_LIB_DEPENDS= libsqlite3.so:databases/sqlite3	108	SQLITE_LIB_DEPENDS= libsqlite3.so:databases/sqlite3
108	SWANCTL_CONFIGURE_ON= --enable-swanctl	109	SWANCTL_CONFIGURE_ON= --enable-swanctl
109	SWANCTL_IMPLIES= VICI	110	SWANCTL_IMPLIES= VICI
110	TESTVECTOR_CONFIGURE_ON=--enable-test-vectors	111	TESTVECTOR_CONFIGURE_ON=--enable-test-vectors
111	TPM_CONFIGURE_ON= --enable-tpm	112	TPM_CONFIGURE_ON= --enable-tpm
112	UNBOUND_CONFIGURE_ON= --enable-unbound	113	UNBOUND_CONFIGURE_ON= --enable-unbound
113	UNBOUND_LIB_DEPENDS= libunbound.so:dns/unbound \	114	UNBOUND_LIB_DEPENDS= libunbound.so:dns/unbound \
114	libldns.so:dns/ldns	115	libldns.so:dns/ldns
115	UNITY_CONFIGURE_ON= --enable-unity	116	UNITY_CONFIGURE_ON= --enable-unity
116	VIA_CONFIGURE_ON= --enable-padlock	117	VIA_CONFIGURE_ON= --enable-padlock
117	VICI_CONFIGURE_ON= --enable-vici	118	VICI_CONFIGURE_ON= --enable-vici
118	VSTR_CONFIGURE_ON= --with-printf-hooks=vstr	119	VSTR_CONFIGURE_ON= --with-printf-hooks=vstr
119	VSTR_LIB_DEPENDS= libvstr.so:devel/vstr	120	VSTR_LIB_DEPENDS= libvstr.so:devel/vstr
120	XAUTH_CONFIGURE_ON= --enable-xauth-eap \	121	XAUTH_CONFIGURE_ON= --enable-xauth-eap \
121	--enable-xauth-generic \	122	--enable-xauth-generic \
122	--enable-xauth-pam	123	--enable-xauth-pam
123		124
124	.include <bsd.port.options.mk>	125	.include <bsd.port.options.mk>
125		126
126	.if ${PORT_OPTIONS:MEAPSIMFILE} \|\| ${PORT_OPTIONS:MEAPAKA3GPP2}	127	.if ${PORT_OPTIONS:MEAPSIMFILE} \|\| ${PORT_OPTIONS:MEAPAKA3GPP2}
127	PLIST_SUB+= SIMAKA=""	128	PLIST_SUB+= SIMAKA=""
128	.else	129	.else
129	PLIST_SUB+= SIMAKA="@comment "	130	PLIST_SUB+= SIMAKA="@comment "
130	.endif	131	.endif
131		132
132	.if ${PORT_OPTIONS:MMYSQL} \|\| ${PORT_OPTIONS:MSQLITE}	133	.if ${PORT_OPTIONS:MMYSQL} \|\| ${PORT_OPTIONS:MSQLITE}
133	CONFIGURE_ARGS+= --enable-attr-sql --enable-sql	134	CONFIGURE_ARGS+= --enable-attr-sql --enable-sql
134	PLIST_SUB+= SQL=""	135	PLIST_SUB+= SQL=""
135	.else	136	.else
136	PLIST_SUB+= SQL="@comment "	137	PLIST_SUB+= SQL="@comment "
137	.endif	138	.endif
138		139
139	.if ${PORT_OPTIONS:MIKEV1} \|\| ${PORT_OPTIONS:MXAUTH}	140	.if ${PORT_OPTIONS:MIKEV1} \|\| ${PORT_OPTIONS:MXAUTH}
140	PLIST_SUB+= XAUTHGEN=""	141	PLIST_SUB+= XAUTHGEN=""
141	.else	142	.else
142	PLIST_SUB+= XAUTHGEN="@comment "	143	PLIST_SUB+= XAUTHGEN="@comment "
143	.endif	144	.endif
144		145
145	# Hack to disable VIA in plist of unsupported architectures	146	# Hack to disable VIA in plist of unsupported architectures
146	.if ! ${OPTIONS_DEFINE:MVIA}	147	.if ! ${OPTIONS_DEFINE:MVIA}
147	PLIST_SUB+= VIA="@comment "	148	PLIST_SUB+= VIA="@comment "
148	.else	149	.else
149	.endif	150	.endif
150		151
151	post-install:	152	post-install:
152	.if ${PORT_OPTIONS:MVICI}	153	.if ${PORT_OPTIONS:MVICI}
153	${INSTALL_DATA} ${WRKSRC}/src/libcharon/plugins/vici/libvici.h \	154	${INSTALL_DATA} ${WRKSRC}/src/libcharon/plugins/vici/libvici.h \
154	${STAGEDIR}${PREFIX}/include	155	${STAGEDIR}${PREFIX}/include
155	.endif	156	.endif
156		157
157	.include <bsd.port.mk>	158	.include <bsd.port.mk>

Lines 1-97 Link Here

(-)security/strongswan/files/strongswan.in (+1 lines)
1	#!/bin/sh	1	#!/bin/sh
2	# Start or stop strongswan	2	# Start or stop strongswan
3	# $FreeBSD$	3	# $FreeBSD$
4		4
5	# PROVIDE: strongswan	5	# PROVIDE: strongswan
6	# REQUIRE: DAEMON	6	# REQUIRE: DAEMON
7	# BEFORE: LOGIN	7	# BEFORE: LOGIN
8	# KEYWORD: shutdown	8	# KEYWORD: shutdown
9		9
10	# strongswan_enable (bool):	10	# strongswan_enable (bool):
11	# Set it to "YES" to enable strongswan	11	# Set it to "YES" to enable strongswan
12	# Default is "NO"	12	# Default is "NO"
13	# strongswan_interface (string):	13	# strongswan_interface (string):
14	# Set the control interface to use.	14	# Set the control interface to use.
15	# Valid options are:	15	# Valid options are:
16	# "stroke" for the old ipsec/startr interface	16	# "stroke" for the old ipsec/startr interface
17	# "vici" for the newer swanctl intrface	17	# "vici" for the newer swanctl intrface
18	# Default is "stroke"	18	# Default is "stroke"
19		19
20	. /etc/rc.subr	20	. /etc/rc.subr
21		21
22	name=strongswan	22	name=strongswan
23	desc="Strongswan IPsec startup script"	23	desc="Strongswan IPsec startup script"
		24	required_modules="ipsec"
24	rcvar=strongswan_enable	25	rcvar=strongswan_enable
25		26
26	load_rc_config $name	27	load_rc_config $name
27		28
28	: ${strongswan_enable:=NO}	29	: ${strongswan_enable:=NO}
29	: ${strongswan_interface:="stroke"}	30	: ${strongswan_interface:="stroke"}
30		31
31	extra_commands="reload statusall"	32	extra_commands="reload statusall"
32		33
33	charon_command=%%PREFIX%%/libexec/ipsec/charon	34	charon_command=%%PREFIX%%/libexec/ipsec/charon
34	charon_pidfile=/var/run/charon.pid	35	charon_pidfile=/var/run/charon.pid
35	swanctl_command=%%PREFIX%%/sbin/swanctl	36	swanctl_command=%%PREFIX%%/sbin/swanctl
36		37
37	case $strongswan_interface in	38	case $strongswan_interface in
38	[Ss][Tt][Rr][Oo][Kk][Ee])	39	[Ss][Tt][Rr][Oo][Kk][Ee])
39	# "stroke"	40	# "stroke"
40	command="%%PREFIX%%/sbin/ipsec"	41	command="%%PREFIX%%/sbin/ipsec"
41	start_precmd=command_args=start	42	start_precmd=command_args=start
42	stop_cmd="${command} stop"	43	stop_cmd="${command} stop"
43	status_cmd="${command} status"	44	status_cmd="${command} status"
44	reload_cmd="${command} reload"	45	reload_cmd="${command} reload"
45	statusall_cmd="${command} statusall"	46	statusall_cmd="${command} statusall"
46	;;	47	;;
47		48
48	[Vv][Ii][Cc][Ii])	49	[Vv][Ii][Cc][Ii])
49	# "vici"	50	# "vici"
50	command=/usr/sbin/daemon	51	command=/usr/sbin/daemon
51	pidfile=/var/run/daemon-charon.pid	52	pidfile=/var/run/daemon-charon.pid
52	command_args="-S -P ${pidfile} ${charon_command} --use-syslog"	53	command_args="-S -P ${pidfile} ${charon_command} --use-syslog"
53		54
54	required_files=${charon_command}	55	required_files=${charon_command}
55	extra_commands="reload statusall"	56	extra_commands="reload statusall"
56		57
57	start_postcmd=${name}_swanctl_poststart	58	start_postcmd=${name}_swanctl_poststart
58	status_cmd="${swanctl_command} --stats"	59	status_cmd="${swanctl_command} --stats"
59	reload_cmd=${name}_swanctl_reload	60	reload_cmd=${name}_swanctl_reload
60	statusall_cmd=${name}_swanctl_statusall	61	statusall_cmd=${name}_swanctl_statusall
61	;;	62	;;
62		63
63	*)	64	*)
64	# "default"	65	# "default"
65	warn "\$strongswan_interface setting is invalid - options supported are \"stroke\" or \"vici\"."	66	warn "\$strongswan_interface setting is invalid - options supported are \"stroke\" or \"vici\"."
66	exit 1	67	exit 1
67	;;	68	;;
68	esac	69	esac
69		70
70	strongswan_swanctl_poststart()	71	strongswan_swanctl_poststart()
71	{	72	{
72	local _waitmax=5	73	local _waitmax=5
73		74
74	# Need to wait for charon to finish startup,	75	# Need to wait for charon to finish startup,
75	# else vici socket is unreadable	76	# else vici socket is unreadable
76	while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do	77	while [ ! -f ${charon_pidfile} ] && [ ${_waitmax} -gt 0 ]; do
77	sleep 1	78	sleep 1
78	_waitmax=$((_waitmax - 1))	79	_waitmax=$((_waitmax - 1))
79	done	80	done
80		81
81	${swanctl_command} --load-all --noprompt	82	${swanctl_command} --load-all --noprompt
82	}	83	}
83		84
84	strongswan_swanctl_reload()	85	strongswan_swanctl_reload()
85	{	86	{
86	${swanctl_command} --reload-settings	87	${swanctl_command} --reload-settings
87	${swanctl_command} --load-all --noprompt	88	${swanctl_command} --load-all --noprompt
88	}	89	}
89		90
90	strongswan_swanctl_statusall()	91	strongswan_swanctl_statusall()
91	{	92	{
92	${swanctl_command} --stats	93	${swanctl_command} --stats
93	${swanctl_command} --list-conns	94	${swanctl_command} --list-conns
94	${swanctl_command} --list-sas	95	${swanctl_command} --list-sas
95	}	96	}
96		97
97	run_rc_command "$1"	98	run_rc_command "$1"