ipsec-tools: install a sample config file for racoon

Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
2026-06-04 14:39:54 +00:00 · 2015-02-16 11:14:34 +08:00
parent b740f2712f
commit a900b9b577
2 changed files with 47 additions and 0 deletions
@@ -0,0 +1,40 @@
+#
+# NOTE: This file will not be used if you use racoon-tool(8) to manage your
+# IPsec connections. racoon-tool will process racoon-tool.conf(5) and
+# generate a configuration (/var/lib/racoon/racoon.conf) and use it, instead
+# of this file.
+#
+# Simple racoon.conf
+# 
+#
+# Please look in /usr/share/doc/racoon/examples for
+# examples that come with the source.
+#
+# Please read racoon.conf(5) for details, and alsoread setkey(8).
+#
+#
+# Also read the Linux IPSEC Howto up at 
+# http://www.ipsec-howto.org/t1.html 
+#
+log notify;
+path pre_shared_key "/etc/racoon/psk.txt";
+path certificate "/etc/racoon/certs";
+
+#remote 172.31.1.1 {
+#        exchange_mode main,aggressive;
+#        proposal {
+#                encryption_algorithm 3des;
+#                hash_algorithm sha1;
+#                authentication_method pre_shared_key;
+#                dh_group modp1024;
+#        }
+#        generate_policy off;
+#}
+# 
+#sainfo address 192.168.203.10[any] any address 192.168.22.0/24[any] any {
+#        pfs_group modp768;
+#        encryption_algorithm 3des;
+#        authentication_algorithm hmac_md5;
+#        compression_algorithm deflate;
+#}
+
@@ -15,6 +15,7 @@ SRC_URI = "ftp://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${PV
           file://racoon-check-invalid-ivm.patch \
           file://glibc-2.20.patch \
           file://racoon-Resend-UPDATE-message-when-received-EINTR-message.patch \
+           file://racoon.conf.sample \
          "
 SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
 SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"
@@ -54,6 +55,7 @@ EXTRA_OECONF = "--with-kernel-headers=${STAGING_INCDIR} \
                --enable-shared \
                --enable-dpd \
                --enable-natt=yes \
+                --sysconfdir=${sysconfdir}/racoon \
                ${@base_contains('DISTRO_FEATURES', 'ipv6', '--enable-ipv6=yes', '', d)}"

 # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530527
@@ -62,3 +64,8 @@ CFLAGS += "-fno-strict-aliasing"
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,"
 PACKAGECONFIG[selinux] = "--enable-security-context,--disable-security-context,libselinux,"
+
+do_install_append() {
+    install -d ${D}${sysconfdir}/racoon
+    install -m 0644 ${WORKDIR}/racoon.conf.sample ${D}${sysconfdir}/racoon/racoon.conf
+}