ipsec: T2816: IPSec python rework, includes DMVPN and VTI support

3 files changed, 20 insertions, 0 deletions

diff --git a/debian/control b/debian/control
index e4ecac616..3ec5ccb7d 100644
--- a/debian/control
+++ b/debian/control
@@ -71,6 +71,9 @@ Depends:
   libnetfilter-conntrack3,
   libnfnetlink0,
   libpam-radius-auth (>= 1.5.0),
+  libstrongswan-standard-plugins (>=5.6),
+  libstrongswan-extra-plugins (>=5.6),
+  libcharon-extra-plugins (>=5.6),
   libvyosconfig0,
   lldpd,
   lm-sensors,
@@ -98,6 +101,7 @@ Depends:
   procps,
   python3,
   python3-certbot-nginx,
+  python3-crypto,
   ${python3:Depends},
   python3-flask,
   python3-hurry.filesize,
@@ -127,6 +131,8 @@ Depends:
   squidclient,
   squidguard,
   ssl-cert,
+  strongswan (>= 5.6),
+  strongswan-swanctl (>= 5.6),
   systemd,
   tcpdump,
   tcptraceroute,
diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install
index 51a1bb38a..e5de7f074 100644
--- a/debian/vyos-1x.install
+++ b/debian/vyos-1x.install
@@ -1,4 +1,5 @@
 etc/dhcp
+etc/ipsec.d
 etc/netplug
 etc/ppp
 etc/rsyslog.d
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index 8acc87cc8..136d025d4 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -66,3 +66,16 @@ fi
 
 # ensure hte proxy user has a proper shell
 chsh -s /bin/sh proxy
+
+# vyatta-cfg-vpn migration
+for init in openswan ipsec setkey; do
+  update-rc.d -f ${init} remove >/dev/null
+done
+
+# remove keys
+rm -f /etc/ipsec.secrets
+touch /etc/ipsec.secrets
+chown root:root /etc/ipsec.secrets
+chmod 600 /etc/ipsec.secrets
+rm -f /etc/ipsec.d/private/localhost.localdomainKey.pem
+rm -f /etc/ipsec.d/certs/localhost.localdomainCert.pem
\ No newline at end of file