diff options
-rwxr-xr-x | debian/rules | 3 | ||||
-rw-r--r-- | debian/strongswan.config | 4 | ||||
-rw-r--r-- | debian/strongswan.postinst | 53 | ||||
-rw-r--r-- | debian/strongswan.templates.master | 16 |
4 files changed, 73 insertions, 3 deletions
diff --git a/debian/rules b/debian/rules index c4ff0d793..1bbae3ae3 100755 --- a/debian/rules +++ b/debian/rules @@ -5,9 +5,6 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -# This is the debhelper compatability version to use. -export DH_COMPAT=4 - export DH_OPTIONS ifeq (,$(wildcard /usr/bin/po2debconf)) diff --git a/debian/strongswan.config b/debian/strongswan.config index 0d051f4ce..4bb4cf405 100644 --- a/debian/strongswan.config +++ b/debian/strongswan.config @@ -4,6 +4,10 @@ db_input medium strongswan/start_level || true +db_input high strongswan/ikev1 || true + +db_input high strongswan/ikev2 || true + db_input medium strongswan/restart || true db_input high strongswan/enable-oe || true diff --git a/debian/strongswan.postinst b/debian/strongswan.postinst index 13a11017d..e66e810e3 100644 --- a/debian/strongswan.postinst +++ b/debian/strongswan.postinst @@ -99,6 +99,46 @@ make_x509_cert() { -days $2 $selfsigned >/dev/null } +enable_daemon_start() { + daemon=$1 + protocol=$2 + + echo -n "Enabling ${protocol} support by pluto ... " + if egrep -q "^\w+${daemon}start=yes\w*$" /etc/ipsec.conf; then + echo "already enabled" + elif egrep -q "^\w+${daemon}start=no\w*$" /etc/ipsec.conf; then + sed "s/${daemon}start=no/${daemon}start=yes/" < /etc/ipsec.conf > /etc/ipsec.conf.tmp + cp /etc/ipsec.conf.tmp /etc/ipsec.conf + rm /etc/ipsec.conf.tmp + echo "done" + elif egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" /etc/ipsec.conf; then + sed "s/^\w+#\w*${daemon}start=(yes|no)\w*$/\t${daemon}start=yes/" < /etc/ipsec.conf > /etc/ipsec.conf.tmp + cp /etc/ipsec.conf.tmp /etc/ipsec.conf + rm /etc/ipsec.conf.tmp + echo "done" + else + echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" + fi +} + +disable_daemon_start() { + daemon=$1 + protocol=$2 + + echo -n "Disabling ${protocol} support by pluto ... " + if egrep -q "^\w+${daemon}start=no\w*$" /etc/ipsec.conf || + egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" /etc/ipsec.conf; then + echo "already disabled" + elif egrep -q "^\w+${daemon}start=yes\w*$" /etc/ipsec.conf; then + sed "s/${daemon}start=yes/${daemon}start=no/" < /etc/ipsec.conf > /etc/ipsec.conf.tmp + cp /etc/ipsec.conf.tmp /etc/ipsec.conf + rm /etc/ipsec.conf.tmp + echo "done" + else + echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!" + fi +} + . /usr/share/debconf/confmodule case "$1" in @@ -242,6 +282,19 @@ EOF fi fi + db_get strongswan/ikev1 + if [ "$RET" != "true" ]; then + enable_daemon_start "pluto" "IKEv1" + else + disable_daemon_start "pluto" "IKEv1" + fi + db_get strongswan/ikev2 + if [ "$RET" != "true" ]; then + enable_daemon_start "charon" "IKEv2" + else + disable_daemon_start "charon" "IKEv2" + fi + if [ -z "$2" ]; then # no old configured version - start strongswan now invoke-rc.d ipsec start || true diff --git a/debian/strongswan.templates.master b/debian/strongswan.templates.master index ca8b8e6e5..882dcc113 100644 --- a/debian/strongswan.templates.master +++ b/debian/strongswan.templates.master @@ -34,6 +34,22 @@ _Description: Do you wish to restart strongSwan? to restart, so this is generally a good idea. However this might take down existing connections and then bring them back up. +Template: strongswan/ikev1 +Type: boolean +Default: true +_Description: Do you wish to support IKEv1? + strongSwan supports both versions of the Internet Key Exchange protocol, + IKEv1 and IKEv2. Do you want to start the "pluto" daemon for IKEv1 support + when strongSwan is started? + +Template: strongswan/ikev2 +Type: boolean +Default: true +_Description: Do you wish to support IKEv2? + strongSwan supports both versions of the Internet Key Exchange protocol, + IKEv1 and IKEv2. Do you want to start the "charon" daemon for IKEv2 support + when strongSwan is started? + Template: strongswan/create_rsa_key Type: boolean Default: true |