summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xdebian/rules3
-rw-r--r--debian/strongswan.config4
-rw-r--r--debian/strongswan.postinst53
-rw-r--r--debian/strongswan.templates.master16
4 files changed, 73 insertions, 3 deletions
diff --git a/debian/rules b/debian/rules
index c4ff0d793..1bbae3ae3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -5,9 +5,6 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
-# This is the debhelper compatability version to use.
-export DH_COMPAT=4
-
export DH_OPTIONS
ifeq (,$(wildcard /usr/bin/po2debconf))
diff --git a/debian/strongswan.config b/debian/strongswan.config
index 0d051f4ce..4bb4cf405 100644
--- a/debian/strongswan.config
+++ b/debian/strongswan.config
@@ -4,6 +4,10 @@
db_input medium strongswan/start_level || true
+db_input high strongswan/ikev1 || true
+
+db_input high strongswan/ikev2 || true
+
db_input medium strongswan/restart || true
db_input high strongswan/enable-oe || true
diff --git a/debian/strongswan.postinst b/debian/strongswan.postinst
index 13a11017d..e66e810e3 100644
--- a/debian/strongswan.postinst
+++ b/debian/strongswan.postinst
@@ -99,6 +99,46 @@ make_x509_cert() {
-days $2 $selfsigned >/dev/null
}
+enable_daemon_start() {
+ daemon=$1
+ protocol=$2
+
+ echo -n "Enabling ${protocol} support by pluto ... "
+ if egrep -q "^\w+${daemon}start=yes\w*$" /etc/ipsec.conf; then
+ echo "already enabled"
+ elif egrep -q "^\w+${daemon}start=no\w*$" /etc/ipsec.conf; then
+ sed "s/${daemon}start=no/${daemon}start=yes/" < /etc/ipsec.conf > /etc/ipsec.conf.tmp
+ cp /etc/ipsec.conf.tmp /etc/ipsec.conf
+ rm /etc/ipsec.conf.tmp
+ echo "done"
+ elif egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" /etc/ipsec.conf; then
+ sed "s/^\w+#\w*${daemon}start=(yes|no)\w*$/\t${daemon}start=yes/" < /etc/ipsec.conf > /etc/ipsec.conf.tmp
+ cp /etc/ipsec.conf.tmp /etc/ipsec.conf
+ rm /etc/ipsec.conf.tmp
+ echo "done"
+ else
+ echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!"
+ fi
+}
+
+disable_daemon_start() {
+ daemon=$1
+ protocol=$2
+
+ echo -n "Disabling ${protocol} support by pluto ... "
+ if egrep -q "^\w+${daemon}start=no\w*$" /etc/ipsec.conf ||
+ egrep -q "^\w+#\w*${daemon}start=(yes|no)\w*$" /etc/ipsec.conf; then
+ echo "already disabled"
+ elif egrep -q "^\w+${daemon}start=yes\w*$" /etc/ipsec.conf; then
+ sed "s/${daemon}start=yes/${daemon}start=no/" < /etc/ipsec.conf > /etc/ipsec.conf.tmp
+ cp /etc/ipsec.conf.tmp /etc/ipsec.conf
+ rm /etc/ipsec.conf.tmp
+ echo "done"
+ else
+ echo "ERROR: unknown or nonexistant ${daemon}start= directive, please fix manually!"
+ fi
+}
+
. /usr/share/debconf/confmodule
case "$1" in
@@ -242,6 +282,19 @@ EOF
fi
fi
+ db_get strongswan/ikev1
+ if [ "$RET" != "true" ]; then
+ enable_daemon_start "pluto" "IKEv1"
+ else
+ disable_daemon_start "pluto" "IKEv1"
+ fi
+ db_get strongswan/ikev2
+ if [ "$RET" != "true" ]; then
+ enable_daemon_start "charon" "IKEv2"
+ else
+ disable_daemon_start "charon" "IKEv2"
+ fi
+
if [ -z "$2" ]; then
# no old configured version - start strongswan now
invoke-rc.d ipsec start || true
diff --git a/debian/strongswan.templates.master b/debian/strongswan.templates.master
index ca8b8e6e5..882dcc113 100644
--- a/debian/strongswan.templates.master
+++ b/debian/strongswan.templates.master
@@ -34,6 +34,22 @@ _Description: Do you wish to restart strongSwan?
to restart, so this is generally a good idea. However this might take down
existing connections and then bring them back up.
+Template: strongswan/ikev1
+Type: boolean
+Default: true
+_Description: Do you wish to support IKEv1?
+ strongSwan supports both versions of the Internet Key Exchange protocol,
+ IKEv1 and IKEv2. Do you want to start the "pluto" daemon for IKEv1 support
+ when strongSwan is started?
+
+Template: strongswan/ikev2
+Type: boolean
+Default: true
+_Description: Do you wish to support IKEv2?
+ strongSwan supports both versions of the Internet Key Exchange protocol,
+ IKEv1 and IKEv2. Do you want to start the "charon" daemon for IKEv2 support
+ when strongSwan is started?
+
Template: strongswan/create_rsa_key
Type: boolean
Default: true