diff options
-rw-r--r-- | .SRCINFO | 30 | ||||
-rw-r--r-- | PKGBUILD | 60 | ||||
-rw-r--r-- | fortigate.patch | 22 | ||||
-rw-r--r-- | vpnc.conf | 17 | ||||
-rw-r--r-- | vpnc@.service | 10 |
5 files changed, 139 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..971c87560ef9 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,30 @@ +pkgbase = vpnc-fortigate + pkgdesc = VPN client for cisco3000 VPN Concentrators, fixed for Fortigate + pkgver = 0.5.3.svn550 + pkgrel = 1 + url = http://www.unix-ag.uni-kl.de/~massar/vpnc/ + arch = i686 + arch = x86_64 + license = GPL + makedepends = subversion + makedepends = git + depends = libgcrypt + depends = openssl + depends = iproute2 + optdepends = openresolv: Let vpnc manage resolv.conf + provides = vpnc + conflicts = vpnc + backup = etc/vpnc/default.conf + source = vpnc::svn+http://svn.unix-ag.uni-kl.de/vpnc/trunk#revision=550 + source = vpnc-scripts::git://git.infradead.org/users/dwmw2/vpnc-scripts.git#commit=df5808b + source = vpnc.conf + source = vpnc@.service + source = fortigate.patch + md5sums = SKIP + md5sums = SKIP + md5sums = a3f4e0cc682f437e310a1c86ae198e45 + md5sums = 09cfded435c43dd2adb5a8863bd74cfc + md5sums = 377d5b4ca66e4bd6d931aa4feae8f310 + +pkgname = vpnc-fortigate + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..34607eba1793 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,60 @@ +# Maintainer: David Flemström <david.flemstrom@gmail.com> + +pkgname=vpnc-fortigate +_svnrev=550 +pkgver=0.5.3.svn${_svnrev} +pkgrel=1 +pkgdesc="VPN client for cisco3000 VPN Concentrators, fixed for Fortigate" +url="http://www.unix-ag.uni-kl.de/~massar/vpnc/" +license=('GPL') +provides=('vpnc') +conflicts=('vpnc') +depends=('libgcrypt' 'openssl' 'iproute2') +makedepends=('subversion' 'git') +optdepends=('openresolv: Let vpnc manage resolv.conf') +arch=('i686' 'x86_64') +source=("vpnc::svn+http://svn.unix-ag.uni-kl.de/vpnc/trunk#revision=${_svnrev}" + "vpnc-scripts::git://git.infradead.org/users/dwmw2/vpnc-scripts.git#commit=df5808b" + 'vpnc.conf' + 'vpnc@.service' + 'fortigate.patch') +backup=('etc/vpnc/default.conf') +md5sums=('SKIP' + 'SKIP' + 'a3f4e0cc682f437e310a1c86ae198e45' + '09cfded435c43dd2adb5a8863bd74cfc' + '377d5b4ca66e4bd6d931aa4feae8f310') + +#pkgver() { +# cd vpnc +# _vpncver=$(cat VERSION) +# _svnrev=$(svn info | awk '/^Revision:/ { print $2 }') +# echo ${_vpncver}.svn${_svnrev} +#} + +prepare() { + # Build hybrid support + sed -i 's|^#OPENSSL|OPENSSL|g' vpnc/Makefile + + # fix resolvconf location for community/openresolv + sed -i 's|/sbin/resolvconf|/usr&|g' vpnc-scripts/vpnc-script + + # patch for Fortigate sending strange things + patch -p1 -d vpnc < "$srcdir"/fortigate.patch +} + +build() { + cd vpnc + make +} + +package() { + cd vpnc + + make DESTDIR="$pkgdir" PREFIX=/usr SBINDIR=/usr/bin install + + install -Dm644 "$srcdir"/vpnc.conf "$pkgdir"/etc/vpnc/default.conf + install -Dm755 "$srcdir"/vpnc-scripts/vpnc-script "$pkgdir"/etc/vpnc/vpnc-script + + install -Dm644 "$srcdir"/vpnc@.service "$pkgdir"/usr/lib/systemd/system/vpnc@.service +} diff --git a/fortigate.patch b/fortigate.patch new file mode 100644 index 000000000000..65f6305a8b4b --- /dev/null +++ b/fortigate.patch @@ -0,0 +1,22 @@ +diff -Naur a/vpnc.c b/vpnc.c +--- a/vpnc.c 2015-09-19 02:28:38.374444403 +0200 ++++ b/vpnc.c 2015-09-19 02:30:36.951980484 +0200 +@@ -1203,7 +1203,17 @@ + assert(a->af == isakmp_attr_16); + assert(a->u.attr_16 == IKE_LIFE_TYPE_SECONDS || a->u.attr_16 == IKE_LIFE_TYPE_K); + assert(a->next != NULL); +- assert(a->next->type == IKE_ATTRIB_LIFE_DURATION); ++ ++ /* ++ * Workaround for broken RESPONDER_LIFETIME payload from Fortigate ++ * firewall. If the next attribute is not the LIFE_DURATION, then ++ * just ignore this payload and move on. ++ */ ++ if (a->next->type != IKE_ATTRIB_LIFE_DURATION) { ++ DEBUG(2, printf("got bogus type %d instead of IKE_ATTRIB_LIFE_DURATION. Ignoring this payload.\n", ++ a->next->type)); ++ return; ++ } + + if (a->next->af == isakmp_attr_16) + value = a->next->u.attr_16; diff --git a/vpnc.conf b/vpnc.conf new file mode 100644 index 000000000000..914f827fd199 --- /dev/null +++ b/vpnc.conf @@ -0,0 +1,17 @@ +# example vpnc configuration file +# see vpnc --long-help for details + +#Interface name tun0 +#IKE DH Group dh2 +#Perfect Forward Secrecy nopfs + +# You may replace this script with something better +#Script /etc/vpnc/vpnc-script +# Enable this option for NAT traversal +#UDP Encapsulate + +#IPSec gateway my.gateway.com +#IPSec ID someid +#IPSec secret somesecret +#Xauth username myusername +#Xauth password mypassword diff --git a/vpnc@.service b/vpnc@.service new file mode 100644 index 000000000000..def8ed1769bd --- /dev/null +++ b/vpnc@.service @@ -0,0 +1,10 @@ +[Unit] +Description=VPNC connection to %i + +[Service] +Type=forking +ExecStart=/usr/bin/vpnc --pid-file=/run/vpnc@%i.pid /etc/vpnc/%i.conf +PIDFile=/run/vpnc@%i.pid + +[Install] +WantedBy=multi-user.target |