ipsec-tools: racoon uci integration

Signed-Off-By: Vitaly Protsko <villy@sft.ru> --- b/net/ipsec-tools/Makefile | 16 - b/net/ipsec-tools/files/functions.sh | 137 +++++++++ b/net/ipsec-tools/files/p1client-down | 41 ++ b/net/ipsec-tools/files/p1client-up | 41 ++ b/net/ipsec-tools/files/racoon | 109 +++++++ b/net/ipsec-tools/files/racoon.init | 478 +++++++++++++++++++++++++++++++++- b/net/ipsec-tools/files/vpnctl | 19 + net/ipsec-tools/files/racoon.conf | 36 -- 8 files changed, 824 insertions(+), 53 deletions(-)
2026-04-30 07:28:39 +01:00 · 2015-03-10 16:24:22 +03:00
parent 96ef85a37e
commit 2564e407d2
8 changed files with 824 additions and 53 deletions
@@ -0,0 +1,109 @@
+#/etc/config/racoon
+#
+# Copyright 2015 Vitaly Protsko <villy@sft.ru>
+
+# * WARNING: this is "not working" example
+# * Defaults are commented out
+# * Resuting config will appear in /var/racoon/
+
+config racoon
+#	option	debug		0
+#	option	ext_zone	'wan'
+#	option	int_zone	'lan'
+#	option	port		500
+#	option	natt_port	4500
+# following 4 or 6, no default
+#	option	ipversion	4
+
+config p1_proposal 'example_prop1'
+#	option	lifetime	28800
+	option	enc_alg		'aes'
+	option	hash_alg	'sha1'
+	option	auth_method	'rsasig'
+	option	dh_group	2
+
+config p1_proposal 'example_anon'
+#	option	lifetime	28800
+	option	enc_alg		'aes'
+	option	hash_alg	'sha1'
+	option	auth_method	'xauth_rsa_server'
+	option	dh_group	2
+
+config p1_proposal 'example_xauth'
+#	option	lifetime	28800
+	option	enc_alg		'aes'
+	option	hash_alg	'sha1'
+	option	auth_method	'xauth_rsa_client'
+	option	dh_group	2
+
+config p2_proposal 'example_prop2'
+	option	pfs_group	2
+	option	enc_alg		'aes'
+	option	auth_alg	'hmac_sha1'
+
+config p2_proposal 'example_in2'
+	option	pfs_group	2
+#	option	lifetime	14400
+	option	enc_alg		'aes'
+	option	auth_alg	'hmac_sha1'
+
+config sainfo 'office'
+	option	p2_proposal	'example_prop2'
+	option	local_net	'192.168.8.0/24'
+	option	remote_net	'192.168.1.0/24'
+
+config sainfo 'welcome'
+	option	p2_proposal	'example_in2'
+	option	local_net	'192.168.8.0/24'
+	option	remote_net	'192.168.10.0/24'
+	option	dns4		'192.168.8.1'
+	option	defdomain	'myhome.local'
+
+config sainfo 'client'
+	p2_proposal		'std_p2'
+
+config tunnel 'Office'
+	option	enabled		1
+# initial_contact
+#	option	init		1
+	option	remote		'vpn.example.tld'
+	option	exchange_mode	'main'
+	option	certificate	'example_cert'
+#	option	peer_id_type	'asn1dn'
+#	option	prop_check	'obey'
+#	option	verify_id	1
+#	option	weak_p1check	1
+#	option	dpd_delay	''
+	list	p1_proposal	'example_prop1'
+	list	sainfo		'office'
+
+# WARNING:	Only ONE tunnel with remote anonymous
+#		can be configured and it can have only
+#		ONE sainfo. Otherwise resulting racoon
+#		configuration will be unusable
+config tunnel 'Incoming'
+	option	enabled		1
+	option	remote		'anonymous'
+	option	pre_shared_key	'testitnow'
+	option	exchange_mode	'aggressive,main'
+	option	my_id_type	'fqdn'
+	option	my_id		'myserver.homeip.net'
+	list	p1_proposal	'example_anon'
+	list	sainfo		'welcome'
+
+config tunnel 'Client'
+	option	enabled		1
+	option	remote		'vpn.example.tld'
+	option	username	'testuser'
+	option	password	'testW0rD'
+#	option	mode_cfg	1
+	list	p1_proposal	'example_xauth'
+	list	sainfo		'client'
+
+# Insert corresponding data in PEM format as one line
+config 'certificate' 'example_cert'
+	option	'key'	'-----BEGIN PRIVATE KEY----- ~ -----END PRIVATE KEY-----'
+	option	'crt'	'-----BEGIN CERTIFICATE----- ~ -----END CERTIFICATE-----'
+
+config	'certificate' 'example_ca_cert'
+	option	'crt'	'-----BEGIN CERTIFICATE----- ~ -----END CERTIFICATE-----'