[IPFire-SCM] [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 6652626c88bca3a3e89126c47d31779740a21732

20 Mar 2010

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
       via  6652626c88bca3a3e89126c47d31779740a21732 (commit)
      from  f81179c3b21950bba2434b05a1f8b80b5567788c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6652626c88bca3a3e89126c47d31779740a21732
Author: Arne Fitzenreiter arne_f@ipfire.org
Date:   Sat Mar 20 22:31:43 2010 +0100
Add strongswan (4.3.6) for testing.
-----------------------------------------------------------------------
Summary of changes:
 config/rootfiles/common/openswan          |  302 ---------------------------
 config/rootfiles/common/strongswan        |  123 +++++++++++
 doc/packages-list.txt                     |   18 +-
 html/cgi-bin/vpnmain.cgi                  |   12 +-
 lfs/{fetchmail => strongswan}             |   50 +++--
 make.sh                                   |    7 +-
 src/initscripts/init.d/firewall           |   17 +-
 src/initscripts/init.d/ipsec              |  178 +----------------
 src/misc-progs/ipsecctrl.c                |   20 +-
 src/patches/strongswan-4.3.6_ipfire.patch |  317 +++++++++++++++++++++++++++++
 10 files changed, 507 insertions(+), 537 deletions(-)
 delete mode 100644 config/rootfiles/common/openswan
 create mode 100644 config/rootfiles/common/strongswan
 copy lfs/{fetchmail => strongswan} (77%)
 create mode 100644 src/patches/strongswan-4.3.6_ipfire.patch
Difference in files:

diff --git a/config/rootfiles/common/openswan b/config/rootfiles/common/openswan
deleted file mode 100644
index 4883788..0000000
--- a/config/rootfiles/common/openswan
+++ /dev/null
@@ -1,302 +0,0 @@
-etc/ipsec.conf
-#etc/ipsec.d
-etc/ipsec.d/aacerts
-etc/ipsec.d/cacerts
-etc/ipsec.d/certs
-etc/ipsec.d/crls
-#etc/ipsec.d/examples
-#etc/ipsec.d/examples/hub-spoke.conf
-#etc/ipsec.d/examples/ipv6.conf
-#etc/ipsec.d/examples/l2tp-cert.conf
-#etc/ipsec.d/examples/l2tp-psk.conf
-#etc/ipsec.d/examples/linux-linux.conf
-#etc/ipsec.d/examples/oe-exclude-dns.conf
-#etc/ipsec.d/examples/sysctl.conf
-#etc/ipsec.d/examples/xauth.conf
-etc/ipsec.d/ocspcerts
-etc/ipsec.d/policies
-#etc/ipsec.d/policies/block
-#etc/ipsec.d/policies/clear
-#etc/ipsec.d/policies/clear-or-private
-#etc/ipsec.d/policies/private
-#etc/ipsec.d/policies/private-or-clear
-etc/ipsec.d/private
-etc/ipsec.secrets
-#etc/rc.d/init.d/ipsec.old
-#etc/rc.d/rc0.d/K76ipsec
-#etc/rc.d/rc1.d
-#etc/rc.d/rc1.d/K76ipsec
-#etc/rc.d/rc2.d
-#etc/rc.d/rc2.d/S47ipsec
-#etc/rc.d/rc3.d/S47ipsec
-#etc/rc.d/rc4.d
-#etc/rc.d/rc4.d/S47ipsec
-#etc/rc.d/rc5.d
-#etc/rc.d/rc5.d/S47ipsec
-#etc/rc.d/rc6.d/K76ipsec
-usr/lib/ipsec
-#usr/lib/ipsec/_confread
-#usr/lib/ipsec/_copyright
-#usr/lib/ipsec/_include
-#usr/lib/ipsec/_keycensor
-#usr/lib/ipsec/_plutoload
-#usr/lib/ipsec/_plutorun
-#usr/lib/ipsec/_realsetup
-#usr/lib/ipsec/_secretcensor
-#usr/lib/ipsec/_startklips
-#usr/lib/ipsec/_startnetkey
-#usr/lib/ipsec/_updown
-#usr/lib/ipsec/_updown.klips
-#usr/lib/ipsec/_updown.klips~
-#usr/lib/ipsec/_updown.mast
-#usr/lib/ipsec/_updown.netkey
-usr/libexec/ipsec
-#usr/libexec/ipsec/_pluto_adns
-#usr/libexec/ipsec/addconn
-#usr/libexec/ipsec/auto
-#usr/libexec/ipsec/barf
-#usr/libexec/ipsec/eroute
-#usr/libexec/ipsec/ikeping
-#usr/libexec/ipsec/klipsdebug
-#usr/libexec/ipsec/look
-#usr/libexec/ipsec/newhostkey
-#usr/libexec/ipsec/pf_key
-#usr/libexec/ipsec/pluto
-#usr/libexec/ipsec/ranbits
-#usr/libexec/ipsec/rsasigkey
-#usr/libexec/ipsec/secrets
-#usr/libexec/ipsec/setup
-#usr/libexec/ipsec/showdefaults
-#usr/libexec/ipsec/showhostkey
-#usr/libexec/ipsec/showpolicy
-#usr/libexec/ipsec/spi
-#usr/libexec/ipsec/spigrp
-#usr/libexec/ipsec/tncfg
-#usr/libexec/ipsec/verify
-#usr/libexec/ipsec/whack
-#usr/man/man3/ipsec_addrbytesof.3
-#usr/man/man3/ipsec_addrbytesptr.3
-#usr/man/man3/ipsec_addrcmp.3
-#usr/man/man3/ipsec_addrinsubnet.3
-#usr/man/man3/ipsec_addrlenof.3
-#usr/man/man3/ipsec_addrtoa.3
-#usr/man/man3/ipsec_addrtosubnet.3
-#usr/man/man3/ipsec_addrtot.3
-#usr/man/man3/ipsec_addrtypeof.3
-#usr/man/man3/ipsec_anyaddr.3
-#usr/man/man3/ipsec_atoaddr.3
-#usr/man/man3/ipsec_atoasr.3
-#usr/man/man3/ipsec_atosubnet.3
-#usr/man/man3/ipsec_atoul.3
-#usr/man/man3/ipsec_bitstomask.3
-#usr/man/man3/ipsec_broadcastof.3
-#usr/man/man3/ipsec_copyright_notice.3
-#usr/man/man3/ipsec_goodmask.3
-#usr/man/man3/ipsec_hostof.3
-#usr/man/man3/ipsec_initaddr.3
-#usr/man/man3/ipsec_initsaid.3
-#usr/man/man3/ipsec_initsubnet.3
-#usr/man/man3/ipsec_isanyaddr.3
-#usr/man/man3/ipsec_isloopbackaddr.3
-#usr/man/man3/ipsec_isunspecaddr.3
-#usr/man/man3/ipsec_loopbackaddr.3
-#usr/man/man3/ipsec_maskof.3
-#usr/man/man3/ipsec_masktobits.3
-#usr/man/man3/ipsec_masktocount.3
-#usr/man/man3/ipsec_networkof.3
-#usr/man/man3/ipsec_optionsfrom.3
-#usr/man/man3/ipsec_portof.3
-#usr/man/man3/ipsec_rangetoa.3
-#usr/man/man3/ipsec_rangetosubnet.3
-#usr/man/man3/ipsec_sameaddr.3
-#usr/man/man3/ipsec_sameaddrtype.3
-#usr/man/man3/ipsec_samesaid.3
-#usr/man/man3/ipsec_samesubnet.3
-#usr/man/man3/ipsec_samesubnettype.3
-#usr/man/man3/ipsec_satot.3
-#usr/man/man3/ipsec_setportof.3
-#usr/man/man3/ipsec_sockaddrlenof.3
-#usr/man/man3/ipsec_sockaddrof.3
-#usr/man/man3/ipsec_subnetinsubnet.3
-#usr/man/man3/ipsec_subnetishost.3
-#usr/man/man3/ipsec_subnetof.3
-#usr/man/man3/ipsec_subnettoa.3
-#usr/man/man3/ipsec_subnettot.3
-#usr/man/man3/ipsec_subnettypeof.3
-#usr/man/man3/ipsec_tnatoaddr.3
-#usr/man/man3/ipsec_ttoaddr.3
-#usr/man/man3/ipsec_ttodata.3
-#usr/man/man3/ipsec_ttosa.3
-#usr/man/man3/ipsec_ttosubnet.3
-#usr/man/man3/ipsec_ttoul.3
-#usr/man/man3/ipsec_unspecaddr.3
-#usr/man/man3/ipsec_version.3
-#usr/man/man3/ipsec_version_code.3
-#usr/man/man3/ipsec_version_string.3
-#usr/man/man5/ipsec_eroute.5
-#usr/man/man5/ipsec_klipsdebug.5
-#usr/man/man5/ipsec_showpolicy.8
-#usr/man/man5/ipsec_spi.5
-#usr/man/man5/ipsec_spigrp.5
-#usr/man/man5/ipsec_tncfg.5
-#usr/man/man5/ipsec_trap_count.5
-#usr/man/man5/ipsec_trap_sendcount.5
-#usr/man/man5/ipsec_version.5
-#usr/man/man5/pf_key.5
-#usr/man/man8/ipsec.8
-#usr/man/man8/ipsec__copyright.8
-#usr/man/man8/ipsec__include.8
-#usr/man/man8/ipsec__keycensor.8
-#usr/man/man8/ipsec__plutoload.8
-#usr/man/man8/ipsec__plutorun.8
-#usr/man/man8/ipsec__realsetup.8
-#usr/man/man8/ipsec__secretcensor.8
-#usr/man/man8/ipsec__startklips.8
-#usr/man/man8/ipsec__startnetkey.8
-#usr/man/man8/ipsec__updown.8
-#usr/man/man8/ipsec__updown.klips.8
-#usr/man/man8/ipsec__updown.mast.8
-#usr/man/man8/ipsec__updown.netkey.8
-#usr/man/man8/ipsec_addconn.8
-#usr/man/man8/ipsec_auto.8
-#usr/man/man8/ipsec_barf.8
-#usr/man/man8/ipsec_eroute.8
-#usr/man/man8/ipsec_ikeping.8
-#usr/man/man8/ipsec_klipsdebug.8
-#usr/man/man8/ipsec_look.8
-#usr/man/man8/ipsec_newhostkey.8
-#usr/man/man8/ipsec_pf_key.8
-#usr/man/man8/ipsec_ranbits.8
-#usr/man/man8/ipsec_rsasigkey.8
-#usr/man/man8/ipsec_secrets.8
-#usr/man/man8/ipsec_setup.8
-#usr/man/man8/ipsec_showdefaults.8
-#usr/man/man8/ipsec_showhostkey.8
-#usr/man/man8/ipsec_showpolicy.8
-#usr/man/man8/ipsec_spi.8
-#usr/man/man8/ipsec_spigrp.8
-#usr/man/man8/ipsec_tncfg.8
-#usr/man/man8/ipsec_verify.8
-usr/sbin/ipsec
-#usr/share/doc/openswan
-#usr/share/doc/openswan/index.html
-#usr/share/doc/openswan/ipsec.8.html
-#usr/share/doc/openswan/ipsec.conf-sample
-#usr/share/doc/openswan/ipsec.conf.5.html
-#usr/share/doc/openswan/ipsec.secrets.5.html
-#usr/share/doc/openswan/ipsec__confread.8.html
-#usr/share/doc/openswan/ipsec__copyright.8.html
-#usr/share/doc/openswan/ipsec__include.8.html
-#usr/share/doc/openswan/ipsec__keycensor.8.html
-#usr/share/doc/openswan/ipsec__plutoload.8.html
-#usr/share/doc/openswan/ipsec__plutorun.8.html
-#usr/share/doc/openswan/ipsec__realsetup.8.html
-#usr/share/doc/openswan/ipsec__secretcensor.8.html
-#usr/share/doc/openswan/ipsec__startklips.8.html
-#usr/share/doc/openswan/ipsec__startnetkey.8.html
-#usr/share/doc/openswan/ipsec__updown.8.html
-#usr/share/doc/openswan/ipsec__updown.klips.8.html
-#usr/share/doc/openswan/ipsec__updown.mast.8.html
-#usr/share/doc/openswan/ipsec__updown.netkey.8.html
-#usr/share/doc/openswan/ipsec_addconn.8.html
-#usr/share/doc/openswan/ipsec_addrbytesof.3.html
-#usr/share/doc/openswan/ipsec_addrbytesptr.3.html
-#usr/share/doc/openswan/ipsec_addrcmp.3.html
-#usr/share/doc/openswan/ipsec_addrinsubnet.3.html
-#usr/share/doc/openswan/ipsec_addrlenof.3.html
-#usr/share/doc/openswan/ipsec_addrtoa.3.html
-#usr/share/doc/openswan/ipsec_addrtosubnet.3.html
-#usr/share/doc/openswan/ipsec_addrtot.3.html
-#usr/share/doc/openswan/ipsec_addrtypeof.3.html
-#usr/share/doc/openswan/ipsec_anyaddr.3.html
-#usr/share/doc/openswan/ipsec_atoaddr.3.html
-#usr/share/doc/openswan/ipsec_atoasr.3.html
-#usr/share/doc/openswan/ipsec_atosubnet.3.html
-#usr/share/doc/openswan/ipsec_atoul.3.html
-#usr/share/doc/openswan/ipsec_auto.8.html
-#usr/share/doc/openswan/ipsec_barf.8.html
-#usr/share/doc/openswan/ipsec_bitstomask.3.html
-#usr/share/doc/openswan/ipsec_broadcastof.3.html
-#usr/share/doc/openswan/ipsec_copyright_notice.3.html
-#usr/share/doc/openswan/ipsec_eroute.5.html
-#usr/share/doc/openswan/ipsec_eroute.8.html
-#usr/share/doc/openswan/ipsec_goodmask.3.html
-#usr/share/doc/openswan/ipsec_hostof.3.html
-#usr/share/doc/openswan/ipsec_ikeping.8.html
-#usr/share/doc/openswan/ipsec_initaddr.3.html
-#usr/share/doc/openswan/ipsec_initsaid.3.html
-#usr/share/doc/openswan/ipsec_initsubnet.3.html
-#usr/share/doc/openswan/ipsec_isanyaddr.3.html
-#usr/share/doc/openswan/ipsec_isloopbackaddr.3.html
-#usr/share/doc/openswan/ipsec_isunspecaddr.3.html
-#usr/share/doc/openswan/ipsec_keyblobtoid.3.html
-#usr/share/doc/openswan/ipsec_klipsdebug.5.html
-#usr/share/doc/openswan/ipsec_klipsdebug.8.html
-#usr/share/doc/openswan/ipsec_livetest.8.html
-#usr/share/doc/openswan/ipsec_look.8.html
-#usr/share/doc/openswan/ipsec_loopbackaddr.3.html
-#usr/share/doc/openswan/ipsec_lwdnsq.8.html
-#usr/share/doc/openswan/ipsec_mailkey.8.html
-#usr/share/doc/openswan/ipsec_manual.8.html
-#usr/share/doc/openswan/ipsec_maskof.3.html
-#usr/share/doc/openswan/ipsec_masktobits.3.html
-#usr/share/doc/openswan/ipsec_masktocount.3.html
-#usr/share/doc/openswan/ipsec_networkof.3.html
-#usr/share/doc/openswan/ipsec_newhostkey.8.html
-#usr/share/doc/openswan/ipsec_optionsfrom.3.html
-#usr/share/doc/openswan/ipsec_pf_key.5.html
-#usr/share/doc/openswan/ipsec_pf_key.8.html
-#usr/share/doc/openswan/ipsec_pluto.8.html
-#usr/share/doc/openswan/ipsec_portof.3.html
-#usr/share/doc/openswan/ipsec_prng.3.html
-#usr/share/doc/openswan/ipsec_prng_bytes.3.html
-#usr/share/doc/openswan/ipsec_prng_final.3.html
-#usr/share/doc/openswan/ipsec_prng_init.3.html
-#usr/share/doc/openswan/ipsec_ranbits.8.html
-#usr/share/doc/openswan/ipsec_rangetoa.3.html
-#usr/share/doc/openswan/ipsec_rangetosubnet.3.html
-#usr/share/doc/openswan/ipsec_readwriteconf.8.html
-#usr/share/doc/openswan/ipsec_rsasigkey.8.html
-#usr/share/doc/openswan/ipsec_sameaddr.3.html
-#usr/share/doc/openswan/ipsec_sameaddrtype.3.html
-#usr/share/doc/openswan/ipsec_samesaid.3.html
-#usr/share/doc/openswan/ipsec_samesubnet.3.html
-#usr/share/doc/openswan/ipsec_samesubnettype.3.html
-#usr/share/doc/openswan/ipsec_satot.3.html
-#usr/share/doc/openswan/ipsec_secrets.8.html
-#usr/share/doc/openswan/ipsec_set_policy.3.html
-#usr/share/doc/openswan/ipsec_setportof.3.html
-#usr/share/doc/openswan/ipsec_setup.8.html
-#usr/share/doc/openswan/ipsec_showdefaults.8.html
-#usr/share/doc/openswan/ipsec_showhostkey.8.html
-#usr/share/doc/openswan/ipsec_showpolicy.8.html
-#usr/share/doc/openswan/ipsec_sockaddrlenof.3.html
-#usr/share/doc/openswan/ipsec_sockaddrof.3.html
-#usr/share/doc/openswan/ipsec_spi.5.html
-#usr/share/doc/openswan/ipsec_spi.8.html
-#usr/share/doc/openswan/ipsec_spigrp.5.html
-#usr/share/doc/openswan/ipsec_spigrp.8.html
-#usr/share/doc/openswan/ipsec_strerror.3.html
-#usr/share/doc/openswan/ipsec_subnetinsubnet.3.html
-#usr/share/doc/openswan/ipsec_subnetishost.3.html
-#usr/share/doc/openswan/ipsec_subnetof.3.html
-#usr/share/doc/openswan/ipsec_subnettoa.3.html
-#usr/share/doc/openswan/ipsec_subnettot.3.html
-#usr/share/doc/openswan/ipsec_subnettypeof.3.html
-#usr/share/doc/openswan/ipsec_tnatoaddr.3.html
-#usr/share/doc/openswan/ipsec_tncfg.5.html
-#usr/share/doc/openswan/ipsec_tncfg.8.html
-#usr/share/doc/openswan/ipsec_trap_count.5.html
-#usr/share/doc/openswan/ipsec_trap_sendcount.5.html
-#usr/share/doc/openswan/ipsec_ttoaddr.3.html
-#usr/share/doc/openswan/ipsec_ttodata.3.html
-#usr/share/doc/openswan/ipsec_ttosa.3.html
-#usr/share/doc/openswan/ipsec_ttosubnet.3.html
-#usr/share/doc/openswan/ipsec_ttoul.3.html
-#usr/share/doc/openswan/ipsec_unspecaddr.3.html
-#usr/share/doc/openswan/ipsec_verify.8.html
-#usr/share/doc/openswan/ipsec_version.3.html
-#usr/share/doc/openswan/ipsec_version.5.html
-#usr/share/doc/openswan/ipsec_version_code.3.html
-#usr/share/doc/openswan/ipsec_version_string.3.html
-var/run/pluto
diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
new file mode 100644
index 0000000..1130cc5
--- /dev/null
+++ b/config/rootfiles/common/strongswan
@@ -0,0 +1,123 @@
+etc/ipsec.conf
+#etc/ipsec.d
+etc/ipsec.d/aacerts
+etc/ipsec.d/acerts
+etc/ipsec.d/cacerts
+etc/ipsec.d/certs
+etc/ipsec.d/crls
+etc/ipsec.d/ocspcerts
+etc/ipsec.d/private
+etc/ipsec.d/reqs
+etc/ipsec.secrets
+etc/strongswan.conf
+#usr/lib/libstrongswan.a
+#usr/lib/libstrongswan.la
+usr/lib/libstrongswan.so
+usr/lib/libstrongswan.so.0
+usr/lib/libstrongswan.so.0.0.0
+#usr/libexec/ipsec
+usr/libexec/ipsec/_copyright
+usr/libexec/ipsec/_pluto_adns
+usr/libexec/ipsec/_updown
+usr/libexec/ipsec/_updown_espmark
+usr/libexec/ipsec/charon
+usr/libexec/ipsec/openac
+usr/libexec/ipsec/pki
+#usr/libexec/ipsec/plugins
+#usr/libexec/ipsec/plugins/libstrongswan-aes.a
+#usr/libexec/ipsec/plugins/libstrongswan-aes.la
+usr/libexec/ipsec/plugins/libstrongswan-aes.so
+#usr/libexec/ipsec/plugins/libstrongswan-attr.a
+#usr/libexec/ipsec/plugins/libstrongswan-attr.la
+usr/libexec/ipsec/plugins/libstrongswan-attr.so
+#usr/libexec/ipsec/plugins/libstrongswan-des.a
+#usr/libexec/ipsec/plugins/libstrongswan-des.la
+usr/libexec/ipsec/plugins/libstrongswan-des.so
+#usr/libexec/ipsec/plugins/libstrongswan-dnskey.a
+#usr/libexec/ipsec/plugins/libstrongswan-dnskey.la
+usr/libexec/ipsec/plugins/libstrongswan-dnskey.so
+#usr/libexec/ipsec/plugins/libstrongswan-fips-prf.a
+#usr/libexec/ipsec/plugins/libstrongswan-fips-prf.la
+usr/libexec/ipsec/plugins/libstrongswan-fips-prf.so
+#usr/libexec/ipsec/plugins/libstrongswan-gmp.a
+#usr/libexec/ipsec/plugins/libstrongswan-gmp.la
+usr/libexec/ipsec/plugins/libstrongswan-gmp.so
+#usr/libexec/ipsec/plugins/libstrongswan-hmac.a
+#usr/libexec/ipsec/plugins/libstrongswan-hmac.la
+usr/libexec/ipsec/plugins/libstrongswan-hmac.so
+#usr/libexec/ipsec/plugins/libstrongswan-kernel-netlink.a
+#usr/libexec/ipsec/plugins/libstrongswan-kernel-netlink.la
+usr/libexec/ipsec/plugins/libstrongswan-kernel-netlink.so
+#usr/libexec/ipsec/plugins/libstrongswan-md5.a
+#usr/libexec/ipsec/plugins/libstrongswan-md5.la
+usr/libexec/ipsec/plugins/libstrongswan-md5.so
+#usr/libexec/ipsec/plugins/libstrongswan-pem.a
+#usr/libexec/ipsec/plugins/libstrongswan-pem.la
+usr/libexec/ipsec/plugins/libstrongswan-pem.so
+#usr/libexec/ipsec/plugins/libstrongswan-pgp.a
+#usr/libexec/ipsec/plugins/libstrongswan-pgp.la
+usr/libexec/ipsec/plugins/libstrongswan-pgp.so
+#usr/libexec/ipsec/plugins/libstrongswan-pkcs1.a
+#usr/libexec/ipsec/plugins/libstrongswan-pkcs1.la
+usr/libexec/ipsec/plugins/libstrongswan-pkcs1.so
+#usr/libexec/ipsec/plugins/libstrongswan-pubkey.a
+#usr/libexec/ipsec/plugins/libstrongswan-pubkey.la
+usr/libexec/ipsec/plugins/libstrongswan-pubkey.so
+#usr/libexec/ipsec/plugins/libstrongswan-random.a
+#usr/libexec/ipsec/plugins/libstrongswan-random.la
+usr/libexec/ipsec/plugins/libstrongswan-random.so
+#usr/libexec/ipsec/plugins/libstrongswan-resolve.a
+#usr/libexec/ipsec/plugins/libstrongswan-resolve.la
+usr/libexec/ipsec/plugins/libstrongswan-resolve.so
+#usr/libexec/ipsec/plugins/libstrongswan-sha1.a
+#usr/libexec/ipsec/plugins/libstrongswan-sha1.la
+usr/libexec/ipsec/plugins/libstrongswan-sha1.so
+#usr/libexec/ipsec/plugins/libstrongswan-sha2.a
+#usr/libexec/ipsec/plugins/libstrongswan-sha2.la
+usr/libexec/ipsec/plugins/libstrongswan-sha2.so
+#usr/libexec/ipsec/plugins/libstrongswan-stroke.a
+#usr/libexec/ipsec/plugins/libstrongswan-stroke.la
+usr/libexec/ipsec/plugins/libstrongswan-stroke.so
+#usr/libexec/ipsec/plugins/libstrongswan-updown.a
+#usr/libexec/ipsec/plugins/libstrongswan-updown.la
+usr/libexec/ipsec/plugins/libstrongswan-updown.so
+#usr/libexec/ipsec/plugins/libstrongswan-x509.a
+#usr/libexec/ipsec/plugins/libstrongswan-x509.la
+usr/libexec/ipsec/plugins/libstrongswan-x509.so
+#usr/libexec/ipsec/plugins/libstrongswan-xcbc.a
+#usr/libexec/ipsec/plugins/libstrongswan-xcbc.la
+usr/libexec/ipsec/plugins/libstrongswan-xcbc.so
+usr/libexec/ipsec/pluto
+usr/libexec/ipsec/scepclient
+usr/libexec/ipsec/starter
+usr/libexec/ipsec/stroke
+usr/libexec/ipsec/whack
+usr/sbin/ipsec
+#usr/share/man/man3/anyaddr.3
+#usr/share/man/man3/atoaddr.3
+#usr/share/man/man3/atoasr.3
+#usr/share/man/man3/atosa.3
+#usr/share/man/man3/atoul.3
+#usr/share/man/man3/goodmask.3
+#usr/share/man/man3/initaddr.3
+#usr/share/man/man3/initsubnet.3
+#usr/share/man/man3/keyblobtoid.3
+#usr/share/man/man3/portof.3
+#usr/share/man/man3/prng.3
+#usr/share/man/man3/rangetosubnet.3
+#usr/share/man/man3/sameaddr.3
+#usr/share/man/man3/subnetof.3
+#usr/share/man/man3/ttoaddr.3
+#usr/share/man/man3/ttodata.3
+#usr/share/man/man3/ttosa.3
+#usr/share/man/man3/ttoul.3
+#usr/share/man/man5/ipsec.conf.5
+#usr/share/man/man5/ipsec.secrets.5
+#usr/share/man/man8/_copyright.8
+#usr/share/man/man8/_updown.8
+#usr/share/man/man8/_updown_espmark.8
+#usr/share/man/man8/ipsec.8
+#usr/share/man/man8/openac.8
+#usr/share/man/man8/pluto.8
+#usr/share/man/man8/scepclient.8
+#usr/share/man/man8/starter.8
diff --git a/doc/packages-list.txt b/doc/packages-list.txt
index eb98dab..1b7287d 100644
--- a/doc/packages-list.txt
+++ b/doc/packages-list.txt
@@ -110,7 +110,7 @@
 * foomatic-3.0-20070813
 * freefont-20060126
 * freetype-2.1.10
-* fuse-2.7.4
+* fuse-2.8.3
 * fwhits
 * gawk-3.1.5
 * gcc-4.0.4
@@ -127,11 +127,11 @@
 * groff-1.18.1.1
 * grub-0.97
 * guardian-ipfire
-* gutenprint-5.0.2
+* gutenprint-5.2.5
 * gzip-1.3.5
 * hddtemp-0.3-beta14
 * hdparm-8.9
-* hostapd-0.6.9
+* hostapd-0.7.1
 * hplip-2.7.10
 * htop-0.8.1
 * httpd-2.2.15
@@ -198,7 +198,7 @@
 * logrotate-3.7.1
 * logwatch-7.3.6
 * lsof-4.78
-* lynis-1.2.6
+* lynis-1.2.9
 * lzo-2.02
 * m4-1.4.4
 * mISDNuser_20090906
@@ -251,9 +251,6 @@
 * openmailadmin-1.0.0
 * openssh-5.4p1
 * openssl-0.9.8m
-* openswan-2.6.24
-* openswan-2.6.24-kmod-2.6.32.9-ipfire
-* openswan-2.6.24-kmod-2.6.32.9-ipfire-xen
 * openvpn-2.1_rc20
 * p7zip_4.65
 * pam_mysql-0.7RC1
@@ -282,7 +279,7 @@
 * rssdler-0.4.0a
 * rsync-3.0.7
 * rtorrent-0.8.6
-* samba-3.3.10
+* samba-3.5.1
 * sane-1.0.19
 * screen-4.0.3
 * sdparm-1.01
@@ -300,10 +297,11 @@
 * squashfs-lzma-cvs20100214
 * squid-2.7.STABLE7
 * squidGuard-1.4.1
-* squidclamav-5.0
+* squidclamav-5.2
 * sshfs-fuse-2.2
-* sslh-1.6i
+* sslh-1.7a
 * streamripper-1.63.5
+* strongswan-4.3.6
 * sudo-1.6.8p12
 * sysfsutils-1.3.0
 * sysklogd-1.5
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index d19f22e..9e75c69 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -248,9 +248,9 @@ sub writeipsecfiles {
     foreach my $key (keys %lconfighash) {
    next if ($lconfighash{$key}[0] ne 'on');
         $interfaces .= "%defaultroute " 		    if ($interfaces !~ /defaultroute/ && $lconfighash{$key}[26] eq 'RED');
-	$interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} "  if ($interfaces !~ /ipsec1/	      && $lconfighash{$key}[26] eq 'GREEN');
-	$interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} "   if ($interfaces !~ /ipsec2/	      && $lconfighash{$key}[26] eq 'BLUE');
-	$interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/	      && $lconfighash{$key}[26] eq 'ORANGE');
+	#$interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} "  if ($interfaces !~ /ipsec1/	      && $lconfighash{$key}[26] eq 'GREEN');
+	#$interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} "   if ($interfaces !~ /ipsec2/	      && $lconfighash{$key}[26] eq 'BLUE');
+	#$interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/	      && $lconfighash{$key}[26] eq 'ORANGE');
     }
     print CONF $interfaces . ""\n";
@@ -264,6 +264,8 @@ sub writeipsecfiles {
     # deprecated in ipsec.conf version 2
     #print CONF "\tplutoload=%search\n";
     #print CONF "\tplutostart=%search\n";
+    #Disable IKEv2 deamon
+    print CONF "\tcharonstart=no\n";
     print CONF "\tuniqueids=yes\n";
     print CONF "\tnat_traversal=yes\n";
     print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne '');
@@ -283,7 +285,8 @@ sub writeipsecfiles {
     print CONF "\n\n";
     print CONF "conn %default\n";
     print CONF "\tkeyingtries=0\n";
-    print CONF "\tdisablearrivalcheck=no\n";
+    #strongswan doesn't know this
+    #print CONF "\tdisablearrivalcheck=no\n";
     print CONF "\n";
if (-f "${General::swroot}/certs/hostkey.pem") {
@@ -312,6 +315,7 @@ sub writeipsecfiles {
    print CONF "\tleft=$localside\n";
    print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
    print CONF "\tleftsubnet=$lconfighash{$key}[8]\n";
+	print CONF "\tleftfirewall=yes\n";
print CONF "\tright=$lconfighash{$key}[10]\n";
    if ($lconfighash{$key}[3] eq 'net') {
diff --git a/lfs/strongswan b/lfs/strongswan
new file mode 100644
index 0000000..29290f9
--- /dev/null
+++ b/lfs/strongswan
@@ -0,0 +1,98 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see http://www.gnu.org/licenses/.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+ifeq "$(XEN)" "1"
+	VERSUFIX=ipfire-xen
+else
+	VERSUFIX=ipfire
+endif
+
+VER        = 4.3.6
+
+THISAPP    = strongswan-$(VER)
+DL_FILE    = $(THISAPP).tar.bz2
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = e071f46b6c463ce76900758734e6143e
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+	@$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+	@$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+	@$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+	@$(PREBUILD)
+	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE)
+
+	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/strongswan-4.3.6_ipfire.patch
+
+	cd $(DIR_APP) && ./configure --prefix="/usr" --sysconfdir="/etc"
+	cd $(DIR_APP) && make $(MAKETUNING)
+	cd $(DIR_APP) && make install
+
+	-rm -rfv /etc/rc*.d/*ipsec
+	cd $(DIR_SRC) && cp src/initscripts/init.d/ipsec /etc/rc.d/init.d/ipsec
+	rm -f /etc/ipsec.conf /etc/ipsec.secrets
+	ln -sf $(CONFIG_ROOT)/vpn/ipsec.conf /etc/ipsec.conf
+	ln -sf $(CONFIG_ROOT)/vpn/ipsec.secrets /etc/ipsec.secrets
+
+	rm -rf /etc/ipsec.d/{cacerts,certs,crls}
+	ln -sf $(CONFIG_ROOT)/ca    /etc/ipsec.d/cacerts
+	ln -sf $(CONFIG_ROOT)/certs /etc/ipsec.d/certs
+	ln -sf $(CONFIG_ROOT)/crls  /etc/ipsec.d/crls
+
+	#@rm -rf $(DIR_APP)
+	@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 6a7c63a..8d79f1d 100755
--- a/make.sh
+++ b/make.sh
@@ -348,7 +348,7 @@ buildipfire() {
   ipfiremake madwifi			XEN=1
   #ipfiremake alsa			XEN=1 KMOD=1
   ipfiremake dahdi			XEN=1 KMOD=1
-  ipfiremake openswan			XEN=1 KMOD=1
+#  ipfiremake openswan			XEN=1 KMOD=1
   #ipfiremake mISDN			XEN=1
   #ipfiremake compat-wireless		XEN=1
   ipfiremake cryptodev			XEN=1
@@ -359,7 +359,7 @@ buildipfire() {
   ipfiremake madwifi
   ipfiremake alsa			KMOD=1
   ipfiremake dahdi			KMOD=1
-  ipfiremake openswan			KMOD=1
+#  ipfiremake openswan			KMOD=1
   #ipfiremake mISDN
   #ipfiremake compat-wireless
   ipfiremake cryptodev
@@ -546,7 +546,8 @@ buildipfire() {
   ipfiremake tripwire
   ipfiremake sysstat
   ipfiremake vsftpd
-  ipfiremake openswan
+#  ipfiremake openswan
+  ipfiremake strongswan
   ipfiremake lsof
   ipfiremake centerim
   ipfiremake br2684ctl
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 55ab624..55bc066 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -166,14 +166,17 @@ case "$1" in
    /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    
    # trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
-	/sbin/iptables -N IPSECVIRTUAL
+	/sbin/iptables -N IPSECINPUT
+	/sbin/iptables -N IPSECFORWARD
+	/sbin/iptables -N IPSECOUTPUT
    /sbin/iptables -N OPENSSLVIRTUAL
-	/sbin/iptables -A INPUT -j IPSECVIRTUAL -m comment --comment "IPSECVIRTUAL INPUT"
+	/sbin/iptables -A INPUT -j IPSECINPUT
    /sbin/iptables -A INPUT -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL INPUT"
-	/sbin/iptables -A FORWARD -j IPSECVIRTUAL -m comment --comment "IPSECVIRTUAL FORWARD"
+	/sbin/iptables -A FORWARD -j IPSECFORWARD
    /sbin/iptables -A FORWARD -j OPENSSLVIRTUAL -m comment --comment "OPENSSLVIRTUAL FORWARD"
-	/sbin/iptables -t nat -N IPSECNAT
-	/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
+	/sbin/iptables -A OUTPUT -j IPSECOUTPUT
+	#/sbin/iptables -t nat -N IPSECNAT
+	#/sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
# Outgoing Firewall
    /sbin/iptables -A FORWARD -j OUTGOINGFW
@@ -197,10 +200,6 @@ case "$1" in
    /sbin/iptables -N DHCPBLUEINPUT 
    /sbin/iptables -A INPUT -j DHCPBLUEINPUT
-	# IPSec
-	/sbin/iptables -N IPSECPHYSICAL
-	/sbin/iptables -A INPUT -j IPSECPHYSICAL
-
    # OPenSSL
    /sbin/iptables -N OPENSSLPHYSICAL
    /sbin/iptables -A INPUT -j OPENSSLPHYSICAL
diff --git a/src/initscripts/init.d/ipsec b/src/initscripts/init.d/ipsec
index e370747..0c62db5 100644
--- a/src/initscripts/init.d/ipsec
+++ b/src/initscripts/init.d/ipsec
@@ -1,178 +1,2 @@
 #!/bin/sh
-# IPsec startup and shutdown script
-# Copyright (C) 1998, 1999, 2001  Henry Spencer.
-# Copyright (C) 2002              Michael Richardson mcr@freeswan.org
-# 
-# This program is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License as published by the
-# Free Software Foundation; either version 2 of the License, or (at your
-# option) any later version.  See http://www.fsf.org/copyleft/gpl.txt.
-# 
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# for more details.
-#
-# RCSID $Id: setup.in,v 1.122.6.3 2006/10/26 23:54:32 paul Exp $
-#
-# ipsec         init.d script for starting and stopping
-#               the IPsec security subsystem (KLIPS and Pluto).
-#
-# This script becomes /etc/rc.d/init.d/ipsec (or possibly /etc/init.d/ipsec)
-# and is also accessible as "ipsec setup" (the preferred route for human
-# invocation).
-#
-# The startup and shutdown times are a difficult compromise (in particular,
-# it is almost impossible to reconcile them with the insanely early/late
-# times of NFS filesystem startup/shutdown).  Startup is after startup of
-# syslog and pcmcia support; shutdown is just before shutdown of syslog.
-#
-# chkconfig: 2345 47 76
-# description: IPsec provides encrypted and authenticated communications; \
-# KLIPS is the kernel half of it, Pluto is the user-level management daemon.
-
-me='ipsec setup'		# for messages
-
-# where the private directory and the config files are
-IPSEC_EXECDIR="${IPSEC_EXECDIR-/usr/libexec/ipsec}"
-IPSEC_LIBDIR="${IPSEC_LIBDIR-/usr/lib/ipsec}"
-IPSEC_SBINDIR="${IPSEC_SBINDIR-/usr/sbin}"
-IPSEC_CONFS="${IPSEC_CONFS-/etc}"
-
-if test " $IPSEC_DIR" = " "	# if we were not called by the ipsec command
-then
-    # we must establish a suitable PATH ourselves
-    PATH="${IPSEC_SBINDIR}":/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin
-    export PATH
-
-    IPSEC_DIR="$IPSEC_LIBDIR"
-    export IPSEC_DIR IPSEC_CONFS IPSEC_LIBDIR IPSEC_EXECDIR
-fi
-
-# Check that the ipsec command is available.
-found=
-for dir in `echo $PATH | tr ':' ' '`
-do
-	if test -f $dir/ipsec -a -x $dir/ipsec
-	then
-		found=yes
-		break			# NOTE BREAK OUT
-	fi
-done
-if ! test "$found"
-then
-	echo "cannot find ipsec command -- `$1' aborted" |
-		logger -s -p daemon.error -t ipsec_setup
-	exit 1
-fi
-
-# accept a few flags
-
-export IPSEC_setupflags
-IPSEC_setupflags=""
-
-config=""
-
-for dummy
-do
-	case "$1" in
-	--showonly|--show)  IPSEC_setupflags="$1" ;;
-	--config)  config="--config $2" ; shift	;;
-	*) break ;;
-	esac
-	shift
-done
-
-
-# Pick up IPsec configuration (until we have done this, successfully, we
-# do not know where errors should go, hence the explicit "daemon.error"s.)
-# Note the "--export", which exports the variables created.
-eval `ipsec _confread $config --optional --varprefix IPSEC --export --type config setup`
-
-if test " $IPSEC_confreadstatus" != " "
-then
-    case $1 in 
-    stop|--stop|_autostop) 
-	echo "$IPSEC_confreadstatus -- `$1' may not work" |
-		logger -s -p daemon.error -t ipsec_setup;;
-		
-    *) echo "$IPSEC_confreadstatus -- `$1' aborted" |
-	    logger -s -p daemon.error -t ipsec_setup;
-	exit 1;;
-    esac
-fi
-
-IPSEC_confreadsection=${IPSEC_confreadsection:-setup}
-export IPSEC_confreadsection
-
-IPSECsyslog=${IPSECsyslog-daemon.error}
-export IPSECsyslog
-
-# misc setup
-umask 022
-
-mkdir -p /var/run/pluto
-
-
-# do it
-case "$1" in
-  start|--start|stop|--stop|_autostop|_autostart)
-	if test " `id -u`" != " 0"
-	then
-		echo "permission denied (must be superuser)" |
-			logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
-		exit 1
-	fi
-	tmp=/var/run/pluto/ipsec_setup.st
-	outtmp=/var/run/pluto/ipsec_setup.out
-	(
-		ipsec _realsetup $1
-		echo "$?" >$tmp
-	) > ${outtmp} 2>&1
-	st=$?
-	if test -f $tmp
-	then
-		st=`cat $tmp`
-		rm -f $tmp
-	fi
-	if [ -f ${outtmp} ]; then
-		cat ${outtmp} | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
-		rm -f ${outtmp}
-	fi
-	sleep 20 && chown root:nobody  /var/run/pluto -R && chmod 770 /var/run/pluto -R && ln -sf /var/run/pluto/pluto.pid /var/run/pluto.pid 2>&1 &
-	exit $st
-	;;
-
-  restart|--restart|force-reload)
-	$0 $IPSEC_setupflags stop
-	$0 $IPSEC_setupflags start
-	;;
-
-  _autorestart)			# for internal use only
-	$0 $IPSEC_setupflags _autostop
-	$0 $IPSEC_setupflags _autostart
-	;;
-
-  status|--status)
-	ipsec _realsetup $1
-	exit
-	;;
-
-  --version)
-	echo "$me $IPSEC_VERSION"
-	exit 0
-	;;
-
-  --help)
-	echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
-	echo "       $me --status"
-	exit 0
-	;;
-
-  *)
-	echo "Usage: $me [ --showonly ] {--start|--stop|--restart}"
-	echo "       $me --status"
-	exit 2
-esac
-
-exit 0
+ipsec $*
diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c
index 763b81f..c46bc06 100644
--- a/src/misc-progs/ipsecctrl.c
+++ b/src/misc-progs/ipsecctrl.c
@@ -44,7 +44,7 @@ void usage() {
 }
void load_modules() {
-        safe_system("/sbin/modprobe ipsec");
+//        safe_system("/sbin/modprobe ipsec");
 }
/*
@@ -55,22 +55,22 @@ void open_physical (char *interface, int nat_traversal_port) {
// GRE ???
         sprintf(str, "/sbin/iptables -A " phystable " -p 47  -i %s -j ACCEPT", interface);
-        safe_system(str);
+//        safe_system(str);
         // ESP
         sprintf(str, "/sbin/iptables -A " phystable " -p 50  -i %s -j ACCEPT", interface);
-        safe_system(str);
+//        safe_system(str);
         // AH
         sprintf(str, "/sbin/iptables -A " phystable " -p 51  -i %s -j ACCEPT", interface);
-        safe_system(str);
+//        safe_system(str);
         // IKE
         sprintf(str, "/sbin/iptables -A " phystable " -p udp -i %s --sport 500 --dport 500 -j ACCEPT", interface);
-        safe_system(str);
+//        safe_system(str);
if (! nat_traversal_port) 
             return;
sprintf(str, "/sbin/iptables -A " phystable " -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
-        safe_system(str);
+//        safe_system(str);
 }
/*
@@ -81,14 +81,14 @@ void open_physical (char *interface, int nat_traversal_port) {
 */
 void open_virtual (void) {
         // allow anything from any ipsec to go on all interface, including other ipsec
-        safe_system("/sbin/iptables -A " virtualtable " -i ipsec+ -j ACCEPT");
+//        safe_system("/sbin/iptables -A " virtualtable " -i ipsec+ -j ACCEPT");
         //todo: BOT extension?; allowing ipsec0<<==port-list-filter==>>GREEN ?
 }
void ipsec_norules() {
         /* clear input rules */
-        safe_system("/sbin/iptables -F " phystable);
-        safe_system("/sbin/iptables -F " virtualtable);
+//        safe_system("/sbin/iptables -F " phystable);
+//        safe_system("/sbin/iptables -F " virtualtable);
// unmap red alias ????
 }
@@ -152,7 +152,7 @@ void add_alias_interfaces(char *configtype,
                 {
                         memset(s, 0, STRING_SIZE);
                         snprintf(s, STRING_SIZE-1, "/usr/sbin/ipsec tncfg --attach --virtual ipsec%d --physical %s:%d >/dev/null", offset+alias, redif, alias);
-                        safe_system(s);
+//                        safe_system(s);
                         alias++;
                 }
         }
diff --git a/src/patches/strongswan-4.3.6_ipfire.patch b/src/patches/strongswan-4.3.6_ipfire.patch
new file mode 100644
index 0000000..69f2aba
--- /dev/null
+++ b/src/patches/strongswan-4.3.6_ipfire.patch
@@ -0,0 +1,317 @@
+diff -Naur strongswan-4.3.6.org/src/_updown/_updown.in strongswan-4.3.6/src/_updown/_updown.in
+--- strongswan-4.3.6.org/src/_updown/_updown.in	2009-09-27 21:50:42.000000000 +0200
++++ strongswan-4.3.6/src/_updown/_updown.in	2010-03-20 18:44:11.000000000 +0100
+@@ -374,10 +374,10 @@
+ 	# connection to me, with (left/right)firewall=yes, coming up
+ 	# This is used only by the default updown script, not by your custom
+ 	# ones, so do not mess with it; see CAUTION comment up at top.
+-	iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	    -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	    -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+-	iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
+ 	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
+ 	#
+@@ -387,10 +387,10 @@
+ 	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
+ 	  then
+ 	    logger -t $TAG -p $FAC_PRIO \
+-	      "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
++	      "host+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
+ 	  else
+ 	    logger -t $TAG -p $FAC_PRIO \
+-	      "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
++	      "host+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
+ 	  fi
+ 	fi
+ 	;;
+@@ -398,10 +398,10 @@
+ 	# connection to me, with (left/right)firewall=yes, going down
+ 	# This is used only by the default updown script, not by your custom
+ 	# ones, so do not mess with it; see CAUTION comment up at top.
+-	iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	    -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	    -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+-	iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
+ 	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
+ 	#
+@@ -411,10 +411,10 @@
+ 	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
+ 	  then
+ 	    logger -t $TAG -p $FAC_PRIO -- \
+-	      "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
++	      "host- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME"
+ 	  else
+ 	    logger -t $TAG -p $FAC_PRIO -- \
+-	    "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
++	    "host- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME"
+ 	  fi
+ 	fi
+ 	;;
+@@ -424,10 +424,10 @@
+ 	# ones, so do not mess with it; see CAUTION comment up at top.
+ 	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
+ 	then
+-	  iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	  iptables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ 	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
+-	  iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	  iptables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+ 	fi
+@@ -436,10 +436,10 @@
+ 	# or sometimes host access via the internal IP is needed
+ 	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
+ 	then
+-	  iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	  iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+-	  iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	  iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ 	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
+ 	fi
+@@ -450,12 +450,27 @@
+ 	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
+ 	  then
+ 	    logger -t $TAG -p $FAC_PRIO \
+-	      "+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
++	      "client+ $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
+ 	  else
+ 	    logger -t $TAG -p $FAC_PRIO \
+-	      "+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
++	      "client+ $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
+ 	  fi
+ 	fi
++
++	#
++	# Open Firewall for ESP Traffic
++	  iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p ESP \
++	      -s $PLUTO_PEER $S_PEER_PORT \
++	      -d $PLUTO_ME $D_MY_PORT -j ACCEPT
++	  iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p ESP \
++	      -d $PLUTO_PEER $S_PEER_PORT \
++	      -s $PLUTO_ME $D_MY_PORT -j ACCEPT
++	if [ $VPN_LOGGING ]
++	then
++	    logger -t $TAG -p $FAC_PRIO \
++	      "ESP+ $PLUTO_PEER -- $PLUTO_ME"
++	fi
++
+ 	;;
+ down-client:iptables)
+ 	# connection to client subnet, with (left/right)firewall=yes, going down
+@@ -463,11 +478,11 @@
+ 	# ones, so do not mess with it; see CAUTION comment up at top.
+ 	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/32" ]
+ 	then
+-	  iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	  iptables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ 	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
+ 	         $IPSEC_POLICY_OUT -j ACCEPT
+-	  iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	  iptables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
+ 	         $IPSEC_POLICY_IN -j ACCEPT
+@@ -477,11 +492,11 @@
+ 	# or sometimes host access via the internal IP is needed
+ 	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
+ 	then
+-	  iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	  iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
+ 	         $IPSEC_POLICY_IN -j ACCEPT
+-	  iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	  iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ 	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
+ 	         $IPSEC_POLICY_OUT -j ACCEPT
+@@ -493,12 +508,27 @@
+ 	  if [ "$PLUTO_PEER_CLIENT" = "$PLUTO_PEER/32" ]
+ 	  then
+ 	    logger -t $TAG -p $FAC_PRIO -- \
+-	      "- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
++	      "client- $PLUTO_PEER_ID $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
+ 	  else
+ 	    logger -t $TAG -p $FAC_PRIO -- \
+-	      "- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
++	      "client- $PLUTO_PEER_ID $PLUTO_PEER_CLIENT == $PLUTO_PEER -- $PLUTO_ME == $PLUTO_MY_CLIENT"
+ 	  fi
+ 	fi
++
++	#
++	# Close Firewall for ESP Traffic
++	  iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p ESP \
++	      -s $PLUTO_PEER $S_PEER_PORT \
++	      -d $PLUTO_ME $D_MY_PORT -j ACCEPT
++	  iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p ESP \
++	      -d $PLUTO_PEER $S_PEER_PORT \
++	      -s $PLUTO_ME $D_MY_PORT -j ACCEPT
++	if [ $VPN_LOGGING ]
++	then
++	    logger -t $TAG -p $FAC_PRIO \
++	      "ESP- $PLUTO_PEER -- $PLUTO_ME"
++	fi
++
+ 	;;
+ #
+ # IPv6
+@@ -533,10 +563,10 @@
+ 	# connection to me, with (left/right)firewall=yes, coming up
+ 	# This is used only by the default updown script, not by your custom
+ 	# ones, so do not mess with it; see CAUTION comment up at top.
+-	ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	ip6tables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	    -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	    -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+-	ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	ip6tables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
+ 	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
+ 	#
+@@ -557,10 +587,10 @@
+ 	# connection to me, with (left/right)firewall=yes, going down
+ 	# This is used only by the default updown script, not by your custom
+ 	# ones, so do not mess with it; see CAUTION comment up at top.
+-	ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	ip6tables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	    -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	    -d $PLUTO_ME $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+-	ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	ip6tables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	    -s $PLUTO_ME $S_MY_PORT $IPSEC_POLICY_OUT \
+ 	    -d $PLUTO_PEER_CLIENT $D_PEER_PORT -j ACCEPT
+ 	#
+@@ -583,10 +613,10 @@
+ 	# ones, so do not mess with it; see CAUTION comment up at top.
+ 	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
+ 	then
+-	  ip6tables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	  ip6tables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ 	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
+-	  ip6tables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	  ip6tables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+ 	fi
+@@ -595,10 +625,10 @@
+ 	# or sometimes host access via the internal IP is needed
+ 	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
+ 	then
+-	  ip6tables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	  ip6tables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	      -d $PLUTO_MY_CLIENT $D_MY_PORT $IPSEC_POLICY_IN -j ACCEPT
+-	  ip6tables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	  ip6tables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ 	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT $IPSEC_POLICY_OUT -j ACCEPT
+ 	fi
+@@ -622,11 +652,11 @@
+ 	# ones, so do not mess with it; see CAUTION comment up at top.
+ 	if [ "$PLUTO_PEER_CLIENT" != "$PLUTO_MY_SOURCEIP/128" ]
+ 	then
+-	  ip6tables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	  ip6tables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ 	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
+ 	         $IPSEC_POLICY_OUT -j ACCEPT
+-	  ip6tables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	  ip6tables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
+ 	         $IPSEC_POLICY_IN -j ACCEPT
+@@ -636,11 +666,11 @@
+ 	# or sometimes host access via the internal IP is needed
+ 	if [ -n "$PLUTO_MY_SOURCEIP" -o -n "$PLUTO_HOST_ACCESS" ]
+ 	then
+-	  ip6tables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	  ip6tables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	      -s $PLUTO_PEER_CLIENT $S_PEER_PORT \
+ 	      -d $PLUTO_MY_CLIENT $D_MY_PORT \
+ 	         $IPSEC_POLICY_IN -j ACCEPT
+-	  ip6tables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	  ip6tables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	      -s $PLUTO_MY_CLIENT $S_MY_PORT \
+ 	      -d $PLUTO_PEER_CLIENT $D_PEER_PORT \
+ 	         $IPSEC_POLICY_OUT -j ACCEPT
+diff -Naur strongswan-4.3.6.org/src/_updown_espmark/_updown_espmark strongswan-4.3.6/src/_updown_espmark/_updown_espmark
+--- strongswan-4.3.6.org/src/_updown_espmark/_updown_espmark	2009-09-27 21:50:42.000000000 +0200
++++ strongswan-4.3.6/src/_updown_espmark/_updown_espmark	2010-03-15 18:52:28.000000000 +0100
+@@ -247,10 +247,10 @@
+ ESP_MARK=50
+ 
+ # add the following static rule to the INPUT chain in the mangle table
+-# iptables -t mangle -A INPUT -p 50 -j MARK --set-mark 50
++# iptables -t mangle -A IPSECINPUT -p 50 -j MARK --set-mark 50
+ 
+ # NAT traversal via UDP encapsulation is supported with the rule
+-# iptables -t mangle -A INPUT -p udp --dport 4500 -j MARK --set-mark 50
++# iptables -t mangle -A IPSECINPUT -p udp --dport 4500 -j MARK --set-mark 50
+ 
+ # in the presence of KLIPS and ipsecN interfaces do not use ESP mark rules
+ if [ `echo "$PLUTO_INTERFACE" | grep "ipsec"` ]
+@@ -325,10 +325,10 @@
+ up-host:*)
+ 	# connection to me coming up
+ 	# If you are doing a custom version, firewall commands go here.
+-	iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	iptables -I IPSECINPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	    -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
+ 	    -d $PLUTO_ME $D_MY_PORT $CHECK_MARK -j ACCEPT
+-	iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	iptables -I IPSECOUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	    -s $PLUTO_ME $S_MY_PORT \
+ 	    -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
+ 	#
+@@ -346,10 +346,10 @@
+ 	# If you are doing a custom version, firewall commands go here.
+ 	# connection to me going down
+ 	# If you are doing a custom version, firewall commands go here.
+-	iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	iptables -D IPSECINPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	    -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
+ 	    -d $PLUTO_ME $D_MY_PORT $CHECK_MARK -j ACCEPT
+-	iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	iptables -D IPSECOUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	    -s $PLUTO_ME $S_MY_PORT \
+ 	    -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
+ 	#
+@@ -365,10 +365,10 @@
+ up-client:)
+ 	# connection to my client subnet coming up
+ 	# If you are doing a custom version, firewall commands go here.
+-	iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	iptables -I IPSECFORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	    -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
+ 	    -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
+-	iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	iptables -I IPSECFORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	    -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
+ 	    -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
+ 	       $CHECK_MARK -j ACCEPT
+@@ -385,10 +385,10 @@
+ down-client:)
+ 	# connection to my client subnet going down
+ 	# If you are doing a custom version, firewall commands go here.
+-	iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
++	iptables -D IPSECFORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \
+ 	    -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $S_MY_PORT \
+ 	    -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $D_PEER_PORT -j ACCEPT
+-	iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
++	iptables -D IPSECFORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \
+ 	    -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK $S_PEER_PORT \
+ 	    -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK $D_MY_PORT \
+ 	       $CHECK_MARK -j ACCEPT
hooks/post-receive
--
IPFire 2.x development tree

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[IPFire-SCM] [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 6652626c88bca3a3e89126c47d31779740a21732