Re: Notes on vpnc
On Fri, Oct 12, 2007 at 06:43:24PM +0200, Thomas Schoeller wrote:
> On Tue, Oct 09, 2007 at 09:08:42AM +0200, Thomas Schoeller wrote:
> > hello,
> > any doubts this could go in?
> > could someone commit this?
> >
> > thanks
> > thomas
> >
> > On Fri, Oct 05, 2007 at 03:54:37PM +0200, Thomas Schoeller wrote:
> > > On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote:
> > > >
> > > > can you send a diff -u with those in please? (I usually 'cvs diff -RuN'
> > > > against an anoncvs server or local mirrored repository, which includes
> > > > the
> > > > version information, is easy to read and apply, and handles
> > > > added/removed
> > > > files nicely, but any 'diff -u' would be good)
> > > >
> > >
> > > here is a updated diff.
> > >
> > > thank you stuart.
> > >
> >
>
> new diff that not revert 1.12
This works for me on sparc64. Thanks for the update. Rekeying is nice :)
Maybe someone could commit this?
Regards,
Markus
> Index: Makefile
> ===
> RCS file: /cvs/ports/security/vpnc/Makefile,v
> retrieving revision 1.12
> diff -u -r1.12 Makefile
> --- Makefile 15 Sep 2007 23:30:01 - 1.12
> +++ Makefile 11 Oct 2007 19:27:59 -
> @@ -2,8 +2,7 @@
>
> COMMENT= client for Cisco 3000 VPN concentrators
>
> -DISTNAME=vpnc-0.3.3
> -PKGNAME= ${DISTNAME}p1
> +DISTNAME=vpnc-0.5.1
> CATEGORIES= security net
>
> HOMEPAGE=http://www.unix-ag.uni-kl.de/~massar/vpnc/
> @@ -22,9 +21,15 @@
> USE_GMAKE= Yes
> NO_REGRESS= Yes
>
> +# amd64 works only with -O0
> +.if ${MACHINE_ARCH} == "amd64"
> +CFLAGS+= -O0
> +.endif
> +
> do-configure:
> @perl -pi -e "s,/etc,${SYSCONFDIR},g" ${WRKSRC}/{README,config.c}
> @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/vpnc.sh >
> ${WRKBUILD}/vpnc.sh
> + @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/split.sh >
> ${WRKBUILD}/split.sh
>
> do-install:
> ${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin
> @@ -33,6 +38,7 @@
> ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc
> ${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc
> ${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc
> + ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc
> ${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc
> ${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8
>
> Index: distinfo
> ===
> RCS file: /cvs/ports/security/vpnc/distinfo,v
> retrieving revision 1.6
> diff -u -r1.6 distinfo
> --- distinfo 5 Apr 2007 17:26:10 - 1.6
> +++ distinfo 11 Oct 2007 19:27:59 -
> @@ -1,5 +1,5 @@
> -MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag==
> -RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo=
> -SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo=
> -SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c=
> -SIZE (vpnc-0.3.3.tar.gz) = 59939
> +MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw==
> +RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI=
> +SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0=
> +SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0=
> +SIZE (vpnc-0.5.1.tar.gz) = 91496
> Index: files/split.sh
> ===
> RCS file: files/split.sh
> diff -N files/split.sh
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ files/split.sh11 Oct 2007 19:27:59 -
> @@ -0,0 +1,19 @@
> +#!/bin/sh
> +
> +# this effectively disables changes to /etc/resolv.conf
> +INTERNAL_IP4_DNS=
> +
> +# This sets up split networking regardless
> +# of the concentrators specifications.
> +# You can add as many routes as you want,
> +# but you must set the counter $CISCO_SPLIT_INC
> +# accordingly
> +CISCO_SPLIT_INC=1
> +CISCO_SPLIT_INC_0_ADDR=10.0.0.0
> +CISCO_SPLIT_INC_0_MASK=255.255.0.0
> +CISCO_SPLIT_INC_0_MASKLEN=16
> +CISCO_SPLIT_INC_0_PROTOCOL=0
> +CISCO_SPLIT_INC_0_SPORT=0
> +CISCO_SPLIT_INC_0_DPORT=0
> +
> +. /etc/vpnc/vpnc-script
> Index: patches/patch-Makefile
> ===
> RCS file: /cvs/ports/security/vpnc/patches/patch-Makefile,v
> retrieving revision 1.3
> diff -u -r1.3 patch-Makefile
> --- patches/patch-Makefile11 Nov 2005 19:38:07 - 1.3
> +++ patches/patch-Makefile11 Oct 2007 19:27:59 -
> @@ -1,16 +1,18 @@
> $OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $
> Makefile.origSun May 1 22:30:35 2005
> -+++ Makefile Fri Nov 4 00:03:54 2005
> -@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
> - SBINDIR=$(PREFIX)/sbin
> - MANDIR=$(PREFIX)/share/man
> +--- Makefile.origThu Sep 6 16:05:15 2007
> Makefile Wed Sep 19 06:05:20 2007
> +@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION)
> + #OPENSSL_
Re: Notes on vpnc
On Tue, Oct 09, 2007 at 09:08:42AM +0200, Thomas Schoeller wrote:
> hello,
> any doubts this could go in?
> could someone commit this?
>
> thanks
> thomas
>
> On Fri, Oct 05, 2007 at 03:54:37PM +0200, Thomas Schoeller wrote:
> > On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote:
> > >
> > > can you send a diff -u with those in please? (I usually 'cvs diff -RuN'
> > > against an anoncvs server or local mirrored repository, which includes the
> > > version information, is easy to read and apply, and handles added/removed
> > > files nicely, but any 'diff -u' would be good)
> > >
> >
> > here is a updated diff.
> >
> > thank you stuart.
> >
>
new diff that not revert 1.12
Index: Makefile
===
RCS file: /cvs/ports/security/vpnc/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- Makefile15 Sep 2007 23:30:01 - 1.12
+++ Makefile11 Oct 2007 19:27:59 -
@@ -2,8 +2,7 @@
COMMENT= client for Cisco 3000 VPN concentrators
-DISTNAME= vpnc-0.3.3
-PKGNAME= ${DISTNAME}p1
+DISTNAME= vpnc-0.5.1
CATEGORIES=security net
HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/
@@ -22,9 +21,15 @@
USE_GMAKE= Yes
NO_REGRESS=Yes
+# amd64 works only with -O0
+.if ${MACHINE_ARCH} == "amd64"
+CFLAGS+= -O0
+.endif
+
do-configure:
@perl -pi -e "s,/etc,${SYSCONFDIR},g" ${WRKSRC}/{README,config.c}
@sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/vpnc.sh >
${WRKBUILD}/vpnc.sh
+ @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/split.sh >
${WRKBUILD}/split.sh
do-install:
${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin
@@ -33,6 +38,7 @@
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc
+ ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc
${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8
Index: distinfo
===
RCS file: /cvs/ports/security/vpnc/distinfo,v
retrieving revision 1.6
diff -u -r1.6 distinfo
--- distinfo5 Apr 2007 17:26:10 - 1.6
+++ distinfo11 Oct 2007 19:27:59 -
@@ -1,5 +1,5 @@
-MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag==
-RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo=
-SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo=
-SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c=
-SIZE (vpnc-0.3.3.tar.gz) = 59939
+MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw==
+RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI=
+SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0=
+SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0=
+SIZE (vpnc-0.5.1.tar.gz) = 91496
Index: files/split.sh
===
RCS file: files/split.sh
diff -N files/split.sh
--- /dev/null 1 Jan 1970 00:00:00 -
+++ files/split.sh 11 Oct 2007 19:27:59 -
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# this effectively disables changes to /etc/resolv.conf
+INTERNAL_IP4_DNS=
+
+# This sets up split networking regardless
+# of the concentrators specifications.
+# You can add as many routes as you want,
+# but you must set the counter $CISCO_SPLIT_INC
+# accordingly
+CISCO_SPLIT_INC=1
+CISCO_SPLIT_INC_0_ADDR=10.0.0.0
+CISCO_SPLIT_INC_0_MASK=255.255.0.0
+CISCO_SPLIT_INC_0_MASKLEN=16
+CISCO_SPLIT_INC_0_PROTOCOL=0
+CISCO_SPLIT_INC_0_SPORT=0
+CISCO_SPLIT_INC_0_DPORT=0
+
+. /etc/vpnc/vpnc-script
Index: patches/patch-Makefile
===
RCS file: /cvs/ports/security/vpnc/patches/patch-Makefile,v
retrieving revision 1.3
diff -u -r1.3 patch-Makefile
--- patches/patch-Makefile 11 Nov 2005 19:38:07 - 1.3
+++ patches/patch-Makefile 11 Oct 2007 19:27:59 -
@@ -1,16 +1,18 @@
$OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $
Makefile.orig Sun May 1 22:30:35 2005
-+++ Makefile Fri Nov 4 00:03:54 2005
-@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
- SBINDIR=$(PREFIX)/sbin
- MANDIR=$(PREFIX)/share/man
+--- Makefile.orig Thu Sep 6 16:05:15 2007
Makefile Wed Sep 19 06:05:20 2007
+@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION)
+ #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
+ #OPENSSLLIBS = -lcrypto
-CC=gcc
--CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell
libgcrypt-config --cflags)
--LDFLAGS=-g $(shell libgcrypt-config --libs)
-+CC?=gcc
-+CFLAGS+=-W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config
--cflags)
-+LDFLAGS+=$(shell libgcrypt-config --libs)
+-CFLAGS ?= -O3 -g
+-CFLAGS += -W -Wall -W
Re: Notes on vpnc
hello,
any doubts this could go in?
could someone commit this?
thanks
thomas
On Fri, Oct 05, 2007 at 03:54:37PM +0200, Thomas Schoeller wrote:
> On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote:
> >
> > can you send a diff -u with those in please? (I usually 'cvs diff -RuN'
> > against an anoncvs server or local mirrored repository, which includes the
> > version information, is easy to read and apply, and handles added/removed
> > files nicely, but any 'diff -u' would be good)
> >
>
> here is a updated diff.
>
> thank you stuart.
>
> Index: Makefile
> ===
> RCS file: /cvs/ports/security/vpnc/Makefile,v
> retrieving revision 1.12
> diff -u -r1.12 Makefile
> --- Makefile 15 Sep 2007 23:30:01 - 1.12
> +++ Makefile 5 Oct 2007 13:25:26 -
> @@ -1,9 +1,8 @@
> -# $OpenBSD: Makefile,v 1.12 2007/09/15 23:30:01 merdely Exp $
> +# $OpenBSD: Makefile,v 1.11 2006/08/03 23:28:12 espie Exp $
>
> -COMMENT= client for Cisco 3000 VPN concentrators
> +COMMENT= "client for Cisco 3000 VPN concentrators"
>
> -DISTNAME=vpnc-0.3.3
> -PKGNAME= ${DISTNAME}p1
> +DISTNAME=vpnc-0.5.1
> CATEGORIES= security net
>
> HOMEPAGE=http://www.unix-ag.uni-kl.de/~massar/vpnc/
> @@ -22,9 +21,15 @@
> USE_GMAKE= Yes
> NO_REGRESS= Yes
>
> +# amd64 works only with -O0
> +.if ${MACHINE_ARCH} == "amd64"
> +CFLAGS+= -O0
> +.endif
> +
> do-configure:
> @perl -pi -e "s,/etc,${SYSCONFDIR},g" ${WRKSRC}/{README,config.c}
> @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/vpnc.sh >
> ${WRKBUILD}/vpnc.sh
> + @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/split.sh >
> ${WRKBUILD}/split.sh
>
> do-install:
> ${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin
> @@ -33,6 +38,7 @@
> ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc
> ${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc
> ${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc
> + ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc
> ${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc
> ${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8
>
> Index: distinfo
> ===
> RCS file: /cvs/ports/security/vpnc/distinfo,v
> retrieving revision 1.6
> diff -u -r1.6 distinfo
> --- distinfo 5 Apr 2007 17:26:10 - 1.6
> +++ distinfo 5 Oct 2007 13:25:26 -
> @@ -1,5 +1,5 @@
> -MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag==
> -RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo=
> -SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo=
> -SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c=
> -SIZE (vpnc-0.3.3.tar.gz) = 59939
> +MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw==
> +RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI=
> +SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0=
> +SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0=
> +SIZE (vpnc-0.5.1.tar.gz) = 91496
> Index: files/split.sh
> ===
> RCS file: files/split.sh
> diff -N files/split.sh
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ files/split.sh5 Oct 2007 13:25:26 -
> @@ -0,0 +1,19 @@
> +#!/bin/sh
> +
> +# this effectively disables changes to /etc/resolv.conf
> +INTERNAL_IP4_DNS=
> +
> +# This sets up split networking regardless
> +# of the concentrators specifications.
> +# You can add as many routes as you want,
> +# but you must set the counter $CISCO_SPLIT_INC
> +# accordingly
> +CISCO_SPLIT_INC=1
> +CISCO_SPLIT_INC_0_ADDR=10.0.0.0
> +CISCO_SPLIT_INC_0_MASK=255.255.0.0
> +CISCO_SPLIT_INC_0_MASKLEN=16
> +CISCO_SPLIT_INC_0_PROTOCOL=0
> +CISCO_SPLIT_INC_0_SPORT=0
> +CISCO_SPLIT_INC_0_DPORT=0
> +
> +. /etc/vpnc/vpnc-script
> Index: patches/patch-Makefile
> ===
> RCS file: /cvs/ports/security/vpnc/patches/patch-Makefile,v
> retrieving revision 1.3
> diff -u -r1.3 patch-Makefile
> --- patches/patch-Makefile11 Nov 2005 19:38:07 - 1.3
> +++ patches/patch-Makefile5 Oct 2007 13:25:26 -
> @@ -1,16 +1,18 @@
> $OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $
> Makefile.origSun May 1 22:30:35 2005
> -+++ Makefile Fri Nov 4 00:03:54 2005
> -@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
> - SBINDIR=$(PREFIX)/sbin
> - MANDIR=$(PREFIX)/share/man
> +--- Makefile.origThu Sep 6 16:05:15 2007
> Makefile Wed Sep 19 06:05:20 2007
> +@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION)
> + #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
> + #OPENSSLLIBS = -lcrypto
>
> -CC=gcc
> --CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell
> libgcrypt-config --cflags)
> --LDFLAGS=-g $(shell l
Re: Diffing added files with anoncvs (was: Re: Notes on vpnc)
On Fri, Oct 05, 2007 at 03:31:48PM +0100, Stuart Henderson wrote: > On 2007/10/05 16:21, Stefan Sperling wrote: > > On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote: > > > can you send a diff -u with those in please? (I usually 'cvs diff -RuN' > > > against an anoncvs server or local mirrored repository, which includes the > > > version information, is easy to read and apply, and handles added/removed > > > files nicely, but any 'diff -u' would be good) > > > > How do you 'nicely' diff files you've added? > > just "cvs add" them first. ok for files, not for directories. Right, I never knew 'cvs add' worked for files. I just did a test, and 'cvsdo add' does not seem to work for directories either... :( > (well, it may work against a cvsync'd repo, but I usually ended up > in a mess next time I updated cvsync when I tried that). FreeBSD have a nice hack in CVS to maintain local branches, which sort of works most of the time with repos mirrored with CVSup. Maybe you find this useful. Quoting http://www.freebsd.org/cgi/man.cgi?query=development : First, you need to modify your cvsup(1) environment to avoid it modifying the local changes you have committed to the repository. It is important to remove the delete keyword from your supfile and to add the CVSROOT subdirectory to your refuse file. The FreeBSD version of cvs(1) examines a custom environmental variable, CVS_LOCAL_BRANCH_NUM, which specifies an integer to use when doing a cvs(1) tag/rtag. Set this number to something high (say 1000) to avoid colliding with potential future branches of the main repository. For example, branching a file with version 1.4 produces 1.4.1000. Future commits to this branch will produce revisions 1.4.1000.1, 1.4.1000.2, etc. To fork your local branch, do: cvs rtag -r RELENG_4 -b LOCAL_RELENG_4 src After this, you can check out a copy from your local repository using the new tag and begin making changes and committing them. WARNING! The cvsup(1) utility may blow away changes made on a local branch in some situations. This has been reported to occur when the mas- ter CVS repository is directly manipulated or an RCS file is changed. At this point, cvsup(1) notices that the client and server have entirely different RCS files, so it does a full replace instead of trying to send just deltas. Ideally this situation should never arise, but in the real world it happens all the time. While this is the only scenario where the problem should crop up, there have been some suspicious-sounding reports of CVS_LOCAL_BRANCH_NUM los- sage that cannot be explained by this alone. Bottom line is, if you value your local branch then you should back it up before every update. -- stefan http://stsp.name PGP Key: 0xF59D25F0 signature.asc Description: Digital signature
Diffing added files with anoncvs (was: Re: Notes on vpnc)
On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote:
> can you send a diff -u with those in please? (I usually 'cvs diff -RuN'
> against an anoncvs server or local mirrored repository, which includes the
> version information, is easy to read and apply, and handles added/removed
> files nicely, but any 'diff -u' would be good)
How do you 'nicely' diff files you've added?
The only way I know is either manually hacking the CVS/Entries
file or using a tool that does this such as cvsdo ("cvsdo add ")
from cvsutils. Then cvs diff will pick them up.
Do you have another way?
--
stefan
http://stsp.name PGP Key: 0xF59D25F0
Re: Diffing added files with anoncvs (was: Re: Notes on vpnc)
On 2007/10/05 16:21, Stefan Sperling wrote: > On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote: > > can you send a diff -u with those in please? (I usually 'cvs diff -RuN' > > against an anoncvs server or local mirrored repository, which includes the > > version information, is easy to read and apply, and handles added/removed > > files nicely, but any 'diff -u' would be good) > > How do you 'nicely' diff files you've added? just "cvs add" them first. ok for files, not for directories. (well, it may work against a cvsync'd repo, but I usually ended up in a mess next time I updated cvsync when I tried that).
Re: Notes on vpnc
On Fri, Oct 05, 2007 at 12:28:09PM +0100, Stuart Henderson wrote:
>
> can you send a diff -u with those in please? (I usually 'cvs diff -RuN'
> against an anoncvs server or local mirrored repository, which includes the
> version information, is easy to read and apply, and handles added/removed
> files nicely, but any 'diff -u' would be good)
>
here is a updated diff.
thank you stuart.
Index: Makefile
===
RCS file: /cvs/ports/security/vpnc/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- Makefile15 Sep 2007 23:30:01 - 1.12
+++ Makefile5 Oct 2007 13:25:26 -
@@ -1,9 +1,8 @@
-# $OpenBSD: Makefile,v 1.12 2007/09/15 23:30:01 merdely Exp $
+# $OpenBSD: Makefile,v 1.11 2006/08/03 23:28:12 espie Exp $
-COMMENT= client for Cisco 3000 VPN concentrators
+COMMENT= "client for Cisco 3000 VPN concentrators"
-DISTNAME= vpnc-0.3.3
-PKGNAME= ${DISTNAME}p1
+DISTNAME= vpnc-0.5.1
CATEGORIES=security net
HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/
@@ -22,9 +21,15 @@
USE_GMAKE= Yes
NO_REGRESS=Yes
+# amd64 works only with -O0
+.if ${MACHINE_ARCH} == "amd64"
+CFLAGS+= -O0
+.endif
+
do-configure:
@perl -pi -e "s,/etc,${SYSCONFDIR},g" ${WRKSRC}/{README,config.c}
@sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/vpnc.sh >
${WRKBUILD}/vpnc.sh
+ @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/split.sh >
${WRKBUILD}/split.sh
do-install:
${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin
@@ -33,6 +38,7 @@
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc
+ ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc
${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8
Index: distinfo
===
RCS file: /cvs/ports/security/vpnc/distinfo,v
retrieving revision 1.6
diff -u -r1.6 distinfo
--- distinfo5 Apr 2007 17:26:10 - 1.6
+++ distinfo5 Oct 2007 13:25:26 -
@@ -1,5 +1,5 @@
-MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag==
-RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo=
-SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo=
-SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c=
-SIZE (vpnc-0.3.3.tar.gz) = 59939
+MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw==
+RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI=
+SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0=
+SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0=
+SIZE (vpnc-0.5.1.tar.gz) = 91496
Index: files/split.sh
===
RCS file: files/split.sh
diff -N files/split.sh
--- /dev/null 1 Jan 1970 00:00:00 -
+++ files/split.sh 5 Oct 2007 13:25:26 -
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# this effectively disables changes to /etc/resolv.conf
+INTERNAL_IP4_DNS=
+
+# This sets up split networking regardless
+# of the concentrators specifications.
+# You can add as many routes as you want,
+# but you must set the counter $CISCO_SPLIT_INC
+# accordingly
+CISCO_SPLIT_INC=1
+CISCO_SPLIT_INC_0_ADDR=10.0.0.0
+CISCO_SPLIT_INC_0_MASK=255.255.0.0
+CISCO_SPLIT_INC_0_MASKLEN=16
+CISCO_SPLIT_INC_0_PROTOCOL=0
+CISCO_SPLIT_INC_0_SPORT=0
+CISCO_SPLIT_INC_0_DPORT=0
+
+. /etc/vpnc/vpnc-script
Index: patches/patch-Makefile
===
RCS file: /cvs/ports/security/vpnc/patches/patch-Makefile,v
retrieving revision 1.3
diff -u -r1.3 patch-Makefile
--- patches/patch-Makefile 11 Nov 2005 19:38:07 - 1.3
+++ patches/patch-Makefile 5 Oct 2007 13:25:26 -
@@ -1,16 +1,18 @@
$OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $
Makefile.orig Sun May 1 22:30:35 2005
-+++ Makefile Fri Nov 4 00:03:54 2005
-@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
- SBINDIR=$(PREFIX)/sbin
- MANDIR=$(PREFIX)/share/man
+--- Makefile.orig Thu Sep 6 16:05:15 2007
Makefile Wed Sep 19 06:05:20 2007
+@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION)
+ #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
+ #OPENSSLLIBS = -lcrypto
-CC=gcc
--CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell
libgcrypt-config --cflags)
--LDFLAGS=-g $(shell libgcrypt-config --libs)
-+CC?=gcc
-+CFLAGS+=-W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config
--cflags)
-+LDFLAGS+=$(shell libgcrypt-config --libs)
+-CFLAGS ?= -O3 -g
+-CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings
+-CFLAGS += $(shell libgcrypt-config --cflags)
++CC ?= gcc
++CFLAGS += -W -Wall '-DVER
Re: Notes on vpnc
On 2007/10/05 11:35, Thomas Schoeller wrote:
> > CFLAGS= -O3
this overrides the user's chosen CFLAGS, which may include debug
settings, and we generally avoid -O above 2. if it's necessary
(e.g. inline assembly using a lot of registers) than +=O3 on
the arch that need it, otherwise it should just go.
> > PKGNAME= ${DISTNAME}
this can be removed, PKGNAME defaults to DISTNAME (it's usually
only used where you add p# and/or v#, or use a different PKGNAME
from DISTNAME)
> > .if ${MACHINE_ARCH} == "amd64"
> > CFLAGS= -O0
> > .endif
this should be += not = (the last -O value takes effect, overriding
any earlier setting from user's CFLAGS, this will then keep debug flags
working), it also needs a comment as to why it's been done so that it
can be tested against future C compiler versions and maybe removed.
can you send a diff -u with those in please? (I usually 'cvs diff -RuN'
against an anoncvs server or local mirrored repository, which includes the
version information, is easy to read and apply, and handles added/removed
files nicely, but any 'diff -u' would be good)
thanks!
Re: Notes on vpnc
On Thu, Sep 20, 2007 at 11:24:27PM -0500, Aaron Hsu wrote:
> I have not really had the time to follow the vpnc porting efforts lately, but
> I believe I recalled someone mentioning that vpnc failed to maintain a
> connection? I wanted to report that I experience the same thing, where vpnc
> just stops forwarding connections or something. I can kill vpnc and restart
> it, and this works, but then eventually, that stops working and I have to
> reconfigure the network devices, and then start vpnc again.
>
> I cannot tell whether this is caused by my Universities vpn or not. :-/
>
> Are there any problems still outstanding?
i'm running this patch for 3weeks in production for a connection to a
client. it is much better as the 3.3.0 in ports.
i have still disconnects, but it terminates the process. in the old
version the process was not terminated and just did not forward packets.
imho it is also much more stable.
the patch attached also runs on amd64.
it seams that the network configure script has issues in restoring the
routing table if more than 1 ip address is assigned to an interface.
i think someone can commit this port.
thomas
diff -r -N /usr/ports/security/vpnc/Makefile
/usr/ports/mystuff/security/vpnc/Makefile
5,6c5,6
< DISTNAME= vpnc-0.3.3
< PKGNAME= ${DISTNAME}p1
---
> DISTNAME= vpnc-0.5.1
> PKGNAME= ${DISTNAME}
24a25,29
> CFLAGS= -O3
> .if ${MACHINE_ARCH} == "amd64"
> CFLAGS= -O0
> .endif
>
27a33
> @sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/split.sh >
> ${WRKBUILD}/split.sh
35a42
> ${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc
diff -r -N /usr/ports/security/vpnc/distinfo
/usr/ports/mystuff/security/vpnc/distinfo
1,5c1,5
< MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag==
< RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo=
< SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo=
< SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c=
< SIZE (vpnc-0.3.3.tar.gz) = 59939
---
> MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw==
> RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI=
> SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0=
> SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0=
> SIZE (vpnc-0.5.1.tar.gz) = 91496
diff -r -N /usr/ports/security/vpnc/files/split.sh
/usr/ports/mystuff/security/vpnc/files/split.sh
0a1,19
> #!/bin/sh
>
> # this effectively disables changes to /etc/resolv.conf
> INTERNAL_IP4_DNS=
>
> # This sets up split networking regardless
> # of the concentrators specifications.
> # You can add as many routes as you want,
> # but you must set the counter $CISCO_SPLIT_INC
> # accordingly
> CISCO_SPLIT_INC=1
> CISCO_SPLIT_INC_0_ADDR=10.0.0.0
> CISCO_SPLIT_INC_0_MASK=255.255.0.0
> CISCO_SPLIT_INC_0_MASKLEN=16
> CISCO_SPLIT_INC_0_PROTOCOL=0
> CISCO_SPLIT_INC_0_SPORT=0
> CISCO_SPLIT_INC_0_DPORT=0
>
> . /etc/vpnc/vpnc-script
diff -r -N /usr/ports/security/vpnc/patches/patch-Makefile
/usr/ports/mystuff/security/vpnc/patches/patch-Makefile
2,6c2,6
< --- Makefile.orig Sun May 1 22:30:35 2005
< +++ Makefile Fri Nov 4 00:03:54 2005
< @@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
< SBINDIR=$(PREFIX)/sbin
< MANDIR=$(PREFIX)/share/man
---
> --- Makefile.orig Thu Sep 6 16:05:15 2007
> +++ Makefile Wed Sep 19 06:05:20 2007
> @@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION)
> #OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
> #OPENSSLLIBS = -lcrypto
9,13c9,16
< -CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell
libgcrypt-config --cflags)
< -LDFLAGS=-g $(shell libgcrypt-config --libs)
< +CC?=gcc
< +CFLAGS+=-W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config
--cflags)
< +LDFLAGS+=$(shell libgcrypt-config --libs)
---
> -CFLAGS ?= -O3 -g
> -CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings
> -CFLAGS += $(shell libgcrypt-config --cflags)
> +CC ?= gcc
> +CFLAGS += -W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell
> libgcrypt-config --cflags)
> CPPFLAGS += -DVERSION=\"$(VERSION)\" $(OPENSSL_GPL_VIOLATION)
> -LDFLAGS ?= -g
> LDFLAGS += $(shell libgcrypt-config --libs) $(OPENSSLLIBS)
15,16c18
< ifeq ($(shell uname -s), Linux)
< SYSDEP=sysdep-linux.o
---
> ifeq ($(shell uname -s), SunOS)
diff -r -N /usr/ports/security/vpnc/patches/patch-tunip_c
/usr/ports/mystuff/security/vpnc/patches/patch-tunip_c
1,21d0
< $OpenBSD: patch-tunip_c,v 1.3 2005/11/11 19:38:07 sturm Exp $
< --- tunip.c.orig Thu May 5 12:25:00 2005
< +++ tunip.c Fri Nov 4 00:09:30 2005
< @@ -436,7 +436,7 @@ int update_sa_addr(struct sa_desc *p)
< if (new_addr.sin_addr.s_addr != p->source.sin_addr.s_addr) {
< char addr1[16];
< p->source.sin_addr = new_addr.sin_addr;
< - strcpy(addr1, inet_ntoa(p->dest.sin_addr));
< + strlcpy(addr1, inet_ntoa(p->dest.sin_addr), sizeof(addr1));
< syslog(LOG_NOTICE,
<
Re: Notes on vpnc
On Wed, Oct 03, 2007 at 09:53:29PM +0200, Joachim Schipper wrote: > > Has anyone experienced a similar problem? Is there a way to make sure that > > dhclient does not overwrite my vpnc defined resolv.conf file? :-/ > > Wouldn't playing tricks [1] with /etc/resolv.conf.tail work? > > Joachim > > [1] Copying the 'nameserver' lines from /etc/resolv.conf to > /etc/resolv.conf.tail after vpnc has started, or somesuch. Putting a public nameserver into resolv.coná¸.tail helped me with PPTP-based VPN. I also used to lose DNS in some cases whenever resolv.conf was overwritten by dhclient, e.g. if the nameserver configured via DHCP had a non-public IP which was not reachable due to my VPN config messing with the routing table. -- stefan http://stsp.name PGP Key: 0xF59D25F0 signature.asc Description: Digital signature
Re: Notes on vpnc
On Wed, Oct 03, 2007 at 02:21:33PM -0500, Aaron W. Hsu wrote: > I've been working with the vpnc port, and I noticed something strange. I have > to run a dhcp client first to connect to my network, and then I start vpnc. > This all works fine until dhcp repools for a new IP. Somehow, it overwrites > the resolv.conf file so that my routes do not work. Tunnels already > established continue to work for some time, but eventually they go out too. > > Does anyone know what is wrong here? It does not appear that my vpnc client > is > disconnecting me, or that the server is disconnecting me, so I can't see any > other reason than dhclient for the whole thing to mess up. > > Has anyone experienced a similar problem? Is there a way to make sure that > dhclient does not overwrite my vpnc defined resolv.conf file? :-/ Wouldn't playing tricks [1] with /etc/resolv.conf.tail work? Joachim [1] Copying the 'nameserver' lines from /etc/resolv.conf to /etc/resolv.conf.tail after vpnc has started, or somesuch. -- PotD: multimedia/gstreamer-0.10/plugins-base,-vorbis - multimedia framework - vorbis plugin
Re: Notes on vpnc
I've been working with the vpnc port, and I noticed something strange. I have to run a dhcp client first to connect to my network, and then I start vpnc. This all works fine until dhcp repools for a new IP. Somehow, it overwrites the resolv.conf file so that my routes do not work. Tunnels already established continue to work for some time, but eventually they go out too. Does anyone know what is wrong here? It does not appear that my vpnc client is disconnecting me, or that the server is disconnecting me, so I can't see any other reason than dhclient for the whole thing to mess up. Has anyone experienced a similar problem? Is there a way to make sure that dhclient does not overwrite my vpnc defined resolv.conf file? :-/ -- ((name "Aaron Hsu") (email/xmpp "[EMAIL PROTECTED]") (phone "703-597-7656") (site "http://www.aaronhsu.com";)) pgpm7IC2Jf9YQ.pgp Description: PGP signature
Notes on vpnc
I have not really had the time to follow the vpnc porting efforts lately, but I believe I recalled someone mentioning that vpnc failed to maintain a connection? I wanted to report that I experience the same thing, where vpnc just stops forwarding connections or something. I can kill vpnc and restart it, and this works, but then eventually, that stops working and I have to reconfigure the network devices, and then start vpnc again. I cannot tell whether this is caused by my Universities vpn or not. :-/ Are there any problems still outstanding? -- ((name "Aaron Hsu") (email/xmpp "[EMAIL PROTECTED]") (phone "703-597-7656") (site "http://www.aaronhsu.com";)) pgpZ07qfhUwoU.pgp Description: PGP signature
