strongswan4 update to 4.5.1 This patch updates the strongswan4 package from 4.3.7 to 4.5.1. I have added the following plugins which get built as strongswan4-mod-<plugin> packages:
constraints - X.509 constraint checking
dhcp - DHCP-based IP and DNS
farp - Fake arp responses
led - LED blink on IKE activity
revocation - X.509 revocation checking
socket-default - Default socket for IKEv2
socket-raw - RAW socket of IKEv1 and IKEv2
xauth - XAUTH authentication
Upstream default plugins were added to the strongswan4-default meta
package. "socket-default" and "kernel-netlink" plugins were added to the
strongswan4-minimal meta package since a socket and a kernel interface are
required for a working setup and these are the upstream defaults in this
case. The whack command was moved to strongswan4-app-pluto.
The 202-clone.patch has been fixed upstream so it can be removed. The
other patches were rebased for the new strongswan4 release.
I have been using strongswan 4.5.1 with backfire and trunk for a couple
weeks now. There are some missing kernel modules in trunk that are
required for strongswan4 to work (also true for 4.3.7). There are already
a couple of tickets on trac addressing these kernel modules:
https://dev.openwrt.org/ticket/9234
https://dev.openwrt.org/ticket/8928
I also have my own patch that just packages all of the missing modules
into a single kmod-crypto-ipsec package. It would be nice to get some
discussion how these modules should be packaged so we can get working
ipsec support in trunk.
Signed-off-by: Lars Hjersted <lars at hjersted.com>
SVN-Revision: 26789