PKG_NAME:=strongswan
PKG_VERSION:=5.0.2
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=http://download.strongswan.org/
define Package/strongswan/conffiles
/etc/ipsec.conf
/etc/ipsec.secrets
+/etc/ipsec.user
/etc/strongswan.conf
endef
$(INSTALL_DIR) $(1)/usr/lib/ipsec/plugins
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/{_updown,_updown_espmark} $(1)/usr/lib/ipsec/
$(CP) $(PKG_INSTALL_DIR)/usr/lib/ipsec/plugins/libstrongswan-updown.so $(1)/usr/lib/ipsec/plugins/
+ $(INSTALL_DIR) $(1)/etc
+ $(INSTALL_CONF) ./files/ipsec.user $(1)/etc/
endef
define Plugin/whitelist/install
--- /dev/null
+# This file is interpreted as shell script.
+# Put your custom ip rules here, they will
+# be executed with each call to the script
+# /usr/lib/ipsec/_updown which by default
+# strongswan executes.
+
--- /dev/null
+--- a/src/_updown/_updown.in
++++ b/src/_updown/_updown.in
+@@ -16,11 +16,9 @@
+ # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ # for more details.
+
+-# CAUTION: Installing a new version of strongSwan will install a new
+-# copy of this script, wiping out any custom changes you make. If
+-# you need changes, make a copy of this under another name, and customize
+-# that, and use the (left/right)updown parameters in ipsec.conf to make
+-# strongSwan use yours instead of this default one.
++# Add your custom ip rules to the /etc/ipsec.user file if you need that functionality.
++
++[ -e /etc/ipsec.user ] && . /etc/ipsec.user "$1"
+
+ # things that this script gets (from ipsec_pluto(8) man page)
+ #