Requires libcli (Bug #141329) Please find attached l2tpns-2.1.19.ebuild, a patch to tighten control interface authentication requirements, and conf/init scripts. l2tpns is an L2TP server daemon intended for large connection volumes and high-availability applications, such as ISP and enterprise installations. It is said to scale linearly to 64K simultaneous connections. I suggest net-dialup/l2tpns. - Kevin
Created attachment 92446 [details] l2tpns-2.1.19.ebuild
Created attachment 92447 [details, diff] Enforces authentication to CLI interface, even from localhost.
Created attachment 92448 [details] l2tpns init script
Created attachment 92449 [details] l2tpns conf.d file
(In reply to comment #1) > Created an attachment (id=92446) [edit] > l2tpns-2.1.19.ebuild > 'ppc' architecture shouldn't be there.
Created attachment 92528 [details, diff] l2tpns-2.1.19-trust-localhost.patch There's no need for a compile-time decision about requiring authentication for telnet connections from localhost. This patch allows the user to decide if telnet connections from localhost are allowed unconditionally (current upstream behaviour), or are subject to the same restrictions as remote connections. Previous discussion on this topic can be found at http://tinyurl.com/oecw3 A new config option has been added (cli_trust_localhost). Unless cli_trust_localhost=yes, connections from localhost are logged at debug level 3 (in the same way as remote connections), with the extra message "Treating localhost as remote".
Kevin, why do you have the following in l2tpns-2.1.19.ebuild : #Put CFLAGS from make.conf and disable builtin definition of log function sed -i.orig -e "s|-O3|${CFLAGS} -fno-builtin-log|" "${S}/Makefile" || die "failed to change CFLAGS in Makefile" There is no need to modify Makefile to achieve this. The following approach is cleaner and won't break if upstream change -O3 to -O2 in Makefile. inherit flag-o-matic src_compile() { append-flags "-fno-builtin-log" # Override Makefile's hard-coded CFLAGS (including optimizations) emake CFLAGS="${CFLAGS}" || die "compile failed" } I don't actually see why -fno-builtin-log is needed, as the resulting binaries are identical to those built without it.
Bravo on the auth patch; I hadn't the time to do it right and I'm glad to see that I won't have to. The weird Makefile stuff was bequeathed entirely from the l2tpd ebuild. I'd say that net-dialup/l2tpd probably wants attention about that, but that daemon isn't worth the bits it takes up in server mode. I'll know more in a week or so which packages are really usable for the client-side. - Kevin
Kevin, what package provides the ipsec init.d script referenced in your l2tpns init.d script (attachment #92448 [details])? I'm using racoon (from net-firewall/ipsec-tools), so need "after racoon".
How's progress on this one... I need to get this working? What can I do to get the ebuild into portage?
aross was retired (#139633), reassigning remaining bugs.
Is there still any interest in adding l2tpns to Gentoo? Upstream is still very much alive (the latest release, 2.2.1.2fdn3.19, is just over a month old), on the other hand we've already got ebuilds for several other still-actively-developed L2TP servers. Should there still be user interest, I'll be happy to assist efforts in getting things ready. Otherwise, we'll close this bug as WONTFIX in 30 days (but feel free to reopen it if need be).
