158725 – net-misc/strongswan - adding use-flag to enable USE_NAT_TRAVERSAL_TRANSPORT_MODE

Bug 158725 - net-misc/strongswan - adding use-flag to enable USE_NAT_TRAVERSAL_TRANSPORT_MODE

Summary: net-misc/strongswan - adding use-flag to enable USE_NAT_TRAVERSAL_TRANSPORT_MODE

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High enhancement (vote)
Assignee:	Lars Weiler (RETIRED)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-12-21 05:55 UTC by Christian Euler
Modified:	2007-02-28 18:51 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Euler 2006-12-21 05:55:53 UTC

I'm using strongswan (currently 2.8.0) to connect to my office via VPN. The VPN setup at our company requires USE_NAT_TRAVERSAL_TRANSPORT_MODE to be enabled in the Makefile.inc (which is disabled by default for security reasons). Therefore, I created a small patch to the 2.8.0 ebuild, which adds a new use-flag "nat-transport". I think this might be useful for others too, so please consider adding it to the official ebuild.

Here's the patch (diff -Naur):

--- /home/chr/strongswan-2.8.0.ebuild   2006-12-21 14:34:36.428028613 +0100
+++ strongswan-2.8.0.ebuild     2006-12-21 14:06:44.811682137 +0100
@@ -11,7 +11,7 @@
 LICENSE="GPL-2 RSA-MD2 RSA-MD5 RSA-PKCS11 DES"
 SLOT="0"
 KEYWORDS="~amd64 ~ppc ~sparc ~x86"
-IUSE="curl ldap smartcard"
+IUSE="curl ldap smartcardi nat-transport"

 COMMON_DEPEND="!net-misc/openswan
        dev-libs/gmp"
@@ -67,6 +67,12 @@
                eend $?
        fi

+       if use nat-transport ; then
+               ebegin "Enabling NAT-Traversal on Transport mode"
+               sed -i -e 's:\(USE_NAT_TRAVERSAL_TRANSPORT_MODE?=\)false:\1true:g' Makefile.inc || die
+               eend $?
+       fi
+
        if  use smartcard ; then
                ebegin "Smartcard support requested. Enabling opensc support"
                sed -i -e 's:\(USE_SMARTCARD?=\)false:\1true:g' Makefile.inc || die

Comment 1 Lars Weiler (RETIRED) gentoo-dev

2007-01-20 00:22:18 UTC

I added it to net-misc/strongswan-2.8.1.  Please test.

Comment 2 Christian Euler 2007-01-21 14:58:04 UTC

The 2.8.1 ebuild fails on my box, looks like -ldl is missing somewhere. When adding -ldl to programs/pluto/Makefile line 133 and manually running make, everything seems to run fine.

Btw, -ldl is added to $LIBSPLUTO when USE_SMARTCARD is set to true. This is kinda odd ;)

Here's the build output:

cc -o pluto  kernel_alg.o ike_alg.o alg_info.o db_ops.o asn1.o connections.o constants.o cookie.o crypto.o defs.o fetch.o foodgroups.o log.o state.o plutomain.o server.o timer.o oid.o pem.o pgp.o pkcs1.o pkcs7.o x509.o ca.o certs.o id.o ipsec_doi.o kernel.o kernel_netlink.o kernel_pfkey.o mp_defs.o kernel_noklips.o rcv_whack.o  demux.o packet.o lex.o keys.o dnskey.o smartcard.o ac.o rnd.o spdb.o sha1.o md5.o md2.o modecfg.o ocsp.o crl.o vendor.o nat_traversal.o virtual.o xauth.o alg/libalg.o   ../../lib/libdes/libdes.a ../../lib/libfreeswan/libfreeswan.a  -lgmp -lresolv
xauth.o: In function `xauth_finalize':
/var/tmp/portage/strongswan-2.8.1/work/strongswan-2.8.1/programs/pluto/xauth.c:66: undefined reference to `dlclose'
collect2: ld gab 1 als Ende-Status zurÃ¼ck
make[2]: *** [pluto] Fehler 1
make[2]: Leaving directory `/var/tmp/portage/strongswan-2.8.1/work/strongswan-2.8.1/programs/pluto'
make[1]: *** [programs] Fehler 1
make[1]: Leaving directory `/var/tmp/portage/strongswan-2.8.1/work/strongswan-2.8.1/programs'
make: *** [programs] Fehler 1

Comment 3 Lars Weiler (RETIRED) gentoo-dev

2007-02-28 18:51:39 UTC

(In reply to comment #2)
> The 2.8.1 ebuild fails on my box, looks like -ldl is missing somewhere. When
> adding -ldl to programs/pluto/Makefile line 133 and manually running make,
> everything seems to run fine.

I can not verify this problem.