Apply and remove nm-l2tp-parameters-948197.patch

814d7aae · CeRiAl · fa223bd4 · fa223bd4 · 814d7aae
Commit 814d7aae authored Apr 12, 2015 by CeRiAl
Show whitespace changes
Inline Side-by-side

Showing with 0 additions and 50 deletions

nm-l2tp-parameters-948197.patch patches/nm-l2tp-parameters-948197.patch +0 -49

nm-l2tp-service.c src/nm-l2tp-service.c +0 -1

No files found.
--- a/patches/nm-l2tp-parameters-948197.patch
+++ b/patches/nm-l2tp-parameters-948197.patch
-The IPsec parameters set up by nm-l2tp-service contain several
-obsolete and redundant entries.  More importantly, they omit the
-rightprotoport option; without the port number, the remote server
-won't realize that the connection is intended to carry an L2TP tunnel
-and (in the case of my server, at least) won't accept the connection.
-
-The nat_traversal and force_keepalive options are obsolete.  The esp
-and ike options are unnecessary since the daemon's defaults allow a
-wider choice and are updated now and then to remove encryption and
-authentication algorithms that are no longer secure.  This patch
-removes all four, and it adds the rightprotoport and leftprotoport
-(for symmetry, though it's not really necessary) options.
-
- src/nm-l2tp-service.c |    7 +++----
- 1 file changed, 3 insertions(+), 4 deletions(-)
-
-Index: NetworkManager-l2tp-0.9.8.7/src/nm-l2tp-service.c
-===================================================================
--- NetworkManager-l2tp-0.9.8.7.orig/src/nm-l2tp-service.c
-+++ NetworkManager-l2tp-0.9.8.7/src/nm-l2tp-service.c
-@@ -1153,8 +1153,6 @@ nm_l2tp_config_write (NML2tpPlugin *plug
- 	}
- 	write_config_option (ipsec_fd, "version 2.0\n"
- "config setup\n"
-"  nat_traversal=yes\n"
-"  force_keepalive=yes\n"
- "  protostack=netkey\n"
- "  keep_alive=60\n"
- "\n");
-@@ -1167,16 +1165,17 @@ nm_l2tp_config_write (NML2tpPlugin *plug
- "  authby=secret\n"
- "  keyingtries=0\n"
- "  left=%%defaultroute\n");
-+	write_config_option (ipsec_fd, "  leftprotoport=17/0\n");
- 	value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GROUP_NAME);
- 	if(value)write_config_option (ipsec_fd, "  leftid=@%s\n", value);
- 	/* value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_GATEWAY); */
-+
- 	write_config_option (ipsec_fd, "  right=%s\n", priv->saddr);
-+	write_config_option (ipsec_fd, "  rightprotoport=17/1701\n");
- 	value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GATEWAY_ID);
- 	if(value)write_config_option (ipsec_fd, "  rightid=@%s\n", value);
- 	write_config_option (ipsec_fd,
-"  esp=3des-sha1\n"
- "  keyexchange=ike\n"
-"  ike=3des-sha1-modp1024\n"
- "  aggrmode=no\n"
- "  forceencaps=yes\n");
- 
--- a/src/nm-l2tp-service.c
+++ b/src/nm-l2tp-service.c
@@ -1149,7 +1149,6 @@ nm_l2tp_config_write (NML2tpPlugin *plugin,
 	write_config_option (ipsec_fd, "config setup\n"
 		"  plutodebug=none\n"
 		"  strictcrlpolicy=no\n"
-		"  nat_traversal=yes\n"
 		"  interfaces=%%defaultroute\n"
 		"  oe=off\n"
 		"  protostack=netkey\n\n");