Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
N
NetworkManager-l2tp
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
CeRiAl
NetworkManager-l2tp
Commits
814d7aae
Commit
814d7aae
authored
Apr 12, 2015
by
CeRiAl
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Apply and remove nm-l2tp-parameters-948197.patch
parent
fa223bd4
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
0 additions
and
50 deletions
+0
-50
nm-l2tp-parameters-948197.patch
patches/nm-l2tp-parameters-948197.patch
+0
-49
nm-l2tp-service.c
src/nm-l2tp-service.c
+0
-1
No files found.
patches/nm-l2tp-parameters-948197.patch
deleted
100644 → 0
View file @
fa223bd4
The IPsec parameters set up by nm-l2tp-service contain several
obsolete and redundant entries. More importantly, they omit the
rightprotoport option; without the port number, the remote server
won't realize that the connection is intended to carry an L2TP tunnel
and (in the case of my server, at least) won't accept the connection.
The nat_traversal and force_keepalive options are obsolete. The esp
and ike options are unnecessary since the daemon's defaults allow a
wider choice and are updated now and then to remove encryption and
authentication algorithms that are no longer secure. This patch
removes all four, and it adds the rightprotoport and leftprotoport
(for symmetry, though it's not really necessary) options.
src/nm-l2tp-service.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
Index: NetworkManager-l2tp-0.9.8.7/src/nm-l2tp-service.c
===================================================================
--- NetworkManager-l2tp-0.9.8.7.orig/src/nm-l2tp-service.c
+++ NetworkManager-l2tp-0.9.8.7/src/nm-l2tp-service.c
@@ -1153,8 +1153,6 @@ nm_l2tp_config_write (NML2tpPlugin *plug
}
write_config_option (ipsec_fd, "version 2.0\n"
"config setup\n"
-" nat_traversal=yes\n"
-" force_keepalive=yes\n"
" protostack=netkey\n"
" keep_alive=60\n"
"\n");
@@ -1167,16 +1165,17 @@ nm_l2tp_config_write (NML2tpPlugin *plug
" authby=secret\n"
" keyingtries=0\n"
" left=%%defaultroute\n");
+ write_config_option (ipsec_fd, " leftprotoport=17/0\n");
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GROUP_NAME);
if(value)write_config_option (ipsec_fd, " leftid=@%s\n", value);
/* value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_GATEWAY); */
+
write_config_option (ipsec_fd, " right=%s\n", priv->saddr);
+ write_config_option (ipsec_fd, " rightprotoport=17/1701\n");
value = nm_setting_vpn_get_data_item (s_vpn, NM_L2TP_KEY_IPSEC_GATEWAY_ID);
if(value)write_config_option (ipsec_fd, " rightid=@%s\n", value);
write_config_option (ipsec_fd,
-" esp=3des-sha1\n"
" keyexchange=ike\n"
-" ike=3des-sha1-modp1024\n"
" aggrmode=no\n"
" forceencaps=yes\n");
src/nm-l2tp-service.c
View file @
814d7aae
...
@@ -1149,7 +1149,6 @@ nm_l2tp_config_write (NML2tpPlugin *plugin,
...
@@ -1149,7 +1149,6 @@ nm_l2tp_config_write (NML2tpPlugin *plugin,
write_config_option
(
ipsec_fd
,
"config setup
\n
"
write_config_option
(
ipsec_fd
,
"config setup
\n
"
" plutodebug=none
\n
"
" plutodebug=none
\n
"
" strictcrlpolicy=no
\n
"
" strictcrlpolicy=no
\n
"
" nat_traversal=yes
\n
"
" interfaces=%%defaultroute
\n
"
" interfaces=%%defaultroute
\n
"
" oe=off
\n
"
" oe=off
\n
"
" protostack=netkey
\n\n
"
);
" protostack=netkey
\n\n
"
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
