Support the [send_certreq] connection configuration option to disable
offering trusted root CA certificates and reduce the size of the initial
IKE packets.
This work is based on a patch by @aleks-mariusz in
https://forum.openwrt.org/t/confusion-regarding-setting-up-ikev2-vpn-service-with-strongswan-using-ipsec-and-swanctl/169587/9
[send_certreq]: https://docs.strongswan.org/docs/latest/swanctl/swanctlConf.html#_connections
Signed-off-by: Kevin Locke <[email protected]>
PKG_NAME:=strongswan
PKG_VERSION:=5.9.14
-PKG_RELEASE:=8
+PKG_RELEASE:=9
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
local rekeytime
local overtime
local send_cert
+ local send_certreq
local remote_ca_certs
local pools
local eap_id
config_get rekeytime "$conf" rekeytime
config_get overtime "$conf" overtime
config_get send_cert "$conf" send_cert
+ config_get_bool send_certreq "$conf" send_certreq 1
config_get eap_id "$conf" eap_id "%any"
config_list_foreach "$conf" local_sourceip append_var local_sourceip ","
esac
[ -n "$send_cert" ] && swanctl_xappend2 "send_cert = $send_cert"
+ [ $send_certreq -eq 1 ] && swanctl_xappend2 "send_certreq = yes" || swanctl_xappend2 "send_certreq = no"
[ $mobike -eq 1 ] && swanctl_xappend2 "mobike = yes" || swanctl_xappend2 "mobike = no"
projects / feed / packages.git / commitdiff