Commit Graph

46 Commits

Author SHA1 Message Date
zimbatm
71e6dfdaea strongswan: set the right dir for TLS CA cert
This fixes an issue where the strongswan NM client is not able to
connect to a VPN. By default it tries to load the trust CA from
/usr/share/ca-certificates which doesn't exist in NixOS and most modern
distros.

See debian-related issue:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835095
2018-09-07 12:44:22 +01:00
John Ericson
2c2f1e37d4 reewide: Purge all uses stdenv.system and top-level system
It is deprecated and will be removed after 18.09.
2018-08-30 17:20:32 -04:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00
R. RyanTM
30c3a7f5c6 strongswan: 5.6.2 -> 5.6.3 (#41237)
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/strongswan/versions.

These checks were done:

- built on NixOS
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/pki passed the binary check.
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/charon-cmd passed the binary check.
- Warning: no invocation of /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/charon-systemd had a zero exit code or showed the expected version
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/ipsec passed the binary check.
- /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3/bin/swanctl passed the binary check.
- 4 of 5 passed binary check by having a zero exit code.
- 1 of 5 passed binary check by having the new version present in output.
- found 5.6.3 with grep in /nix/store/9qicaqwg2cvmahh3hqwig5bcqpd41k9a-strongswan-5.6.3
- directory tree listing: https://gist.github.com/258736889db4e822d054b65e7035147b
- du listing: https://gist.github.com/478dbb4f44b4ed18b112076b17451a4e
2018-05-30 23:44:54 +02:00
Benjamin Staffin
1022dc54ba
strongswan: include curl plugin by default (#39506)
This is necessary for OCSP and/or remote CRL verification of server
certificates to work, which is a fairly common thing to need.
2018-04-30 13:28:46 -04:00
Jörg Thalheim
9936ed4920
Merge pull request #31019 from teto/strongswan_rebased
[RFC/RDY] make l2tp work with Strongswan
2018-03-03 15:56:05 +00:00
Ryan Mulligan
2ccc261349 strongswan: 5.6.1 -> 5.6.2
Semi-automatic update. These checks were performed:

- built on NixOS
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/pki -h` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/pki --help` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/pki -h` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/pki --help` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/charon-cmd --help` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/charon-cmd --version` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/charon-cmd --help` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/ipsec --help` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/ipsec --version` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/ipsec version` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/swanctl -h` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/swanctl --help` got 0 exit code
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/swanctl -h` and found version 5.6.2
- ran `/nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2/bin/swanctl --help` and found version 5.6.2
- found 5.6.2 with grep in /nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2
- found 5.6.2 in filename of file in /nix/store/jd04xpik9zwmy39nh0axfss0m4hmw8yv-strongswan-5.6.2
2018-02-28 07:09:28 +00:00
Matthieu Coudron
fe4f4de1c9 strongswan module: make it work with ipsec l2tp
l2tp saves its secrets into /etc/ipsec.d but strongswan would not read
them. l2tp checks for /etc/ipsec.secrets includes /etc/ipsec.d and if
not tries to write into it.

Solution:
Have the strongswan module create /etc/ipsec.d and /etc/ipsec.secrets
when networkmanager_l2tp is installed.
Include /etc/ipsec.secrets in
/nix/store/hash-strongswan/etc/ipsec.secrets so that it can find l2tp
secrets.

Also when the ppp 'nopeerdns' option is used, the DNS resolver tries to
write into an alternate file /etc/ppp/resolv.conf. This fails when
/etc/ppp does not exist so the module creates it by default.
2018-02-07 13:21:49 +09:00
Bas van Dijk
460a4b0832 networkmanager_strongswan: fix package
Added the boolean option:

  networking.networkmanager.enableStrongSwan

which enables the networkmanager_strongswan plugin and adds
strongswanNM to the dbus packages.

This was contributed by @wucke13, @eqyiel and @globin.

Fixes: #29873
2017-11-30 23:03:32 +01:00
Bas van Dijk
702c5eaaa3 strongswan: 5.6.0 -> 5.6.1
Release notes: https://wiki.strongswan.org/versions/67
2017-11-27 17:36:09 +01:00
Vladimír Čunát
0f8c85d5d0
strongswan: fixup includes with glibc-2.26 2017-11-07 16:40:12 +01:00
Erick Gonzalez
ad5b75dd71 strongSwan: Enable EAP Radius plugin for remote authentication of dial in ipsec clients 2017-10-22 15:35:06 +02:00
Drew Hess
b59013249e strongswan: enable openssl plugin (#30494)
The NIST elliptic curve groups (ecp192 etc.) are only available if the
OpenSSL plugin is enabled, and these groups are currently the only EC
groups supported on iOS and macOS devices.
2017-10-17 09:10:42 +01:00
Bas van Dijk
70aa1e3657 strongswan: 5.5.3 -> 5.6.0
See: https://wiki.strongswan.org/versions/66

fixes #28485
2017-08-25 22:10:36 +01:00
Jörg Thalheim
ad7439fbd1 strongswan: add patch for CVE-2017-11185 2017-08-25 22:02:25 +01:00
Franz Pletz
ab9239f4f9
strongswan build chapoly module 2017-07-20 04:20:06 +02:00
Franz Pletz
d59dc71148
strongswan: build xauth-pam module 2017-07-20 04:20:06 +02:00
Bas van Dijk
e367d69fcc strongswan: 5.5.2 -> 5.5.3 2017-06-02 13:53:45 +02:00
Bas van Dijk
bd948391e6 strongswan: 5.5.1 -> 5.5.2 2017-04-06 15:57:50 +02:00
Bas van Dijk
f0338024b9 strongswan: enable charon-systemd (#21872)
See: https://wiki.strongswan.org/projects/strongswan/wiki/Charon-systemd
2017-01-14 20:41:51 +01:00
Falco Peijnenburg
9c61571f1a Strongswan: enable rdrand and aes-ni only on X86
Strongswan fails to compile on armv7l-linux with `--enable-aesni` and  `--enable-rdrand` enabled. Errors are thrown about impossible constraints in asm (`--enable-rdrand`) or about gcc getting unknown command line parameters about aes (`--enable-aesni`). The options only makes sense on X86_64 processors.

The rdrand plugin is designed for Ivy Bridge processors:

> High quality / high performance random source using the Intel rdrand instruction found on Ivy Bridge processors

The aes-ni plugin also only exists on X86 processors (which have the AES instruction set)

Tested with a local override. The change triggers a (successful) rebuild on my X86_64 system. On armv7-linux this change fixes build errors.

See: 
https://wiki.strongswan.org/issues/337
2016-12-31 14:26:17 +01:00
zimbatm
c38b4da994 strongswan: 5.5.0 -> 5.5.1 2016-12-24 15:57:56 +00:00
Alexander Ried
f4c89ba854 strongswan: 5.4.0 -> 5.5.0 2016-09-05 23:15:45 +02:00
Tobias Geerinckx-Rice
81af789e7b
strongswan: 5.3.2 -> 5.4.0 2016-05-24 15:00:49 +02:00
Thomas Strobel
a9dab9df61 strongswan: enable more plugins 2015-09-06 21:12:08 +02:00
Thomas Strobel
9011f117f2 strongswan: fix resolvconf plugin 2015-08-05 12:12:59 +02:00
Thomas Strobel
69397d9f94 strongswan: enable more plugins 2015-08-04 19:21:47 +02:00
Thomas Strobel
6f727a8a83 strongswan: add TNC build option 2015-08-03 17:07:12 +02:00
Shea Levy
145768bf9b Unmaintain a bunch of packages 2015-07-01 08:11:05 -04:00
Pascal Wittmann
4e0fb6578a strongswan: update from 5.2.1 to 5.3.2, fixes CVE-2015-4171 2015-06-14 21:44:18 +02:00
Igor Pashev
17d8029150 Strongswan: preserve PATH 2014-12-22 20:20:58 +00:00
Igor Pashev
9bbe674927 Strongswan: use full path to ipsec
This fixes issue:

... charon[6135]: 11[CHD] updown: /bin/sh: ipsec: command not found
2014-12-22 20:20:15 +00:00
Domen Kožar
f45b6fb078 fix tarball job 2014-11-26 21:04:59 +01:00
Igor Pashev
4f9111e91f strongSwan needs python for building (Closes #4940) 2014-11-25 15:29:05 +01:00
Shea Levy
140e1de0ec strongswan: dont patchelf
fixes #5045 ('fixes')
2014-11-24 20:50:26 -05:00
Shea Levy
4fe383de48 strongswan: bump 2014-11-14 15:22:22 -05:00
Eelco Dolstra
f33fa1b66b Merge remote-tracking branch 'origin/master' into staging
Conflicts:
	pkgs/development/libraries/boost/generic.nix
2014-11-11 23:48:08 +01:00
Vladimír Čunát
adb831e8bc strongswan: -lgcc_s, fixes #4925
CC maint. @shlevy.
2014-11-11 07:42:00 +01:00
Eelco Dolstra
7495c61d49 Merge remote-tracking branch 'origin/darwin-clang-stdenv' into staging
Conflicts:
	pkgs/applications/editors/vim/macvim.nix
2014-11-04 14:30:43 +01:00
Siarhei Zirukin
8799219f1e strongswan: enable charon-cmd 2014-10-14 10:02:02 +02:00
Eelco Dolstra
79d0d7b437 Unify gcc-wrapper and clang-wrapper 2014-10-11 22:26:39 +02:00
Shea Levy
961d444762 Remove hard-coded /etc from strongswan 2014-09-30 21:28:04 -04:00
Shea Levy
e4cf05a3a0 strongswan: Properly handle sysconfdir, build swanctl 2014-09-19 15:12:20 -04:00
Shea Levy
e0cd3ac03c strongswan: Fix some hard-coding 2014-09-19 01:09:00 -04:00
Shea Levy
a70ecf4797 strongswan: build with clang
Fixes https://lists.strongswan.org/pipermail/users/2014-September/006597.html
2014-09-17 22:08:18 -04:00
Shea Levy
d8f80630f7 Add strongswan IPsec manager 2014-09-16 14:10:37 -04:00