From ee103add8a9dc2a4ba2d7579a05fb55f01e38010 Mon Sep 17 00:00:00 2001 From: Alex Denes Date: Sun, 15 Aug 2021 21:45:17 +0000 Subject: [PATCH] GO TO THE GRAVE LIBRESWAN, YOU'RE SHIT SOFTWARE --- config/libreswan/APKBUILD | 6 +++--- config/libreswan/ipsec.conf | 1 + config/libreswan/oe-local.conf | 8 ++++---- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/config/libreswan/APKBUILD b/config/libreswan/APKBUILD index a9d902f..499e8c2 100644 --- a/config/libreswan/APKBUILD +++ b/config/libreswan/APKBUILD @@ -3,7 +3,7 @@ . ../APKBUILD-config.template -pkgver=2021.08.15.07 +pkgver=2021.08.15.20 pkgrel=0 source=" ipsec.conf @@ -20,7 +20,7 @@ package() { } sha512sums=" -564da558940148a118dfcb3a1aa28abdebad53a6bb96e3c4f9c27e1370ad7e9c0e9f9e80866aa930bc858198c70f437231fe006c8418e651519a835305a77b2d ipsec.conf -64e11bfcfbbec0713a3996d59e6cf1bca4d88518284ba1fc98623249fab428b17fa33521dc11071bd59be190637463dea5769a6f6433bc748cba39bed3184c2c oe-local.conf +e7f704fc9bb1edb0deef86dda50e1bcc186c3ba06aca488822fa2c3672f6910d7426d686ceb30f0a44981e1edcfd968c0f68bd764a65aeb47595635317781c68 ipsec.conf +3f719abccfb5c3719e22ad711b119e94121ff25da10c982d59f8f78ffe4ffbacd5cd3633b7c4595f593ec3b896df031d3eff47e5d59a25786a5906bb1a1f5cd8 oe-local.conf fdafb14889aa7b149f419f7bafd30fe3da0a780a385741143ddbd3456a1365bde63d67c6b0dccfc1e44405862443c65c0077d89bfd69a1619e2d1008a72f3501 rxpriv.policy " diff --git a/config/libreswan/ipsec.conf b/config/libreswan/ipsec.conf index 315dbc6..2742b2e 100644 --- a/config/libreswan/ipsec.conf +++ b/config/libreswan/ipsec.conf @@ -6,5 +6,6 @@ config setup nssdir=/run/pluto/nss dumpdir=/run/pluto secretsfile=/etc/redxen/libreswan/ipsec.secrets + shuntlifetime=10s include /etc/redxen/libreswan/ipsec.d/*.conf diff --git a/config/libreswan/oe-local.conf b/config/libreswan/oe-local.conf index 2c6c5c3..bdadbb6 100644 --- a/config/libreswan/oe-local.conf +++ b/config/libreswan/oe-local.conf @@ -1,13 +1,13 @@ conn rxpriv type=tunnel - authby=null + authby=secret negotiationshunt=hold - failureshunt=drop + failureshunt=passthrough + keyingtries=1 ikev2=insist + narrowing=yes auto=route - leftid=%null # Send packets from eth1 local IP left=%eth1 - rightid=%null # Send and receive packets from hosts in the policies dir right=%opportunisticgroup