aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authormarcel <marcel@FreeBSD.org>2016-11-11 00:14:03 +0800
committermarcel <marcel@FreeBSD.org>2016-11-11 00:14:03 +0800
commit6b99b0fbe1759a16bae4f1af8e65d6d000d31925 (patch)
treee5a0bbf955550578ed7625736171367ba1b156f5 /security
parentebecb69fb7e1546c70ca82eb379c22fb1d9bad3c (diff)
downloadfreebsd-ports-graphics-6b99b0fbe1759a16bae4f1af8e65d6d000d31925.tar.gz
freebsd-ports-graphics-6b99b0fbe1759a16bae4f1af8e65d6d000d31925.tar.zst
freebsd-ports-graphics-6b99b0fbe1759a16bae4f1af8e65d6d000d31925.zip
Add OpenIKED, version 1.0
This is OpenBSD's OpenIKED with fixes and improvements and additional features. Original author: Reyk Floeter <reyk@openbsd.org> Author: Marcel Moolenaar <marcel@brkt.com> Reviewed by: mat@ Approved by: mat@ Obtained from: https://github.com/xcllnt/openiked Sponsored by: Bracket Computing, Inc. Differential Revision: https://reviews.freebsd.org/D8417
Diffstat (limited to 'security')
-rw-r--r--security/Makefile1
-rw-r--r--security/openiked/Makefile32
-rw-r--r--security/openiked/distinfo3
-rw-r--r--security/openiked/files/iked.in70
-rw-r--r--security/openiked/pkg-descr9
-rw-r--r--security/openiked/pkg-plist15
6 files changed, 130 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index 07e62cd2ff6..fcec5417fc8 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -417,6 +417,7 @@
SUBDIR += openconnect
SUBDIR += opencryptoki
SUBDIR += openct
+ SUBDIR += openiked
SUBDIR += opensaml2
SUBDIR += opensc
SUBDIR += openscep
diff --git a/security/openiked/Makefile b/security/openiked/Makefile
new file mode 100644
index 00000000000..3bfdb5e864f
--- /dev/null
+++ b/security/openiked/Makefile
@@ -0,0 +1,32 @@
+# $FreeBSD$
+
+PORTNAME= openiked
+PORTVERSION= 1.0
+CATEGORIES= security net ipv6
+
+MAINTAINER= marcel@FreeBSD.org
+COMMENT= IKEv2 daemon
+
+LICENSE= ISCL
+
+LIB_DEPENDS= libevent.so:devel/libevent2
+
+USE_GITHUB= yes
+GH_ACCOUNT= xcllnt
+
+USE_RC_SUBR= iked
+USERS= _iked
+GROUPS= _iked
+
+USES= autoreconf libtool ssl
+GNU_CONFIGURE= yes
+INSTALL_TARGET= install-strip
+CONFIGURE_ARGS= --with-libevent-dir=${PREFIX}
+
+post-install:
+ ${MV} ${STAGEDIR}/etc/ssl/ikeca.cnf \
+ ${STAGEDIR}${PREFIX}/etc/ikeca.cnf.sample
+ ${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \
+ ${STAGEDIR}${PREFIX}/etc/iked.conf.sample
+
+.include <bsd.port.mk>
diff --git a/security/openiked/distinfo b/security/openiked/distinfo
new file mode 100644
index 00000000000..6b902454ca5
--- /dev/null
+++ b/security/openiked/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1477960722
+SHA256 (xcllnt-openiked-1.0_GH0.tar.gz) = 675835edb34ebbfa096eb5e16014ec3a3ba25a3b9468ca7fa063ebaf81e3cb02
+SIZE (xcllnt-openiked-1.0_GH0.tar.gz) = 224063
diff --git a/security/openiked/files/iked.in b/security/openiked/files/iked.in
new file mode 100644
index 00000000000..3cf2e5efe1c
--- /dev/null
+++ b/security/openiked/files/iked.in
@@ -0,0 +1,70 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: iked
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add these lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# iked_enable (bool): Set to NO by default.
+# Set it to YES to enable iked.
+# iked_ramdisk (bool): Set to NO by default. See below.
+#
+# When iked_ramdisk is set to YES, the rc.d script will make sure
+# all directories exist, but will not generate a key pair if none
+# exists. The daemon is not started when the key pair no config
+# files are missing. It is assumed the ramdisk is not populated
+# completely. When iked_ramdisk is NO, key pairs are created as
+# needed and thr daemon is started unconditionally.
+
+. /etc/rc.subr
+
+name=iked
+desc="IKEv2 daemon"
+rcvar=iked_enable
+
+load_rc_config $name
+
+: ${iked_enable:=NO}
+: ${iked_ramdisk=NO}
+
+command=%%PREFIX%%/sbin/iked
+start_precmd=iked_precmd
+
+iked_config=%%PREFIX%%/etc/iked.conf
+iked_rootdir=%%PREFIX%%/etc/iked
+iked_privkey=${iked_rootdir}/private/local.key
+iked_pubkey=${iked_rootdir}/local.pub
+
+iked_precmd()
+{
+
+ if checkyesno iked_ramdisk; then
+ # Make sure we have our directory hierarchy.
+ for D in ca certs crls export private pubkeys \
+ pubkeys/fqdn pubkeys/ipv4 pubkeys/ipv6 pubkeys/ufqdn; do
+ mkdir -p %%PREFIX%%/etc/iked/$D
+ done
+ chmod 700 %%PREFIX%%/etc/iked/private
+ else
+ # Create a key pair if not already present.
+ if test ! -f $iked_privkey; then
+ /usr/bin/openssl genrsa -out $iked_privkey 2048
+ /bin/chmod 600 $iked_privkey
+ /usr/bin/openssl rsa -out $iked_pubkey \
+ -in $iked_privkey -pubout
+ fi
+ fi
+
+ # We must have a private key and a configuration file.
+ # Don't start iked when those are missing.
+ if test ! \( -f $iked_privkey -a -f $iked_config \); then
+ # Be quiet about it; it must be intentional.
+ exit 1
+ fi
+}
+
+run_rc_command "$1"
diff --git a/security/openiked/pkg-descr b/security/openiked/pkg-descr
new file mode 100644
index 00000000000..f924268459b
--- /dev/null
+++ b/security/openiked/pkg-descr
@@ -0,0 +1,9 @@
+OpenIKED is a lean Internet Key Exchange (IKEv2) daemon which performs
+mutual authentication and which establishes and maintains IPsec VPN
+flows and security associations (SAs) between the two peers.
+
+This version of OpenIKED is derived from OpenIKED's iked, but changed
+to support transport mode IPSec and lazy creation of associations,
+among many other improvements.
+
+WWW: https://github.com/xcllnt/openiked
diff --git a/security/openiked/pkg-plist b/security/openiked/pkg-plist
new file mode 100644
index 00000000000..42f2b0a0ba3
--- /dev/null
+++ b/security/openiked/pkg-plist
@@ -0,0 +1,15 @@
+@sample etc/ikeca.cnf.sample
+@sample etc/iked.conf.sample
+man/man5/iked.conf.5.gz
+man/man8/ikectl.8.gz
+man/man8/iked.8.gz
+sbin/ikectl
+sbin/iked
+@dir etc/iked/ca
+@dir etc/iked/certs
+@dir etc/iked/crls
+@dir(,,700) etc/iked/private
+@dir etc/iked/pubkeys/fqdn
+@dir etc/iked/pubkeys/ipv4
+@dir etc/iked/pubkeys/ipv6
+@dir etc/iked/pubkeys/ufqdn