strongSwan 5.0.1 on Ubuntu 12.04 and 12.10
Could we get any older versions included in distros? kthanksbye
# Get Stronswan rebuild deps apt-get update apt-get -y install devscripts apt-get -y build-dep strongswan # Create build environment adduser bobbuilder --shell /bin/bash \ --disabled-password --gecos bobbuilder # Switch to non-priviledged user for build sudo su - bobbuilder # Download Strongswan 5.0.1 sources mkdir -p ~/build/ss5 cd ~/build/ss5 apt-get source strongswan wget http://download.strongswan.org/strongswan-5.0.1.tar.bz2 # Apply Ubuntu changes from 4.5.2 over 5.0.1 cd strongswan-4.5.2 uupdate ../strongswan-5.0.1.tar.bz2 -v 5.0.1 # Some fixes needed due differences between versions # Also enables kernel crypto algos and blowfish # and tries to fix missing medsrv plugin. cd ../strongswan-5.0.1 sed -i.bak debian/patches/series \ -e 's/^0001/#0001/g' \ -e 's/^0002/#0002/g' \ -e 's/^glib-include/#glib-include/g' sed -i.bak debian/rules \ -e 's/enable-led/enable-led --enable-af-alg --enable-blowfish /g' \ -e 's|\$(CFLAGS)|\$(CFLAGS) -include \$(CURDIR)/config.h|g' \ -e 's|-Xmedsrv||g' # IKEv1 "Pluto" is no longer present in 5.0 sed -i.bak debian/strongswan/DEBIAN/control \ -e 's|strongswan-ikev1, ||g' sed -i.bak debian/control \ -e 's|, strongswan-ikev1||g' \ -e '/Package: strongswan-ikev1/,/IKEv2 daemon./d' # Neither CREDITS file sed -i.bak debian/strongswan.docs \ -e '/CREDITS/d' # Libs have moved to new location sed -i.bak debian/libstrongswan.install \ -e 's|usr/lib/lib|usr/lib/ipsec/lib|g' \ -e 's|usr/lib/$|usr/lib/ipsec/|g' sed -i.bak debian/strongswan-ikev2.install \ -e 's|usr/lib/lib|usr/lib/ipsec/lib|g' \ -e 's|usr/lib/$|usr/lib/ipsec/|g' # Xauth module has been renamed sed -i.bak debian/libstrongswan.install \ -e 's|libstrongswan-xauth.so|libstrongswan-xauth-generic.so|g' # Smells like networkmanager sed -i.bak2 debian/rules \ -e 's|plugins/libstrongswan-nm.so\*|charon-nm|g' \ -e 's|strongswan-nm/usr/lib/ipsec/plugins/|strongswan-nm/usr/lib/ipsec/|g' \ -e 's|-Xlibstrongswan-nm.so|-Xcharon-nm|g' # Include also modules not present earlier echo "usr/lib/ipsec/medsrv/* usr/lib/ipsec/medsrv/" \ >>debian/libstrongswan.install echo "usr/lib/ipsec/libtls.so* usr/lib/ipsec/" \ >>debian/libstrongswan.install echo "usr/lib/ipsec/libsimaka.so* usr/lib/ipsec/" \ >>debian/libstrongswan.install echo "usr/lib/ipsec/libradius.so* usr/lib/ipsec/" \ >>debian/libstrongswan.install echo "usr/lib/ipsec/libtnccs.so* usr/lib/ipsec/" \ >>debian/libstrongswan.install echo "usr/lib/ipsec/plugins/libstrongswan-af-alg.so* usr/lib/ipsec/plugins/" \ >>debian/libstrongswan.install echo "usr/lib/ipsec/plugins/libstrongswan-blowfish.so* usr/lib/ipsec/plugins/" \ >>debian/libstrongswan.install echo "usr/lib/ipsec/plugins/libstrongswan-cmac.so* usr/lib/ipsec/plugins/" \ >>debian/libstrongswan.install echo "usr/lib/ipsec/plugins/libstrongswan-pkcs8.so* usr/lib/ipsec/plugins/" \ >>debian/libstrongswan.install echo "usr/lib/ipsec/plugins/libstrongswan-nonce.so* usr/lib/ipsec/plugins/" \ >>debian/libstrongswan.install echo "usr/lib/ipsec/plugins/libstrongswan-tnc-tnccs.so* usr/lib/ipsec/plugins/" \ >>debian/libstrongswan.install # Make sure package name does not look like real Ubuntu package sed -i.bak debian/changelog \ -e's/(5.0.1-0ubuntu1)/(5.0.1-0hackhackbork0'$(lsb_release -cs)')/g' # And finally compile binary.. or at least try to. dpkg-buildpackage -j2 -b -us -uc -tc -nc # On 12.04 compile will barf after generating binaries doing # some sort of cleanup but we just ignore error and keep going on # Install new binaries (as root) # I'm quite sure at least network-manager integration is # broken so we won't even try installing it. cd ~bobbuilder/build/ss5 apt-get -y install ipsec-tools DEBIAN_FRONTEND=noninteractive dpkg -i \ strongswan_5.0.1-0hackhackbork0*.deb \ strongswan-ikev2_5.0.1-0hackhackbork0*.deb \ strongswan-starter_5.0.1-0hackhackbork0*.deb \ libstrongswan_5.0.1-0hackhackbork0*.deb # Block updates from repo echo "strongswan hold"|dpkg --set-selections echo "strongswan-ikev2 hold"|dpkg --set-selections echo "strongswan-starter hold"|dpkg --set-selections echo "libstrongswan hold"|dpkg --set-selections # Done... Might work or might not.
Thanks for this article, I was able to get 5.0.4 to compile on 12.04 server.
ReplyDeleteAt first, the directions wouldn't work with my stock-install. Adding "--enable-attr-sql" to CONFIGUREARGS in debian/rules allowed it to compile and create working .debs for me. Hope this helps someone else.