packages/xl2tpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init package

Browse Source
This commit is contained in:
loong_C 2022-08-09 18:27:41 +08:00
parent 25983ee4c1
commit 15022f3b4a
8 changed files with 659 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tmpfiles-xl2tpd.conf Normal file
View File

@ -0,0 +1 @@
D /run/xl2tpd 0644 root root -

31
xl2tpd-1.3.14-conf.patch Normal file
View File

@ -0,0 +1,31 @@
diff -Naur xl2tpd-1.3.14-orig/examples/ppp-options.xl2tpd xl2tpd-1.3.14/examples/ppp-options.xl2tpd
--- xl2tpd-1.3.14-orig/examples/ppp-options.xl2tpd 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/examples/ppp-options.xl2tpd 2019-09-24 20:47:35.056615746 -0400
@@ -1,9 +1,11 @@
ipcp-accept-local
ipcp-accept-remote
-ms-dns 192.168.1.1
-ms-dns 192.168.1.3
-ms-wins 192.168.1.2
-ms-wins 192.168.1.4
+ms-dns 8.8.8.8
+ms-dns 1.1.1.1
+# ms-dns 192.168.1.1
+# ms-dns 192.168.1.3
+# ms-wins 192.168.1.2
+# ms-wins 192.168.1.4
noccp
auth
crtscts
@@ -15,3 +17,11 @@
lock
proxyarp
connect-delay 5000
+# To allow authentication against a Windows domain EXAMPLE, and require the
+# user to be in a group "VPN Users". Requires the samba-winbind package
+# require-mschap-v2
+# plugin winbind.so
+# ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of="EXAMPLE\\VPN Users"'
+# You need to join the domain on the server, for example using samba:
+# http://rootmanager.com/ubuntu-ipsec-l2tp-windows-domain-auth/setting-up-openswan-xl2tpd-with-native-windows-clients-lucid.html
+

18
xl2tpd-1.3.14-kernelmode.patch Normal file
View File

@ -0,0 +1,18 @@
diff -Naur xl2tpd-1.3.14-orig/xl2tpd.c xl2tpd-1.3.14/xl2tpd.c
--- xl2tpd-1.3.14-orig/xl2tpd.c 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/xl2tpd.c 2019-09-24 21:48:49.234308626 -0400
@@ -277,14 +277,7 @@
* OK...pppd died, we can go ahead and close the pty for
* it
*/
-#ifdef USE_KERNEL
- if (!kernel_support) {
-
-#endif
close (c->fd);
-#ifdef USE_KERNEL
- }
-#endif
c->fd = -1;
/*
* terminate tunnel and call loops, returning to the

468
xl2tpd-1.3.14-md5-fips.patch Normal file
View File

@ -0,0 +1,468 @@
diff -Naur xl2tpd-1.3.14-orig/aaa.c xl2tpd-1.3.14/aaa.c
--- xl2tpd-1.3.14-orig/aaa.c 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/aaa.c 2019-09-24 20:51:39.478952494 -0400
@@ -21,6 +21,8 @@
#include <errno.h>
#include "l2tp.h"
+#include <openssl/md5.h>
+
extern void bufferDump (char *, int);
/* FIXME: Accounting? */
@@ -273,11 +275,11 @@
#endif
memset (chal->response, 0, MD_SIG_SIZE);
- MD5Init (&chal->md5);
- MD5Update (&chal->md5, &chal->ss, 1);
- MD5Update (&chal->md5, chal->secret, strlen ((char *)chal->secret));
- MD5Update (&chal->md5, chal->challenge, chal->chal_len);
- MD5Final (chal->response, &chal->md5);
+ MD5_Init (&chal->md5);
+ MD5_Update (&chal->md5, &chal->ss, 1);
+ MD5_Update (&chal->md5, chal->secret, strlen ((char *)chal->secret));
+ MD5_Update (&chal->md5, chal->challenge, chal->chal_len);
+ MD5_Final (chal->response, &chal->md5);
#ifdef DEBUG_AUTH
l2tp_log (LOG_DEBUG, "response is %X%X%X%X to '%s' and %X%X%X%X, %d\n",
*((int *) &chal->response[0]),
@@ -392,12 +394,12 @@
buf->len += length;
/* Back to the beginning of real data, including the original length AVP */
- MD5Init (&t->chal_them.md5);
- MD5Update (&t->chal_them.md5, (void *) &attr, 2);
- MD5Update (&t->chal_them.md5, t->chal_them.secret,
+ MD5_Init (&t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, (void *) &attr, 2);
+ MD5_Update (&t->chal_them.md5, t->chal_them.secret,
strlen ((char *)t->chal_them.secret));
- MD5Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE);
- MD5Final (digest, &t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, t->chal_them.vector, VECTOR_SIZE);
+ MD5_Final (digest, &t->chal_them.md5);
/* Though not a "MUST" in the spec, our subformat length is always a multiple of 16 */
ptr = ((unsigned char *) new_hdr) + sizeof (struct avp_hdr);
@@ -421,11 +423,11 @@
#endif
if (ptr < end)
{
- MD5Init (&t->chal_them.md5);
- MD5Update (&t->chal_them.md5, t->chal_them.secret,
+ MD5_Init (&t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, t->chal_them.secret,
strlen ((char *)t->chal_them.secret));
- MD5Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE);
- MD5Final (digest, &t->chal_them.md5);
+ MD5_Update (&t->chal_them.md5, previous_segment, MD_SIG_SIZE);
+ MD5_Final (digest, &t->chal_them.md5);
}
previous_segment = ptr;
}
@@ -458,12 +460,12 @@
that it will be padded to a 16 byte boundary, so we
have to be more careful than when encrypting */
attr = ntohs (old_hdr->attr);
- MD5Init (&t->chal_us.md5);
- MD5Update (&t->chal_us.md5, (void *) &attr, 2);
- MD5Update (&t->chal_us.md5, t->chal_us.secret,
+ MD5_Init (&t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, (void *) &attr, 2);
+ MD5_Update (&t->chal_us.md5, t->chal_us.secret,
strlen ((char *)t->chal_us.secret));
- MD5Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len);
- MD5Final (digest, &t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, t->chal_us.vector, t->chal_us.vector_len);
+ MD5_Final (digest, &t->chal_us.md5);
#ifdef DEBUG_HIDDEN
l2tp_log (LOG_DEBUG, "attribute is %d and challenge is: ", attr);
print_challenge (&t->chal_us);
@@ -474,11 +476,11 @@
{
if (cnt >= MD_SIG_SIZE)
{
- MD5Init (&t->chal_us.md5);
- MD5Update (&t->chal_us.md5, t->chal_us.secret,
+ MD5_Init (&t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, t->chal_us.secret,
strlen ((char *)t->chal_us.secret));
- MD5Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE);
- MD5Final (digest, &t->chal_us.md5);
+ MD5_Update (&t->chal_us.md5, saved_segment, MD_SIG_SIZE);
+ MD5_Final (digest, &t->chal_us.md5);
cnt = 0;
}
/* at the beginning of each segment, we save the current segment (16 octets or less) of cipher
diff -Naur xl2tpd-1.3.14-orig/aaa.h xl2tpd-1.3.14/aaa.h
--- xl2tpd-1.3.14-orig/aaa.h 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/aaa.h 2019-09-24 20:52:14.179531612 -0400
@@ -15,7 +15,7 @@
#ifndef _AAA_H
#define _AAA_H
-#include "md5.h"
+#include <openssl/md5.h>
#define ADDR_HASH_SIZE 256
#define MD_SIG_SIZE 16
@@ -34,7 +34,7 @@
struct challenge
{
- struct MD5Context md5;
+ MD5_CTX md5;
unsigned char ss; /* State we're sending in */
unsigned char secret[MAXSTRLEN]; /* The shared secret */
unsigned char *challenge; /* The original challenge */
diff -Naur xl2tpd-1.3.14-orig/Makefile xl2tpd-1.3.14/Makefile
--- xl2tpd-1.3.14-orig/Makefile 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/Makefile 2019-09-24 20:53:02.420020643 -0400
@@ -101,8 +101,8 @@
IPFLAGS?= -DIP_ALLOCATION
CFLAGS+= $(DFLAGS) -Os -Wall -Wextra -DSANITY $(OSFLAGS) $(IPFLAGS)
-HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h
-OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o
+HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h
+OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o
SRCS=${OBJS:.o=.c} ${HDRS}
CONTROL_SRCS=xl2tpd-control.c
#LIBS= $(OSLIBS) # -lefence # efence for malloc checking
@@ -121,7 +121,7 @@
rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC)
$(EXEC): $(OBJS) $(HDRS)
- $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
+ $(CC) $(LDFLAGS) -o $@ $(OBJS) -lcrypto $(LDLIBS)
$(CONTROL_EXEC): $(CONTROL_SRCS)
$(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@
diff -Naur xl2tpd-1.3.14-orig/md5.c xl2tpd-1.3.14/md5.c
--- xl2tpd-1.3.14-orig/md5.c 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/md5.c 1969-12-31 19:00:00.000000000 -0500
@@ -1,274 +0,0 @@
-#ifdef FREEBSD
-# include <machine/endian.h>
-#elif defined(OPENBSD) || defined(NETBSD)
-# define __BSD_VISIBLE 0
-# include <machine/endian.h>
-#elif defined(LINUX)
-# include <endian.h>
-#elif defined(SOLARIS)
-# include <sys/isa_defs.h>
-#endif
-#if __BYTE_ORDER == __BIG_ENDIAN
-#define HIGHFIRST 1
-#endif
-
-/*
- * This code implements the MD5 message-digest algorithm.
- * The algorithm is due to Ron Rivest. This code was
- * written by Colin Plumb in 1993, no copyright is claimed.
- * This code is in the public domain; do with it what you wish.
- *
- * Equivalent code is available from RSA Data Security, Inc.
- * This code has been tested against that, and is equivalent,
- * except that you don't need to include two pages of legalese
- * with every copy.
- *
- * To compute the message digest of a chunk of bytes, declare an
- * MD5Context structure, pass it to MD5Init, call MD5Update as
- * needed on buffers full of bytes, and then call MD5Final, which
- * will fill a supplied 16-byte array with the digest.
- */
-#include <string.h> /* for memcpy() */
-#include "md5.h"
-
-#ifndef HIGHFIRST
-#define byteReverse(buf, len) /* Nothing */
-#else
-void byteReverse (unsigned char *buf, unsigned longs);
-
-#ifndef ASM_MD5
-/*
- * Note: this code is harmless on little-endian machines.
- */
-void byteReverse (unsigned char *buf, unsigned longs)
-{
- uint32 t;
- do
- {
- t = (uint32) ((unsigned) buf[3] << 8 | buf[2]) << 16 |
- ((unsigned) buf[1] << 8 | buf[0]);
- *(uint32 *) buf = t;
- buf += 4;
- }
- while (--longs);
-}
-#endif
-#endif
-
-/*
- * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious
- * initialization constants.
- */
-void MD5Init (struct MD5Context *ctx)
-{
- ctx->buf[0] = 0x67452301;
- ctx->buf[1] = 0xefcdab89;
- ctx->buf[2] = 0x98badcfe;
- ctx->buf[3] = 0x10325476;
-
- ctx->bits[0] = 0;
- ctx->bits[1] = 0;
-}
-
-/*
- * Update context to reflect the concatenation of another buffer full
- * of bytes.
- */
-void MD5Update (struct MD5Context *ctx, unsigned char const *buf,
- unsigned len)
-{
- uint32 t;
-
- /* Update bitcount */
-
- t = ctx->bits[0];
- if ((ctx->bits[0] = t + ((uint32) len << 3)) < t)
- ctx->bits[1]++; /* Carry from low to high */
- ctx->bits[1] += len >> 29;
-
- t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */
-
- /* Handle any leading odd-sized chunks */
-
- if (t)
- {
- unsigned char *p = (unsigned char *) ctx->in + t;
-
- t = 64 - t;
- if (len < t)
- {
- memcpy (p, buf, len);
- return;
- }
- memcpy (p, buf, t);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- buf += t;
- len -= t;
- }
- /* Process data in 64-byte chunks */
-
- while (len >= 64)
- {
- memcpy (ctx->in, buf, 64);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- buf += 64;
- len -= 64;
- }
-
- /* Handle any remaining bytes of data. */
-
- memcpy (ctx->in, buf, len);
-}
-
-/*
- * Final wrapup - pad to 64-byte boundary with the bit pattern
- * 1 0* (64-bit count of bits processed, MSB-first)
- */
-void MD5Final (unsigned char digest[16], struct MD5Context *ctx)
-{
- unsigned count;
- unsigned char *p;
-
- /* Compute number of bytes mod 64 */
- count = (ctx->bits[0] >> 3) & 0x3F;
-
- /* Set the first char of padding to 0x80. This is safe since there is
- always at least one byte free */
- p = ctx->in + count;
- *p++ = 0x80;
-
- /* Bytes of padding needed to make 64 bytes */
- count = 64 - 1 - count;
-
- /* Pad out to 56 mod 64 */
- if (count < 8)
- {
- /* Two lots of padding: Pad the first block to 64 bytes */
- memset (p, 0, count);
- byteReverse (ctx->in, 16);
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
-
- /* Now fill the next block with 56 bytes */
- memset (ctx->in, 0, 56);
- }
- else
- {
- /* Pad block to 56 bytes */
- memset (p, 0, count - 8);
- }
- byteReverse (ctx->in, 14);
-
- /* Append length in bits and transform */
- memcpy(ctx->in + 14 * sizeof(uint32), ctx->bits, sizeof(ctx->bits));
-
- MD5Transform (ctx->buf, (uint32 *) ctx->in);
- byteReverse ((unsigned char *) ctx->buf, 4);
- memcpy (digest, ctx->buf, 16);
- memset (ctx, 0, sizeof (*ctx)); /* In case it's sensitive */
-}
-
-#ifndef ASM_MD5
-
-/* The four core functions - F1 is optimized somewhat */
-
-/* #define F1(x, y, z) (x & y | ~x & z) */
-#define F1(x, y, z) (z ^ (x & (y ^ z)))
-#define F2(x, y, z) F1(z, x, y)
-#define F3(x, y, z) (x ^ y ^ z)
-#define F4(x, y, z) (y ^ (x | ~z))
-
-/* This is the central step in the MD5 algorithm. */
-#define MD5STEP(f, w, x, y, z, data, s) \
- ( w += f(x, y, z) + data, w = w<<s | w>>(32-s), w += x )
-
-/*
- * The core of the MD5 algorithm, this alters an existing MD5 hash to
- * reflect the addition of 16 longwords of new data. MD5Update blocks
- * the data and converts bytes into longwords for this routine.
- */
-void MD5Transform (uint32 buf[4], uint32 const in[16])
-{
- register uint32 a, b, c, d;
-
- a = buf[0];
- b = buf[1];
- c = buf[2];
- d = buf[3];
-
- MD5STEP (F1, a, b, c, d, in[0] + 0xd76aa478, 7);
- MD5STEP (F1, d, a, b, c, in[1] + 0xe8c7b756, 12);
- MD5STEP (F1, c, d, a, b, in[2] + 0x242070db, 17);
- MD5STEP (F1, b, c, d, a, in[3] + 0xc1bdceee, 22);
- MD5STEP (F1, a, b, c, d, in[4] + 0xf57c0faf, 7);
- MD5STEP (F1, d, a, b, c, in[5] + 0x4787c62a, 12);
- MD5STEP (F1, c, d, a, b, in[6] + 0xa8304613, 17);
- MD5STEP (F1, b, c, d, a, in[7] + 0xfd469501, 22);
- MD5STEP (F1, a, b, c, d, in[8] + 0x698098d8, 7);
- MD5STEP (F1, d, a, b, c, in[9] + 0x8b44f7af, 12);
- MD5STEP (F1, c, d, a, b, in[10] + 0xffff5bb1, 17);
- MD5STEP (F1, b, c, d, a, in[11] + 0x895cd7be, 22);
- MD5STEP (F1, a, b, c, d, in[12] + 0x6b901122, 7);
- MD5STEP (F1, d, a, b, c, in[13] + 0xfd987193, 12);
- MD5STEP (F1, c, d, a, b, in[14] + 0xa679438e, 17);
- MD5STEP (F1, b, c, d, a, in[15] + 0x49b40821, 22);
-
- MD5STEP (F2, a, b, c, d, in[1] + 0xf61e2562, 5);
- MD5STEP (F2, d, a, b, c, in[6] + 0xc040b340, 9);
- MD5STEP (F2, c, d, a, b, in[11] + 0x265e5a51, 14);
- MD5STEP (F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20);
- MD5STEP (F2, a, b, c, d, in[5] + 0xd62f105d, 5);
- MD5STEP (F2, d, a, b, c, in[10] + 0x02441453, 9);
- MD5STEP (F2, c, d, a, b, in[15] + 0xd8a1e681, 14);
- MD5STEP (F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20);
- MD5STEP (F2, a, b, c, d, in[9] + 0x21e1cde6, 5);
- MD5STEP (F2, d, a, b, c, in[14] + 0xc33707d6, 9);
- MD5STEP (F2, c, d, a, b, in[3] + 0xf4d50d87, 14);
- MD5STEP (F2, b, c, d, a, in[8] + 0x455a14ed, 20);
- MD5STEP (F2, a, b, c, d, in[13] + 0xa9e3e905, 5);
- MD5STEP (F2, d, a, b, c, in[2] + 0xfcefa3f8, 9);
- MD5STEP (F2, c, d, a, b, in[7] + 0x676f02d9, 14);
- MD5STEP (F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20);
-
- MD5STEP (F3, a, b, c, d, in[5] + 0xfffa3942, 4);
- MD5STEP (F3, d, a, b, c, in[8] + 0x8771f681, 11);
- MD5STEP (F3, c, d, a, b, in[11] + 0x6d9d6122, 16);
- MD5STEP (F3, b, c, d, a, in[14] + 0xfde5380c, 23);
- MD5STEP (F3, a, b, c, d, in[1] + 0xa4beea44, 4);
- MD5STEP (F3, d, a, b, c, in[4] + 0x4bdecfa9, 11);
- MD5STEP (F3, c, d, a, b, in[7] + 0xf6bb4b60, 16);
- MD5STEP (F3, b, c, d, a, in[10] + 0xbebfbc70, 23);
- MD5STEP (F3, a, b, c, d, in[13] + 0x289b7ec6, 4);
- MD5STEP (F3, d, a, b, c, in[0] + 0xeaa127fa, 11);
- MD5STEP (F3, c, d, a, b, in[3] + 0xd4ef3085, 16);
- MD5STEP (F3, b, c, d, a, in[6] + 0x04881d05, 23);
- MD5STEP (F3, a, b, c, d, in[9] + 0xd9d4d039, 4);
- MD5STEP (F3, d, a, b, c, in[12] + 0xe6db99e5, 11);
- MD5STEP (F3, c, d, a, b, in[15] + 0x1fa27cf8, 16);
- MD5STEP (F3, b, c, d, a, in[2] + 0xc4ac5665, 23);
-
- MD5STEP (F4, a, b, c, d, in[0] + 0xf4292244, 6);
- MD5STEP (F4, d, a, b, c, in[7] + 0x432aff97, 10);
- MD5STEP (F4, c, d, a, b, in[14] + 0xab9423a7, 15);
- MD5STEP (F4, b, c, d, a, in[5] + 0xfc93a039, 21);
- MD5STEP (F4, a, b, c, d, in[12] + 0x655b59c3, 6);
- MD5STEP (F4, d, a, b, c, in[3] + 0x8f0ccc92, 10);
- MD5STEP (F4, c, d, a, b, in[10] + 0xffeff47d, 15);
- MD5STEP (F4, b, c, d, a, in[1] + 0x85845dd1, 21);
- MD5STEP (F4, a, b, c, d, in[8] + 0x6fa87e4f, 6);
- MD5STEP (F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10);
- MD5STEP (F4, c, d, a, b, in[6] + 0xa3014314, 15);
- MD5STEP (F4, b, c, d, a, in[13] + 0x4e0811a1, 21);
- MD5STEP (F4, a, b, c, d, in[4] + 0xf7537e82, 6);
- MD5STEP (F4, d, a, b, c, in[11] + 0xbd3af235, 10);
- MD5STEP (F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15);
- MD5STEP (F4, b, c, d, a, in[9] + 0xeb86d391, 21);
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
-
-#endif
diff -Naur xl2tpd-1.3.14-orig/md5.h xl2tpd-1.3.14/md5.h
--- xl2tpd-1.3.14-orig/md5.h 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/md5.h 1969-12-31 19:00:00.000000000 -0500
@@ -1,29 +0,0 @@
-#ifndef MD5_H
-#define MD5_H
-
-#ifdef __alpha
-typedef unsigned int uint32;
-#else
-#include <stdint.h>
-typedef uint32_t uint32;
-#endif
-
-struct MD5Context
-{
- uint32 buf[4];
- uint32 bits[2];
- unsigned char in[64];
-};
-
-void MD5Init (struct MD5Context *context);
-void MD5Update (struct MD5Context *context, unsigned char const *buf,
- unsigned len);
-void MD5Final (unsigned char digest[16], struct MD5Context *context);
-void MD5Transform (uint32 buf[4], uint32 const in[16]);
-
-/*
- * This is needed to make RSAREF happy on some MS-DOS compilers.
- */
-typedef struct MD5Context MD5_CTX;
-
-#endif /* !MD5_H */
diff -Naur xl2tpd-1.3.14-orig/xl2tpd.c xl2tpd-1.3.14/xl2tpd.c
--- xl2tpd-1.3.14-orig/xl2tpd.c 2019-04-17 12:23:39.000000000 -0400
+++ xl2tpd-1.3.14/xl2tpd.c 2019-09-24 20:53:50.969512827 -0400
@@ -1643,7 +1643,11 @@
static void usage(void) {
- printf("\nxl2tpd version: %s\n", SERVER_VERSION);
+ printf("\nxl2tpd version: %s\n"
+"This product includes software developed by the OpenSSL Project for use\n"
+"in the OpenSSL Toolkit. (http://www.openssl.org/)\n"
+, SERVER_VERSION);
+
printf("Usage: xl2tpd [-c <config file>] [-s <secret file>] [-p <pid file>]\n"
" [-C <control file>] [-D] [-l] [-q <tos decimal value for control>]\n"
" [-v, --version]\n");

BIN
xl2tpd-1.3.16.tar.gz Normal file
View File

Binary file not shown.

16
xl2tpd.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=Level 2 Tunnel Protocol Daemon (L2TP)
After=network.target
After=ipsec.service
# Some ISPs in Russia use l2tp without IPsec, so don't insist anymore
#Wants=ipsec.service
[Service]
Type=simple
PIDFile=/run/xl2tpd/xl2tpd.pid
ExecStartPre=/sbin/modprobe -q l2tp_ppp
ExecStart=/usr/sbin/xl2tpd -D
Restart=on-abort
[Install]
WantedBy=multi-user.target

121
xl2tpd.spec Normal file
View File

@ -0,0 +1,121 @@
%global commit 5619e1771048e74b729804e8602f409af0f3faea
Summary: Layer 2 Tunnelling Protocol Daemon (RFC 2661)
Name: xl2tpd
Version: 1.3.16
Release: 1
License: GPL+
Url: https://github.com/xelerance/xl2tpd/
# upstream isn't using proper names, we manually rename v-VERSION.tar.gz to xl2tpd-VERSION.tar.gz
Source0: https://github.com/xelerance/%{name}/archive/v%{version}/%{name}-%{version}.tar.gz
Source1: xl2tpd.service
Source2: tmpfiles-xl2tpd.conf
Patch1: xl2tpd-1.3.14-conf.patch
Patch2: xl2tpd-1.3.14-md5-fips.patch
Patch3: xl2tpd-1.3.14-kernelmode.patch
#Requires: ppp >= 2.4.5-18, kmod(l2tp_ppp.ko)
Requires: ppp >= 2.4.5-18, kernel
# If you want to authenticate against a Microsoft PDC/Active Directory
# Requires: samba-winbind
BuildRequires: make
BuildRequires: gcc
BuildRequires: libpcap-devel
BuildRequires: systemd-units
BuildRequires: openssl-devel
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
# dnf resolving prefers kernel-debug-modules-extra over kernel-modules-extra
Suggests: kernel-modules-extra
%description
xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661).
L2TP allows you to tunnel PPP over UDP. Some ISPs use L2TP to tunnel user
sessions from dial-in servers (modem banks, ADSL DSLAMs) to back-end PPP
servers. Another important application is Virtual Private Networks where
the IPsec protocol is used to secure the L2TP connection (L2TP/IPsec,
RFC 3193). The L2TP/IPsec protocol is mainly used by Windows and
Mac OS X clients. On Linux, xl2tpd can be used in combination with IPsec
implementations such as Openswan.
Example configuration files for such a setup are included in this RPM.
xl2tpd works by opening a pseudo-tty for communicating with pppd.
It runs completely in userspace.
xl2tpd supports IPsec SA Reference tracking to enable overlapping internak
NAT'ed IP's by different clients (eg all clients connecting from their
linksys internal IP 192.168.1.101) as well as multiple clients behind
the same NAT router.
xl2tpd supports the pppol2tp kernel mode operations on 2.6.23 or higher,
or via a patch in contrib for 2.4.x kernels.
Xl2tpd is based on the 0.69 L2TP by Jeff McAdams <jeffm@iglou.com>
It was de-facto maintained by Jacco de Leeuw <jacco2@dds.nl> in 2002 and 2003.
%prep
%autosetup -p1
%build
export CFLAGS="$CFLAGS -fPIC -Wall -DTRUST_PPPD_TO_DIE"
export DFLAGS="$RPM_OPT_FLAGS -g "
export LDFLAGS="$LDFLAGS -pie -Wl,-z,relro -Wl,-z,now"
# fixup for obsoleted pppd options
sed -i "s/crtscts/#obsolete: crtscts/" examples/ppp-options.xl2tpd
sed -i "s/lock/#obsolete: lock/" examples/ppp-options.xl2tpd
# if extra debugging is needed, use:
# %make_build DFLAGS="$RPM_OPT_FLAGS -g -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_FLOW -DDEBUG_PAYLOAD -DDEBUG_CONTROL -DDEBUG_CONTROL_XMIT -DDEBUG_FLOW_MORE -DDEBUG_MAGIC -DDEBUG_ENTROPY -DDEBUG_HIDDEN -DDEBUG_PPPD -DDEBUG_AAA -DDEBUG_FILE -DDEBUG_FLOW -DDEBUG_HELLO -DDEBUG_CLOSE -DDEBUG_ZLB -DDEBUG_AUTH"
%make_build
%install
make DESTDIR=%{buildroot} PREFIX=%{_prefix} install
install -d 0755 %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/xl2tpd.service
mkdir -p %{buildroot}/%{_tmpfilesdir}
install -m 0644 %{SOURCE2} %{buildroot}/%{_tmpfilesdir}/%{name}.conf
install -p -D -m644 examples/xl2tpd.conf %{buildroot}%{_sysconfdir}/xl2tpd/xl2tpd.conf
install -p -D -m644 examples/ppp-options.xl2tpd %{buildroot}%{_sysconfdir}/ppp/options.xl2tpd
install -p -D -m600 doc/l2tp-secrets.sample %{buildroot}%{_sysconfdir}/xl2tpd/l2tp-secrets
install -p -D -m600 examples/chapsecrets.sample %{buildroot}%{_sysconfdir}/ppp/chap-secrets.sample
install -p -D -m755 -d %{buildroot}%{_rundir}/xl2tpd
%preun
%systemd_preun xl2tpd.service
%post
%systemd_post xl2tpd.service
%postun
%systemd_postun_with_restart xl2tpd.service
%triggerun -- xl2td < 1.3.1-3
# Save the current service runlevel info
# User must manually run systemd-sysv-convert --apply xl2tpd
# to migrate them to systemd targets
/usr/bin/systemd-sysv-convert --save xl2tpd >/dev/null 2>&1 ||:
# Run these because the SysV package being removed won't do them
/sbin/chkconfig --del xl2tpd >/dev/null 2>&1 || :
/bin/systemctl try-restart xl2tpd.service >/dev/null 2>&1 || :
%files
%doc BUGS CHANGES CREDITS README.* TODO
%license LICENSE
%doc doc/README.patents examples/chapsecrets.sample
%{_sbindir}/xl2tpd
%{_sbindir}/xl2tpd-control
%{_bindir}/pfc
%{_mandir}/*/*
%dir %{_sysconfdir}/xl2tpd
%config(noreplace) %{_sysconfdir}/xl2tpd/*
%config(noreplace) %{_sysconfdir}/ppp/*
%dir %{_rundir}/xl2tpd
%{_unitdir}/%{name}.service
%{_tmpfilesdir}/%{name}.conf
%ghost %attr(0600,root,root) %{_rundir}/xl2tpd/l2tp-control
%changelog
* Tue Aug 09 2022 liweiganga <liweiganga@uniontech.com> - 1.3.16-1
- init package

4
xl2tpd.yaml Normal file
View File

@ -0,0 +1,4 @@
version_control: github
src_repo: xelerance/xl2tpd
tag_prefix: "^v"
separator: "."