Package: racoon Version: 1:0.8.0-14 Severity: wishlist Dear Maintainer,
I have complied the modified version of libradius+tacacs according to the guide provided here: https://megapiranha.wordpress.com/2013/04/12/debian-squeeze-racoon-plus-radius-support-feat-cisco-vpn-client/, and it turns out working well. If possible please include this recomplied version and supporting libraries into the deb package. Also, if possible please include two other patches, which enables racoon using wildcard * in the psk file and ignore Windows client IP format errors. The patch is listed below: diff -uNr ipsec-tools-0.7.3-orig/src/racoon//ipsec_doi.c ipsec-tools-0.7.3-patched/src/racoon//ipsec_doi.c --- ipsec-tools-0.7.3-orig/src/racoon//ipsec_doi.c 2009-06-19 16:32:52.000000000 +0900 +++ ipsec-tools-0.7.3-patched/src/racoon//ipsec_doi.c 2013-05-04 05:06:38.000000000 +0900 @@ -3619,10 +3619,9 @@ iph1->approval->authmethod == OAKLEY_ATTR_AUTH_METHOD_PSKEY) { if (id_b->type != IPSECDOI_ID_IPV4_ADDR && id_b->type != IPSECDOI_ID_IPV6_ADDR) { - plog(LLV_ERROR, LOCATION, NULL, + plog(LLV_WARNING, LOCATION, NULL, "Expecting IP address type in main mode, " "but %s.\n", s_ipsecdoi_ident(id_b->type)); - return ISAKMP_NTYPE_INVALID_ID_INFORMATION; } } diff -uNr ipsec-tools-0.7.3-orig/src/racoon//oakley.c ipsec-tools-0.7.3-patched/src/racoon//oakley.c --- ipsec-tools-0.7.3-orig/src/racoon//oakley.c 2009-08-13 18:18:45.000000000 +0900 +++ ipsec-tools-0.7.3-patched/src/racoon//oakley.c 2013-05-04 04:48:31.000000000 +0900 @@ -2498,8 +2498,21 @@ plog(LLV_ERROR, LOCATION, iph1->remote, "couldn't find the pskey for %s.\n", saddrwop2str(iph1->remote)); + } + } + if (iph1->authstr == NULL) { + /* + * If we could not locate a psk above try and locate + * the default psk, ie, "*". + */ + iph1->authstr = privsep_getpsk("*", 1); + if (iph1->authstr == NULL) { + plog(LLV_ERROR, LOCATION, iph1->remote, + "couldn't find the the default pskey either.\n"); goto end; } + plog(LLV_NOTIFY, LOCATION, iph1->remote, + "Using default PSK.\n"); } plog(LLV_DEBUG, LOCATION, NULL, "the psk found.\n"); /* should be secret PSK */ Although this patch was done on 0.7.3, it still works perfectly with 0.8.0 (I have complied that and tested). Thanks a lot, TZ -- System Information: Debian Release: 7.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-xen-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages racoon depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.49 ii ipsec-tools 1:0.8.0-14 ii libc6 2.13-38 ii libcomerr2 1.42.5-1.1 ii libgssapi-krb5-2 1.10.1+dfsg-5 ii libk5crypto3 1.10.1+dfsg-5 ii libkrb5-3 1.10.1+dfsg-5 ii libldap-2.4-2 2.4.31-1+nmu2 ii libpam0g 1.1.3-7.1 ii libssl1.0.0 1.0.1e-2 ii perl 5.14.2-21 racoon recommends no packages. racoon suggests no packages. -- Configuration Files: /etc/init.d/racoon changed [not included] /etc/racoon/psk.txt [Errno 13] Permission denied: u'/etc/racoon/psk.txt' /etc/racoon/racoon.conf changed [not included] -- debconf information: * racoon/config_mode: direct -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
