diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile index 2ee66915f..b11b75944 100644 --- a/net/ocserv/Makefile +++ b/net/ocserv/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ocserv -PKG_VERSION:=0.8.9 -PKG_RELEASE:=4 +PKG_VERSION:=0.9.0 +PKG_RELEASE:=1 PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL :=ftp://ftp.infradead.org/pub/ocserv/ -PKG_MD5SUM:=cd935cc89bffac75c825e66ef71f6a73 +PKG_MD5SUM:=50994bf7e40fd6bedda33bb2f99b1f11 PKG_LICENSE:=GPLv2 PKG_LICENSE_FILES:=COPYING diff --git a/net/ocserv/README b/net/ocserv/README index 70429ef3b..961f33e4e 100644 --- a/net/ocserv/README +++ b/net/ocserv/README @@ -15,6 +15,7 @@ config ocserv 'config' option auth 'plain' option zone 'vpn' option default_domain 'lan' + option compression '1' option enable '1' config dns diff --git a/net/ocserv/files/ocserv.conf.template b/net/ocserv/files/ocserv.conf.template index 1159c3762..36fdca4b5 100644 --- a/net/ocserv/files/ocserv.conf.template +++ b/net/ocserv/files/ocserv.conf.template @@ -43,6 +43,12 @@ max-same-clients = |MAX_SAME| tcp-port = |PORT| |UDP|udp-port = |PORT| +# Stats report time. The number of seconds after which each +# worker process will report its usage statistics (number of +# bytes transferred etc). This is useful when accounting like +# radius is in use. +#stats-report-time = 360 + # Keepalive in seconds keepalive = 32400 @@ -109,11 +115,14 @@ server-key = /etc/ocserv/server-key.pem # The revocation list of the certificates issued by the 'ca-cert' above. #crl = /etc/ocserv/crl.pem +# Uncomment this to enable compression negotiation (LZS, LZ4). +|COMPRESSION|compression = true + # GnuTLS priority string -tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT" +tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0" # To enforce perfect forward secrecy (PFS) on the main channel. -#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA" +#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-RSA" # The time (in seconds) that a client is allowed to stay connected prior # to authentication diff --git a/net/ocserv/files/ocserv.init b/net/ocserv/files/ocserv.init index dbf4d42b9..aee342d68 100644 --- a/net/ocserv/files/ocserv.init +++ b/net/ocserv/files/ocserv.init @@ -10,6 +10,7 @@ setup_config() { config_get max_same $1 max_same "2" config_get dpd $1 dpd "120" config_get predictable_ips $1 predictable_ips "1" + config_get compression $1 compression "0" config_get udp $1 udp "1" config_get auth $1 auth "plain" config_get cisco_compat $1 cisco_compat "1" @@ -20,11 +21,13 @@ setup_config() { enable_default_domain="#" enable_udp="#" + enable_compression="#" test $predictable_ips = "0" && predictable_ips="false" test $predictable_ips = "1" && predictable_ips="true" test $cisco_compat = "0" && cisco_compat="false" test $cisco_compat = "1" && cisco_compat="true" test $udp = "1" && enable_udp="" + test $compression = "1" && enable_compression="" test -z $default_domain && enable_default_domain="" test -z $ip6addr && enable_ipv6="#" @@ -49,6 +52,7 @@ setup_config() { -e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \ -e "s/|CISCO_COMPAT|/$cisco_compat/g" \ -e "s/|UDP|/$enable_udp/g" \ + -e "s/|COMPRESSION|/$enable_compression/g" \ -e "s/|IPV4ADDR|/$ipaddr/g" \ -e "s/|NETMASK|/$netmask/g" \ -e "s/|IPV6ADDR|/$ipv6_addr/g" \ diff --git a/net/ocserv/patches/001-ocpasswd-sha2crypt.patch b/net/ocserv/patches/001-ocpasswd-sha2crypt.patch deleted file mode 100644 index 272599c29..000000000 --- a/net/ocserv/patches/001-ocpasswd-sha2crypt.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ur ocserv-0.8.9/src/ocpasswd.c ocserv-0.8.9.new/src/ocpasswd.c ---- ocserv-0.8.9/src/ocpasswd.c 2014-11-29 19:49:38.000000000 +0100 -+++ ocserv-0.8.9.new/src/ocpasswd.c 2015-01-19 23:21:14.959144113 +0100 -@@ -69,7 +69,7 @@ - exit(1); - } - -- strcpy(salt, "$5$"); -+ strcpy(salt, "$1$"); - p = salt + 3; - - for (i = 0; i < sizeof(_salt); i++) {