FreshPorts -- The Place For Ports Tue, 9 Feb 2010 5:34 PM GMT
Do I have any twitter.com followers? I'd like to get control of twitter.com/pgcon, since I run pgcon...
Port details
ipsec-tools 0.7.3 security on this many watch lists=14 search for ports that depend on this port An older version of this port was marked as vulnerable.
KAME racoon IKE daemon, ipsec-tools version
Maintained by: vanhu@netasq.com search for ports maintained by this maintainer
Port Added: 05 Sep 2005 15:14:25


racoon speaks IKE (ISAKMP/Oakley) key management protocol, to
establish security association with other hosts.

This is the IPSec-tools version of racoon.

Enchancements:
- Support of NAT-T and IKE fragmentation.
- Support of many authentication algorithms.
- Tons of bugfixes.

Known issues:
- Non-threaded implementation.  Simultaneous key negotiation performance
  should be improved.
- Cannot negotiate keys for per-socket policy.
- Cryptic configuration syntax - blame IPsec specification too...
- Needs more documentation.

Design choice, not a bug:
- racoon negotiate IPsec keys only.  It does not negotiate policy.  Policy must
  be configured into the kernel separately from racoon.  If you want to
  support roaming clients, you may need to have a mechanism to put policy
  for the roaming client after phase 1 finishes.

WWW: http://ipsec-tools.sourceforge.net/
CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMon
Required To Build: devel/libtool22

To install the port: cd /usr/ports/security/ipsec-tools/ && make install clean
To add the package: pkg_add -r ipsec-tools


Configuration Options
===> The following configuration options are available for ipsec-tools-0.7.3:
     DEBUG=on (default) "enable Debug support"
     IPV6=on (default) "enable IPV6 support"
     ADMINPORT=off (default) "enable Admin port"
     STATS=off (default) "enable Statistics logging function"
     DPD=on (default) "enable Dead Peer Detection"
     NATT=on (default) "enable NAT-Traversal (kernel-patch required)"
     NATTF=off (default) "require NAT-Traversal (fail without kernel-patch)"
     FRAG=on (default) "enable IKE fragmentation payload support"
     HYBRID=on (default) "enable Hybrid, Xauth and Mode-cfg support"
     PAM=off (default) "enable PAM authentication (Xauth server)"
     RADIUS=off (default) "enable Radius authentication (Xauth server)"
     LDAP=off (default) "enable LDAP authentication (Xauth server)"
     GSSAPI=off (default) "enable GSS-API authentication"
     SAUNSPEC=off (default) "enable Unspecified SA mode"
     RC5=off (default) "enable RC5 encryption (patented)"
     IDEA=off (default) "enable IDEA encryption (patented)"
===> Use 'make config' to modify these settings

Master Sites:
http://garr.dl.sourceforge.net/project/ipsec-tools/ipsec-tools/0.7.3/
http://superb-east.dl.sourceforge.net/project/ipsec-tools/ipsec-tools/0.7.3/
http://nchc.dl.sourceforge.net/project/ipsec-tools/ipsec-tools/0.7.3/
http://kent.dl.sourceforge.net/project/ipsec-tools/ipsec-tools/0.7.3/
http://easynews.dl.sourceforge.net/project/ipsec-tools/ipsec-tools/0.7.3/
http://ufpr.dl.sourceforge.net/project/ipsec-tools/ipsec-tools/0.7.3/
http://mesh.dl.sourceforge.net/project/ipsec-tools/ipsec-tools/0.7.3/
http://heanet.dl.sourceforge.net/project/ipsec-tools/ipsec-tools/0.7.3/
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/
Notes from UPDATING
These upgrade notes are taken from /usr/ports/UPDATING
  • 2006-01-05
    Affects: users of www/wwwoffle, security/ipsec-tools
    Author: edwin@FreeBSD.org
    Reason: 
      The startup of the rc.d scripts for these two ports are now
      by default disabled.
    
    

  • 2005-12-02
    Affects: users of security/racoon and security/ipsec-tools
    Author: lawrance@FreeBSD.org
    Reason: 
      security/racoon has been removed. You should migrate to its
      replacement, security/ipsec-tools. No configuration changes will
      be required.
    
      The default configuration file location has changed for ipsec-tools.
      You will need to move your racoon configuration files to the new
      location /usr/local/etc/racoon. Alternatively, add this line in
      rc.conf to continue using the old location:
    
      racoon_flags="-f /usr/local/etc"
    
    
Port Moves
  • port moved here from security/racoon on 2005-11-18
    REASON: removed, successor is ipsec-tools

Number of commits found: 34

Commit History - (may be incomplete: see CVSWeb link above for full details)
DateByDescription
26 Aug 2009 17:37:22
Original commit files touched by this commit  0.7.3
miwi search for other commits by this committer
- Update to 0.7.3

PR:             137966
Submitted by:   VANHULLEBUS Yvan <vanhu@netasq.com> (maintainer)
02 Aug 2009 20:36:34
Original commit files touched by this commit  0.7.2
mezz search for other commits by this committer
-Repocopy devel/libtool15 -> libtool22 and libltdl15 -> libltdl22.
-Update libtool and libltdl to 2.2.6a.
-Remove devel/libtool15 and devel/libltdl15.
-Fix ports build with libtool22/libltdl22.
-Bump ports that depend on libltdl22 due to shared library version change.
-Explain what to do update in the UPDATING.

It has been tested with GNOME2, XFCE4, KDE3, KDE4 and other many wm/desktop
and applications in the runtime.

With help:      marcus and kwm
Pointyhat-exp:  a few times by pav
Tested by:      pgollucci, "Romain Tartière" <romain@blogreen.org>, and
                a few MarcusCom CVS users. Also, I might have missed a few.
Repocopy by:    marcus
Approved by:    portmgr
15 Jul 2009 17:56:10
Original commit files touched by this commit  0.7.2
dougb search for other commits by this committer
Fix a few "bad example" problems in the rc.d scripts that have been
propogated by copy and paste.

1. Primarily the "empty variable" default assignment, which is mostly
${name}_flags="", but fix a few others as well.
2. Where they are not already documented, add the existence of the _flags
(or other deleted empties) option to the comments, and in some cases add
comments from scratch.
3. Replace things that look like:
prefix=%%PREFIX%%
command=${prefix}/sbin/foo
to just use %%PREFIX%%. In many cases the $prefix variable is only used
once, and in some cases it is not used at all.
4. In a few cases remove ${name}_flags from command_args
5. Remove a long-stale comment about putting the port's rc.d script in
/etc/rc.d (which is no longer necessary).

No PORTREVISION bumps because all of these changes are noops.
23 Apr 2009 17:02:44
Original commit files touched by this commit  0.7.2
wxs search for other commits by this committer
- Update to 0.7.2. This release fixes a remote DoS bug with IKE
  fragmentation reassembly.

PR:             ports/133922
Submitted by:   VANHULLEBUS Yvan <vanhu@netasq.com> (maintainer)
21 Aug 2008 07:18:49
Original commit files touched by this commit  0.7.1
rafan search for other commits by this committer
Update CONFIGURE_ARGS for how we pass CONFIGURE_TARGET to configure script.
Specifically, newer autoconf (> 2.13) has different semantic of the
configure target. In short, one should use --build=CONFIGURE_TARGET
instead of CONFIGURE_TARGET directly. Otherwise, you will get a warning
and the old semantic may be removed in later autoconf releases.

To workaround this issue, many ports hack the CONFIGURE_TARGET variable
so that it contains the ``--build='' prefix.

To solve this issue, under the fact that some ports still have
configure script generated by the old autoconf, we use runtime detection
in the do-configure target so that the proper argument can be used.

Changes to Mk/*:
 - Add runtime detection magic in bsd.port.mk
(Only the first 15 lines of the commit message are shown above View all of this commit message)
01 Aug 2008 13:57:25
Original commit files touched by this commit  0.7.1
arved search for other commits by this committer
Add an WITH_LDAP option
enable hybrid, xauth and mode-cfg per default

PR:             125748
Submitted by:   Matthew Grooms
Approved by:    vanhu (maintainer)
25 Jul 2008 22:39:29
Original commit files touched by this commit  0.7.1
beech search for other commits by this committer
- Update to 0.7.1

PR:             ports/125957
Submitted by:   VANHULLEBUS Yvan <vanhu@netasq.com> (maintainer)
08 Jul 2008 00:59:33
Original commit files touched by this commit  0.7
 This port version is marked as vulnerable.
tmclaugh search for other commits by this committer
Fix build on 7.x when RC5 support is enabled.

PR:             103084, 122187
Submitted by:   Dmitry A Grigorovich
Approved by:    maintainer
02 Jul 2008 05:19:30
Original commit files touched by this commit  0.7
 This port version is marked as vulnerable.
beech search for other commits by this committer
- Fix: Have the racoon startup script [optionally] create its required dirs.

PR:             ports/117128
Submitted by:   John Hein <jhein@timing.com>
Approved by:    VANHULLEBUS Yvan <vanhu@netasq.com> (maintainer)
04 Oct 2007 07:00:24
Original commit files touched by this commit  0.7
 This port version is marked as vulnerable.
edwin search for other commits by this committer
Remove always-false/true conditions based on OSVERSION 500000
02 Sep 2007 17:48:50
Original commit files touched by this commit  0.7
 This port version is marked as vulnerable.
arved search for other commits by this committer
Update to 0.7

PR:             115978
Submitted by:   VANHULLEBUS Yvan <vanhu@netasq.com>
04 Aug 2007 12:41:31
Original commit files touched by this commit  0.6.7
 This port version is marked as vulnerable.
gabor search for other commits by this committer
- Remove the DESTDIR modifications from individual ports as we have a new,
  fully chrooted DESTDIR, which does not need such any more.

Sponsored by:   Google Summer of Code 2007
Approved by:    portmgr (pav)
03 Jul 2007 06:40:12
Original commit files touched by this commit  0.6.7
 This port version is marked as vulnerable.
rafan search for other commits by this committer
- Revert changes to patch-configure. It was slipped in when committing
  fix for gcc 4.x

Noticed by:   sat
Approved by:  maintainer (implicit)
02 Jul 2007 18:00:01
Original commit files touched by this commit  0.6.7
 This port version is marked as vulnerable.
rafan search for other commits by this committer
- Fix build with gcc 4.x
- While I'm here, remove extra empty line in distinfo

PR:            ports/113383
Submitted by:  rafan
Approved by:   VANHULLEBUS Yvan <yvan.vanhullebus at netasq.com> (maintainer)
07 Apr 2007 05:23:27
Original commit files touched by this commit  0.6.7
 This port version is marked as vulnerable.
clsung search for other commits by this committer
- Version 0.6.7 of ipsec-tools is out, which fixes an easy to exploit
  Denial of Service (CVE-2007-1841).

PR:             ports/111319
Submitted by:   maintainer (VANHULLEBUS Yvan)
Security:       CVE-2007-1841
01 Feb 2007 02:42:06
Original commit files touched by this commit  0.6.6
 This port version is marked as vulnerable.
kris search for other commits by this committer
Use libtool port instead of included version to avoid objformat a.out botch
04 Dec 2006 10:24:33
Original commit files touched by this commit  0.6.6
 This port version is marked as vulnerable.
sat search for other commits by this committer
- An option to force NATT functionality
- Sneak in master sites beautification and use_ldconfig
  while I'm here

PR:             ports/105488
Submitted by:   bz
Approved by:    VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com> (maintainer)
16 Aug 2006 15:00:59
Original commit files touched by this commit  0.6.6
 This port version is marked as vulnerable.
sat search for other commits by this committer
- There should be only one site in the WWW line and kame is obsolete anyway
20 Jun 2006 10:53:50
Original commit files touched by this commit  0.6.6
 This port version is marked as vulnerable.
pav search for other commits by this committer
- Add patch for people having trouble compiling OpenSSL bits

PR:             ports/97442
Submitted by:   Dmitry Andrianov <dimas@dataart.com>
Approved by:    VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com> (maintainer)
16 Jun 2006 17:02:54
Original commit files touched by this commit  0.6.6
 This port version is marked as vulnerable.
pav search for other commits by this committer
- Update to 0.6.6

PR:             ports/98902
Submitted by:   VANHULLEBUS Yvan <vanhu@netasq.com> (maintainer)
03 May 2006 17:01:58
Original commit files touched by this commit  0.6.5_2
 This port version is marked as vulnerable.
garga search for other commits by this committer
Makefile:
- introduce OPTIONS to enable/disable features
- add more features to the OPTION dialog
- choose reasonable defaults for OPTIONS (disabled patented stuff)
- remove usesless WRKSRC line
- move LDFLAGS to the place where it is necessary
- extend CONFIGURE_ARGS to set the directory for the adminport socket
  * Note: racoonctl is useless without adminport enabled
  * create the socket dir in post-install
- bump PORTREVISION that users notice the changes
- finally: remove one item from the TODO list on top of the Makefile ;)

pkg-descr:
- shortened by one line to please portlint
(Only the first 15 lines of the commit message are shown above View all of this commit message)
23 Feb 2006 10:40:45
Original commit files touched by this commit  0.6.5_1
 This port version is marked as vulnerable.
ade search for other commits by this committer
Conversion to a single libtool environment.

Approved by:    portmgr (kris)
20 Feb 2006 20:47:50
Original commit files touched by this commit  0.6.5
 This port version is marked as vulnerable.
dougb search for other commits by this committer
Remove the FreeBSD KEYWORD from all rc.d scripts where it appears.
We have not checked for this KEYWORD for a long time now, so this
is a complete noop, and thus no PORTREVISION bump. Removing it at
this point is mostly for pedantic reasons, and partly to avoid
perpetuating this anachronism by copy and paste to future scripts.
06 Feb 2006 00:17:05
Original commit files touched by this commit  0.6.5
 This port version is marked as vulnerable.
barner search for other commits by this committer
- Update to 0.6.5

Submitted by:   VANHULLEBUS Yvan <vanhu@netasq.com> (maintainer)
PR:             ports/92838
24 Jan 2006 09:18:44
Original commit files touched by this commit  0.6.4_2
 This port version is marked as vulnerable.
vd search for other commits by this committer
Change facility from daemon to security, because daemon.info goes to
devnull by default

PR:             ports/91047
Submitted by:   PR: Brian Candler <B.Candler@pobox.com>, patch: VANHULLEBUS Yvan
<vanhu@netasq.com> (maintainer)
Approved by:    garga (mentor)
22 Jan 2006 02:50:55
Original commit files touched by this commit  0.6.4_1
 This port version is marked as vulnerable.
edwin search for other commits by this committer
Replace ugly "@unexec rmdir %D... 2>/dev/null || true" with @dirrmtry

Approved by:    krion@
PR:             ports/88711 (related)
04 Jan 2006 20:48:49
Original commit files touched by this commit  0.6.4_1
 This port version is marked as vulnerable.
edwin search for other commits by this committer
ports/security/ipsec-tools enables itself at startup

        ports/security/ipsec-tools rc.d script defaults to 'enabled'

        It also installs its own versions of setkey and libipsec.so
        which seems redundant as they are part of the base system
        and should be used in preference.

Submitted by:   Vivek Khera <vivek@khera.org>
PR:             ports/91317
13 Dec 2005 20:04:01
Original commit files touched by this commit  0.6.4
 This port version is marked as vulnerable.
mnag search for other commits by this committer
Update to 0.6.4

PR:             90326
Submitted by:   maintainer
02 Dec 2005 11:28:06
Original commit files touched by this commit  0.6.3
 This port version is marked as vulnerable.
lawrance search for other commits by this committer
- Change the location of racoon configuration files to /usr/local/etc/racoon,
  bringing it in line with the old security/racoon port and the handbook [1]
- Make use of USE_RC_SUBR instead of home-grown substitution and install
- Prevent installation of some intermediate sample configuration files

PR:             ports/89273 [1]
Submitted by:   Angelo Turetta <aturetta@bestunion.it> [1]
Approved by:    VANHULLEBUS Yvan <vanhu@netasq.com> (maintainer)
21 Nov 2005 23:29:18
Original commit files touched by this commit  0.6.3
 This port version is marked as vulnerable.
sem search for other commits by this committer
- Update to 0.6.3. It fixes some crashes,
  including potential DoS in aggressive mode.
- Add SHA256

PR:             ports/89365
Submitted by:   ANHULLEBUS Yvan (maintainer)
15 Nov 2005 06:52:12
Original commit files touched by this commit  0.6.2
 This port version is marked as vulnerable.
ade search for other commits by this committer
Mass-conversion to the USE_AUTOTOOLS New World Order.  The code present
in bsd.autotools.mk essentially makes this a no-op given that all the
old variables set a USE_AUTOTOOLS_COMPAT variable, which is parsed in
exactly the same way as USE_AUTOTOOLS itself.

Moreover, USE_AUTOTOOLS has already been extensively tested by the GNOME
team -- all GNOME 2.12.x ports use it.

Preliminary documentation can be found at:
        http://people.FreeBSD.org/~ade/autotools.txt

which is in the process of being SGMLized before introduction into the
Porters Handbook.

Light blue touch-paper.  Run.
26 Oct 2005 19:49:58
Original commit files touched by this commit  0.6.2
 This port version is marked as vulnerable.
ehaupt search for other commits by this committer
Update to 0.6.2

PR:             88042
Submitted by:   VANHULLEBUS Yvan <yvan.vanhullebus@netasq.com> (maintainer)
15 Sep 2005 13:11:48
Original commit files touched by this commit  0.6.1
 This port version is marked as vulnerable.
vsevolod search for other commits by this committer
Update to 0.6.1

Submitted by:   Yvan Vanhullebus (maintainer)
05 Sep 2005 15:13:42
Original commit files touched by this commit  0.6
 This port version is marked as vulnerable.
vsevolod search for other commits by this committer
Add IPSec tools port - the new "official" version of racoon,
is the only one which is maintained and have lots of new features.

PR:             85544
Submitted by:   VANHULLEBUS Yvan <vanhu@netasq.com>
Approved by:    perky (mentor)

Number of commits found: 34

Login
User Login
Create account

Servers and bandwidth provided by
New York Internet
SuperNews

Search
Enter Keywords:
 
more...

Latest Vulnerabilities
otrsFeb 08
otrsFeb 08
apache13*Feb 03
apache13*Feb 03
apache13+ipv6*Feb 03
apache13-modperl*Feb 03
apache13-modssl*Feb 03
apache13-modssl*Feb 03
apache13-modssl+ipv6*Feb 03
apache13-ssl*Feb 03
squid*Feb 02
squid30*Feb 02
squid31*Feb 02
bugzillaFeb 01
ircd-ratboxJan 28

5 vulnerabilities affecting 16 ports have been reported in the past 14 days

* - modified, not new

All vulnerabilities


Ports
Home
Categories
Deleted ports
Sanity Test Failures
Newsfeeds


Statistics
Graphs
NEW Graphs (Javascript)
Traffic

Calculated hourly:
Port count 21261
Broken 172
Deprecated 36
Ignore 906
Forbidden 2
Restricted 386
No CDROM 142
Vulnerable 56
Expired 14
Set to expire 25
Interactive 79
new 24 hours 7
new 48 hours9
new 7 days29
new fortnight88
new month197

This site
What is FreshPorts?
About the Authors
FAQ
How big is it?
The latest upgrade!
Privacy
Forums
Blog
Contact

Add tab to Netscape 6

Servers and bandwidth provided by
New York Internet
SuperNews
Valid HTML, CSS, and RSS.
Copyright © 2000-2008 DVL Software Limited. All rights reserved.
This page created in 0.242 seconds.