vpn-manager: Fix l2tp/ipsec connections to Windows RRAS server
Change-Id: I6322c0d4d8e7f21ed1abf24c645eb7e7cd41cc3f
BUG=none
TEST=Connect to windows vpn
Review URL: http://codereview.chromium.org/6713058
diff --git a/ipsec_manager.cc b/ipsec_manager.cc
index eb57044..287d62b 100644
--- a/ipsec_manager.cc
+++ b/ipsec_manager.cc
@@ -22,11 +22,16 @@
#include "gflags/gflags.h"
#pragma GCC diagnostic ignored "-Wstrict-aliasing"
+// Windows RRAS requires modp1024 dh-group. Strongswan's
+// default is modp1536 which it does not support.
+DEFINE_string(ike, "3des-sha1-modp1024", "ike proposals");
DEFINE_int32(ipsec_timeout, 10, "timeout for ipsec to be established");
DEFINE_string(leftprotoport, "17/1701", "client protocol/port");
+DEFINE_bool(nat_traversal, true, "Enable NAT-T nat traversal");
DEFINE_bool(pfs, false, "pfs");
DEFINE_bool(rekey, false, "rekey");
DEFINE_string(rightprotoport, "17/1701", "server protocol/port");
+DEFINE_string(type, "transport", "IPsec type (transport or tunnel)");
#pragma GCC diagnostic error "-Wstrict-aliasing"
const char kIpsecConnectionName[] = "ipsec_managed";
@@ -260,7 +265,9 @@
} else {
AppendBoolSetting(&config, "plutostart", false);
}
+ AppendBoolSetting(&config, "nat_traversal", FLAGS_nat_traversal);
config.append("conn managed\n");
+ AppendStringSetting(&config, "ike", FLAGS_ike);
AppendStringSetting(&config, "keyexchange",
ike_version_ == 1 ? "ikev1" : "ikev2");
if (!psk_file_.empty()) AppendStringSetting(&config, "authby", "psk");
@@ -271,6 +278,7 @@
AppendStringSetting(&config, "leftupdown", IPSEC_UPDOWN);
AppendStringSetting(&config, "right", remote_address_);
AppendStringSetting(&config, "rightprotoport", FLAGS_rightprotoport);
+ AppendStringSetting(&config, "type", FLAGS_type);
AppendStringSetting(&config, "auto", "start");
return config;
}
diff --git a/ipsec_manager_test.cc b/ipsec_manager_test.cc
index 7054980..37701f2 100644
--- a/ipsec_manager_test.cc
+++ b/ipsec_manager_test.cc
@@ -220,7 +220,9 @@
const char kExpected[] =
"config setup\n"
"\tcharonstart=no\n"
+ "\tnat_traversal=yes\n"
"conn managed\n"
+ "\tike=3des-sha1-modp1024\n"
"\tkeyexchange=ikev1\n"
"\tauthby=psk\n"
"\tpfs=no\n"
@@ -230,6 +232,7 @@
"\tleftupdown=/usr/libexec/l2tpipsec_vpn/pluto_updown\n"
"\tright=1.2.3.4\n"
"\trightprotoport=17/1701\n"
+ "\ttype=transport\n"
"\tauto=start\n";
EXPECT_EQ(kExpected, actual);
}
diff --git a/l2tp_manager.cc b/l2tp_manager.cc
index ce42acd..7d0e3fa 100644
--- a/l2tp_manager.cc
+++ b/l2tp_manager.cc
@@ -79,7 +79,7 @@
}
std::string L2tpManager::FormatPppdConfiguration() {
- std::string pppd_config = StringPrintf(
+ std::string pppd_config(
"ipcp-accept-local\n"
"ipcp-accept-remote\n"
"refuse-eap\n"