From 2c660bb91440a14faf083d156127ee7a5330b065 Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Sat, 11 Apr 2020 17:07:43 -0500
Subject: [PATCH] New Libreswan version

- Upgrade Libreswan to 3.31
- "USE_DH2=true" is required for keeping Windows clients compatibility
  Ref: https://github.com/libreswan/libreswan/commit/8fcbbc7
- "USE_XFRM_INTERFACE_IFLA_HEADER=true" is required for compilation on
  older Linux distributions
  Ref: https://github.com/libreswan/libreswan/commit/c21909c
---
 vpnsetup.sh        | 6 +++++-
 vpnsetup_centos.sh | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/vpnsetup.sh b/vpnsetup.sh
index 6c95f7d..23a1204 100755
--- a/vpnsetup.sh
+++ b/vpnsetup.sh
@@ -172,7 +172,7 @@ apt-get -yq install fail2ban || exiterr2
 
 bigecho "Compiling and installing Libreswan..."
 
-SWAN_VER=3.29
+SWAN_VER=3.31
 swan_file="libreswan-$SWAN_VER.tar.gz"
 swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
 swan_url2="https://download.libreswan.org/$swan_file"
@@ -185,11 +185,15 @@ cd "libreswan-$SWAN_VER" || exit 1
 cat > Makefile.inc.local <<'EOF'
 WERROR_CFLAGS =
 USE_DNSSEC = false
+USE_DH2 = true
 USE_DH31 = false
 USE_NSS_AVA_COPY = true
 USE_NSS_IPSEC_PROFILE = false
 USE_GLIBC_KERN_FLIP_HEADERS = true
 EOF
+if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
+  echo "USE_XFRM_INTERFACE_IFLA_HEADER = true" >> Makefile.inc.local
+fi
 if [ "$(packaging/utils/lswan_detect.sh init)" = "systemd" ]; then
   apt-get -yq install libsystemd-dev || exiterr2
 fi
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 29904c2..5ec9444 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -170,7 +170,7 @@ yum "$REPO1" -y install fail2ban || exiterr2
 
 bigecho "Compiling and installing Libreswan..."
 
-SWAN_VER=3.29
+SWAN_VER=3.31
 swan_file="libreswan-$SWAN_VER.tar.gz"
 swan_url1="https://github.com/libreswan/libreswan/archive/v$SWAN_VER.tar.gz"
 swan_url2="https://download.libreswan.org/$swan_file"
@@ -183,11 +183,15 @@ cd "libreswan-$SWAN_VER" || exit 1
 cat > Makefile.inc.local <<'EOF'
 WERROR_CFLAGS =
 USE_DNSSEC = false
+USE_DH2 = true
 USE_DH31 = false
 USE_NSS_AVA_COPY = true
 USE_NSS_IPSEC_PROFILE = false
 USE_GLIBC_KERN_FLIP_HEADERS = true
 EOF
+if ! grep -qs IFLA_XFRM_LINK /usr/include/linux/if_link.h; then
+  echo "USE_XFRM_INTERFACE_IFLA_HEADER = true" >> Makefile.inc.local
+fi
 NPROCS=$(grep -c ^processor /proc/cpuinfo)
 [ -z "$NPROCS" ] && NPROCS=1
 make "-j$((NPROCS+1))" -s base && make -s install-base