Initial import of strongswan.

7 files changed, 589 insertions, 0 deletions

diff --git a/net-misc/strongswan/ChangeLog b/net-misc/strongswan/ChangeLog
new file mode 100644
index 000000000000..92bb5658daff
--- /dev/null
+++ b/net-misc/strongswan/ChangeLog
@@ -0,0 +1,10 @@
+# ChangeLog for net-misc/openswan
+# Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/ChangeLog,v 1.1 2004/05/19 14:26:23 pfeifer Exp $
+
+*strongswan-2.0.2 (19 May 2004)
+
+  19 May 2004; Jay Pfeifer <pfeifer@gentoo.org> : strongswan-2.0.2.ebuild
+  Initial import.
+  Provides userspace IPsec tool/support for FreeS/WAN based 2.4 kernels
+  and native 2.6 (KAME) based IPsec. Enjoy :)
diff --git a/net-misc/strongswan/Manifest b/net-misc/strongswan/Manifest
new file mode 100644
index 000000000000..2d314445c857
--- /dev/null
+++ b/net-misc/strongswan/Manifest
@@ -0,0 +1,6 @@
+MD5 9079e1a6c70579f08145fe58a95d973e strongswan-2.0.2.ebuild 2936
+MD5 386f5dbd6c852fa8523ee6257c7cd761 ChangeLog 369
+MD5 a64b79eda14e03e130f7dde467dfa860 metadata.xml 706
+MD5 d35f8aea878066e110e6ff3d09a4f50e files/ipsec 1538
+MD5 d092d971aee29fa685c6f7c998690f11 files/strongswan-2.0.2-gentoo.patch 17672
+MD5 874140675e403d9a3b5ab609d73fab56 files/digest-strongswan-2.0.2 69
diff --git a/net-misc/strongswan/files/digest-strongswan-2.0.2 b/net-misc/strongswan/files/digest-strongswan-2.0.2
new file mode 100644
index 000000000000..ef898b18040f
--- /dev/null
+++ b/net-misc/strongswan/files/digest-strongswan-2.0.2
@@ -0,0 +1 @@
+MD5 7cbb725cafaa04ee4a0cab7b84285744 strongswan-2.0.2.tar.gz 3644301
diff --git a/net-misc/strongswan/files/ipsec b/net-misc/strongswan/files/ipsec
new file mode 100644
index 000000000000..62d24a594b45
--- /dev/null
+++ b/net-misc/strongswan/files/ipsec
@@ -0,0 +1,56 @@
+#!/sbin/runscript
+
+# IPsec startup and shutdown script
+# Copyright (C) 1998, 1999, 2001  Henry Spencer.
+# Gentoo mods (C) 2003 Anthony de Boer
+# 
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at your
+# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+# 
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# for more details.
+
+depend() {
+	need net logger
+}
+
+ipsecdoit() {
+# Pick up IPsec configuration (until we have done this, successfully, we
+# do not know where errors should go, hence the explicit "daemon.error"s.)
+# Note the "--export", which exports the variables created.
+	eval `ipsec _confread --varprefix IPSEC --export --type config setup`
+	if test " $IPSEC_confreadstatus" != " "
+	then
+		echo "$IPSEC_confreadstatus -- \`$1' aborted" |
+			logger -s -p daemon.error -t ipsec_setup
+		exit 1
+	fi
+	IPSECsyslog=${IPSECsyslog-daemon.error}
+	export IPSECsyslog
+	umask 022
+	tmp=/var/run/ipsec_setup.st
+	(
+		ipsec _realsetup $1
+		echo "$?" >$tmp
+	) 2>&1 | logger -s -p $IPSECsyslog -t ipsec_setup 2>&1
+	st=`cat $tmp`
+	rm -f $tmp
+	return $st
+}
+
+start() {
+	ebegin "Starting IPSEC ..."
+	ipsecdoit start
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping IPSEC ..."
+	ipsecdoit stop
+	eend $?
+}
+
diff --git a/net-misc/strongswan/files/strongswan-2.0.2-gentoo.patch b/net-misc/strongswan/files/strongswan-2.0.2-gentoo.patch
new file mode 100644
index 000000000000..d95fb4cbecf1
--- /dev/null
+++ b/net-misc/strongswan/files/strongswan-2.0.2-gentoo.patch
@@ -0,0 +1,382 @@
+diff -Naupr strongswan-2.0.2/Makefile.inc strongswan-2.0.2-gentoo/Makefile.inc
+--- strongswan-2.0.2/Makefile.inc	2004-03-15 14:35:21.000000000 -0600
++++ strongswan-2.0.2-gentoo/Makefile.inc	2004-05-19 09:02:53.021439012 -0500
+@@ -62,7 +62,7 @@ POLICYLIB=${FREESWANSRCDIR}/lib/libipsec
+ DESTDIR?=
+ 
+ # "local" part of tree, used in building other pathnames
+-INC_USRLOCAL=/usr/local
++INC_USRLOCAL=/usr
+ 
+ # PUBDIR is where the "ipsec" command goes; beware, many things define PATH
+ # settings which are assumed to include it (or at least, to include *some*
+@@ -96,7 +96,7 @@ MANTREE=$(DESTDIR)$(INC_USRLOCAL)/$(INC_
+ MANPLACES=man3 man5 man8
+ 
+ # where configuration files go
+-FINALCONFFILE?=/etc/ipsec.conf
++FINALCONFFILE?=/etc/ipsec/ipsec.conf
+ CONFFILE=$(DESTDIR)$(FINALCONFFILE)
+ 
+ FINALCONFDIR?=/etc
+@@ -107,10 +107,10 @@ CONFDDIR=$(DESTDIR)$(FINALCONFDDIR)
+ 
+ # sample configuration files go into
+ INC_DOCDIR?=share/doc
+-FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/freeswan
++FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/strongswan-2.0.2
+ EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR}
+ 
+-FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/freeswan
++FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/strongswan-2.0.2
+ DOCDIR=${DESTDIR}${FINALDOCDIR}
+ 
+ # where per-conn pluto logs go
+@@ -239,7 +239,7 @@ RH_KERNELSRC?=/usr/src/linux-2.4
+ # installed one in RH 7.2, won't work - you wind up depending upon
+ # openssl.
+ 
+-BIND9STATICLIBDIR?=/usr/local/lib
++BIND9STATICLIBDIR?=/usr/lib
+ 
+ # FreeSWAN 3.x will require bind9. 
+ USE_LWRES?=false
+diff -Naupr strongswan-2.0.2/lib/libdes/Makefile strongswan-2.0.2-gentoo/lib/libdes/Makefile
+--- strongswan-2.0.2/lib/libdes/Makefile	2004-03-15 14:35:24.000000000 -0600
++++ strongswan-2.0.2-gentoo/lib/libdes/Makefile	2004-05-19 09:02:53.022438837 -0500
+@@ -60,7 +60,7 @@ MAKE=make -f Makefile
+ # normally overridden by FreeS/WAN Makefiles anyway
+ CFLAG= -O3 -fomit-frame-pointer -I${KLIPSD}/include -I${SRCDIR}
+ 
+-CFLAGS=$(OPTS) $(CFLAG)
++CFLAGS=$(OPTS) $(CFLAG) $(USERCOMPILE)
+ CPP=$(CC) -E
+ 
+ # Assember version of des_encrypt*().
+diff -Naupr strongswan-2.0.2/linux/crypto/ciphers/des/asm/crypt586.pl strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/crypt586.pl
+--- strongswan-2.0.2/linux/crypto/ciphers/des/asm/crypt586.pl	2004-03-15 14:35:25.000000000 -0600
++++ strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/crypt586.pl	2004-05-19 09:02:53.022438837 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ #
+ # The inner loop instruction sequence and the IP/FP modifications are from
+ # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+diff -Naupr strongswan-2.0.2/linux/crypto/ciphers/des/asm/des-586.pl strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/des-586.pl
+--- strongswan-2.0.2/linux/crypto/ciphers/des/asm/des-586.pl	2004-03-15 14:35:25.000000000 -0600
++++ strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/des-586.pl	2004-05-19 09:02:53.023438663 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ #
+ # The inner loop instruction sequence and the IP/FP modifications are from
+ # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+diff -Naupr strongswan-2.0.2/linux/crypto/ciphers/des/asm/des686.pl strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/des686.pl
+--- strongswan-2.0.2/linux/crypto/ciphers/des/asm/des686.pl	2004-03-15 14:35:25.000000000 -0600
++++ strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/des686.pl	2004-05-19 09:02:53.023438663 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ $prog="des686.pl";
+ 
+diff -Naupr strongswan-2.0.2/linux/crypto/ciphers/des/asm/desboth.pl strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/desboth.pl
+--- strongswan-2.0.2/linux/crypto/ciphers/des/asm/desboth.pl	2004-03-15 14:35:25.000000000 -0600
++++ strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/desboth.pl	2004-05-19 09:02:53.023438663 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ $L="edi";
+ $R="esi";
+diff -Naupr strongswan-2.0.2/linux/crypto/ciphers/des/asm/perlasm/cbc.pl strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/perlasm/cbc.pl
+--- strongswan-2.0.2/linux/crypto/ciphers/des/asm/perlasm/cbc.pl	2004-03-15 14:35:25.000000000 -0600
++++ strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/perlasm/cbc.pl	2004-05-19 09:02:53.023438663 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ # void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+ # des_cblock (*input);
+diff -Naupr strongswan-2.0.2/linux/crypto/ciphers/des/asm/perlasm/x86asm.pl strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86asm.pl
+--- strongswan-2.0.2/linux/crypto/ciphers/des/asm/perlasm/x86asm.pl	2004-03-15 14:35:25.000000000 -0600
++++ strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86asm.pl	2004-05-19 09:02:53.024438489 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ # require 'x86asm.pl';
+ # &asm_init("cpp","des-586.pl");
+diff -Naupr strongswan-2.0.2/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl
+--- strongswan-2.0.2/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl	2004-03-15 14:35:25.000000000 -0600
++++ strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl	2004-05-19 09:02:53.024438489 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ package x86ms;
+ 
+diff -Naupr strongswan-2.0.2/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl
+--- strongswan-2.0.2/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl	2004-03-15 14:35:25.000000000 -0600
++++ strongswan-2.0.2-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl	2004-05-19 09:02:53.025438315 -0500
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ package x86unix;
+ 
+diff -Naupr strongswan-2.0.2/programs/_include/_include.in strongswan-2.0.2-gentoo/programs/_include/_include.in
+--- strongswan-2.0.2/programs/_include/_include.in	2004-03-15 15:03:06.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/_include/_include.in	2004-05-19 09:02:53.025438315 -0500
+@@ -49,10 +49,10 @@ for f
+ do
+ 	if test ! -r "$f"
+ 	then
+-		if test ! "$f" = "/etc/ipsec.conf"
++		if test ! "$f" = "/etc/ipsec/ipsec.conf"
+ 		then
+ 			echo "#:cannot open configuration file \'$f\'"
+-			if test "$f" = "/etc/ipsec.secrets"
++			if test "$f" = "/etc/ipsec/ipsec.secrets"
+ 			then
+ 				echo "#:Your secrets file will be created when you start $IPSEC_NAME for the first time."
+ 			fi
+diff -Naupr strongswan-2.0.2/programs/barf/barf.in strongswan-2.0.2-gentoo/programs/barf/barf.in
+--- strongswan-2.0.2/programs/barf/barf.in	2004-03-15 15:03:06.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/barf/barf.in	2004-05-19 09:02:53.025438315 -0500
+@@ -19,7 +19,7 @@ IPSEC_NAME="strongSwan"
+ KERNSRC=${KERNSRC-/usr/src/linux}
+ LOGS=${LOGS-/var/log}
+ CONFS=${IPSEC_CONFS-/etc}
+-CONFDDIR=${IPSEC_CONFDDIR-/etc/ipsec.d}
++CONFDDIR=${IPSEC_CONFDDIR-/etc/ipsec/ipsec.d}
+ me="ipsec barf"
+ 
+ # kludge to produce no barf output mentioning policygroups if none are present.
+@@ -209,13 +209,13 @@ then
+ 	done
+ fi
+ _________________________ ipsec/ls-libdir
+-ls -l ${IPSEC_LIBDIR-/usr/local/lib/ipsec}
++ls -l ${IPSEC_LIBDIR-/usr/lib/ipsec}
+ _________________________ ipsec/ls-execdir
+-ls -l ${IPSEC_EXECDIR-/usr/local/libexec/ipsec}
++ls -l ${IPSEC_EXECDIR-/usr/libexec/ipsec}
+ _________________________ ipsec/updowns
+-for f in `ls ${IPSEC_EXECDIR-/usr/local/libexec/ipsec} | egrep updown`
++for f in `ls ${IPSEC_EXECDIR-/usr/libexec/ipsec} | egrep updown`
+ do
+-	cat ${IPSEC_EXECDIR-/usr/local/libexec/ipsec}/$f
++	cat ${IPSEC_EXECDIR-/usr/libexec/ipsec}/$f
+ done
+ _________________________ proc/net/dev
+ cat /proc/net/dev
+diff -Naupr strongswan-2.0.2/programs/eroute/eroute.5 strongswan-2.0.2-gentoo/programs/eroute/eroute.5
+--- strongswan-2.0.2/programs/eroute/eroute.5	2004-03-15 14:35:27.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/eroute/eroute.5	2004-05-19 09:02:53.026438141 -0500
+@@ -223,7 +223,7 @@ Parameters Index of
+ in hexadecimal using Authentication Header protocol (51,
+ IPPROTO_AH) with no identies defined for either end.
+ .SH FILES
+-/proc/net/ipsec_eroute, /usr/local/bin/ipsec
++/proc/net/ipsec_eroute, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_spi(5),
+ ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_eroute(8), ipsec_version(5),
+diff -Naupr strongswan-2.0.2/programs/eroute/eroute.8 strongswan-2.0.2-gentoo/programs/eroute/eroute.8
+--- strongswan-2.0.2/programs/eroute/eroute.8	2004-03-15 14:35:27.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/eroute/eroute.8	2004-05-19 09:02:53.026438141 -0500
+@@ -308,7 +308,7 @@ will be in clear text.
+ .br
+ .LP
+ .SH FILES
+-/proc/net/ipsec_eroute, /usr/local/bin/ipsec
++/proc/net/ipsec_eroute, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_spi(8),
+ ipsec_spigrp(8), ipsec_klipsdebug(8), ipsec_eroute(5)
+diff -Naupr strongswan-2.0.2/programs/ipsec/ipsec.8 strongswan-2.0.2-gentoo/programs/ipsec/ipsec.8
+--- strongswan-2.0.2/programs/ipsec/ipsec.8	2004-03-15 14:35:27.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/ipsec/ipsec.8	2004-05-19 09:02:53.026438141 -0500
+@@ -81,7 +81,7 @@ reports where
+ .I ipsec
+ thinks the IPsec configuration files are stored.
+ .SH FILES
+-/usr/local/lib/ipsec	usual utilities directory
++/usr/lib/ipsec	usual utilities directory
+ .SH ENVIRONMENT
+ .PP
+ The following environment variables control where FreeS/WAN finds its
+diff -Naupr strongswan-2.0.2/programs/klipsdebug/klipsdebug.5 strongswan-2.0.2-gentoo/programs/klipsdebug/klipsdebug.5
+--- strongswan-2.0.2/programs/klipsdebug/klipsdebug.5	2004-03-15 14:35:28.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/klipsdebug/klipsdebug.5	2004-05-19 09:02:53.027437967 -0500
+@@ -103,7 +103,7 @@ full
+ sockets debugging has been set and everything else is not set.
+ .LP
+ .SH FILES
+-/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec
++/proc/net/ipsec_klipsdebug, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
+ ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5), ipsec_version(5),
+diff -Naupr strongswan-2.0.2/programs/klipsdebug/klipsdebug.8 strongswan-2.0.2-gentoo/programs/klipsdebug/klipsdebug.8
+--- strongswan-2.0.2/programs/klipsdebug/klipsdebug.8	2004-03-15 14:35:28.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/klipsdebug/klipsdebug.8	2004-05-19 09:02:53.027437967 -0500
+@@ -117,7 +117,7 @@ turns off only the
+ debugging messages.
+ .LP
+ .SH FILES
+-/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec
++/proc/net/ipsec_klipsdebug, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
+ ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5)
+diff -Naupr strongswan-2.0.2/programs/lwdnsq/lwdnsq.xml.in strongswan-2.0.2-gentoo/programs/lwdnsq/lwdnsq.xml.in
+--- strongswan-2.0.2/programs/lwdnsq/lwdnsq.xml.in	2004-03-15 14:35:28.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/lwdnsq/lwdnsq.xml.in	2004-05-19 09:02:53.027437967 -0500
+@@ -430,7 +430,7 @@ information.
+ <refsect1><title>Special IPSECKEY processing</title>
+ 
+ <programlisting>
+-/etc/ipsec.d/lwdnsq.conf
++/etc/ipsec/ipsec.d/lwdnsq.conf
+ </programlisting>
+ 
+ </refsect1>
+diff -Naupr strongswan-2.0.2/programs/mailkey/mailkey.in strongswan-2.0.2-gentoo/programs/mailkey/mailkey.in
+--- strongswan-2.0.2/programs/mailkey/mailkey.in	2004-03-15 14:35:28.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/mailkey/mailkey.in	2004-05-19 09:02:53.028437793 -0500
+@@ -60,7 +60,7 @@ with the following error:
+ 
+ "$test1st"
+ 
+-Common concerns: This account must be able to read /etc/ipsec.secrets. 
++Common concerns: This account must be able to read /etc/ipsec/ipsec.secrets. 
+ If you haven't generated your key yet, please run 'ipsec newhostkey'." 
+ exit 0
+ }
+diff -Naupr strongswan-2.0.2/programs/pluto/Makefile strongswan-2.0.2-gentoo/programs/pluto/Makefile
+--- strongswan-2.0.2/programs/pluto/Makefile	2004-03-22 16:00:55.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/pluto/Makefile	2004-05-19 09:02:53.028437793 -0500
+@@ -144,7 +144,7 @@ CPPFLAGS = $(HDRDIRS) $(DEFINES) \
+ 	-DPOLICYGROUPSDIR=\"${FINALCONFDDIR}/policies\" \
+ 	-DPERPEERLOGDIR=\"${FINALLOGDIR}/pluto/peer\"
+ 
+-ALLFLAGS = $(CPPFLAGS) $(CFLAGS)
++ALLFLAGS = $(CPPFLAGS) $(CFLAGS) $(USERCOMPILE)
+ 
+ # libefence is a free memory allocation debugger
+ # Solaris 2 needs -lsocket -lnsl
+diff -Naupr strongswan-2.0.2/programs/setup/Makefile strongswan-2.0.2-gentoo/programs/setup/Makefile
+--- strongswan-2.0.2/programs/setup/Makefile	2004-03-15 14:35:31.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/setup/Makefile	2004-05-19 09:04:14.999163444 -0500
+@@ -33,25 +33,10 @@ install:: setup
+ 	@rm -f $(BINDIR)/setup
+ 	@$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec
+ 	@ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup
+-	-@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done
+-	-@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K68ipsec
+-	-@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K68ipsec
+-	-@cd $(RCDIR)/../rc2.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc3.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc4.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc5.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc6.d && ln -f -s ../init.d/ipsec K68ipsec
+ 
+ install_file_list::
+ 	@echo $(RCDIR)/ipsec
+ 	@echo $(BINDIR)/setup
+-	@echo $(RCDIR)/../rc0.d/K68ipsec
+-	@echo $(RCDIR)/../rc1.d/K68ipsec
+-	@echo $(RCDIR)/../rc2.d/S47ipsec
+-	@echo $(RCDIR)/../rc3.d/S47ipsec
+-	@echo $(RCDIR)/../rc4.d/S47ipsec
+-	@echo $(RCDIR)/../rc5.d/S47ipsec
+-	@echo $(RCDIR)/../rc6.d/K68ipsec
+ 
+ clean::
+ 	@rm -f setup
+diff -Naupr strongswan-2.0.2/programs/showhostkey/showhostkey.in strongswan-2.0.2-gentoo/programs/showhostkey/showhostkey.in
+--- strongswan-2.0.2/programs/showhostkey/showhostkey.in	2004-03-15 14:35:31.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/showhostkey/showhostkey.in	2004-05-19 09:02:53.030437445 -0500
+@@ -18,7 +18,7 @@ me="ipsec showhostkey"
+ usage="Usage: $me [--file secrets] [--left] [--right] [--txt gateway] [--id id]
+                   [--dhclient]"
+ 
+-file=/etc/ipsec.secrets
++file=/etc/ipsec/ipsec.secrets
+ fmt=""
+ gw=
+ id=
+diff -Naupr strongswan-2.0.2/programs/spi/spi.5 strongswan-2.0.2-gentoo/programs/spi/spi.5
+--- strongswan-2.0.2/programs/spi/spi.5	2004-03-15 14:35:31.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/spi/spi.5	2004-05-19 09:02:53.030437445 -0500
+@@ -162,7 +162,7 @@ since 1 of 8 bits is a parity bit), has 
+ 3858 seconds ago and has been idle for 23 seconds.
+ .LP
+ .SH FILES
+-/proc/net/ipsec_spi, /usr/local/bin/ipsec
++/proc/net/ipsec_spi, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_eroute(5),
+ ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_spi(8), ipsec_version(5),
+diff -Naupr strongswan-2.0.2/programs/spi/spi.8 strongswan-2.0.2-gentoo/programs/spi/spi.8
+--- strongswan-2.0.2/programs/spi/spi.8	2004-03-15 14:35:31.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/spi/spi.8	2004-05-19 09:02:53.031437270 -0500
+@@ -461,7 +461,7 @@ and protocol
+ (4).
+ .LP
+ .SH FILES
+-/proc/net/ipsec_spi, /usr/local/bin/ipsec
++/proc/net/ipsec_spi, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
+ ipsec_spigrp(8), ipsec_klipsdebug(8), ipsec_spi(5)
+diff -Naupr strongswan-2.0.2/programs/spigrp/spigrp.5 strongswan-2.0.2-gentoo/programs/spigrp/spigrp.5
+--- strongswan-2.0.2/programs/spigrp/spigrp.5	2004-03-15 14:35:31.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/spigrp/spigrp.5	2004-05-19 09:02:53.031437270 -0500
+@@ -77,7 +77,7 @@ be an incoming or outgoing group, depend
+ machine.
+ .LP
+ .SH FILES
+-/proc/net/ipsec_spigrp, /usr/local/bin/ipsec
++/proc/net/ipsec_spigrp, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_eroute(5),
+ ipsec_spi(5), ipsec_klipsdebug(5), ipsec_spigrp(8), ipsec_version(5),
+diff -Naupr strongswan-2.0.2/programs/spigrp/spigrp.8 strongswan-2.0.2-gentoo/programs/spigrp/spigrp.8
+--- strongswan-2.0.2/programs/spigrp/spigrp.8	2004-03-15 14:35:31.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/spigrp/spigrp.8	2004-05-19 09:02:53.031437270 -0500
+@@ -128,7 +128,7 @@ and finally an AH header to authenticate
+ .BR 0x236 .
+ .LP
+ .SH FILES
+-/proc/net/ipsec_spigrp, /usr/local/bin/ipsec
++/proc/net/ipsec_spigrp, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
+ ipsec_spi(8), ipsec_klipsdebug(8), ipsec_spigrp(5)
+diff -Naupr strongswan-2.0.2/programs/tncfg/tncfg.5 strongswan-2.0.2-gentoo/programs/tncfg/tncfg.5
+--- strongswan-2.0.2/programs/tncfg/tncfg.5	2004-03-15 14:35:31.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/tncfg/tncfg.5	2004-05-19 09:02:53.032437096 -0500
+@@ -75,7 +75,7 @@ shows that virtual device
+ is not connected to any physical device.
+ .LP
+ .SH "FILES"
+-/proc/net/ipsec_tncfg, /usr/local/bin/ipsec
++/proc/net/ipsec_tncfg, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_eroute(5), ipsec_spi(5),
+ ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_tncfg(8), ipsec_version(5),
+diff -Naupr strongswan-2.0.2/programs/tncfg/tncfg.8 strongswan-2.0.2-gentoo/programs/tncfg/tncfg.8
+--- strongswan-2.0.2/programs/tncfg/tncfg.8	2004-03-15 14:35:31.000000000 -0600
++++ strongswan-2.0.2-gentoo/programs/tncfg/tncfg.8	2004-05-19 09:02:53.032437096 -0500
+@@ -76,7 +76,7 @@ virtual device to the
+ physical device.
+ .LP
+ .SH "FILES"
+-/proc/net/ipsec_tncfg, /usr/local/bin/ipsec
++/proc/net/ipsec_tncfg, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_eroute(8), ipsec_spi(8),
+ ipsec_spigrp(8), ipsec_klipsdebug(8), ipsec_tncfg(5)
diff --git a/net-misc/strongswan/metadata.xml b/net-misc/strongswan/metadata.xml
new file mode 100644
index 000000000000..27df4eb3ce8c
--- /dev/null
+++ b/net-misc/strongswan/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>secure-tunneling</herd>
+<maintainer>
+  <email>pfeifer@gentoo.org</email>
+  <name>Jay Pfeifer</name>
+<!--  <description>Description of the maintainership</description> -->
+</maintainer>
+<longdescription>strongSwan is an OpenSource IPsec implementation for the Linux operating system. It is based on the discontinued FreeS/WAN project and the X.509 patch which we developped over the last three years. In order to have a stable IPsec platform to base our future extensions of the X.509 capability on, we decided to lauch the strongSwan project.</longdescription>
+</pkgmetadata>
diff --git a/net-misc/strongswan/strongswan-2.0.2.ebuild b/net-misc/strongswan/strongswan-2.0.2.ebuild
new file mode 100644
index 000000000000..866ff75f89c2
--- /dev/null
+++ b/net-misc/strongswan/strongswan-2.0.2.ebuild
@@ -0,0 +1,123 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/strongswan/strongswan-2.0.2.ebuild,v 1.1 2004/05/19 14:26:23 pfeifer Exp $
+
+inherit eutils
+
+DESCRIPTION="Open Source implementation of IPsec for the Linux operating system."
+HOMEPAGE="http://www.strongswan.org/"
+SRC_URI="http://download.strongswan.org/${P}.tar.gz
+	mirror://gentoo/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="-* ~x86"
+IUSE=""
+
+DEPEND="virtual/glibc
+	virtual/linux-sources
+	>=dev-libs/gmp-3.1.1
+	net-misc/host
+	sys-apps/iproute2"
+RDEPEND=""
+
+check_version_h() {
+	if [ ! -f "${ROOT}/usr/src/linux/include/linux/version.h" ]
+	then
+		eerror "Please verify that your /usr/src/linux symlink is pointing"
+		eerror "to your current kernel sources, and that you have a running kernel"
+		die "/usr/src/linux symlink not setup!"
+	fi
+}
+
+get_KV_info() {
+	check_version_h
+
+	# Get the kernel version of sources in /usr/src/linux ...
+	export KV_full="$(awk '/UTS_RELEASE/ { gsub("\"", "", $3); print $3 }' \
+		"${ROOT}/usr/src/linux/include/linux/version.h")"
+	export KV_major="$(echo "${KV_full}" | cut -d. -f1)"
+	export KV_minor="$(echo "${KV_full}" | cut -d. -f2)"
+	export KV_micro="$(echo "${KV_full}" | cut -d. -f3 | sed -e 's:[^0-9].*::')"
+}
+
+is_kernel() {
+	[ -z "$1" -o -z "$2" ] && return 1
+
+	get_KV_info
+
+	if [ "${KV_major}" -eq "$1" -a "${KV_minor}" -eq "$2" ]
+	then
+		return 0
+	else
+		return 1
+	fi
+}
+
+pkg_setup() {
+	get_KV_info
+
+	einfo "Linux kernel is version ${KV_major}.${KV_minor}.${KV_micro}"
+
+	if is_kernel 2 5
+	then
+	eerror "Kernel version ${KV_major}.${KV_minor}.${KV_micro} will not work with this ebuild."
+	die "Please install a 2.6.x version of the Linux kernel."
+	fi
+
+	if is_kernel 2 6
+	then
+	einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
+	einfo "KLIPS will not be compiled/installed."
+	export MYMAKE="programs"
+
+	elif is_kernel 2 4
+	then
+		[ -d /usr/src/linux/net/ipsec ] || {
+		eerror "You need to have an IPsec enabled 2.4.x kernel."
+		eerror "Ensure you have one running and make a symlink to it in /usr/src/linux"
+		}
+	einfo "Using patched-in IPsec code for kernel 2.4"
+	einfo "Your kernel only supports KLIPS for kernel level IPsec."
+	export MYMAKE="confcheck programs"
+
+	else
+	eerror "Sorry, no support for your kernel version ${KV_major}.${KV_minor}.${KV_micro}."
+	die "Install an IPsec enabled 2.4 or 2.6 kernel."
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+
+	cd ${S}
+	epatch ${FILESDIR}/${P}-gentoo.patch
+}
+
+src_compile() {
+	make \
+		DESTDIR=${D} \
+		USERCOMPILE="${CFLAGS}" \
+		FINALCONFDIR=/etc/ipsec \
+		INC_RCDEFAULT=/etc/init.d \
+		INC_USRLOCAL=/usr \
+		INC_MANDIR=share/man \
+		${MYMAKE} || die
+}
+
+src_install() {
+	make \
+		DESTDIR=${D} \
+		USERCOMPILE="${CFLAGS}" \
+		FINALCONFDIR=/etc/ipsec \
+		INC_RCDEFAULT=/etc/init.d \
+		INC_USRLOCAL=/usr \
+		INC_MANDIR=share/man \
+		install || die
+
+	dodoc INSTALL CREDITS BUGS CHANGES README doc/*
+	dosym /etc/ipsec/ipsec.d /etc/ipsec.d
+
+	exeinto /etc/init.d/
+	doexe ${FILESDIR}/ipsec
+}