Initial import of Openswan (a fork of FreeS/WAN) supporting IPsec enabled 2.4 and 2.6 kernels.

6 files changed, 539 insertions, 0 deletions

diff --git a/net-misc/openswan/ChangeLog b/net-misc/openswan/ChangeLog
new file mode 100644
index 000000000000..1bae066a75c0
--- /dev/null
+++ b/net-misc/openswan/ChangeLog
@@ -0,0 +1,11 @@
+# ChangeLog for net-misc/openswan
+# Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/ChangeLog,v 1.1 2004/02/22 04:58:34 pfeifer Exp $
+
+*openswan-2.0.0 (22 Feb 2004)
+
+  22 Feb 2004; Jay Pfeifer <pfeifer@gentoo.org> : openswan-2.0.0.ebuild
+  Initial import.
+  Provides userspace IPsec tool/support for FreeS/WAN based 2.4 kernels
+  and native 2.6 (KAME) based IPsec. 2.6 support is a work in progress.
+  Enjoy :)
diff --git a/net-misc/openswan/Manifest b/net-misc/openswan/Manifest
new file mode 100644
index 000000000000..54eb05156b75
--- /dev/null
+++ b/net-misc/openswan/Manifest
@@ -0,0 +1,5 @@
+MD5 e9cb374a726429bd816adad7d9854cf1 openswan-2.0.0.ebuild 2985
+MD5 9f6b9a781012c8887a70a8c47b6c2410 ChangeLog 402
+MD5 5d96d9e4b6f6b113db0983e211adf85a metadata.xml 639
+MD5 4964e70ea4748681d56d068cc04db232 files/digest-openswan-2.0.0 67
+MD5 ba724ecd48887a714b7ff231c0a3ef18 files/openswan-2.0.0-gentoo.patch 17451
diff --git a/net-misc/openswan/files/digest-openswan-2.0.0 b/net-misc/openswan/files/digest-openswan-2.0.0
new file mode 100644
index 000000000000..d86297e53333
--- /dev/null
+++ b/net-misc/openswan/files/digest-openswan-2.0.0
@@ -0,0 +1 @@
+MD5 057022a3c9ee9250e4e31637ea232481 openswan-2.0.0.tar.gz 4663811
diff --git a/net-misc/openswan/files/openswan-2.0.0-gentoo.patch b/net-misc/openswan/files/openswan-2.0.0-gentoo.patch
new file mode 100644
index 000000000000..cb7ac9172e97
--- /dev/null
+++ b/net-misc/openswan/files/openswan-2.0.0-gentoo.patch
@@ -0,0 +1,383 @@
+diff -Naupr openswan-2.0.0/Makefile.inc openswan-2.0.0-gentoo/Makefile.inc
+--- openswan-2.0.0/Makefile.inc	2003-12-09 00:50:51.000000000 -0600
++++ openswan-2.0.0-gentoo/Makefile.inc	2004-02-21 20:43:44.083782193 -0600
+@@ -62,7 +62,7 @@ POLICYLIB=${FREESWANSRCDIR}/lib/libipsec
+ DESTDIR?=
+ 
+ # "local" part of tree, used in building other pathnames
+-INC_USRLOCAL=/usr/local
++INC_USRLOCAL=/usr
+ 
+ # PUBDIR is where the "ipsec" command goes; beware, many things define PATH
+ # settings which are assumed to include it (or at least, to include *some*
+@@ -96,7 +96,7 @@ MANTREE=$(DESTDIR)$(INC_USRLOCAL)/$(INC_
+ MANPLACES=man3 man5 man8
+ 
+ # where configuration files go
+-FINALCONFFILE?=/etc/ipsec.conf
++FINALCONFFILE?=/etc/ipsec/ipsec.conf
+ CONFFILE=$(DESTDIR)$(FINALCONFFILE)
+ 
+ FINALCONFDIR?=/etc
+@@ -107,10 +107,10 @@ CONFDDIR=$(DESTDIR)$(FINALCONFDDIR)
+ 
+ # sample configuration files go into
+ INC_DOCDIR?=share/doc
+-FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/freeswan
++FINALEXAMPLECONFDIR=${INC_USRLOCAL}/${INC_DOCDIR}/openswan-2.0.0
+ EXAMPLECONFDIR=${DESTDIR}${FINALEXAMPLECONFDIR}
+ 
+-FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/freeswan
++FINALDOCDIR?=${INC_USRLOCAL}/${INC_DOCDIR}/openswan-2.0.0
+ DOCDIR=${DESTDIR}${FINALDOCDIR}
+ 
+ # where per-conn pluto logs go
+@@ -239,8 +239,7 @@ RH_KERNELSRC?=/usr/src/linux-2.4
+ # installed one in RH 7.2, won't work - you wind up depending upon
+ # openssl.
+ 
+-#BIND9STATICLIBDIR?=/sandel/lib
+-BIND9STATICLIBDIR?=/usr/local/lib
++BIND9STATICLIBDIR?=/usr/lib
+ 
+ # FreeSWAN 3.x will require bind9. 
+ USE_LWRES?=false
+diff -Naupr openswan-2.0.0/lib/libdes/Makefile openswan-2.0.0-gentoo/lib/libdes/Makefile
+--- openswan-2.0.0/lib/libdes/Makefile	2003-04-22 19:38:03.000000000 -0500
++++ openswan-2.0.0-gentoo/lib/libdes/Makefile	2004-02-21 20:42:22.613944485 -0600
+@@ -60,7 +60,7 @@ MAKE=make -f Makefile
+ # normally overridden by FreeS/WAN Makefiles anyway
+ CFLAG= -O3 -fomit-frame-pointer -I${KLIPSD}/include -I${SRCDIR}
+ 
+-CFLAGS=$(OPTS) $(CFLAG)
++CFLAGS=$(OPTS) $(CFLAG) $(USERCOMPILE)
+ CPP=$(CC) -E
+ 
+ # Assember version of des_encrypt*().
+diff -Naupr openswan-2.0.0/linux/crypto/ciphers/des/asm/crypt586.pl openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/crypt586.pl
+--- openswan-2.0.0/linux/crypto/ciphers/des/asm/crypt586.pl	2002-04-24 02:36:37.000000000 -0500
++++ openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/crypt586.pl	2004-02-21 20:42:22.613944485 -0600
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ #
+ # The inner loop instruction sequence and the IP/FP modifications are from
+ # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+diff -Naupr openswan-2.0.0/linux/crypto/ciphers/des/asm/des-586.pl openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/des-586.pl
+--- openswan-2.0.0/linux/crypto/ciphers/des/asm/des-586.pl	2002-04-24 02:36:37.000000000 -0500
++++ openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/des-586.pl	2004-02-21 20:42:22.614944311 -0600
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ #
+ # The inner loop instruction sequence and the IP/FP modifications are from
+ # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+diff -Naupr openswan-2.0.0/linux/crypto/ciphers/des/asm/des686.pl openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/des686.pl
+--- openswan-2.0.0/linux/crypto/ciphers/des/asm/des686.pl	2002-04-24 02:36:37.000000000 -0500
++++ openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/des686.pl	2004-02-21 20:42:22.614944311 -0600
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ $prog="des686.pl";
+ 
+diff -Naupr openswan-2.0.0/linux/crypto/ciphers/des/asm/desboth.pl openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/desboth.pl
+--- openswan-2.0.0/linux/crypto/ciphers/des/asm/desboth.pl	2002-04-24 02:36:37.000000000 -0500
++++ openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/desboth.pl	2004-02-21 20:42:22.614944311 -0600
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ $L="edi";
+ $R="esi";
+diff -Naupr openswan-2.0.0/linux/crypto/ciphers/des/asm/perlasm/cbc.pl openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/perlasm/cbc.pl
+--- openswan-2.0.0/linux/crypto/ciphers/des/asm/perlasm/cbc.pl	2002-04-24 02:36:37.000000000 -0500
++++ openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/perlasm/cbc.pl	2004-02-21 20:42:22.615944137 -0600
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ # void des_ncbc_encrypt(input, output, length, schedule, ivec, enc)
+ # des_cblock (*input);
+diff -Naupr openswan-2.0.0/linux/crypto/ciphers/des/asm/perlasm/x86asm.pl openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86asm.pl
+--- openswan-2.0.0/linux/crypto/ciphers/des/asm/perlasm/x86asm.pl	2002-04-24 02:36:37.000000000 -0500
++++ openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86asm.pl	2004-02-21 20:42:22.615944137 -0600
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ # require 'x86asm.pl';
+ # &asm_init("cpp","des-586.pl");
+diff -Naupr openswan-2.0.0/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl
+--- openswan-2.0.0/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl	2002-04-24 02:36:37.000000000 -0500
++++ openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86ms.pl	2004-02-21 20:42:22.615944137 -0600
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ package x86ms;
+ 
+diff -Naupr openswan-2.0.0/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl
+--- openswan-2.0.0/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl	2002-04-24 02:36:37.000000000 -0500
++++ openswan-2.0.0-gentoo/linux/crypto/ciphers/des/asm/perlasm/x86unix.pl	2004-02-21 20:42:22.616943963 -0600
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/bin/perl
+ 
+ package x86unix;
+ 
+diff -Naupr openswan-2.0.0/programs/_include/_include.in openswan-2.0.0-gentoo/programs/_include/_include.in
+--- openswan-2.0.0/programs/_include/_include.in	2003-01-06 15:44:04.000000000 -0600
++++ openswan-2.0.0-gentoo/programs/_include/_include.in	2004-02-21 20:42:22.616943963 -0600
+@@ -47,10 +47,10 @@ for f
+ do
+ 	if test ! -r "$f"
+ 	then
+-		if test ! "$f" = "/etc/ipsec.conf"
++		if test ! "$f" = "/etc/ipsec/ipsec.conf"
+ 		then
+ 			echo "#:cannot open configuration file \'$f\'"
+-			if test "$f" = "/etc/ipsec.secrets"
++			if test "$f" = "/etc/ipsec/ipsec.secrets"
+ 			then
+ 				echo "#:Your secrets file will be created when you start FreeS/WAN for the first time."
+ 			fi
+diff -Naupr openswan-2.0.0/programs/barf/barf.in openswan-2.0.0-gentoo/programs/barf/barf.in
+--- openswan-2.0.0/programs/barf/barf.in	2003-12-08 12:16:33.000000000 -0600
++++ openswan-2.0.0-gentoo/programs/barf/barf.in	2004-02-21 20:42:22.623942746 -0600
+@@ -17,7 +17,7 @@
+ KERNSRC=${KERNSRC-/usr/src/linux}
+ LOGS=${LOGS-/var/log}
+ CONFS=${IPSEC_CONFS-/etc}
+-CONFDDIR=${IPSEC_CONFDDIR-/etc/ipsec.d}
++CONFDDIR=${IPSEC_CONFDDIR-/etc/ipsec/ipsec.d}
+ me="ipsec barf"
+ 
+ # kludge to produce no barf output mentioning policygroups if none are present.
+@@ -205,13 +205,13 @@ then
+ 	done
+ fi
+ _________________________ ipsec/ls-libdir
+-ls -l ${IPSEC_LIBDIR-/usr/local/lib/ipsec}
++ls -l ${IPSEC_LIBDIR-/usr/lib/ipsec}
+ _________________________ ipsec/ls-execdir
+-ls -l ${IPSEC_EXECDIR-/usr/local/libexec/ipsec}
++ls -l ${IPSEC_EXECDIR-/usr/libexec/ipsec}
+ _________________________ ipsec/updowns
+-for f in `ls ${IPSEC_EXECDIR-/usr/local/libexec/ipsec} | egrep updown`
++for f in `ls ${IPSEC_EXECDIR-/usr/libexec/ipsec} | egrep updown`
+ do
+-	cat ${IPSEC_EXECDIR-/usr/local/libexec/ipsec}/$f
++	cat ${IPSEC_EXECDIR-/usr/libexec/ipsec}/$f
+ done
+ _________________________ proc/net/dev
+ cat /proc/net/dev
+diff -Naupr openswan-2.0.0/programs/eroute/eroute.5 openswan-2.0.0-gentoo/programs/eroute/eroute.5
+--- openswan-2.0.0/programs/eroute/eroute.5	2003-10-30 20:32:27.000000000 -0600
++++ openswan-2.0.0-gentoo/programs/eroute/eroute.5	2004-02-21 20:42:22.616943963 -0600
+@@ -223,7 +223,7 @@ Parameters Index of
+ in hexadecimal using Authentication Header protocol (51,
+ IPPROTO_AH) with no identies defined for either end.
+ .SH FILES
+-/proc/net/ipsec_eroute, /usr/local/bin/ipsec
++/proc/net/ipsec_eroute, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_spi(5),
+ ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_eroute(8), ipsec_version(5),
+diff -Naupr openswan-2.0.0/programs/eroute/eroute.8 openswan-2.0.0-gentoo/programs/eroute/eroute.8
+--- openswan-2.0.0/programs/eroute/eroute.8	2003-10-30 20:32:27.000000000 -0600
++++ openswan-2.0.0-gentoo/programs/eroute/eroute.8	2004-02-21 20:42:22.617943789 -0600
+@@ -308,7 +308,7 @@ will be in clear text.
+ .br
+ .LP
+ .SH FILES
+-/proc/net/ipsec_eroute, /usr/local/bin/ipsec
++/proc/net/ipsec_eroute, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_spi(8),
+ ipsec_spigrp(8), ipsec_klipsdebug(8), ipsec_eroute(5)
+diff -Naupr openswan-2.0.0/programs/ipsec/ipsec.8 openswan-2.0.0-gentoo/programs/ipsec/ipsec.8
+--- openswan-2.0.0/programs/ipsec/ipsec.8	2003-02-27 10:51:54.000000000 -0600
++++ openswan-2.0.0-gentoo/programs/ipsec/ipsec.8	2004-02-21 20:42:22.617943789 -0600
+@@ -81,7 +81,7 @@ reports where
+ .I ipsec
+ thinks the IPsec configuration files are stored.
+ .SH FILES
+-/usr/local/lib/ipsec	usual utilities directory
++/usr/lib/ipsec	usual utilities directory
+ .SH ENVIRONMENT
+ .PP
+ The following environment variables control where FreeS/WAN finds its
+diff -Naupr openswan-2.0.0/programs/klipsdebug/klipsdebug.5 openswan-2.0.0-gentoo/programs/klipsdebug/klipsdebug.5
+--- openswan-2.0.0/programs/klipsdebug/klipsdebug.5	2002-04-24 02:35:38.000000000 -0500
++++ openswan-2.0.0-gentoo/programs/klipsdebug/klipsdebug.5	2004-02-21 20:42:22.617943789 -0600
+@@ -103,7 +103,7 @@ full
+ sockets debugging has been set and everything else is not set.
+ .LP
+ .SH FILES
+-/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec
++/proc/net/ipsec_klipsdebug, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
+ ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5), ipsec_version(5),
+diff -Naupr openswan-2.0.0/programs/klipsdebug/klipsdebug.8 openswan-2.0.0-gentoo/programs/klipsdebug/klipsdebug.8
+--- openswan-2.0.0/programs/klipsdebug/klipsdebug.8	2002-04-24 02:35:39.000000000 -0500
++++ openswan-2.0.0-gentoo/programs/klipsdebug/klipsdebug.8	2004-02-21 20:42:22.618943615 -0600
+@@ -117,7 +117,7 @@ turns off only the
+ debugging messages.
+ .LP
+ .SH FILES
+-/proc/net/ipsec_klipsdebug, /usr/local/bin/ipsec
++/proc/net/ipsec_klipsdebug, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
+ ipsec_spi(8), ipsec_spigrp(8), ipsec_klipsdebug(5)
+diff -Naupr openswan-2.0.0/programs/lwdnsq/lwdnsq.xml.in openswan-2.0.0-gentoo/programs/lwdnsq/lwdnsq.xml.in
+--- openswan-2.0.0/programs/lwdnsq/lwdnsq.xml.in	2003-02-07 22:03:06.000000000 -0600
++++ openswan-2.0.0-gentoo/programs/lwdnsq/lwdnsq.xml.in	2004-02-21 20:42:22.618943615 -0600
+@@ -430,7 +430,7 @@ information.
+ <refsect1><title>Special IPSECKEY processing</title>
+ 
+ <programlisting>
+-/etc/ipsec.d/lwdnsq.conf
++/etc/ipsec/ipsec.d/lwdnsq.conf
+ </programlisting>
+ 
+ </refsect1>
+diff -Naupr openswan-2.0.0/programs/mailkey/mailkey.in openswan-2.0.0-gentoo/programs/mailkey/mailkey.in
+--- openswan-2.0.0/programs/mailkey/mailkey.in	2003-06-30 00:34:22.000000000 -0500
++++ openswan-2.0.0-gentoo/programs/mailkey/mailkey.in	2004-02-21 20:42:22.619943442 -0600
+@@ -60,7 +60,7 @@ with the following error:
+ 
+ "$test1st"
+ 
+-Common concerns: This account must be able to read /etc/ipsec.secrets. 
++Common concerns: This account must be able to read /etc/ipsec/ipsec.secrets. 
+ If you haven't generated your key yet, please run 'ipsec newhostkey'." 
+ exit 0
+ }
+diff -Naupr openswan-2.0.0/programs/pluto/Makefile openswan-2.0.0-gentoo/programs/pluto/Makefile
+--- openswan-2.0.0/programs/pluto/Makefile	2003-12-06 10:44:29.000000000 -0600
++++ openswan-2.0.0-gentoo/programs/pluto/Makefile	2004-02-21 20:42:22.619943442 -0600
+@@ -173,7 +173,7 @@ CPPFLAGS = $(HDRDIRS) $(DEFINES) \
+ 	-DPOLICYGROUPSDIR=\"${FINALCONFDDIR}/policies\" \
+ 	-DPERPEERLOGDIR=\"${FINALLOGDIR}/pluto/peer\"
+ 
+-ALLFLAGS = $(CPPFLAGS) $(CFLAGS)
++ALLFLAGS = $(CPPFLAGS) $(CFLAGS) $(USERCOMPILE)
+ 
+ # libefence is a free memory allocation debugger
+ # Solaris 2 needs -lsocket -lnsl
+diff -Naupr openswan-2.0.0/programs/setup/Makefile openswan-2.0.0-gentoo/programs/setup/Makefile
+--- openswan-2.0.0/programs/setup/Makefile	2003-12-01 20:35:46.000000000 -0600
++++ openswan-2.0.0-gentoo/programs/setup/Makefile	2004-02-21 20:44:38.964245109 -0600
+@@ -33,25 +33,10 @@ install:: setup
+ 	@rm -f $(BINDIR)/setup
+ 	@$(INSTALL) $(INSTBINFLAGS) setup $(RCDIR)/ipsec
+ 	@ln -s $(FINALRCDIR)/ipsec $(BINDIR)/setup
+-	-@for i in 0 1 2 3 4 5 6; do mkdir -p $(RCDIR)/../rc$$i.d; done
+-	-@cd $(RCDIR)/../rc0.d && ln -f -s ../init.d/ipsec K76ipsec
+-	-@cd $(RCDIR)/../rc1.d && ln -f -s ../init.d/ipsec K76ipsec
+-	-@cd $(RCDIR)/../rc2.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc3.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc4.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc5.d && ln -f -s ../init.d/ipsec S47ipsec
+-	-@cd $(RCDIR)/../rc6.d && ln -f -s ../init.d/ipsec K76ipsec
+ 
+ install_file_list::
+ 	@echo $(RCDIR)/ipsec
+ 	@echo $(BINDIR)/setup
+-	@echo $(RCDIR)/../rc0.d/K76ipsec
+-	@echo $(RCDIR)/../rc1.d/K76ipsec
+-	@echo $(RCDIR)/../rc2.d/S47ipsec
+-	@echo $(RCDIR)/../rc3.d/S47ipsec
+-	@echo $(RCDIR)/../rc4.d/S47ipsec
+-	@echo $(RCDIR)/../rc5.d/S47ipsec
+-	@echo $(RCDIR)/../rc6.d/K76ipsec
+ 
+ clean::
+ 	@rm -f setup
+diff -Naupr openswan-2.0.0/programs/showhostkey/showhostkey.in openswan-2.0.0-gentoo/programs/showhostkey/showhostkey.in
+--- openswan-2.0.0/programs/showhostkey/showhostkey.in	2003-07-14 07:35:57.000000000 -0500
++++ openswan-2.0.0-gentoo/programs/showhostkey/showhostkey.in	2004-02-21 20:42:22.621943094 -0600
+@@ -18,7 +18,7 @@ me="ipsec showhostkey"
+ usage="Usage: $me [--file secrets] [--left] [--right] [--txt gateway] [--id id]
+                   [--dhclient]"
+ 
+-file=/etc/ipsec.secrets
++file=/etc/ipsec/ipsec.secrets
+ fmt=""
+ gw=
+ id=
+diff -Naupr openswan-2.0.0/programs/spi/spi.5 openswan-2.0.0-gentoo/programs/spi/spi.5
+--- openswan-2.0.0/programs/spi/spi.5	2002-04-24 02:35:39.000000000 -0500
++++ openswan-2.0.0-gentoo/programs/spi/spi.5	2004-02-21 20:42:22.621943094 -0600
+@@ -162,7 +162,7 @@ since 1 of 8 bits is a parity bit), has 
+ 3858 seconds ago and has been idle for 23 seconds.
+ .LP
+ .SH FILES
+-/proc/net/ipsec_spi, /usr/local/bin/ipsec
++/proc/net/ipsec_spi, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_eroute(5),
+ ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_spi(8), ipsec_version(5),
+diff -Naupr openswan-2.0.0/programs/spi/spi.8 openswan-2.0.0-gentoo/programs/spi/spi.8
+--- openswan-2.0.0/programs/spi/spi.8	2002-04-24 02:35:40.000000000 -0500
++++ openswan-2.0.0-gentoo/programs/spi/spi.8	2004-02-21 20:42:22.621943094 -0600
+@@ -461,7 +461,7 @@ and protocol
+ (4).
+ .LP
+ .SH FILES
+-/proc/net/ipsec_spi, /usr/local/bin/ipsec
++/proc/net/ipsec_spi, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
+ ipsec_spigrp(8), ipsec_klipsdebug(8), ipsec_spi(5)
+diff -Naupr openswan-2.0.0/programs/spigrp/spigrp.5 openswan-2.0.0-gentoo/programs/spigrp/spigrp.5
+--- openswan-2.0.0/programs/spigrp/spigrp.5	2002-04-24 02:35:40.000000000 -0500
++++ openswan-2.0.0-gentoo/programs/spigrp/spigrp.5	2004-02-21 20:42:22.622942920 -0600
+@@ -77,7 +77,7 @@ be an incoming or outgoing group, depend
+ machine.
+ .LP
+ .SH FILES
+-/proc/net/ipsec_spigrp, /usr/local/bin/ipsec
++/proc/net/ipsec_spigrp, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(5), ipsec_eroute(5),
+ ipsec_spi(5), ipsec_klipsdebug(5), ipsec_spigrp(8), ipsec_version(5),
+diff -Naupr openswan-2.0.0/programs/spigrp/spigrp.8 openswan-2.0.0-gentoo/programs/spigrp/spigrp.8
+--- openswan-2.0.0/programs/spigrp/spigrp.8	2002-04-24 02:35:41.000000000 -0500
++++ openswan-2.0.0-gentoo/programs/spigrp/spigrp.8	2004-02-21 20:42:22.622942920 -0600
+@@ -128,7 +128,7 @@ and finally an AH header to authenticate
+ .BR 0x236 .
+ .LP
+ .SH FILES
+-/proc/net/ipsec_spigrp, /usr/local/bin/ipsec
++/proc/net/ipsec_spigrp, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_tncfg(8), ipsec_eroute(8),
+ ipsec_spi(8), ipsec_klipsdebug(8), ipsec_spigrp(5)
+diff -Naupr openswan-2.0.0/programs/tncfg/tncfg.5 openswan-2.0.0-gentoo/programs/tncfg/tncfg.5
+--- openswan-2.0.0/programs/tncfg/tncfg.5	2002-04-24 02:35:41.000000000 -0500
++++ openswan-2.0.0-gentoo/programs/tncfg/tncfg.5	2004-02-21 20:42:22.622942920 -0600
+@@ -75,7 +75,7 @@ shows that virtual device
+ is not connected to any physical device.
+ .LP
+ .SH "FILES"
+-/proc/net/ipsec_tncfg, /usr/local/bin/ipsec
++/proc/net/ipsec_tncfg, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_eroute(5), ipsec_spi(5),
+ ipsec_spigrp(5), ipsec_klipsdebug(5), ipsec_tncfg(8), ipsec_version(5),
+diff -Naupr openswan-2.0.0/programs/tncfg/tncfg.8 openswan-2.0.0-gentoo/programs/tncfg/tncfg.8
+--- openswan-2.0.0/programs/tncfg/tncfg.8	2002-04-24 02:35:41.000000000 -0500
++++ openswan-2.0.0-gentoo/programs/tncfg/tncfg.8	2004-02-21 20:42:22.623942746 -0600
+@@ -76,7 +76,7 @@ virtual device to the
+ physical device.
+ .LP
+ .SH "FILES"
+-/proc/net/ipsec_tncfg, /usr/local/bin/ipsec
++/proc/net/ipsec_tncfg, /usr/bin/ipsec
+ .SH "SEE ALSO"
+ ipsec(8), ipsec_manual(8), ipsec_eroute(8), ipsec_spi(8),
+ ipsec_spigrp(8), ipsec_klipsdebug(8), ipsec_tncfg(5)
diff --git a/net-misc/openswan/metadata.xml b/net-misc/openswan/metadata.xml
new file mode 100644
index 000000000000..6e1637acb631
--- /dev/null
+++ b/net-misc/openswan/metadata.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>secure-tunneling</herd>
+<maintainer>
+  <email>pfeifer@gentoo.org</email>
+  <name>Jay Pfeifer</name>
+<!--  <description>Description of the maintainership</description> -->
+</maintainer>
+<longdescription>From the Openswan web site: Openswan is an Open Source 
+implementation of IPsec for the Linux operating system. Is it a code fork 
+of the FreeS/WAN project, started by a few of the developers who were 
+growing frustrated with the politics surrounding the FreeS/WAN project.</longdescription>
+</pkgmetadata>
diff --git a/net-misc/openswan/openswan-2.0.0.ebuild b/net-misc/openswan/openswan-2.0.0.ebuild
new file mode 100644
index 000000000000..b0901bb927b5
--- /dev/null
+++ b/net-misc/openswan/openswan-2.0.0.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2004 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openswan/openswan-2.0.0.ebuild,v 1.1 2004/02/22 04:58:34 pfeifer Exp $
+
+MY_P=${P/_p/_kb}
+S=${WORKDIR}/${MY_P}
+DESCRIPTION="Open Source implementation of IPsec for the Linux operating system (was SuperFreeS/WAN)."
+SRC_URI="http://www.openswan.org/code/${MY_P}.tar.gz
+		mirror://gentoo/${MY_P}.tar.gz"
+HOMEPAGE="http://www.openswan.org/"
+
+DEPEND="virtual/glibc
+	virtual/linux-sources
+	>=dev-libs/gmp-3.1.1
+	net-misc/host
+	sys-apps/iproute"
+RDEPEND=""
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86 -*"
+
+
+check_version_h() {
+	if [ ! -f "${ROOT}/usr/src/linux/include/linux/version.h" ]
+	then
+		eerror "Please verify that your /usr/src/linux symlink is pointing"
+		eerror "to your current kernel sources, and that you have a running kernel"
+		die "/usr/src/linux symlink not setup!"
+	fi
+}
+
+get_KV_info() {
+	check_version_h
+
+	# Get the kernel version of sources in /usr/src/linux ...
+	export KV_full="$(awk '/UTS_RELEASE/ { gsub("\"", "", $3); print $3 }' \
+		"${ROOT}/usr/src/linux/include/linux/version.h")"
+	export KV_major="$(echo "${KV_full}" | cut -d. -f1)"
+	export KV_minor="$(echo "${KV_full}" | cut -d. -f2)"
+	export KV_micro="$(echo "${KV_full}" | cut -d. -f3 | sed -e 's:[^0-9].*::')"
+}
+
+is_kernel() {
+	[ -z "$1" -o -z "$2" ] && return 1
+
+	get_KV_info
+
+	if [ "${KV_major}" -eq "$1" -a "${KV_minor}" -eq "$2" ]
+	then
+		return 0
+	else
+		return 1
+	fi
+}
+
+pkg_setup() {
+	get_KV_info
+
+	einfo "Linux kernel is version ${KV_major}.${KV_minor}.${KV_micro}"
+
+	if is_kernel 2 5
+	then
+	eerror "Kernel version ${KV_major}.${KV_minor}.${KV_micro} will not work with this ebuild."
+	die "Please install a 2.6.x version of the Linux kernel."
+	fi
+
+	if is_kernel 2 6
+	then
+	einfo "This ebuild will set ${P} to use 2.6 native IPsec (KAME)."
+	einfo "KLIPS will not be compiled/installed."
+	export MYMAKE="programs"
+
+	elif is_kernel 2 4
+	then
+		[ -d /usr/src/linux/net/ipsec ] || {
+		eerror "You need to have an IPsec enabled 2.4.x kernel."
+		eerror "Ensure you have one running and make a symlink to it in /usr/src/linux"
+		}
+	einfo "Using patched-in IPsec code for kernel 2.4"
+	einfo "Your kernel only supports KLIPS for kernel level IPsec."
+	export MYMAKE="confcheck programs"
+
+	else
+	eerror "Sorry, no support for your kernel version ${KV_major}.${KV_minor}.${KV_micro}."
+	die "Install an IPsec enabled 2.4 or 2.6 kernel."
+	fi
+}
+
+src_unpack() {
+	unpack ${A}
+
+	cd ${S}
+	epatch ${FILESDIR}/${P}-gentoo.patch
+}
+
+src_compile() {
+
+	make \
+		DESTDIR=${D} \
+		USERCOMPILE="${CFLAGS}" \
+		FINALCONFDIR=/etc/ipsec \
+		INC_RCDEFAULT=/etc/init.d \
+		INC_USRLOCAL=/usr \
+		INC_MANDIR=share/man \
+		${MYMAKE} || die
+}
+
+src_install () {
+
+	make \
+		DESTDIR=${D} \
+		USERCOMPILE="${CFLAGS}" \
+		FINALCONFDIR=/etc/ipsec \
+		INC_RCDEFAULT=/etc/init.d \
+		INC_USRLOCAL=/usr \
+		INC_MANDIR=share/man \
+		install || die
+
+	dodoc INSTALL COPYING CREDITS BUGS CHANGES README doc/*
+	dosym /etc/ipsec/ipsec.d /etc/ipsec.d
+
+	exeinto /etc/init.d/
+	doexe ${FILESDIR}/ipsec
+
+}