From: Florian Eckert <redacted>
Date: Tue, 5 Apr 2022 12:30:35 +0000 (+0200)
Subject: strongswan: do not force to use iptable-legacy
X-Git-Url: http://git.99rst.org/?a=commitdiff_plain;h=fdeaa02ccfe69929fc137253e835fa61c62ec585;p=openwrt-packages.git

strongswan: do not force to use iptable-legacy

The default firewall is the fw4, which uses nft. In order to not
install the legacy implementation when installing strongswan, the build
system should decide which firewall backend to use.

While we are at it, I have also added the dependency packages for IPV6.

Signed-off-by: Florian Eckert <redacted>
---

diff --git a/net/strongswan/Makefile b/net/strongswan/Makefile
index d80e2b1b7..3cb1c94a6 100644
--- a/net/strongswan/Makefile
+++ b/net/strongswan/Makefile
@@ -732,7 +732,7 @@ $(eval $(call BuildPlugin,stroke,Stroke,+strongswan-charon +strongswan-ipsec))
 $(eval $(call BuildPlugin,test-vectors,crypto test vectors,))
 $(eval $(call BuildPlugin,uci,UCI config interface,+PACKAGE_strongswan-mod-uci:libuci))
 $(eval $(call BuildPlugin,unity,Cisco Unity extension,))
-$(eval $(call BuildPlugin,updown,updown firewall,+iptables-legacy +iptables-mod-ipsec +kmod-ipt-ipsec))
+$(eval $(call BuildPlugin,updown,updown firewall,+iptables +IPV6:ip6tables +iptables-mod-ipsec +kmod-ipt-ipsec))
 $(eval $(call BuildPlugin,vici,Versatile IKE Configuration Interface,))
 $(eval $(call BuildPlugin,whitelist,peer identity whitelisting,))
 $(eval $(call BuildPlugin,x509,x509 certificate,))