<pre style='margin:0'>
Frank Schima (mf2k) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/1ffcd9f898a2bc47be7bc5ae95b5d00ebd477075">https://github.com/macports/macports-ports/commit/1ffcd9f898a2bc47be7bc5ae95b5d00ebd477075</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 1ffcd9f macos-vpn-server: Submission of macOS-native VPN (L2TP-IPSec-PSK) Server
</span>1ffcd9f is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 1ffcd9f898a2bc47be7bc5ae95b5d00ebd477075
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Fri Jun 14 04:57:28 2019 -0400
<span style='display:block; white-space:pre;color:#404040;'> macos-vpn-server: Submission of macOS-native VPN (L2TP-IPSec-PSK) Server
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> * Configures native VPN Server on macOS
</span><span style='display:block; white-space:pre;color:#404040;'> * Based on deprecated VPN Server in macOS Server.app
</span><span style='display:block; white-space:pre;color:#404040;'> * MacPorts-specific launchdaemon for vpnd, Keychain PSK
</span><span style='display:block; white-space:pre;color:#404040;'> * Reference: https://developer.apple.com/support/macos-server/macOS-Server-Service-Migration-Guide.pdf
</span>---
net/macos-vpn-server/Portfile | 157 +++++++++++++++++++++
.../com.apple.RemoteAccessServers.plist.macports | 123 ++++++++++++++++
.../files/org.macports.ppp.l2tp.plist | 29 ++++
3 files changed, 309 insertions(+)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-vpn-server/Portfile b/net/macos-vpn-server/Portfile
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..b763831
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-vpn-server/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,157 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+PortSystem 1.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+name macos-vpn-server
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# use the latest macOS version as the version number of this port
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+version 10.14.5
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+homepage https://opensource.apple.com/source/ppp/ppp-838/Helpers/vpnd/vpnd.5.auto.html
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+categories net
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+platforms darwin
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+supported_archs noarch
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+maintainers {ieee.org:s.t.smith @essandess} openmaintainer
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+license BSD
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+distfiles
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set SystemConfigurationPath /Library/Preferences/SystemConfiguration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+description macOS VPN (L2TP-IPSec-PSK) Server.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+long_description ${description} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Native macOS VPN Server L2TP-IPSec-PSK configuration using vpnd. This \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ configuration is based upon macOS Server.app's VPN server prior to its \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ deprecation in Server.app version 5.8. See `man 5 vpnd` and \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ for details.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# uncomment if memorable passwords used
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# depends_build-append port:sf-pwgen
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+use_configure no
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+# Network configuration
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set vpn_vpnhost [exec /bin/hostname -f]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set vpn_offeredsearchdomain [exec /bin/hostname -f | /usr/bin/sed -E -e "s|^\[^.\]+\\.(.*)\$|\\1.|"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set vpn_offeredserveraddress [exec /usr/sbin/scutil --dns | /usr/bin/grep "DNS configuration (for scoped queries)" -A 7 | /usr/bin/grep nameserver | /usr/bin/sed -E -e "s|^\[\[:space:\]\]*nameserver.+\[\[:space:\]\]*:\[\[:space:\]\]+||" | /usr/bin/head -1]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set vpn_network [exec /bin/sh -c "/sbin/ifconfig `/usr/sbin/netstat -nr | /usr/bin/awk '{ if (\$1 ~/default/) { print \$6} }' | /usr/bin/head -1` | /usr/bin/awk '{ if (\$1 ~/inet\$/) { print \$2} }' | /usr/bin/sed -E -e 's|\\.\[0-9\]{1,3}\$|\\.|'"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set vpn_destaddressrange_start ${vpn_network}245
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set vpn_destaddressrange_end ${vpn_network}254
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+build {}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set LaunchDaemonsPath /Library/LaunchDaemons
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+set sharePath ${prefix}/share/${name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+destroot {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -d \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${sharePath}${LaunchDaemonsPath} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${sharePath}${SystemConfigurationPath}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 -W ${filespath} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.ppp.l2tp.plist \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${sharePath}${LaunchDaemonsPath}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_msg "Configuring VPN Network with:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ VPNHost ${vpn_vpnhost}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ OfferedServerAddresses (DNS) ${vpn_offeredserveraddress}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ OfferedSearchDomains ${vpn_offeredsearchdomain}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ DestAddressRanges ${vpn_destaddressrange_start} to ${vpn_destaddressrange_end}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ This configuration can be changed in the file\:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist\[.macports\]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ See `man 5 vpnd` for details.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 -W ${filespath} \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ com.apple.RemoteAccessServers.plist.macports \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${sharePath}${SystemConfigurationPath}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|@VPN_OFFEREDSEARCHDOMAIN@|${vpn_offeredsearchdomain}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${sharePath}${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|@VPN_OFFEREDSERVERADDRESS@|${vpn_offeredserveraddress}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${sharePath}${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|@VPN_DESTADDRESSRANGE_START@|${vpn_destaddressrange_start}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${sharePath}${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|@VPN_DESTADDRESSRANGE_END@|${vpn_destaddressrange_end}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${sharePath}${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace "s|@VPN_VPNHOST@|${vpn_vpnhost}|g" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${destroot}${sharePath}${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist.macports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+pre-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Add the necessary keychain item for the VPN PSK
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set vpn_keychain_item [exec /bin/sh -c "RV=\"\" ; /usr/bin/security find-generic-password -a org.macports.ppp.l2tp -s com.apple.net.racoon /Library/Keychains/System.keychain 1> /dev/null 2>&1 && RV=com.apple.net.racoon || /usr/bin/true ; echo \"\${RV}\""]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[string trim ${vpn_keychain_item}] == ""} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set vpn_pre_shared_secret [exec /usr/bin/openssl rand -base64 24]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ system "/usr/bin/security add-generic-password -a org.macports.ppp.l2tp -s com.apple.net.racoon -T /usr/sbin/racoon -w ${vpn_pre_shared_secret} -U /Library/Keychains/System.keychain"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # delete command:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # sudo /usr/bin/security delete-generic-password -a org.macports.ppp.l2tp -s com.apple.net.racoon /Library/Keychains/System.keychain
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ set vpn_keychain_item [exec /bin/sh -c "RV=\"\" ; /usr/bin/security find-generic-password -a org.macports.ppp.l2tp -s com.apple.net.racoon /Library/Keychains/System.keychain 1> /dev/null 2>&1 && RV=com.apple.net.racoon || /usr/bin/true ; echo \"\${RV}\""]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if {[string trim ${vpn_keychain_item}] == ""} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ui_warn "Keychain item com.apple.net.racoon for VPN PSK failed to be created."
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+startupitem.create yes
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+startupitem.name ${name}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+startupitem.executable /usr/sbin/vpnd \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -x \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -i \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ org.macports.ppp.l2tp
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+post-activate {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if ![file exists ${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist] {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ xinstall -m 0644 ${sharePath}${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist.macports \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Add launchd.plist keys to MacPorts launchdaemon
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # Copied from com.apple.ppp.l2tp.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ reinplace \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "s|^<key>ProgramArguments</key>|<key>ProcessType</key><string>Interactive</string>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<key>PreventsSleep</key><true/>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<key>EnableTransactions</key><false/>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<key>EnablePressuredExit</key><false/>\\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+&|" \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${prefix}/etc/${startupitem.location}/org.macports.${name}/org.macports.${name}.plist
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+notes "
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+macOS VPN Server is configured with:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+VPN Network configuration:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ VPNHost ${vpn_vpnhost}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ OfferedServerAddresses (DNS) ${vpn_offeredserveraddress}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ OfferedSearchDomains ${vpn_offeredsearchdomain}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ DestAddressRanges ${vpn_destaddressrange_start} to ${vpn_destaddressrange_end}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ This configuration can be changed in the file (see `man 5 vpnd`):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ${SystemConfigurationPath}/com.apple.RemoteAccessServers.plist\[.macports\]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+System Keychain item com.apple.net.racoon: VPN Pre-Shared Secret
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+Post Installation:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 1. It is necessary to configure local accounts for CHAP authentication
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ by adding ',SMB-NT,CRAM-MD5,RECOVERABLE' to the account's
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ AuthenticationAuthority ShadowHash list of methods.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ dscl . read /Users/username AuthenticationAuthority
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ sudo dscl . change /Users/username AuthenticationAuthority \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \";ShadowHash;HASHLIST:<SALTED-SHA512-PBKDF2,SRP-RFC5054-4096-SHA512-PBKDF2>\" \\
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ \";ShadowHash;HASHLIST:<SALTED-SHA512-PBKDF2,SRP-RFC5054-4096-SHA512-PBKDF2,SMB-NT,CRAM-MD5,RECOVERABLE>\"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ passwd
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ The `passwd` command or re-login may be necessary to populate macOS's
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ user shadow hash database. Note that MS-CHAPv2 is compromised, and the
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ only secure component of this VPN is a strong random PSK.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 2. The router and firewall must be configured to forward and pass UDP ports
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ 500, 1701, and 4500.
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+livecheck.type none
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-vpn-server/files/com.apple.RemoteAccessServers.plist.macports b/net/macos-vpn-server/files/com.apple.RemoteAccessServers.plist.macports
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..34e5df2
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-vpn-server/files/com.apple.RemoteAccessServers.plist.macports
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,123 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<?xml version="1.0" encoding="UTF-8"?>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<plist version="1.0">
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ActiveServers</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>org.macports.ppp.l2tp</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Servers</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>org.macports.ppp.l2tp</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DNS</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>OfferedSearchDomains</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@VPN_OFFEREDSEARCHDOMAIN@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>OfferedServerAddresses</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@VPN_OFFEREDSERVERADDRESS@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>IPSec</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AuthenticationMethod</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>SharedSecret</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>IdentifierVerification</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>None</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>LocalCertificate</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string><></string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>LocalIdentifier</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string></string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>RemoteIdentifier</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string></string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>SharedSecret</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>org.macports.ppp.l2tp</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>SharedSecretEncryption</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>Keychain</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>IPv4</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ConfigMethod</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>Manual</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DestAddressRanges</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@VPN_DESTADDRESSRANGE_START@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@VPN_DESTADDRESSRANGE_END@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ Uncomment to configure access from other
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ addresses, e.g. 10.2.0.0, 255.255.0.0
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <!--
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>OfferedRouteAddresses</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@VPN_OFFEREDROUTEADDRESS@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>OfferedRouteMasks</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@VPN_OFFEREDROUTEMASK@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>OfferedRouteTypes</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>Private</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ -->
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Interface</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>SubType</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>L2TP</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Type</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>PPP</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>L2TP</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Transport</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>IPSec</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>PPP</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ACSPEnabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>1</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AuthenticatorACLPlugins</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>DSACL</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AuthenticatorEAPPlugins</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>EAP-KRB</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AuthenticatorPlugins</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>DSAuth</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>AuthenticatorProtocol</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>MSCHAP2</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DisconnectOnIdle</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>1</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>DisconnectOnIdleTimer</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>7200</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>IPCPCompressionVJ</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>0</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>LCPEchoEnabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>1</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>LCPEchoFailure</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>5</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>LCPEchoInterval</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>60</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Logfile</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/var/log/ppp/vpnd.log</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>VerboseLogging</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <integer>1</integer>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>VPNHost</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>@VPN_VPNHOST@</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+</dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+</plist>
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/net/macos-vpn-server/files/org.macports.ppp.l2tp.plist b/net/macos-vpn-server/files/org.macports.ppp.l2tp.plist
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..8c2d487
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/net/macos-vpn-server/files/org.macports.ppp.l2tp.plist
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,29 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<?xml version="1.0" encoding="UTF-8"?>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<plist version="1.0">
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+<dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Disabled</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Label</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>org.macports.ppp.l2tp</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>KeepAlive</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ProcessType</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>Interactive</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>Program</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>/usr/sbin/vpnd</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>ProgramArguments</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>vpnd</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>-x</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>-i</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <string>org.macports.ppp.l2tp</string>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ </array>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>PreventsSleep</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <true/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnableTransactions</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <key>EnablePressuredExit</key>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ <false/>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+</dict>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+</plist>
</span></pre><pre style='margin:0'>
</pre>