7 files changed, 64 insertions, 37 deletions
diff --git a/security/openiked/Makefile b/security/openiked/Makefile
index a280721acf7e..2a9230deae95 100644
--- a/security/openiked/Makefile
+++ b/security/openiked/Makefile
@@ -1,37 +1,34 @@
 PORTNAME=	openiked
-PORTVERSION=	2.2
+DISTVERSION=	7.4
 PORTREVISION=	1
 CATEGORIES=	security net
+MASTER_SITES=	OPENBSD/OpenIKED \
+		https://github.com/${PORTNAME}/${PORTNAME}-portable/releases/download/v${DISTVERSION}/
 
-MAINTAINER=	marcel@FreeBSD.org
+MAINTAINER=	david.marec@proton.me
 COMMENT=	IKEv2 daemon
-WWW=		https://github.com/xcllnt/openiked
+WWW=		https://www.openiked.org
 
 LICENSE=	ISCL
+LICENSE_FILE=	${WRKSRC}/LICENSE
 
 LIB_DEPENDS=	libevent.so:devel/libevent
 
-USES=		autoreconf libtool ssl
-
-CONFLICTS_INSTALL=		openiked-portable[0-9]*
-
-USE_GITHUB=	yes
-GH_ACCOUNT=	xcllnt
+USES=		cmake ssl
 
 USE_RC_SUBR=	iked
 USERS=		_iked
 GROUPS=		_iked
 
-GNU_CONFIGURE=	yes
-GNU_CONFIGURE_MANPREFIX=${PREFIX}/share
-INSTALL_TARGET=	install-strip
-CONFIGURE_ARGS=	--with-libevent-dir=${PREFIX} --with-mantype=man
-CONFIGURE_ARGS+=	--without-zlib-version-check # fix build by disabling zlib version check
+CMAKE_ARGS=	-DCADIR=${PREFIX}/etc/ssl \
+		-DCMAKE_INSTALL_MANDIR=${PREFIX}/share/man
 
 post-install:
-	${MV} ${STAGEDIR}${PREFIX}/etc/ikeca.cnf \
-	    ${STAGEDIR}${PREFIX}/etc/ikeca.cnf.sample
 	${MV} ${STAGEDIR}${PREFIX}/etc/iked.conf \
 	    ${STAGEDIR}${PREFIX}/etc/iked.conf.sample
+	${MV} ${STAGEDIR}${PREFIX}/etc/ssl/ikeca.cnf \
+	    ${STAGEDIR}${PREFIX}/etc/ssl/ikeca.cnf.sample
+	${MV} ${STAGEDIR}${PREFIX}/etc/ssl/ikex509v3.cnf \
+	    ${STAGEDIR}${PREFIX}/etc/ssl/ikex509v3.cnf.sample
 
 .include <bsd.port.mk>
diff --git a/security/openiked/distinfo b/security/openiked/distinfo
index a154c38488e5..7fcb08fd7e1f 100644
--- a/security/openiked/distinfo
+++ b/security/openiked/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1598375734
-SHA256 (xcllnt-openiked-2.2_GH0.tar.gz) = 5e161f12cdba3853dca576348409fa512d58c19840eac9eb4d1ce68e8dd5f0bf
-SIZE (xcllnt-openiked-2.2_GH0.tar.gz) = 230804
+TIMESTAMP = 1748557872
+SHA256 (openiked-7.4.tar.gz) = 19b72b48080240c3eff585f5cbcf6aa7b5734192ad8bc6677ae64a455074358a
+SIZE (openiked-7.4.tar.gz) = 321175
diff --git a/security/openiked/files/patch-ikectl_CMakeLists.txt b/security/openiked/files/patch-ikectl_CMakeLists.txt
new file mode 100644
index 000000000000..de79da698eb5
--- /dev/null
+++ b/security/openiked/files/patch-ikectl_CMakeLists.txt
@@ -0,0 +1,13 @@
+--- ikectl/CMakeLists.txt.orig	2025-04-09 19:47:21 UTC
++++ ikectl/CMakeLists.txt
+@@ -42,7 +42,9 @@ list(APPEND CFLAGS
+ 	-Wsign-compare
+ 	"$<$<CONFIG:DEBUG>:-O0;-g>"
+ )
+-
++if(DEFINED CADIR)
++	add_definitions( -DCADIR="${CADIR}" )
++endif()
+ target_compile_options(ikectl PRIVATE ${CFLAGS})
+ if(HAVE_LD_Z)
+ 	target_link_options(ikectl PRIVATE "LINKER:-z,relro,-z,now")
diff --git a/security/openiked/files/patch-ikectl_Makefile.am b/security/openiked/files/patch-ikectl_Makefile.am
deleted file mode 100644
index 315d87d83986..000000000000
--- a/security/openiked/files/patch-ikectl_Makefile.am
+++ /dev/null
@@ -1,10 +0,0 @@
---- ikectl/Makefile.am.orig	2020-09-04 14:25:33 UTC
-+++ ikectl/Makefile.am
-@@ -28,7 +28,6 @@ $(MANPAGES): $(MANPAGES_IN)
- 
- install-exec-hook: $(MANPAGES)
- 	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/iked/
--	$(MKDIR_P) $(DESTDIR)$(SSLDIR)
- 	$(MKDIR_P) $(DESTDIR)$(sbindir)
- 	$(MKDIR_P) $(DESTDIR)$(mandir)/$(mansubdir)8
- 
diff --git a/security/openiked/files/patch-ikectl_ikeca.c b/security/openiked/files/patch-ikectl_ikeca.c
new file mode 100644
index 000000000000..4db8e1ce4744
--- /dev/null
+++ b/security/openiked/files/patch-ikectl_ikeca.c
@@ -0,0 +1,25 @@
+--- ikectl/ikeca.c.orig	2025-04-09 19:47:21 UTC
++++ ikectl/ikeca.c
+@@ -47,8 +47,11 @@
+ #define SSLDIR		PREFIX "/etc/ssl"
+ #endif
+ #define SSL_CNF		SSLDIR "/openssl.cnf"
+-#define X509_CNF	SSLDIR "/ikex509v3.cnf"
+-#define IKECA_CNF	SSLDIR "/ikeca.cnf"
++#ifndef CADIR
++#define CADIR       SSLDIR
++#endif
++#define X509_CNF	CADIR "/ikex509v3.cnf"
++#define IKECA_CNF	CADIR "/ikeca.cnf"
+ #define KEYBASE		PREFIX "/etc/iked"
+ #ifndef EXPDIR
+ #define EXPDIR		PREFIX "/usr/share/iked"
+@@ -1118,7 +1121,7 @@ ca_setup(char *caname, int create, int quiet, char *pa
+ 		err(1, "calloc");
+ 
+ 	ca->caname = strdup(caname);
+-	len = snprintf(ca->sslpath, sizeof(ca->sslpath), SSLDIR "/%s", caname);
++	len = snprintf(ca->sslpath, sizeof(ca->sslpath), CADIR "/%s", caname);
+ 	if (len < 0 || (size_t)len >= sizeof(ca->sslpath))
+ 		err(1, "%s: snprintf", __func__);
+ 
diff --git a/security/openiked/pkg-descr b/security/openiked/pkg-descr
index ffa195819a97..cd2f05da0925 100644
--- a/security/openiked/pkg-descr
+++ b/security/openiked/pkg-descr
@@ -1,7 +1,8 @@
-OpenIKED is a lean Internet Key Exchange (IKEv2) daemon which performs
-mutual authentication and which establishes and maintains IPsec VPN
-flows and security associations (SAs) between the two peers.
+OpenIKED is a free, permissively licensed Internet Key Exchange
+(IKEv2) implementation, developed as part of the OpenBSD project.
+It is intended to be a lean, secure and interoperable daemon that
+allows for easy setup and management of IPsec VPNs.
 
-This version of OpenIKED is derived from OpenIKED's iked, but changed
-to support transport mode IPSec and lazy creation of associations,
-among many other improvements.
+The portable versions take the OpenBSD based source code and add
+compatibility functions and build infrastructure for other operating
+systems.
diff --git a/security/openiked/pkg-plist b/security/openiked/pkg-plist
index d0b202daae26..8ada1a3bc27b 100644
--- a/security/openiked/pkg-plist
+++ b/security/openiked/pkg-plist
@@ -1,5 +1,6 @@
-@sample etc/ikeca.cnf.sample
-@sample etc/iked.conf.sample
+@sample(,,600) etc/iked.conf.sample
+@sample etc/ssl/ikeca.cnf.sample
+@sample etc/ssl/ikex509v3.cnf.sample
 sbin/ikectl
 sbin/iked
 share/man/man5/iked.conf.5.gz