Initial import

author: wbx <wbx@hydrogenium.(none)> 2009-05-17 14:41:34 +0200
committer: wbx <wbx@hydrogenium.(none)> 2009-05-17 14:41:34 +0200
commit: 219a6dab8995aad9ac4860cc1a84d6f3509a03a4 (patch)
tree: b9c0f3c43aebba2fcfef777592d0add39f2072f4 /package/openvpn
9 files changed, 421 insertions, 0 deletions
diff --git a/package/openvpn/Config.in b/package/openvpn/Config.in
new file mode 100644
index 000000000..18fd4f298
--- /dev/null
+++ b/package/openvpn/Config.in
@@ -0,0 +1,64 @@
+
+config ADK_PACKAGE_OPENVPN
+	prompt "openvpn........................... Open source VPN solution using SSL"
+	tristate
+	default n
+	select ADK_KPACKAGE_KMOD_TUN
+	help
+	  Open Source VPN solution using SSL
+	  
+	  http://openvpn.net/
+	  
+	  Depends: kmod-tun, libpthread
+
+config ADK_COMPILE_OPENVPN_WITH_SERVER
+	prompt "server support.................. enable to use OpenVPN as server"
+	bool
+	default y
+	depends ADK_PACKAGE_OPENVPN
+
+config ADK_COMPILE_OPENVPN_WITH_HTTP
+	prompt "enable http proxy support....... allow tunneling through http-proxy"
+	bool
+	default y
+	depends ADK_PACKAGE_OPENVPN
+
+config ADK_COMPILE_OPENVPN_WITH_OPENSSL
+	prompt "enable openssl.................. encryption support"
+	bool
+	default y
+	depends ADK_PACKAGE_OPENVPN
+	select ADK_PACKAGE_LIBOPENSSL
+	help
+	  if unsure say "y" you really want that!
+
+config ADK_COMPILE_OPENVPN_WITH_LZO
+	prompt "enable lzo...................... Enable transparent compression"
+	bool
+	default y
+	depends ADK_PACKAGE_OPENVPN
+	select ADK_PACKAGE_LIBLZO
+
+config ADK_COMPILE_OPENVPN_WITH_PASSWORD_SAVE
+	prompt "Enable password saving.......... allow to read passwords for PKCS12 from file"
+	bool
+	default y
+	depends ADK_PACKAGE_OPENVPN
+
+config ADK_COMPILE_OPENVPN_WITH_SMALL
+	prompt "Reduce executable size.......... disable OCC, usage message, and verb 4 parm list"
+	bool
+	default n
+	depends ADK_PACKAGE_OPENVPN
+
+config ADK_PACKAGE_OPENVPN_EASY_RSA
+	prompt "openvpn-easy-rsa................ simple shell scripts to manage a Certificate Authority"
+	tristate
+	default n
+	select ADK_PACKAGE_OPENSSL_UTIL
+	depends ADK_PACKAGE_OPENVPN
+	help
+	  collection of shell scripts to manage a simple CA infrastructure
+
+	  Depends: openpvn, openssl-util
+
diff --git a/package/openvpn/Makefile b/package/openvpn/Makefile
new file mode 100644
index 000000000..0624b76ba
--- /dev/null
+++ b/package/openvpn/Makefile
@@ -0,0 +1,86 @@
+# $Id$
+#-
+# This file is part of the OpenADK project. OpenADK is copyrighted
+# material, please see the LICENCE file in the top-level directory.
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=		openvpn
+PKG_VERSION:=		2.0.9
+PKG_RELEASE:=		7
+PKG_MD5SUM:=		60745008b90b7dbe25fe8337c550fec6
+
+MASTER_SITES:=		http://openvpn.net/release/ \
+			${MASTER_SITE_SOURCEFORGE:=openvpn/}
+
+include $(TOPDIR)/mk/package.mk
+
+$(eval $(call PKG_template,OPENVPN,openvpn,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,OPENVPN_EASY_RSA,openvpn-easy-rsa,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+
+PKG_DEPEND:="kmod-tun"
+
+ifneq ($(ADK_COMPILE_OPENVPN_WITH_OPENSSL),y)
+DISABLE_OPENSSL:=--disable-ssl --disable-crypto
+else
+PKG_DEPEND+=", libopenssl"
+endif
+
+ifneq ($(ADK_COMPILE_OPENVPN_WITH_LZO),y)
+DISABLE_LZO:=--disable-lzo
+else
+PKG_DEPEND+=", liblzo"
+endif
+
+ifneq ($(ADK_COMPILE_OPENVPN_WITH_SERVER),y)
+DISABLE_SERVER:=--disable-server
+endif
+ifneq ($(ADK_COMPILE_OPENVPN_WITH_HTTP),y)
+DISABLE_HTTP:=--disable-http
+endif
+ifeq ($(ADK_COMPILE_OPENVPN_WITH_PASSWORD_SAVE),y)
+ENABLE_PASSWORD_SAVE:=--enable-password-save
+endif
+ifeq ($(ADK_COMPILE_OPENVPN_WITH_SMALL),y)
+ENABLE_SMALL:=--enable-small
+endif
+
+CONFIGURE_STYLE=	gnu
+CONFIGURE_ENV+=		CPPFLAGS="-I$(STAGING_DIR)/usr/include" \
+			LDFLAGS="-L$(STAGING_DIR)/usr/lib"
+CONFIGURE_ARGS+=	--disable-pthread \
+			--disable-plugins \
+			--disable-management \
+			--disable-socks \
+			--enable-iproute2 \
+			--with-iproute-path=ip \
+			--without-ifconfig-path \
+			--without-route-path \
+			$(DISABLE_LZO) \
+			$(DISABLE_OPENSSL) \
+			$(DISABLE_SERVER) \
+			$(DISABLE_HTTP) \
+			$(ENABLE_PASSWORD_SAVE) \
+			$(ENABLE_SMALL)
+BUILD_STYLE=		auto
+INSTALL_STYLE=		auto
+
+post-install:
+	# main package
+	install -d -m0755 $(IDIR_OPENVPN)/usr/sbin
+	$(CP) $(WRKINST)/usr/sbin/openvpn $(IDIR_OPENVPN)/usr/sbin/
+	install -d -m0755 $(IDIR_OPENVPN)/etc/init.d
+	$(CP) ./files/openvpn.init $(IDIR_OPENVPN)/etc/init.d/openvpn
+	install -d -m0755 $(IDIR_OPENVPN)/etc/openvpn
+	$(CP) ./files/openvpn.conf $(IDIR_OPENVPN)/etc/openvpn/
+	echo "Depends: $(PKG_DEPEND)" >> $(IDIR_OPENVPN)/CONTROL/control
+	# subpackage easy-rsa
+	install -d -m0755 $(IDIR_OPENVPN_EASY_RSA)/usr/sbin
+	install -d -m0755 $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys
+	touch $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys/index.txt
+	$(CP) ./files/serial $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys
+	$(CP) $(WRKBUILD)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(IDIR_OPENVPN_EASY_RSA)/usr/sbin
+	install -m 0644 $(WRKBUILD)/easy-rsa/2.0/openssl.cnf $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/openssl.cnf
+	install -m 0644 $(WRKBUILD)/easy-rsa/2.0/vars $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/vars
+
+include ${TOPDIR}/mk/pkg-bottom.mk
diff --git a/package/openvpn/files/openvpn.conf b/package/openvpn/files/openvpn.conf
new file mode 100644
index 000000000..d951eaea8
--- /dev/null
+++ b/package/openvpn/files/openvpn.conf
@@ -0,0 +1,11 @@
+client
+remote server.domain.tld
+dev tun
+nobind
+ca ca.pem
+cert client.cer
+key client.key
+persist-tun
+persist-key
+comp-lzo
+verb 3
diff --git a/package/openvpn/files/openvpn.init b/package/openvpn/files/openvpn.init
new file mode 100644
index 000000000..5fe02af59
--- /dev/null
+++ b/package/openvpn/files/openvpn.init
@@ -0,0 +1,29 @@
+#!/bin/sh
+#FWINIT 60
+. /etc/rc.conf
+
+case $1 in
+autostop) ;;
+autostart)
+	test x"${openvpn:-NO}" = x"NO" && exit 0
+	exec sh $0 start
+	;;
+start)
+	for c in $(ls /etc/openvpn/*.conf 2>&-); do
+		openvpn --cd /etc/openvpn --config "$c" --daemon
+	done
+	;;
+stop)
+	killall openvpn
+	;;
+restart)
+	sh $0 stop
+	sleep 3
+	sh $0 start
+	;;
+*)
+	echo "Usage: $0 {start | stop | restart}"
+	exit 1
+	;;
+esac
+exit $?
diff --git a/package/openvpn/files/serial b/package/openvpn/files/serial
new file mode 100644
index 000000000..8a0f05e16
--- /dev/null
+++ b/package/openvpn/files/serial
@@ -0,0 +1 @@
+01
diff --git a/package/openvpn/ipkg/openvpn-easy-rsa.control b/package/openvpn/ipkg/openvpn-easy-rsa.control
new file mode 100644
index 000000000..6ce25a46a
--- /dev/null
+++ b/package/openvpn/ipkg/openvpn-easy-rsa.control
@@ -0,0 +1,5 @@
+Package: openvpn-easy-rsa
+Priority: optional
+Section: net
+Description: collection of shell scripts to manage a simple CA infrastructure
+Depends: openssl-util
diff --git a/package/openvpn/ipkg/openvpn.control b/package/openvpn/ipkg/openvpn.control
new file mode 100644
index 000000000..50f06bacb
--- /dev/null
+++ b/package/openvpn/ipkg/openvpn.control
@@ -0,0 +1,4 @@
+Package: openvpn
+Priority: optional
+Section: net
+Description: Open Source VPN solution using SSL
diff --git a/package/openvpn/ipkg/openvpn.postinst b/package/openvpn/ipkg/openvpn.postinst
new file mode 100644
index 000000000..576ddd9f5
--- /dev/null
+++ b/package/openvpn/ipkg/openvpn.postinst
@@ -0,0 +1,3 @@
+#!/bin/sh
+. $IPKG_INSTROOT/etc/functions.sh
+add_rcconf openvpn openvpn NO
diff --git a/package/openvpn/patches/easy-rsa.patch b/package/openvpn/patches/easy-rsa.patch
new file mode 100644
index 000000000..957fe336e
--- /dev/null
+++ b/package/openvpn/patches/easy-rsa.patch
@@ -0,0 +1,218 @@
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-ca openvpn-2.0.8/easy-rsa/2.0/build-ca
+--- openvpn-2.0.8_orig/easy-rsa/2.0/build-ca	2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/build-ca	2006-10-13 18:14:32.000000000 +0200
+@@ -1,8 +1,7 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ #
+ # Build a root certificate
+ #
+ 
+-export EASY_RSA="${EASY_RSA:-.}"
+-"$EASY_RSA/pkitool" --interact --initca $*
++/usr/sbin/pkitool --interact --initca $*
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-dh openvpn-2.0.8/easy-rsa/2.0/build-dh
+--- openvpn-2.0.8_orig/easy-rsa/2.0/build-dh	2006-06-28 08:29:27.000000000 +0200
++++ openvpn-2.0.8/easy-rsa/2.0/build-dh	2006-10-13 18:13:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+ 
+ # Build Diffie-Hellman parameters for the server side
+ # of an SSL/TLS connection.
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-inter openvpn-2.0.8/easy-rsa/2.0/build-inter
+--- openvpn-2.0.8_orig/easy-rsa/2.0/build-inter	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/build-inter	2006-10-13 18:14:32.000000000 +0200
+@@ -1,7 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Make an intermediate CA certificate/private key pair using a locally generated
+ # root certificate.
+ 
+-export EASY_RSA="${EASY_RSA:-.}"
+-"$EASY_RSA/pkitool" --interact --inter $*
++/usr/sbin/pkitool --interact --inter $*
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key openvpn-2.0.8/easy-rsa/2.0/build-key
+--- openvpn-2.0.8_orig/easy-rsa/2.0/build-key	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/build-key	2006-10-13 18:14:32.000000000 +0200
+@@ -1,7 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Make a certificate/private key pair using a locally generated
+ # root certificate.
+ 
+-export EASY_RSA="${EASY_RSA:-.}"
+-"$EASY_RSA/pkitool" --interact $*
++/usr/sbin/pkitool --interact $*
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pass openvpn-2.0.8/easy-rsa/2.0/build-key-pass
+--- openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pass	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/build-key-pass	2006-10-13 18:14:32.000000000 +0200
+@@ -1,7 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Similar to build-key, but protect the private key
+ # with a password.
+ 
+-export EASY_RSA="${EASY_RSA:-.}"
+-"$EASY_RSA/pkitool" --interact --pass $*
++/usr/sbin/pkitool --interact --pass $*
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pkcs12 openvpn-2.0.8/easy-rsa/2.0/build-key-pkcs12
+--- openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pkcs12	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/build-key-pkcs12	2006-10-13 18:14:32.000000000 +0200
+@@ -1,8 +1,7 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Make a certificate/private key pair using a locally generated
+ # root certificate and convert it to a PKCS #12 file including the
+ # the CA certificate as well.
+ 
+-export EASY_RSA="${EASY_RSA:-.}"
+-"$EASY_RSA/pkitool" --interact --pkcs12 $*
++/usr/sbin/pkitool --interact --pkcs12 $*
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key-server openvpn-2.0.8/easy-rsa/2.0/build-key-server
+--- openvpn-2.0.8_orig/easy-rsa/2.0/build-key-server	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/build-key-server	2006-10-13 18:14:32.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Make a certificate/private key pair using a locally generated
+ # root certificate.
+@@ -6,5 +6,4 @@
+ # Explicitly set nsCertType to server using the "server"
+ # extension in the openssl.cnf file.
+ 
+-export EASY_RSA="${EASY_RSA:-.}"
+-"$EASY_RSA/pkitool" --interact --server $*
++/usr/sbin/pkitool --interact --server $*
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-req openvpn-2.0.8/easy-rsa/2.0/build-req
+--- openvpn-2.0.8_orig/easy-rsa/2.0/build-req	2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/build-req	2006-10-13 18:14:32.000000000 +0200
+@@ -1,7 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Build a certificate signing request and private key.  Use this
+ # when your root certificate and key is not available locally.
+ 
+-export EASY_RSA="${EASY_RSA:-.}"
+-"$EASY_RSA/pkitool" --interact --csr $*
++/usr/sbin/pkitool --interact --csr $*
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-req-pass openvpn-2.0.8/easy-rsa/2.0/build-req-pass
+--- openvpn-2.0.8_orig/easy-rsa/2.0/build-req-pass	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/build-req-pass	2006-10-13 18:14:32.000000000 +0200
+@@ -1,7 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Like build-req, but protect your private key
+ # with a password.
+ 
+-export EASY_RSA="${EASY_RSA:-.}"
+-"$EASY_RSA/pkitool" --interact --csr --pass $*
++/usr/sbin/pkitool --interact --csr --pass $*
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/clean-all openvpn-2.0.8/easy-rsa/2.0/clean-all
+--- openvpn-2.0.8_orig/easy-rsa/2.0/clean-all	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/clean-all	2006-10-13 18:13:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+ 
+ # Initialize the $KEY_DIR directory.
+ # Note that this script does a
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/inherit-inter openvpn-2.0.8/easy-rsa/2.0/inherit-inter
+--- openvpn-2.0.8_orig/easy-rsa/2.0/inherit-inter	2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/inherit-inter	2006-10-13 18:13:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+ 
+ # Build a new PKI which is rooted on an intermediate certificate generated
+ # by ./build-inter or ./pkitool --inter from a parent PKI.  The new PKI should
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/list-crl openvpn-2.0.8/easy-rsa/2.0/list-crl
+--- openvpn-2.0.8_orig/easy-rsa/2.0/list-crl	2006-06-28 08:29:27.000000000 +0200
++++ openvpn-2.0.8/easy-rsa/2.0/list-crl	2006-10-13 18:13:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+ 
+ # list revoked certificates
+ 
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/pkitool openvpn-2.0.8/easy-rsa/2.0/pkitool
+--- openvpn-2.0.8_orig/easy-rsa/2.0/pkitool	2006-06-28 08:29:27.000000000 +0200
++++ openvpn-2.0.8/easy-rsa/2.0/pkitool	2006-10-13 18:13:40.000000000 +0200
+@@ -1,5 +1,7 @@
+ #!/bin/sh
+ 
++. /etc/easy-rsa/vars
++
+ #  OpenVPN -- An application to securely tunnel IP networks
+ #             over a single TCP/UDP port, with support for SSL/TLS-based
+ #             session authentication and key exchange,
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/revoke-full openvpn-2.0.8/easy-rsa/2.0/revoke-full
+--- openvpn-2.0.8_orig/easy-rsa/2.0/revoke-full	2006-06-28 08:29:27.000000000 +0200
++++ openvpn-2.0.8/easy-rsa/2.0/revoke-full	2006-10-13 18:13:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+ 
+ # revoke a certificate, regenerate CRL,
+ # and verify revocation
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/sign-req openvpn-2.0.8/easy-rsa/2.0/sign-req
+--- openvpn-2.0.8_orig/easy-rsa/2.0/sign-req	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.8/easy-rsa/2.0/sign-req	2006-10-13 18:14:32.000000000 +0200
+@@ -1,7 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Sign a certificate signing request (a .csr file)
+ # with a local root certificate and key.
+ 
+-export EASY_RSA="${EASY_RSA:-.}"
+-"$EASY_RSA/pkitool" --interact --sign $*
++/usr/sbin/pkitool --interact --sign $*
+diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/vars openvpn-2.0.8/easy-rsa/2.0/vars
+--- openvpn-2.0.8_orig/easy-rsa/2.0/vars	2006-06-28 08:29:27.000000000 +0200
++++ openvpn-2.0.8/easy-rsa/2.0/vars	2006-10-13 18:24:03.000000000 +0200
+@@ -12,7 +12,7 @@
+ # This variable should point to
+ # the top level of the easy-rsa
+ # tree.
+-export EASY_RSA="`pwd`"
++export EASY_RSA="/etc/easy-rsa"
+ 
+ #
+ # This variable should point to
+@@ -26,7 +26,7 @@
+ # This variable should point to
+ # the openssl.cnf file included
+ # with easy-rsa.
+-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
++export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA`
+ 
+ # Edit this variable to point to
+ # your soon-to-be-created key
+@@ -39,7 +39,7 @@
+ export KEY_DIR="$EASY_RSA/keys"
+ 
+ # Issue rm -rf warning
+-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
++echo NOTE: If you run /usr/sbin/clean-all, I will be doing a rm -rf on $KEY_DIR
+ 
+ # Increase this to 2048 if you
+ # are paranoid.  This will slow
author	wbx <wbx@hydrogenium.(none)>	2009-05-17 14:41:34 +0200
committer	wbx <wbx@hydrogenium.(none)>	2009-05-17 14:41:34 +0200
commit	219a6dab8995aad9ac4860cc1a84d6f3509a03a4 (patch)
tree	b9c0f3c43aebba2fcfef777592d0add39f2072f4 /package/openvpn