diff options
Diffstat (limited to 'package/openvpn')
| -rw-r--r-- | package/openvpn/Config.in | 64 | ||||
| -rw-r--r-- | package/openvpn/Makefile | 86 | ||||
| -rw-r--r-- | package/openvpn/files/openvpn.conf | 11 | ||||
| -rw-r--r-- | package/openvpn/files/openvpn.init | 29 | ||||
| -rw-r--r-- | package/openvpn/files/serial | 1 | ||||
| -rw-r--r-- | package/openvpn/ipkg/openvpn-easy-rsa.control | 5 | ||||
| -rw-r--r-- | package/openvpn/ipkg/openvpn.control | 4 | ||||
| -rw-r--r-- | package/openvpn/ipkg/openvpn.postinst | 3 | ||||
| -rw-r--r-- | package/openvpn/patches/easy-rsa.patch | 218 |
9 files changed, 421 insertions, 0 deletions
diff --git a/package/openvpn/Config.in b/package/openvpn/Config.in new file mode 100644 index 000000000..18fd4f298 --- /dev/null +++ b/package/openvpn/Config.in @@ -0,0 +1,64 @@ + +config ADK_PACKAGE_OPENVPN + prompt "openvpn........................... Open source VPN solution using SSL" + tristate + default n + select ADK_KPACKAGE_KMOD_TUN + help + Open Source VPN solution using SSL + + http://openvpn.net/ + + Depends: kmod-tun, libpthread + +config ADK_COMPILE_OPENVPN_WITH_SERVER + prompt "server support.................. enable to use OpenVPN as server" + bool + default y + depends ADK_PACKAGE_OPENVPN + +config ADK_COMPILE_OPENVPN_WITH_HTTP + prompt "enable http proxy support....... allow tunneling through http-proxy" + bool + default y + depends ADK_PACKAGE_OPENVPN + +config ADK_COMPILE_OPENVPN_WITH_OPENSSL + prompt "enable openssl.................. encryption support" + bool + default y + depends ADK_PACKAGE_OPENVPN + select ADK_PACKAGE_LIBOPENSSL + help + if unsure say "y" you really want that! + +config ADK_COMPILE_OPENVPN_WITH_LZO + prompt "enable lzo...................... Enable transparent compression" + bool + default y + depends ADK_PACKAGE_OPENVPN + select ADK_PACKAGE_LIBLZO + +config ADK_COMPILE_OPENVPN_WITH_PASSWORD_SAVE + prompt "Enable password saving.......... allow to read passwords for PKCS12 from file" + bool + default y + depends ADK_PACKAGE_OPENVPN + +config ADK_COMPILE_OPENVPN_WITH_SMALL + prompt "Reduce executable size.......... disable OCC, usage message, and verb 4 parm list" + bool + default n + depends ADK_PACKAGE_OPENVPN + +config ADK_PACKAGE_OPENVPN_EASY_RSA + prompt "openvpn-easy-rsa................ simple shell scripts to manage a Certificate Authority" + tristate + default n + select ADK_PACKAGE_OPENSSL_UTIL + depends ADK_PACKAGE_OPENVPN + help + collection of shell scripts to manage a simple CA infrastructure + + Depends: openpvn, openssl-util + diff --git a/package/openvpn/Makefile b/package/openvpn/Makefile new file mode 100644 index 000000000..0624b76ba --- /dev/null +++ b/package/openvpn/Makefile @@ -0,0 +1,86 @@ +# $Id$ +#- +# This file is part of the OpenADK project. OpenADK is copyrighted +# material, please see the LICENCE file in the top-level directory. + +include $(TOPDIR)/rules.mk + +PKG_NAME:= openvpn +PKG_VERSION:= 2.0.9 +PKG_RELEASE:= 7 +PKG_MD5SUM:= 60745008b90b7dbe25fe8337c550fec6 + +MASTER_SITES:= http://openvpn.net/release/ \ + ${MASTER_SITE_SOURCEFORGE:=openvpn/} + +include $(TOPDIR)/mk/package.mk + +$(eval $(call PKG_template,OPENVPN,openvpn,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) +$(eval $(call PKG_template,OPENVPN_EASY_RSA,openvpn-easy-rsa,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH))) + +PKG_DEPEND:="kmod-tun" + +ifneq ($(ADK_COMPILE_OPENVPN_WITH_OPENSSL),y) +DISABLE_OPENSSL:=--disable-ssl --disable-crypto +else +PKG_DEPEND+=", libopenssl" +endif + +ifneq ($(ADK_COMPILE_OPENVPN_WITH_LZO),y) +DISABLE_LZO:=--disable-lzo +else +PKG_DEPEND+=", liblzo" +endif + +ifneq ($(ADK_COMPILE_OPENVPN_WITH_SERVER),y) +DISABLE_SERVER:=--disable-server +endif +ifneq ($(ADK_COMPILE_OPENVPN_WITH_HTTP),y) +DISABLE_HTTP:=--disable-http +endif +ifeq ($(ADK_COMPILE_OPENVPN_WITH_PASSWORD_SAVE),y) +ENABLE_PASSWORD_SAVE:=--enable-password-save +endif +ifeq ($(ADK_COMPILE_OPENVPN_WITH_SMALL),y) +ENABLE_SMALL:=--enable-small +endif + +CONFIGURE_STYLE= gnu +CONFIGURE_ENV+= CPPFLAGS="-I$(STAGING_DIR)/usr/include" \ + LDFLAGS="-L$(STAGING_DIR)/usr/lib" +CONFIGURE_ARGS+= --disable-pthread \ + --disable-plugins \ + --disable-management \ + --disable-socks \ + --enable-iproute2 \ + --with-iproute-path=ip \ + --without-ifconfig-path \ + --without-route-path \ + $(DISABLE_LZO) \ + $(DISABLE_OPENSSL) \ + $(DISABLE_SERVER) \ + $(DISABLE_HTTP) \ + $(ENABLE_PASSWORD_SAVE) \ + $(ENABLE_SMALL) +BUILD_STYLE= auto +INSTALL_STYLE= auto + +post-install: + # main package + install -d -m0755 $(IDIR_OPENVPN)/usr/sbin + $(CP) $(WRKINST)/usr/sbin/openvpn $(IDIR_OPENVPN)/usr/sbin/ + install -d -m0755 $(IDIR_OPENVPN)/etc/init.d + $(CP) ./files/openvpn.init $(IDIR_OPENVPN)/etc/init.d/openvpn + install -d -m0755 $(IDIR_OPENVPN)/etc/openvpn + $(CP) ./files/openvpn.conf $(IDIR_OPENVPN)/etc/openvpn/ + echo "Depends: $(PKG_DEPEND)" >> $(IDIR_OPENVPN)/CONTROL/control + # subpackage easy-rsa + install -d -m0755 $(IDIR_OPENVPN_EASY_RSA)/usr/sbin + install -d -m0755 $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys + touch $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys/index.txt + $(CP) ./files/serial $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys + $(CP) $(WRKBUILD)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(IDIR_OPENVPN_EASY_RSA)/usr/sbin + install -m 0644 $(WRKBUILD)/easy-rsa/2.0/openssl.cnf $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/openssl.cnf + install -m 0644 $(WRKBUILD)/easy-rsa/2.0/vars $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/vars + +include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/openvpn/files/openvpn.conf b/package/openvpn/files/openvpn.conf new file mode 100644 index 000000000..d951eaea8 --- /dev/null +++ b/package/openvpn/files/openvpn.conf @@ -0,0 +1,11 @@ +client +remote server.domain.tld +dev tun +nobind +ca ca.pem +cert client.cer +key client.key +persist-tun +persist-key +comp-lzo +verb 3 diff --git a/package/openvpn/files/openvpn.init b/package/openvpn/files/openvpn.init new file mode 100644 index 000000000..5fe02af59 --- /dev/null +++ b/package/openvpn/files/openvpn.init @@ -0,0 +1,29 @@ +#!/bin/sh +#FWINIT 60 +. /etc/rc.conf + +case $1 in +autostop) ;; +autostart) + test x"${openvpn:-NO}" = x"NO" && exit 0 + exec sh $0 start + ;; +start) + for c in $(ls /etc/openvpn/*.conf 2>&-); do + openvpn --cd /etc/openvpn --config "$c" --daemon + done + ;; +stop) + killall openvpn + ;; +restart) + sh $0 stop + sleep 3 + sh $0 start + ;; +*) + echo "Usage: $0 {start | stop | restart}" + exit 1 + ;; +esac +exit $? diff --git a/package/openvpn/files/serial b/package/openvpn/files/serial new file mode 100644 index 000000000..8a0f05e16 --- /dev/null +++ b/package/openvpn/files/serial @@ -0,0 +1 @@ +01 diff --git a/package/openvpn/ipkg/openvpn-easy-rsa.control b/package/openvpn/ipkg/openvpn-easy-rsa.control new file mode 100644 index 000000000..6ce25a46a --- /dev/null +++ b/package/openvpn/ipkg/openvpn-easy-rsa.control @@ -0,0 +1,5 @@ +Package: openvpn-easy-rsa +Priority: optional +Section: net +Description: collection of shell scripts to manage a simple CA infrastructure +Depends: openssl-util diff --git a/package/openvpn/ipkg/openvpn.control b/package/openvpn/ipkg/openvpn.control new file mode 100644 index 000000000..50f06bacb --- /dev/null +++ b/package/openvpn/ipkg/openvpn.control @@ -0,0 +1,4 @@ +Package: openvpn +Priority: optional +Section: net +Description: Open Source VPN solution using SSL diff --git a/package/openvpn/ipkg/openvpn.postinst b/package/openvpn/ipkg/openvpn.postinst new file mode 100644 index 000000000..576ddd9f5 --- /dev/null +++ b/package/openvpn/ipkg/openvpn.postinst @@ -0,0 +1,3 @@ +#!/bin/sh +. $IPKG_INSTROOT/etc/functions.sh +add_rcconf openvpn openvpn NO diff --git a/package/openvpn/patches/easy-rsa.patch b/package/openvpn/patches/easy-rsa.patch new file mode 100644 index 000000000..957fe336e --- /dev/null +++ b/package/openvpn/patches/easy-rsa.patch @@ -0,0 +1,218 @@ +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-ca openvpn-2.0.8/easy-rsa/2.0/build-ca +--- openvpn-2.0.8_orig/easy-rsa/2.0/build-ca 2005-11-02 19:42:38.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/build-ca 2006-10-13 18:14:32.000000000 +0200 +@@ -1,8 +1,7 @@ +-#!/bin/bash ++#!/bin/sh + + # + # Build a root certificate + # + +-export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --initca $* ++/usr/sbin/pkitool --interact --initca $* +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-dh openvpn-2.0.8/easy-rsa/2.0/build-dh +--- openvpn-2.0.8_orig/easy-rsa/2.0/build-dh 2006-06-28 08:29:27.000000000 +0200 ++++ openvpn-2.0.8/easy-rsa/2.0/build-dh 2006-10-13 18:13:40.000000000 +0200 +@@ -1,4 +1,6 @@ +-#!/bin/bash ++#!/bin/sh ++ ++. /etc/easy-rsa/vars + + # Build Diffie-Hellman parameters for the server side + # of an SSL/TLS connection. +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-inter openvpn-2.0.8/easy-rsa/2.0/build-inter +--- openvpn-2.0.8_orig/easy-rsa/2.0/build-inter 2005-11-02 19:42:39.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/build-inter 2006-10-13 18:14:32.000000000 +0200 +@@ -1,7 +1,6 @@ +-#!/bin/bash ++#!/bin/sh + + # Make an intermediate CA certificate/private key pair using a locally generated + # root certificate. + +-export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --inter $* ++/usr/sbin/pkitool --interact --inter $* +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key openvpn-2.0.8/easy-rsa/2.0/build-key +--- openvpn-2.0.8_orig/easy-rsa/2.0/build-key 2005-11-02 19:42:39.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/build-key 2006-10-13 18:14:32.000000000 +0200 +@@ -1,7 +1,6 @@ +-#!/bin/bash ++#!/bin/sh + + # Make a certificate/private key pair using a locally generated + # root certificate. + +-export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact $* ++/usr/sbin/pkitool --interact $* +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pass openvpn-2.0.8/easy-rsa/2.0/build-key-pass +--- openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pass 2005-11-02 19:42:39.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/build-key-pass 2006-10-13 18:14:32.000000000 +0200 +@@ -1,7 +1,6 @@ +-#!/bin/bash ++#!/bin/sh + + # Similar to build-key, but protect the private key + # with a password. + +-export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --pass $* ++/usr/sbin/pkitool --interact --pass $* +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pkcs12 openvpn-2.0.8/easy-rsa/2.0/build-key-pkcs12 +--- openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pkcs12 2005-11-02 19:42:39.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/build-key-pkcs12 2006-10-13 18:14:32.000000000 +0200 +@@ -1,8 +1,7 @@ +-#!/bin/bash ++#!/bin/sh + + # Make a certificate/private key pair using a locally generated + # root certificate and convert it to a PKCS #12 file including the + # the CA certificate as well. + +-export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --pkcs12 $* ++/usr/sbin/pkitool --interact --pkcs12 $* +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key-server openvpn-2.0.8/easy-rsa/2.0/build-key-server +--- openvpn-2.0.8_orig/easy-rsa/2.0/build-key-server 2005-11-02 19:42:39.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/build-key-server 2006-10-13 18:14:32.000000000 +0200 +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh + + # Make a certificate/private key pair using a locally generated + # root certificate. +@@ -6,5 +6,4 @@ + # Explicitly set nsCertType to server using the "server" + # extension in the openssl.cnf file. + +-export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --server $* ++/usr/sbin/pkitool --interact --server $* +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-req openvpn-2.0.8/easy-rsa/2.0/build-req +--- openvpn-2.0.8_orig/easy-rsa/2.0/build-req 2005-11-02 19:42:38.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/build-req 2006-10-13 18:14:32.000000000 +0200 +@@ -1,7 +1,6 @@ +-#!/bin/bash ++#!/bin/sh + + # Build a certificate signing request and private key. Use this + # when your root certificate and key is not available locally. + +-export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --csr $* ++/usr/sbin/pkitool --interact --csr $* +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-req-pass openvpn-2.0.8/easy-rsa/2.0/build-req-pass +--- openvpn-2.0.8_orig/easy-rsa/2.0/build-req-pass 2005-11-02 19:42:39.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/build-req-pass 2006-10-13 18:14:32.000000000 +0200 +@@ -1,7 +1,6 @@ +-#!/bin/bash ++#!/bin/sh + + # Like build-req, but protect your private key + # with a password. + +-export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --csr --pass $* ++/usr/sbin/pkitool --interact --csr --pass $* +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/clean-all openvpn-2.0.8/easy-rsa/2.0/clean-all +--- openvpn-2.0.8_orig/easy-rsa/2.0/clean-all 2005-11-02 19:42:39.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/clean-all 2006-10-13 18:13:40.000000000 +0200 +@@ -1,4 +1,6 @@ +-#!/bin/bash ++#!/bin/sh ++ ++. /etc/easy-rsa/vars + + # Initialize the $KEY_DIR directory. + # Note that this script does a +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/inherit-inter openvpn-2.0.8/easy-rsa/2.0/inherit-inter +--- openvpn-2.0.8_orig/easy-rsa/2.0/inherit-inter 2005-11-02 19:42:38.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/inherit-inter 2006-10-13 18:13:40.000000000 +0200 +@@ -1,4 +1,6 @@ +-#!/bin/bash ++#!/bin/sh ++ ++. /etc/easy-rsa/vars + + # Build a new PKI which is rooted on an intermediate certificate generated + # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/list-crl openvpn-2.0.8/easy-rsa/2.0/list-crl +--- openvpn-2.0.8_orig/easy-rsa/2.0/list-crl 2006-06-28 08:29:27.000000000 +0200 ++++ openvpn-2.0.8/easy-rsa/2.0/list-crl 2006-10-13 18:13:40.000000000 +0200 +@@ -1,4 +1,6 @@ +-#!/bin/bash ++#!/bin/sh ++ ++. /etc/easy-rsa/vars + + # list revoked certificates + +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/pkitool openvpn-2.0.8/easy-rsa/2.0/pkitool +--- openvpn-2.0.8_orig/easy-rsa/2.0/pkitool 2006-06-28 08:29:27.000000000 +0200 ++++ openvpn-2.0.8/easy-rsa/2.0/pkitool 2006-10-13 18:13:40.000000000 +0200 +@@ -1,5 +1,7 @@ + #!/bin/sh + ++. /etc/easy-rsa/vars ++ + # OpenVPN -- An application to securely tunnel IP networks + # over a single TCP/UDP port, with support for SSL/TLS-based + # session authentication and key exchange, +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/revoke-full openvpn-2.0.8/easy-rsa/2.0/revoke-full +--- openvpn-2.0.8_orig/easy-rsa/2.0/revoke-full 2006-06-28 08:29:27.000000000 +0200 ++++ openvpn-2.0.8/easy-rsa/2.0/revoke-full 2006-10-13 18:13:40.000000000 +0200 +@@ -1,4 +1,6 @@ +-#!/bin/bash ++#!/bin/sh ++ ++. /etc/easy-rsa/vars + + # revoke a certificate, regenerate CRL, + # and verify revocation +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/sign-req openvpn-2.0.8/easy-rsa/2.0/sign-req +--- openvpn-2.0.8_orig/easy-rsa/2.0/sign-req 2005-11-02 19:42:39.000000000 +0100 ++++ openvpn-2.0.8/easy-rsa/2.0/sign-req 2006-10-13 18:14:32.000000000 +0200 +@@ -1,7 +1,6 @@ +-#!/bin/bash ++#!/bin/sh + + # Sign a certificate signing request (a .csr file) + # with a local root certificate and key. + +-export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --sign $* ++/usr/sbin/pkitool --interact --sign $* +diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/vars openvpn-2.0.8/easy-rsa/2.0/vars +--- openvpn-2.0.8_orig/easy-rsa/2.0/vars 2006-06-28 08:29:27.000000000 +0200 ++++ openvpn-2.0.8/easy-rsa/2.0/vars 2006-10-13 18:24:03.000000000 +0200 +@@ -12,7 +12,7 @@ + # This variable should point to + # the top level of the easy-rsa + # tree. +-export EASY_RSA="`pwd`" ++export EASY_RSA="/etc/easy-rsa" + + # + # This variable should point to +@@ -26,7 +26,7 @@ + # This variable should point to + # the openssl.cnf file included + # with easy-rsa. +-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` ++export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA` + + # Edit this variable to point to + # your soon-to-be-created key +@@ -39,7 +39,7 @@ + export KEY_DIR="$EASY_RSA/keys" + + # Issue rm -rf warning +-echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR ++echo NOTE: If you run /usr/sbin/clean-all, I will be doing a rm -rf on $KEY_DIR + + # Increase this to 2048 if you + # are paranoid. This will slow |