vpnc: initial import
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
This commit is contained in:
parent
41f8d54650
commit
d16359b96e
6 changed files with 293 additions and 0 deletions
18
net/vpnc/Config.in
Normal file
18
net/vpnc/Config.in
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
# vpnc avanced configuration
|
||||||
|
|
||||||
|
menu "Configuration"
|
||||||
|
depends on PACKAGE_vpnc
|
||||||
|
|
||||||
|
choice
|
||||||
|
prompt "SSL library"
|
||||||
|
default VPNC_GNUTLS
|
||||||
|
|
||||||
|
config VPNC_GNUTLS
|
||||||
|
bool "GnuTLS support"
|
||||||
|
|
||||||
|
config VPNC_OPENSSL
|
||||||
|
bool "OpenSSL"
|
||||||
|
|
||||||
|
endchoice
|
||||||
|
|
||||||
|
endmenu
|
94
net/vpnc/Makefile
Normal file
94
net/vpnc/Makefile
Normal file
|
@ -0,0 +1,94 @@
|
||||||
|
#
|
||||||
|
# Copyright (C) 2006-2015 OpenWrt.org
|
||||||
|
#
|
||||||
|
# This is free software, licensed under the GNU General Public License v2.
|
||||||
|
# See /LICENSE for more information.
|
||||||
|
#
|
||||||
|
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PKG_NAME:=vpnc
|
||||||
|
PKG_REV:=550
|
||||||
|
PKG_VERSION:=0.5.3.r$(PKG_REV)
|
||||||
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||||
|
PKG_SOURCE_URL:=http://svn.unix-ag.uni-kl.de/vpnc/trunk/
|
||||||
|
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
|
||||||
|
PKG_SOURCE_VERSION:=$(PKG_REV)
|
||||||
|
PKG_SOURCE_PROTO:=svn
|
||||||
|
|
||||||
|
PKG_MAINTAINER:=Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
|
||||||
|
PKG_LICENSE:=VARIOUS
|
||||||
|
PKG_LICENSE_FILES:=COPYING
|
||||||
|
|
||||||
|
PKG_CONFIG_DEPENDS:= \
|
||||||
|
CONFIG_VPNC_GNUTLS \
|
||||||
|
CONFIG_VPNC_OPENSSL \
|
||||||
|
|
||||||
|
|
||||||
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
define Package/vpnc/config
|
||||||
|
source "$(SOURCE)/Config.in"
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/vpnc
|
||||||
|
SECTION:=net
|
||||||
|
CATEGORY:=Network
|
||||||
|
DEPENDS:=+libgpg-error +libgcrypt +kmod-tun +VPNC_OPENSSL:libopenssl +VPNC_GNUTLS:libgnutls +vpnc-scripts +resolveip
|
||||||
|
TITLE:=VPN client for Cisco EasyVPN
|
||||||
|
URL:=http://www.unix-ag.uni-kl.de/~massar/vpnc/
|
||||||
|
SUBMENU:=VPN
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/vpnc/description
|
||||||
|
A VPN client compatible with Cisco's EasyVPN equipment.
|
||||||
|
|
||||||
|
Supports IPSec (ESP) with Mode Configuration and Xauth. Supports only
|
||||||
|
shared-secret IPSec authentication with Xauth, AES (256, 192, 128),
|
||||||
|
3DES, 1DES, MD5, SHA1, DH1/2/5 and IP tunneling.
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/vpnc/conffiles
|
||||||
|
/etc/vpnc/default.conf
|
||||||
|
endef
|
||||||
|
|
||||||
|
ifeq ($(CONFIG_VPNC_OPENSSL),y)
|
||||||
|
define Build/Compile
|
||||||
|
$(call Build/Compile/Default, \
|
||||||
|
OFLAGS="$(TARGET_CFLAGS)" \
|
||||||
|
OS="Linux" VERSION="$(PKG_VERSION)" \
|
||||||
|
STAGING_DIR="$(STAGING_DIR)" \
|
||||||
|
DESTDIR="$(PKG_INSTALL_DIR)" \
|
||||||
|
OPENSSL_GPL_VIOLATION=yes PREFIX=/usr \
|
||||||
|
all install \
|
||||||
|
)
|
||||||
|
endef
|
||||||
|
else
|
||||||
|
define Build/Compile
|
||||||
|
$(call Build/Compile/Default, \
|
||||||
|
OFLAGS="$(TARGET_CFLAGS)" \
|
||||||
|
OS="Linux" VERSION="$(PKG_VERSION)" \
|
||||||
|
STAGING_DIR="$(STAGING_DIR)" \
|
||||||
|
DESTDIR="$(PKG_INSTALL_DIR)" \
|
||||||
|
PREFIX=/usr \
|
||||||
|
all install \
|
||||||
|
)
|
||||||
|
endef
|
||||||
|
endif
|
||||||
|
|
||||||
|
define Package/vpnc/install
|
||||||
|
$(INSTALL_DIR) $(1)/lib/netifd/proto
|
||||||
|
$(INSTALL_BIN) ./files/vpnc.sh $(1)/lib/netifd/proto/
|
||||||
|
$(INSTALL_DIR) $(1)/usr/sbin
|
||||||
|
$(CP) $(PKG_INSTALL_DIR)/usr/sbin/vpnc \
|
||||||
|
$(PKG_INSTALL_DIR)/usr/sbin/vpnc-disconnect \
|
||||||
|
$(1)/usr/sbin/
|
||||||
|
$(INSTALL_DIR) $(1)/etc/vpnc
|
||||||
|
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/vpnc/default.conf $(1)/etc/vpnc/
|
||||||
|
$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
|
||||||
|
$(INSTALL_DATA) ./files/vpnc.upgrade $(1)/lib/upgrade/keep.d/vpnc
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call BuildPackage,vpnc))
|
39
net/vpnc/README
Normal file
39
net/vpnc/README
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
The vpnc client expects to be configured using the uci interface.
|
||||||
|
|
||||||
|
To setup a VPN connection, add the following to /etc/config/network:
|
||||||
|
|
||||||
|
config interface 'MYVPN'
|
||||||
|
option proto 'vpnc'
|
||||||
|
option interface 'wan'
|
||||||
|
option server 'vpn.example.com'
|
||||||
|
option username 'test'
|
||||||
|
option password 'secret' # or:
|
||||||
|
option hexpasswd 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
|
||||||
|
option authgroup 'DEFAULT'
|
||||||
|
option passgroup 'groupsecret' # or:
|
||||||
|
option hexpassgroup '52B0BEAF6605C3CE9BE20A0DC0A0F6240A6FF7EA'
|
||||||
|
option domain 'WORKGROUP'
|
||||||
|
option vendor 'cisco' # or 'netscreen'
|
||||||
|
option natt_mode 'natt' # or 'none' or 'force-natt' or 'cisco-udp'
|
||||||
|
option dh_group 'dh2' # or 'dh1' or 'dh5'
|
||||||
|
option pfs 'server' # or 'nopfs' or 'dh1' or 'dh2' or 'dh5'
|
||||||
|
option enable_single_des '0'
|
||||||
|
option enable_no_enc '0' # '1' to enable unencrypted VPN
|
||||||
|
option mtu '0'
|
||||||
|
option local_addr '0.0.0.0'
|
||||||
|
option local_port '500' # '0' to use a random port
|
||||||
|
option udp_port '10000' # '0' to use a random port
|
||||||
|
option dpd_idle '300'
|
||||||
|
option auth_mode 'psk' # or 'hybrid'
|
||||||
|
option target_network '0.0.0.0/0.0.0.0' # network/netmask or CIDR
|
||||||
|
|
||||||
|
The additional file(s) are also used:
|
||||||
|
/etc/vpnc/ca-vpn-MYVPN.pem: The server's CA certificate (for auth_mode 'hybrid')
|
||||||
|
|
||||||
|
After these are setup you can initiate the VPN using "ifup MYVPN", and
|
||||||
|
deinitialize it using ifdown. You may also use the luci web interface
|
||||||
|
(Network -> Interfaces -> MYVPN Connect).
|
||||||
|
|
||||||
|
Note that you need to configure the firewall to allow communication between
|
||||||
|
the MYVPN interface and lan.
|
||||||
|
|
98
net/vpnc/files/vpnc.sh
Executable file
98
net/vpnc/files/vpnc.sh
Executable file
|
@ -0,0 +1,98 @@
|
||||||
|
#!/bin/sh
|
||||||
|
. /lib/functions.sh
|
||||||
|
. ../netifd-proto.sh
|
||||||
|
init_proto "$@"
|
||||||
|
|
||||||
|
proto_vpnc_init_config() {
|
||||||
|
proto_config_add_string "server"
|
||||||
|
proto_config_add_string "username"
|
||||||
|
proto_config_add_string "hexpasswd"
|
||||||
|
proto_config_add_string "authgroup"
|
||||||
|
proto_config_add_string "password"
|
||||||
|
proto_config_add_string "token_mode"
|
||||||
|
proto_config_add_string "token_secret"
|
||||||
|
proto_config_add_string "interface"
|
||||||
|
proto_config_add_string "passgroup"
|
||||||
|
proto_config_add_string "hexpassgroup"
|
||||||
|
proto_config_add_string "domain"
|
||||||
|
proto_config_add_string "vendor"
|
||||||
|
proto_config_add_string "natt_mode"
|
||||||
|
proto_config_add_string "dh_group"
|
||||||
|
proto_config_add_string "pfs"
|
||||||
|
proto_config_add_boolean "enable_single_des"
|
||||||
|
proto_config_add_boolean "enable_no_enc"
|
||||||
|
proto_config_add_int "mtu"
|
||||||
|
proto_config_add_string "local_addr"
|
||||||
|
proto_config_add_int "local_port"
|
||||||
|
proto_config_add_int "udp_port"
|
||||||
|
proto_config_add_int "dpd_idle"
|
||||||
|
proto_config_add_string "auth_mode"
|
||||||
|
proto_config_add_string "target_network"
|
||||||
|
no_device=1
|
||||||
|
available=1
|
||||||
|
}
|
||||||
|
|
||||||
|
proto_vpnc_setup() {
|
||||||
|
local config="$1"
|
||||||
|
|
||||||
|
json_get_vars server username hexpasswd authgroup password token_mode token_secret interface passgroup hexpassgroup domain vendor natt_mode dh_group pfs enable_single_des enable_no_enc mtu local_addr local_port udp_port dpd_idle auth_mode target_network
|
||||||
|
|
||||||
|
grep -q tun /proc/modules || insmod tun
|
||||||
|
|
||||||
|
logger -t vpnc "initializing..."
|
||||||
|
serv_addr=
|
||||||
|
for ip in $(resolveip -t 10 "$server"); do
|
||||||
|
( proto_add_host_dependency "$config" "$ip" $interface )
|
||||||
|
serv_addr=1
|
||||||
|
done
|
||||||
|
[ -n "$serv_addr" ] || {
|
||||||
|
logger -t vpnc "Could not resolve server address: '$server'"
|
||||||
|
sleep 60
|
||||||
|
proto_setup_failed "$config"
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
mkdir -p /var/etc
|
||||||
|
umask 077
|
||||||
|
pwfile="/var/etc/vpnc-$config.conf"
|
||||||
|
echo "IPSec gateway $server" > "$pwfile"
|
||||||
|
cmdline="--no-detach --pid-file /var/run/vpnc-$config.pid --ifname vpn-$config --non-inter --script /lib/netifd/vpnc-script $pwfile"
|
||||||
|
|
||||||
|
[ -f /etc/vpnc/ca-vpn-$config.pem ] && echo "CA-File /etc/vpnc/ca-vpn-$config.pem" >> "$pwfile"
|
||||||
|
[ -n "$hexpasswd" ] && echo "Xauth obfuscated password $hexpasswd" >> "$pwfile"
|
||||||
|
[ -n "$authgroup" ] && echo "IPSec ID $authgroup" >> "$pwfile"
|
||||||
|
[ -n "$username" ] && echo "Xauth username $username" >> "$pwfile"
|
||||||
|
[ -n "$password" ] && echo "Xauth password $password" >> "$pwfile"
|
||||||
|
[ -n "$passgroup" ] && echo "IPSec secret $passgroup" >> "$pwfile"
|
||||||
|
[ -n "$hexpassgroup" ] && echo "IPSec obfuscated secret $hexpassgroup" >> "$pwfile"
|
||||||
|
[ -n "$domain" ] && echo "Domain $domain" >> "$pwfile"
|
||||||
|
[ -n "$vendor" ] && echo "Vendor $vendor" >> "$pwfile"
|
||||||
|
[ -n "$natt_mode" ] && echo "NAT Traversal Mode $natt_mode" >> "$pwfile"
|
||||||
|
[ -n "$dh_group" ] && echo "IKE DH Group $dh_group" >> "$pwfile"
|
||||||
|
[ -n "$pfs" ] && echo "Perfect Forward Secrecy $pfs" >> "$pwfile"
|
||||||
|
[ "${enable_single_des:-0}" -gt 0 ] && echo "Enable Single DES" >> "$pwfile"
|
||||||
|
[ "${enable_no_enc:-0}" -gt 0 ] && echo "Enable no encryption" >> "$pwfile"
|
||||||
|
[ -n "$mtu" ] && echo "Interface MTU $mtu" >> "$pwfile"
|
||||||
|
[ -n "$local_addr" ] && echo "Local Addr $local_addr" >> "$pwfile"
|
||||||
|
[ -n "$local_port" ] && echo "Local Port $local_port" >> "$pwfile"
|
||||||
|
[ -n "$udp_port" ] && echo "Cisco UDP Encapsulation Port $udp_port" >> "$pwfile"
|
||||||
|
[ -n "$dpd_idle" ] && echo "DPD idle timeout (our side) $dpd_idle" >> "$pwfile"
|
||||||
|
[ -n "$auth_mode" ] && echo "IKE Authmode $auth_mode" >> "$pwfile"
|
||||||
|
[ -n "$target_network" ] && echo "IPSEC target network $target_network" >> "$pwfile"
|
||||||
|
|
||||||
|
proto_export INTERFACE="$config"
|
||||||
|
logger -t vpnc "executing 'vpnc $cmdline'"
|
||||||
|
proto_run_command "$config" /usr/sbin/vpnc $cmdline
|
||||||
|
}
|
||||||
|
|
||||||
|
proto_vpnc_teardown() {
|
||||||
|
local config="$1"
|
||||||
|
|
||||||
|
pwfile="/var/etc/vpnc-$config.conf"
|
||||||
|
|
||||||
|
rm -f $pwfile
|
||||||
|
logger -t vpnc "bringing down vpnc"
|
||||||
|
proto_kill_command "$config" 2
|
||||||
|
}
|
||||||
|
|
||||||
|
add_protocol vpnc
|
2
net/vpnc/files/vpnc.upgrade
Normal file
2
net/vpnc/files/vpnc.upgrade
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
/etc/vpnc/ca-vpn-*.pem
|
||||||
|
|
42
net/vpnc/patches/001-cross.patch
Normal file
42
net/vpnc/patches/001-cross.patch
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
--- a/Makefile
|
||||||
|
+++ b/Makefile
|
||||||
|
@@ -20,7 +20,7 @@
|
||||||
|
# $Id$
|
||||||
|
|
||||||
|
DESTDIR=
|
||||||
|
-PREFIX=/usr/local
|
||||||
|
+PREFIX=/usr
|
||||||
|
ETCDIR=/etc/vpnc
|
||||||
|
BINDIR=$(PREFIX)/bin
|
||||||
|
SBINDIR=$(PREFIX)/sbin
|
||||||
|
@@ -57,18 +57,15 @@
|
||||||
|
CRYPTO_OBJS = $(addsuffix .o,$(basename $(CRYPTO_SRCS)))
|
||||||
|
BINOBJS = $(addsuffix .o,$(BINS))
|
||||||
|
BINSRCS = $(addsuffix .c,$(BINS))
|
||||||
|
-VERSION := $(shell sh mk-version)
|
||||||
|
RELEASE_VERSION := $(shell cat VERSION)
|
||||||
|
|
||||||
|
CC ?= gcc
|
||||||
|
-CFLAGS ?= -O3 -g
|
||||||
|
CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings
|
||||||
|
-CFLAGS += $(shell libgcrypt-config --cflags) $(CRYPTO_CFLAGS)
|
||||||
|
+CFLAGS += -O3 -I$(STAGING_DIR)/usr/include -I$(STAGING_DIR)/include $(OFLAGS) $(CRYPTO_CFLAGS)
|
||||||
|
CPPFLAGS += -DVERSION=\"$(VERSION)\"
|
||||||
|
-LDFLAGS ?= -g
|
||||||
|
-LIBS += $(shell libgcrypt-config --libs) $(CRYPTO_LDADD)
|
||||||
|
+LIBS += -L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/lib -lgcrypt -lgpg-error $(CRYPTO_LDADD)
|
||||||
|
|
||||||
|
-ifeq ($(shell uname -s), SunOS)
|
||||||
|
+ifeq ($(OS), SunOS)
|
||||||
|
LIBS += -lnsl -lresolv -lsocket
|
||||||
|
endif
|
||||||
|
ifneq (,$(findstring Apple,$(shell $(CC) --version)))
|
||||||
|
@@ -82,7 +79,7 @@
|
||||||
|
$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
|
||||||
|
|
||||||
|
vpnc.8 : vpnc.8.template makeman.pl vpnc
|
||||||
|
- ./makeman.pl
|
||||||
|
+ touch vpnc.8
|
||||||
|
|
||||||
|
cisco-decrypt : cisco-decrypt.o decrypt-utils.o
|
||||||
|
$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
|
Loading…
Reference in a new issue