Merge pull request #863 from danielg4/master

openconnect: separate out vpnc-scripts and import vpnc
2015-02-08 19:04:05 +01:00 · 2015-02-08 19:04:05 +01:00 · dca4c16156
commit dca4c16156
parent 9344b3b361 d16359b96e
11 changed files with 342 additions and 8 deletions
--- a/net/openconnect/Makefile
+++ b/net/openconnect/Makefile
@ -1,5 +1,5 @@
 #
-# Copyright (C) 2006 OpenWrt.org
+# Copyright (C) 2006-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=openconnect
 PKG_VERSION:=7.04
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/
@ -29,7 +29,7 @@ endef
 define Package/openconnect
  SECTION:=net
  CATEGORY:=Network
-  DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls +OPENCONNECT_STOKEN:libstoken
+  DEPENDS:=+libxml2 +kmod-tun +resolveip +vpnc-scripts +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls +OPENCONNECT_STOKEN:libstoken
  TITLE:=OpenConnect VPN client (Cisco AnyConnect compatible)
  MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
  URL:=http://www.infradead.org/openconnect/
@ -65,7 +65,6 @@ define Package/openconnect/install
 	$(INSTALL_DIR) $(1)/etc/openconnect/
 	$(INSTALL_DIR) $(1)/lib/netifd/proto
 	$(INSTALL_BIN) ./files/openconnect.sh $(1)/lib/netifd/proto/
 	$(INSTALL_BIN) ./files/vpnc-script $(1)/lib/netifd/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/openconnect $(1)/usr/sbin/
 	$(INSTALL_BIN) ./files/openconnect-wrapper $(1)/usr/sbin/
--- a/net/openconnect/README
+++ b/net/openconnect/README
@ -4,6 +4,7 @@ To setup a VPN connection, add the following to /etc/config/network:
 config interface 'MYVPN'
        option proto 'openconnect'
        option interface 'wan'
        option server 'vpn.example.com'
        option port '4443'
        option username 'test'
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@ -10,6 +10,9 @@ proto_openconnect_init_config() {
 	proto_config_add_string "serverhash"
 	proto_config_add_string "authgroup"
 	proto_config_add_string "password"
 	proto_config_add_string "token_mode"
 	proto_config_add_string "token_secret"
 	proto_config_add_string "interface"
 	no_device=1
 	available=1
 }
@ -17,14 +20,14 @@ proto_openconnect_init_config() {
 proto_openconnect_setup() {
 	local config="$1"
-	json_get_vars server port username serverhash authgroup password vgroup token_mode token_secret
+	json_get_vars server port username serverhash authgroup password interface token_mode token_secret
 	grep -q tun /proc/modules || insmod tun
 	logger -t openconnect "initializing..."
 	serv_addr=
 	for ip in $(resolveip -t 10 "$server"); do
-		( proto_add_host_dependency "$config" "$ip" )
+		( proto_add_host_dependency "$config" "$ip" $interface )
 		serv_addr=1
 	done
 	[ -n "$serv_addr" ] || {
@ -57,7 +60,8 @@ proto_openconnect_setup() {
 	[ -n "$username" ] && append cmdline "-u $username"
 	[ -n "$password" ] && {
 		umask 077
-		pwfile="/var/run/openconnect-$config.passwd"
+		mkdir -p /var/etc
 		pwfile="/var/etc/openconnect-$config.passwd"
 		echo "$password" > "$pwfile"
 		append cmdline "--passwd-on-stdin"
 	}
@ -78,7 +82,7 @@ proto_openconnect_setup() {
 proto_openconnect_teardown() {
 	local config="$1"
-	pwfile="/var/run/openconnect-$config.passwd"
+	pwfile="/var/etc/openconnect-$config.passwd"
 	rm -f $pwfile
 	logger -t openconnect "bringing down openconnect"
--- a/net/vpnc-scripts/Makefile
+++ b/net/vpnc-scripts/Makefile
@ -0,0 +1,37 @@
 #
 # Copyright (C) 2006-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
 include $(TOPDIR)/rules.mk
 PKG_NAME:=vpnc-scripts
 PKG_VERSION:=20150116
 PKG_RELEASE:=1
 include $(INCLUDE_DIR)/package.mk
 define Package/vpnc-scripts
  SECTION:=net
  CATEGORY:=Network
  TITLE:=VPN configuration script for vpnc and OpenConnect
  MAINTAINER:=Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
  SUBMENU:=VPN
 endef
 define Package/vpnc-scripts/description
 	This package contains the vpnc-script which is used by vpnc
 	and OpenConnect to configure the tunnel interface.
 endef
 define Build/Compile
 endef
 define Package/vpnc-scripts/install
 	$(INSTALL_DIR) $(1)/lib/netifd
 	$(INSTALL_BIN) ./files/vpnc-script $(1)/lib/netifd/
 endef
 $(eval $(call BuildPackage,vpnc-scripts))
--- a/net/vpnc-scripts/files/vpnc-script
+++ b/net/vpnc-scripts/files/vpnc-script
--- a/net/vpnc/Config.in
+++ b/net/vpnc/Config.in
@ -0,0 +1,18 @@
 # vpnc avanced configuration
 menu "Configuration"
 	depends on PACKAGE_vpnc
 choice
 	prompt "SSL library"
 	default VPNC_GNUTLS
 config VPNC_GNUTLS
 	bool "GnuTLS support"
 config VPNC_OPENSSL
 	bool "OpenSSL"
 endchoice
 endmenu
--- a/net/vpnc/Makefile
+++ b/net/vpnc/Makefile
@ -0,0 +1,94 @@
 #
 # Copyright (C) 2006-2015 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
 include $(TOPDIR)/rules.mk
 PKG_NAME:=vpnc
 PKG_REV:=550
 PKG_VERSION:=0.5.3.r$(PKG_REV)
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://svn.unix-ag.uni-kl.de/vpnc/trunk/
 PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE_VERSION:=$(PKG_REV)
 PKG_SOURCE_PROTO:=svn
 PKG_MAINTAINER:=Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
 PKG_LICENSE:=VARIOUS
 PKG_LICENSE_FILES:=COPYING
 PKG_CONFIG_DEPENDS:= \
 	CONFIG_VPNC_GNUTLS \
 	CONFIG_VPNC_OPENSSL \
 include $(INCLUDE_DIR)/package.mk
 define Package/vpnc/config
 	source "$(SOURCE)/Config.in"
 endef
 define Package/vpnc
  SECTION:=net
  CATEGORY:=Network
  DEPENDS:=+libgpg-error +libgcrypt +kmod-tun +VPNC_OPENSSL:libopenssl +VPNC_GNUTLS:libgnutls +vpnc-scripts +resolveip
  TITLE:=VPN client for Cisco EasyVPN
  URL:=http://www.unix-ag.uni-kl.de/~massar/vpnc/
  SUBMENU:=VPN
 endef
 define Package/vpnc/description
 	A VPN client compatible with Cisco's EasyVPN equipment.
 	Supports IPSec (ESP) with Mode Configuration and Xauth.  Supports only
 	shared-secret IPSec authentication with Xauth, AES (256, 192, 128),
 	3DES, 1DES, MD5, SHA1, DH1/2/5 and IP tunneling.
 endef
 define Package/vpnc/conffiles
 /etc/vpnc/default.conf
 endef
 ifeq ($(CONFIG_VPNC_OPENSSL),y)
 define Build/Compile
 	$(call Build/Compile/Default, \
 		OFLAGS="$(TARGET_CFLAGS)" \
 		OS="Linux" VERSION="$(PKG_VERSION)" \
 		STAGING_DIR="$(STAGING_DIR)" \
 		DESTDIR="$(PKG_INSTALL_DIR)" \
 		OPENSSL_GPL_VIOLATION=yes PREFIX=/usr \
 		all install \
 	)
 endef
 else
 define Build/Compile
 	$(call Build/Compile/Default, \
 		OFLAGS="$(TARGET_CFLAGS)" \
 		OS="Linux" VERSION="$(PKG_VERSION)" \
 		STAGING_DIR="$(STAGING_DIR)" \
 		DESTDIR="$(PKG_INSTALL_DIR)" \
 		PREFIX=/usr \
 		all install \
 	)
 endef
 endif
 define Package/vpnc/install
 	$(INSTALL_DIR) $(1)/lib/netifd/proto
 	$(INSTALL_BIN) ./files/vpnc.sh $(1)/lib/netifd/proto/
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(CP)	$(PKG_INSTALL_DIR)/usr/sbin/vpnc \
 		$(PKG_INSTALL_DIR)/usr/sbin/vpnc-disconnect \
 		$(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/etc/vpnc
 	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/vpnc/default.conf $(1)/etc/vpnc/
 	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
 	$(INSTALL_DATA) ./files/vpnc.upgrade $(1)/lib/upgrade/keep.d/vpnc
 endef
 $(eval $(call BuildPackage,vpnc))
--- a/net/vpnc/README
+++ b/net/vpnc/README
@ -0,0 +1,39 @@
 The vpnc client expects to be configured using the uci interface.
 To setup a VPN connection, add the following to /etc/config/network:
 config interface 'MYVPN'
        option proto 'vpnc'
        option interface 'wan'
        option server 'vpn.example.com'
        option username 'test'
        option password 'secret' # or:
        option hexpasswd 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
        option authgroup 'DEFAULT'
        option passgroup 'groupsecret' # or:
        option hexpassgroup '52B0BEAF6605C3CE9BE20A0DC0A0F6240A6FF7EA'
        option domain 'WORKGROUP'
        option vendor 'cisco' # or 'netscreen'
        option natt_mode 'natt' # or 'none' or 'force-natt' or 'cisco-udp'
        option dh_group 'dh2' # or 'dh1' or 'dh5'
        option pfs 'server' # or 'nopfs' or 'dh1' or 'dh2' or 'dh5'
        option enable_single_des '0'
        option enable_no_enc '0' # '1' to enable unencrypted VPN
        option mtu '0'
        option local_addr '0.0.0.0'
        option local_port '500' # '0' to use a random port
        option udp_port '10000' # '0' to use a random port
        option dpd_idle '300'
        option auth_mode 'psk' # or 'hybrid'
        option target_network '0.0.0.0/0.0.0.0' # network/netmask or CIDR
 The additional file(s) are also used:
 /etc/vpnc/ca-vpn-MYVPN.pem: The server's CA certificate (for auth_mode 'hybrid')
 After these are setup you can initiate the VPN using "ifup MYVPN", and
 deinitialize it using ifdown. You may also use the luci web interface
 (Network -> Interfaces -> MYVPN Connect).
 Note that you need to configure the firewall to allow communication between
 the MYVPN interface and lan.
--- a/net/vpnc/files/vpnc.sh
+++ b/net/vpnc/files/vpnc.sh
@ -0,0 +1,98 @@
 #!/bin/sh
 . /lib/functions.sh
 . ../netifd-proto.sh
 init_proto "$@"
 proto_vpnc_init_config() {
 	proto_config_add_string "server"
 	proto_config_add_string "username"
 	proto_config_add_string "hexpasswd"
 	proto_config_add_string "authgroup"
 	proto_config_add_string "password"
 	proto_config_add_string "token_mode"
 	proto_config_add_string "token_secret"
 	proto_config_add_string "interface"
 	proto_config_add_string "passgroup"
 	proto_config_add_string "hexpassgroup"
 	proto_config_add_string "domain"
 	proto_config_add_string "vendor"
 	proto_config_add_string "natt_mode"
 	proto_config_add_string "dh_group"
 	proto_config_add_string "pfs"
 	proto_config_add_boolean "enable_single_des"
 	proto_config_add_boolean "enable_no_enc"
 	proto_config_add_int "mtu"
 	proto_config_add_string "local_addr"
 	proto_config_add_int "local_port"
 	proto_config_add_int "udp_port"
 	proto_config_add_int "dpd_idle"
 	proto_config_add_string "auth_mode"
 	proto_config_add_string "target_network"
 	no_device=1
 	available=1
 }
 proto_vpnc_setup() {
 	local config="$1"
 	json_get_vars server username hexpasswd authgroup password token_mode token_secret interface passgroup hexpassgroup domain vendor natt_mode dh_group pfs enable_single_des enable_no_enc mtu local_addr local_port udp_port dpd_idle auth_mode target_network
 	grep -q tun /proc/modules || insmod tun
 	logger -t vpnc "initializing..."
 	serv_addr=
 	for ip in $(resolveip -t 10 "$server"); do
 		( proto_add_host_dependency "$config" "$ip" $interface )
 		serv_addr=1
 	done
 	[ -n "$serv_addr" ] || {
 		logger -t vpnc "Could not resolve server address: '$server'"
 		sleep 60
 		proto_setup_failed "$config"
 		exit 1
 	}
 	mkdir -p /var/etc
 	umask 077
 	pwfile="/var/etc/vpnc-$config.conf"
 	echo "IPSec gateway $server" > "$pwfile"
 	cmdline="--no-detach --pid-file /var/run/vpnc-$config.pid --ifname vpn-$config --non-inter --script /lib/netifd/vpnc-script $pwfile"
 	[ -f /etc/vpnc/ca-vpn-$config.pem ] && echo "CA-File /etc/vpnc/ca-vpn-$config.pem" >> "$pwfile"
 	[ -n "$hexpasswd" ] && echo "Xauth obfuscated password $hexpasswd" >> "$pwfile"
 	[ -n "$authgroup" ] && echo "IPSec ID $authgroup" >> "$pwfile"
 	[ -n "$username" ] && echo "Xauth username $username" >> "$pwfile"
 	[ -n "$password" ] && echo "Xauth password $password" >> "$pwfile"
 	[ -n "$passgroup" ] && echo "IPSec secret $passgroup" >> "$pwfile"
 	[ -n "$hexpassgroup" ] && echo "IPSec obfuscated secret $hexpassgroup" >> "$pwfile"
 	[ -n "$domain" ] && echo "Domain $domain" >> "$pwfile"
 	[ -n "$vendor" ] && echo "Vendor $vendor" >> "$pwfile"
 	[ -n "$natt_mode" ] && echo "NAT Traversal Mode $natt_mode" >> "$pwfile"
 	[ -n "$dh_group" ] && echo "IKE DH Group $dh_group" >> "$pwfile"
 	[ -n "$pfs" ] && echo "Perfect Forward Secrecy $pfs" >> "$pwfile"
 	[ "${enable_single_des:-0}" -gt 0 ] && echo "Enable Single DES" >> "$pwfile"
 	[ "${enable_no_enc:-0}" -gt 0 ] && echo "Enable no encryption" >> "$pwfile"
 	[ -n "$mtu" ] && echo "Interface MTU $mtu" >> "$pwfile"
 	[ -n "$local_addr" ] && echo "Local Addr $local_addr" >> "$pwfile"
 	[ -n "$local_port" ] && echo "Local Port $local_port" >> "$pwfile"
 	[ -n "$udp_port" ] && echo "Cisco UDP Encapsulation Port $udp_port" >> "$pwfile"
 	[ -n "$dpd_idle" ] && echo "DPD idle timeout (our side) $dpd_idle" >> "$pwfile"
 	[ -n "$auth_mode" ] && echo "IKE Authmode $auth_mode" >> "$pwfile"
 	[ -n "$target_network" ] && echo "IPSEC target network $target_network" >> "$pwfile"
 	proto_export INTERFACE="$config"
 	logger -t vpnc "executing 'vpnc $cmdline'"
 	proto_run_command "$config" /usr/sbin/vpnc $cmdline
 }
 proto_vpnc_teardown() {
 	local config="$1"
 	pwfile="/var/etc/vpnc-$config.conf"
 	rm -f $pwfile
 	logger -t vpnc "bringing down vpnc"
 	proto_kill_command "$config" 2
 }
 add_protocol vpnc
--- a/net/vpnc/files/vpnc.upgrade
+++ b/net/vpnc/files/vpnc.upgrade
@ -0,0 +1,2 @@
 /etc/vpnc/ca-vpn-*.pem
--- a/net/vpnc/patches/001-cross.patch
+++ b/net/vpnc/patches/001-cross.patch
@ -0,0 +1,42 @@
 --- a/Makefile
 +++ b/Makefile
@@ -20,7 +20,7 @@
 # $Id$
 DESTDIR=
 -PREFIX=/usr/local
 +PREFIX=/usr
 ETCDIR=/etc/vpnc
 BINDIR=$(PREFIX)/bin
 SBINDIR=$(PREFIX)/sbin
@@ -57,18 +57,15 @@
 CRYPTO_OBJS = $(addsuffix .o,$(basename $(CRYPTO_SRCS)))
 BINOBJS = $(addsuffix .o,$(BINS))
 BINSRCS = $(addsuffix .c,$(BINS))
 -VERSION := $(shell sh mk-version)
 RELEASE_VERSION := $(shell cat VERSION)
 CC ?= gcc
 -CFLAGS ?= -O3 -g
 CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings
 -CFLAGS +=  $(shell libgcrypt-config --cflags) $(CRYPTO_CFLAGS)
 +CFLAGS += -O3 -I$(STAGING_DIR)/usr/include -I$(STAGING_DIR)/include $(OFLAGS) $(CRYPTO_CFLAGS)
 CPPFLAGS += -DVERSION=\"$(VERSION)\"
 -LDFLAGS ?= -g
 -LIBS += $(shell libgcrypt-config --libs) $(CRYPTO_LDADD)
 +LIBS += -L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/lib -lgcrypt -lgpg-error $(CRYPTO_LDADD)
 -ifeq ($(shell uname -s), SunOS)
 +ifeq ($(OS), SunOS)
 LIBS += -lnsl -lresolv -lsocket
 endif
 ifneq (,$(findstring Apple,$(shell $(CC) --version)))
@@ -82,7 +79,7 @@
 	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
 vpnc.8 : vpnc.8.template makeman.pl vpnc
 -	./makeman.pl
 +	touch vpnc.8
 cisco-decrypt : cisco-decrypt.o decrypt-utils.o
 	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)