kissbac
/
packages
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

vpnc: initial import 

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Daniel Gimpelevich 10 years ago
parent
41f8d54650
commit
d16359b96e
6 changed files with 293 additions and 0 deletions
Split View Show Diff Stats
  1. 18
    0
      net/vpnc/Config.in
  2. 94
    0
      net/vpnc/Makefile
  3. 39
    0
      net/vpnc/README
  4. 98
    0
      net/vpnc/files/vpnc.sh
  5. 2
    0
      net/vpnc/files/vpnc.upgrade
  6. 42
    0
      net/vpnc/patches/001-cross.patch

+ 18
- 0
net/vpnc/Config.in View File 

@@ -0,0 +1,18 @@
1 
+# vpnc avanced configuration
2 
+
3 
+menu "Configuration"
4 
+	depends on PACKAGE_vpnc
5 
+
6 
+choice
7 
+	prompt "SSL library"
8 
+	default VPNC_GNUTLS
9 
+
10 
+config VPNC_GNUTLS
11 
+	bool "GnuTLS support"
12 
+
13 
+config VPNC_OPENSSL
14 
+	bool "OpenSSL"
15 
+
16 
+endchoice
17 
+
18 
+endmenu

+ 94
- 0
net/vpnc/Makefile View File 

@@ -0,0 +1,94 @@
1 
+#
2 
+# Copyright (C) 2006-2015 OpenWrt.org
3 
+#
4 
+# This is free software, licensed under the GNU General Public License v2.
5 
+# See /LICENSE for more information.
6 
+#
7 
+
8 
+include $(TOPDIR)/rules.mk
9 
+
10 
+PKG_NAME:=vpnc
11 
+PKG_REV:=550
12 
+PKG_VERSION:=0.5.3.r$(PKG_REV)
13 
+PKG_RELEASE:=1
14 
+
15 
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
16 
+PKG_SOURCE_URL:=http://svn.unix-ag.uni-kl.de/vpnc/trunk/
17 
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
18 
+PKG_SOURCE_VERSION:=$(PKG_REV)
19 
+PKG_SOURCE_PROTO:=svn
20 
+
21 
+PKG_MAINTAINER:=Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
22 
+PKG_LICENSE:=VARIOUS
23 
+PKG_LICENSE_FILES:=COPYING
24 
+
25 
+PKG_CONFIG_DEPENDS:= \
26 
+	CONFIG_VPNC_GNUTLS \
27 
+	CONFIG_VPNC_OPENSSL \
28 
+
29 
+
30 
+include $(INCLUDE_DIR)/package.mk
31 
+
32 
+define Package/vpnc/config
33 
+	source "$(SOURCE)/Config.in"
34 
+endef
35 
+
36 
+define Package/vpnc
37 
+  SECTION:=net
38 
+  CATEGORY:=Network
39 
+  DEPENDS:=+libgpg-error +libgcrypt +kmod-tun +VPNC_OPENSSL:libopenssl +VPNC_GNUTLS:libgnutls +vpnc-scripts +resolveip
40 
+  TITLE:=VPN client for Cisco EasyVPN
41 
+  URL:=http://www.unix-ag.uni-kl.de/~massar/vpnc/
42 
+  SUBMENU:=VPN
43 
+endef
44 
+
45 
+define Package/vpnc/description
46 
+	A VPN client compatible with Cisco's EasyVPN equipment.
47 
+
48 
+	Supports IPSec (ESP) with Mode Configuration and Xauth.  Supports only
49 
+	shared-secret IPSec authentication with Xauth, AES (256, 192, 128),
50 
+	3DES, 1DES, MD5, SHA1, DH1/2/5 and IP tunneling.
51 
+endef
52 
+
53 
+define Package/vpnc/conffiles
54 
+/etc/vpnc/default.conf
55 
+endef
56 
+
57 
+ifeq ($(CONFIG_VPNC_OPENSSL),y)
58 
+define Build/Compile
59 
+	$(call Build/Compile/Default, \
60 
+		OFLAGS="$(TARGET_CFLAGS)" \
61 
+		OS="Linux" VERSION="$(PKG_VERSION)" \
62 
+		STAGING_DIR="$(STAGING_DIR)" \
63 
+		DESTDIR="$(PKG_INSTALL_DIR)" \
64 
+		OPENSSL_GPL_VIOLATION=yes PREFIX=/usr \
65 
+		all install \
66 
+	)
67 
+endef
68 
+else
69 
+define Build/Compile
70 
+	$(call Build/Compile/Default, \
71 
+		OFLAGS="$(TARGET_CFLAGS)" \
72 
+		OS="Linux" VERSION="$(PKG_VERSION)" \
73 
+		STAGING_DIR="$(STAGING_DIR)" \
74 
+		DESTDIR="$(PKG_INSTALL_DIR)" \
75 
+		PREFIX=/usr \
76 
+		all install \
77 
+	)
78 
+endef
79 
+endif
80 
+
81 
+define Package/vpnc/install
82 
+	$(INSTALL_DIR) $(1)/lib/netifd/proto
83 
+	$(INSTALL_BIN) ./files/vpnc.sh $(1)/lib/netifd/proto/
84 
+	$(INSTALL_DIR) $(1)/usr/sbin
85 
+	$(CP)	$(PKG_INSTALL_DIR)/usr/sbin/vpnc \
86 
+		$(PKG_INSTALL_DIR)/usr/sbin/vpnc-disconnect \
87 
+		$(1)/usr/sbin/
88 
+	$(INSTALL_DIR) $(1)/etc/vpnc
89 
+	$(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/vpnc/default.conf $(1)/etc/vpnc/
90 
+	$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
91 
+	$(INSTALL_DATA) ./files/vpnc.upgrade $(1)/lib/upgrade/keep.d/vpnc
92 
+endef
93 
+
94 
+$(eval $(call BuildPackage,vpnc))

+ 39
- 0
net/vpnc/README View File 

@@ -0,0 +1,39 @@
1 
+The vpnc client expects to be configured using the uci interface.
2 
+
3 
+To setup a VPN connection, add the following to /etc/config/network:
4 
+
5 
+config interface 'MYVPN'
6 
+        option proto 'vpnc'
7 
+        option interface 'wan'
8 
+        option server 'vpn.example.com'
9 
+        option username 'test'
10 
+        option password 'secret' # or:
11 
+        option hexpasswd 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
12 
+        option authgroup 'DEFAULT'
13 
+        option passgroup 'groupsecret' # or:
14 
+        option hexpassgroup '52B0BEAF6605C3CE9BE20A0DC0A0F6240A6FF7EA'
15 
+        option domain 'WORKGROUP'
16 
+        option vendor 'cisco' # or 'netscreen'
17 
+        option natt_mode 'natt' # or 'none' or 'force-natt' or 'cisco-udp'
18 
+        option dh_group 'dh2' # or 'dh1' or 'dh5'
19 
+        option pfs 'server' # or 'nopfs' or 'dh1' or 'dh2' or 'dh5'
20 
+        option enable_single_des '0'
21 
+        option enable_no_enc '0' # '1' to enable unencrypted VPN
22 
+        option mtu '0'
23 
+        option local_addr '0.0.0.0'
24 
+        option local_port '500' # '0' to use a random port
25 
+        option udp_port '10000' # '0' to use a random port
26 
+        option dpd_idle '300'
27 
+        option auth_mode 'psk' # or 'hybrid'
28 
+        option target_network '0.0.0.0/0.0.0.0' # network/netmask or CIDR
29 
+
30 
+The additional file(s) are also used:
31 
+/etc/vpnc/ca-vpn-MYVPN.pem: The server's CA certificate (for auth_mode 'hybrid')
32 
+
33 
+After these are setup you can initiate the VPN using "ifup MYVPN", and
34 
+deinitialize it using ifdown. You may also use the luci web interface
35 
+(Network -> Interfaces -> MYVPN Connect).
36 
+
37 
+Note that you need to configure the firewall to allow communication between
38 
+the MYVPN interface and lan.
39 
+

+ 98
- 0
net/vpnc/files/vpnc.sh View File 

@@ -0,0 +1,98 @@
1 
+#!/bin/sh
2 
+. /lib/functions.sh
3 
+. ../netifd-proto.sh
4 
+init_proto "$@"
5 
+
6 
+proto_vpnc_init_config() {
7 
+	proto_config_add_string "server"
8 
+	proto_config_add_string "username"
9 
+	proto_config_add_string "hexpasswd"
10 
+	proto_config_add_string "authgroup"
11 
+	proto_config_add_string "password"
12 
+	proto_config_add_string "token_mode"
13 
+	proto_config_add_string "token_secret"
14 
+	proto_config_add_string "interface"
15 
+	proto_config_add_string "passgroup"
16 
+	proto_config_add_string "hexpassgroup"
17 
+	proto_config_add_string "domain"
18 
+	proto_config_add_string "vendor"
19 
+	proto_config_add_string "natt_mode"
20 
+	proto_config_add_string "dh_group"
21 
+	proto_config_add_string "pfs"
22 
+	proto_config_add_boolean "enable_single_des"
23 
+	proto_config_add_boolean "enable_no_enc"
24 
+	proto_config_add_int "mtu"
25 
+	proto_config_add_string "local_addr"
26 
+	proto_config_add_int "local_port"
27 
+	proto_config_add_int "udp_port"
28 
+	proto_config_add_int "dpd_idle"
29 
+	proto_config_add_string "auth_mode"
30 
+	proto_config_add_string "target_network"
31 
+	no_device=1
32 
+	available=1
33 
+}
34 
+
35 
+proto_vpnc_setup() {
36 
+	local config="$1"
37 
+
38 
+	json_get_vars server username hexpasswd authgroup password token_mode token_secret interface passgroup hexpassgroup domain vendor natt_mode dh_group pfs enable_single_des enable_no_enc mtu local_addr local_port udp_port dpd_idle auth_mode target_network
39 
+
40 
+	grep -q tun /proc/modules || insmod tun
41 
+
42 
+	logger -t vpnc "initializing..."
43 
+	serv_addr=
44 
+	for ip in $(resolveip -t 10 "$server"); do
45 
+		( proto_add_host_dependency "$config" "$ip" $interface )
46 
+		serv_addr=1
47 
+	done
48 
+	[ -n "$serv_addr" ] || {
49 
+		logger -t vpnc "Could not resolve server address: '$server'"
50 
+		sleep 60
51 
+		proto_setup_failed "$config"
52 
+		exit 1
53 
+	}
54 
+
55 
+	mkdir -p /var/etc
56 
+	umask 077
57 
+	pwfile="/var/etc/vpnc-$config.conf"
58 
+	echo "IPSec gateway $server" > "$pwfile"
59 
+	cmdline="--no-detach --pid-file /var/run/vpnc-$config.pid --ifname vpn-$config --non-inter --script /lib/netifd/vpnc-script $pwfile"
60 
+
61 
+	[ -f /etc/vpnc/ca-vpn-$config.pem ] && echo "CA-File /etc/vpnc/ca-vpn-$config.pem" >> "$pwfile"
62 
+	[ -n "$hexpasswd" ] && echo "Xauth obfuscated password $hexpasswd" >> "$pwfile"
63 
+	[ -n "$authgroup" ] && echo "IPSec ID $authgroup" >> "$pwfile"
64 
+	[ -n "$username" ] && echo "Xauth username $username" >> "$pwfile"
65 
+	[ -n "$password" ] && echo "Xauth password $password" >> "$pwfile"
66 
+	[ -n "$passgroup" ] && echo "IPSec secret $passgroup" >> "$pwfile"
67 
+	[ -n "$hexpassgroup" ] && echo "IPSec obfuscated secret $hexpassgroup" >> "$pwfile"
68 
+	[ -n "$domain" ] && echo "Domain $domain" >> "$pwfile"
69 
+	[ -n "$vendor" ] && echo "Vendor $vendor" >> "$pwfile"
70 
+	[ -n "$natt_mode" ] && echo "NAT Traversal Mode $natt_mode" >> "$pwfile"
71 
+	[ -n "$dh_group" ] && echo "IKE DH Group $dh_group" >> "$pwfile"
72 
+	[ -n "$pfs" ] && echo "Perfect Forward Secrecy $pfs" >> "$pwfile"
73 
+	[ "${enable_single_des:-0}" -gt 0 ] && echo "Enable Single DES" >> "$pwfile"
74 
+	[ "${enable_no_enc:-0}" -gt 0 ] && echo "Enable no encryption" >> "$pwfile"
75 
+	[ -n "$mtu" ] && echo "Interface MTU $mtu" >> "$pwfile"
76 
+	[ -n "$local_addr" ] && echo "Local Addr $local_addr" >> "$pwfile"
77 
+	[ -n "$local_port" ] && echo "Local Port $local_port" >> "$pwfile"
78 
+	[ -n "$udp_port" ] && echo "Cisco UDP Encapsulation Port $udp_port" >> "$pwfile"
79 
+	[ -n "$dpd_idle" ] && echo "DPD idle timeout (our side) $dpd_idle" >> "$pwfile"
80 
+	[ -n "$auth_mode" ] && echo "IKE Authmode $auth_mode" >> "$pwfile"
81 
+	[ -n "$target_network" ] && echo "IPSEC target network $target_network" >> "$pwfile"
82 
+
83 
+	proto_export INTERFACE="$config"
84 
+	logger -t vpnc "executing 'vpnc $cmdline'"
85 
+	proto_run_command "$config" /usr/sbin/vpnc $cmdline
86 
+}
87 
+
88 
+proto_vpnc_teardown() {
89 
+	local config="$1"
90 
+
91 
+	pwfile="/var/etc/vpnc-$config.conf"
92 
+
93 
+	rm -f $pwfile
94 
+	logger -t vpnc "bringing down vpnc"
95 
+	proto_kill_command "$config" 2
96 
+}
97 
+
98 
+add_protocol vpnc

+ 2
- 0
net/vpnc/files/vpnc.upgrade View File 

@@ -0,0 +1,2 @@
1 
+/etc/vpnc/ca-vpn-*.pem
2 
+

+ 42
- 0
net/vpnc/patches/001-cross.patch View File 

@@ -0,0 +1,42 @@
1 
+--- a/Makefile
2 
++++ b/Makefile
3 
+@@ -20,7 +20,7 @@
4 
+ # $Id$
5 
+
6 
+ DESTDIR=
7 
+-PREFIX=/usr/local
8 
++PREFIX=/usr
9 
+ ETCDIR=/etc/vpnc
10 
+ BINDIR=$(PREFIX)/bin
11 
+ SBINDIR=$(PREFIX)/sbin
12 
+@@ -57,18 +57,15 @@
13 
+ CRYPTO_OBJS = $(addsuffix .o,$(basename $(CRYPTO_SRCS)))
14 
+ BINOBJS = $(addsuffix .o,$(BINS))
15 
+ BINSRCS = $(addsuffix .c,$(BINS))
16 
+-VERSION := $(shell sh mk-version)
17 
+ RELEASE_VERSION := $(shell cat VERSION)
18 
+
19 
+ CC ?= gcc
20 
+-CFLAGS ?= -O3 -g
21 
+ CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings
22 
+-CFLAGS +=  $(shell libgcrypt-config --cflags) $(CRYPTO_CFLAGS)
23 
++CFLAGS += -O3 -I$(STAGING_DIR)/usr/include -I$(STAGING_DIR)/include $(OFLAGS) $(CRYPTO_CFLAGS)
24 
+ CPPFLAGS += -DVERSION=\"$(VERSION)\"
25 
+-LDFLAGS ?= -g
26 
+-LIBS += $(shell libgcrypt-config --libs) $(CRYPTO_LDADD)
27 
++LIBS += -L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/lib -lgcrypt -lgpg-error $(CRYPTO_LDADD)
28 
+
29 
+-ifeq ($(shell uname -s), SunOS)
30 
++ifeq ($(OS), SunOS)
31 
+ LIBS += -lnsl -lresolv -lsocket
32 
+ endif
33 
+ ifneq (,$(findstring Apple,$(shell $(CC) --version)))
34 
+@@ -82,7 +79,7 @@
35 
+ 	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
36 
+
37 
+ vpnc.8 : vpnc.8.template makeman.pl vpnc
38 
+-	./makeman.pl
39 
++	touch vpnc.8
40 
+
41 
+ cisco-decrypt : cisco-decrypt.o decrypt-utils.o
42 
+ 	$(CC) $(LDFLAGS) -o $@ $^ $(LIBS)