--- /dev/null
+if PACKAGE_openvpn-mbedtls
+
+config OPENVPN_mbedtls_ENABLE_LZO
+ bool "Enable LZO compression support"
+ default y
+
+config OPENVPN_mbedtls_ENABLE_LZ4
+ bool "Enable LZ4 compression support"
+ default y
+
+config OPENVPN_mbedtls_ENABLE_X509_ALT_USERNAME
+ bool "Enable the --x509-username-field feature"
+ default n
+
+config OPENVPN_mbedtls_ENABLE_SERVER
+ bool "Enable server support (otherwise only client mode is support)"
+ default y
+
+#config OPENVPN_mbedtls_ENABLE_EUREPHIA
+# bool "Enable support for the eurephia plug-in"
+# default n
+
+config OPENVPN_mbedtls_ENABLE_MANAGEMENT
+ bool "Enable management server support"
+ default n
+
+#config OPENVPN_mbedtls_ENABLE_PKCS11
+# bool "Enable pkcs11 support"
+# default n
+
+config OPENVPN_mbedtls_ENABLE_HTTP
+ bool "Enable HTTP proxy support"
+ default y
+
+config OPENVPN_mbedtls_ENABLE_SOCKS
+ bool "Enable SOCKS proxy support"
+ default y
+
+config OPENVPN_mbedtls_ENABLE_FRAGMENT
+ bool "Enable internal fragmentation support (--fragment)"
+ default y
+
+config OPENVPN_mbedtls_ENABLE_MULTIHOME
+ bool "Enable multi-homed UDP server support (--multihome)"
+ default y
+
+config OPENVPN_mbedtls_ENABLE_PORT_SHARE
+ bool "Enable TCP server port-share support (--port-share)"
+ default y
+
+config OPENVPN_mbedtls_ENABLE_DEF_AUTH
+ bool "Enable deferred authentication"
+ default y
+
+config OPENVPN_mbedtls_ENABLE_PF
+ bool "Enable internal packet filter"
+ default y
+
+config OPENVPN_mbedtls_ENABLE_IPROUTE2
+ bool "Enable support for iproute2"
+ default n
+
+config OPENVPN_mbedtls_ENABLE_SMALL
+ bool "Enable size optimization"
+ default y
+ help
+ enable smaller executable size (disable OCC, usage
+ message, and verb 4 parm list)
+
+endif
bool "Enable LZO compression support"
default y
+config OPENVPN_nossl_ENABLE_LZ4
+ bool "Enable LZ4 compression support"
+ default y
+
config OPENVPN_nossl_ENABLE_SERVER
bool "Enable server support (otherwise only client mode is support)"
default y
bool "Enable LZO compression support"
default y
+config OPENVPN_openssl_ENABLE_LZ4
+ bool "Enable LZ4 compression support"
+ default y
+
config OPENVPN_openssl_ENABLE_X509_ALT_USERNAME
bool "Enable the --x509-username-field feature"
default n
+++ /dev/null
-if PACKAGE_openvpn-polarssl
-
-config OPENVPN_polarssl_ENABLE_LZO
- bool "Enable LZO compression support"
- default y
-
-config OPENVPN_polarssl_ENABLE_X509_ALT_USERNAME
- bool "Enable the --x509-username-field feature"
- default n
-
-config OPENVPN_polarssl_ENABLE_SERVER
- bool "Enable server support (otherwise only client mode is support)"
- default y
-
-#config OPENVPN_polarssl_ENABLE_EUREPHIA
-# bool "Enable support for the eurephia plug-in"
-# default n
-
-config OPENVPN_polarssl_ENABLE_MANAGEMENT
- bool "Enable management server support"
- default n
-
-#config OPENVPN_polarssl_ENABLE_PKCS11
-# bool "Enable pkcs11 support"
-# default n
-
-config OPENVPN_polarssl_ENABLE_HTTP
- bool "Enable HTTP proxy support"
- default y
-
-config OPENVPN_polarssl_ENABLE_SOCKS
- bool "Enable SOCKS proxy support"
- default y
-
-config OPENVPN_polarssl_ENABLE_FRAGMENT
- bool "Enable internal fragmentation support (--fragment)"
- default y
-
-config OPENVPN_polarssl_ENABLE_MULTIHOME
- bool "Enable multi-homed UDP server support (--multihome)"
- default y
-
-config OPENVPN_polarssl_ENABLE_PORT_SHARE
- bool "Enable TCP server port-share support (--port-share)"
- default y
-
-config OPENVPN_polarssl_ENABLE_DEF_AUTH
- bool "Enable deferred authentication"
- default y
-
-config OPENVPN_polarssl_ENABLE_PF
- bool "Enable internal packet filter"
- default y
-
-config OPENVPN_polarssl_ENABLE_IPROUTE2
- bool "Enable support for iproute2"
- default n
-
-config OPENVPN_polarssl_ENABLE_SMALL
- bool "Enable size optimization"
- default y
- help
- enable smaller executable size (disable OCC, usage
- message, and verb 4 parm list)
-
-endif
PKG_NAME:=openvpn
-PKG_VERSION:=2.3.13
+PKG_VERSION:=2.4_rc2
PKG_RELEASE:=1
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=9cde0c8000fd32d5275adb55f8bb1d8ba429ff3de35f60a36e81f3859b7537e0
+PKG_HASH:=3e5dbfda2c1c941bc61e5e067601b31f578ad4cdf3683e569014e18c2cc6e2e9
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
endef
Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+libopenssl)
-Package/openvpn-polarssl=$(call Package/openvpn/Default,polarssl,PolarSSL,+libpolarssl)
+Package/openvpn-mbedtls=$(call Package/openvpn/Default,mbedtls,mbedTLS,+libmbedtls)
Package/openvpn-nossl=$(call Package/openvpn/Default,nossl,plaintext (no SSL))
define Package/openvpn/config/Default
endef
Package/openvpn-openssl/config=$(call Package/openvpn/config/Default,openssl)
-Package/openvpn-polarssl/config=$(call Package/openvpn/config/Default,polarssl)
+Package/openvpn-mbedtls/config=$(call Package/openvpn/config/Default,mbedtls)
Package/openvpn-nossl/config=$(call Package/openvpn/config/Default,nossl)
-ifeq ($(BUILD_VARIANT),polarssl)
-CONFIG_OPENVPN_POLARSSL:=y
+ifeq ($(BUILD_VARIANT),mbedtls)
+CONFIG_OPENVPN_MBEDTLS:=y
endif
ifeq ($(BUILD_VARIANT),openssl)
CONFIG_OPENVPN_OPENSSL:=y
--disable-debug \
--disable-pkcs11 \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZO),--enable,--disable)-lzo \
+ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZ4),--enable,--disable)-lz4 \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_X509_ALT_USERNAME),enable,disable-x509-alt-username)-ssl \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SERVER),--enable,--disable)-server \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MANAGEMENT),--enable,--disable)-management \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_PF),--enable,--disable)-pf \
$(if $(CONFIG_OPENVPN_NOSSL),--disable-ssl --disable-crypto,--enable-ssl --enable-crypto) \
$(if $(CONFIG_OPENVPN_OPENSSL),--with-crypto-library=openssl) \
- $(if $(CONFIG_OPENVPN_POLARSSL),--with-crypto-library=polarssl) \
+ $(if $(CONFIG_OPENVPN_MBEDTLS),--with-crypto-library=mbedtls) \
)
endef
endef
$(eval $(call BuildPackage,openvpn-openssl))
-$(eval $(call BuildPackage,openvpn-polarssl))
+$(eval $(call BuildPackage,openvpn-mbedtls))
$(eval $(call BuildPackage,openvpn-nossl))
# Enable compression on the VPN link.
# If you enable it here, you must also
# enable it in the client config file.
- option comp_lzo yes
+ # LZ4 requires OpenVPN 2.4+ client and server
+# option compress lz4
+ # LZO is compatible with most OpenVPN versions
+ # (set "compress lzo" on 2.4+ clients, and "comp-lzo yes" on older clients)
+ option compress lzo
# The maximum number of concurrently connected
# clients we want to allow.
# Enable compression on the VPN link.
# Don't enable this unless it is also
# enabled in the server config file.
- option comp_lzo yes
+ # LZ4 requires OpenVPN 2.4+ on server and client
+# option compress lz4
+ # LZO is compatible with most OpenVPN versions
+ option compress lzo
# Set log file verbosity.
option verb 3
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
-@@ -102,7 +102,6 @@ const char title_string[] =
- " [MH]"
+@@ -107,7 +107,6 @@ const char title_string[] =
+ #ifdef HAVE_AEAD_CIPHER_MODES
+ " [AEAD]"
#endif
- " [IPv6]"
-- " built on " __DATE__
+- " built on " __DATE__
;
#ifndef ENABLE_SMALL
--- /dev/null
+--- a/src/openvpn/ssl_mbedtls.c
++++ b/src/openvpn/ssl_mbedtls.c
+@@ -1333,7 +1333,7 @@ const char *
+ get_ssl_library_version(void)
+ {
+ static char mbedtls_version[30];
+- unsigned int pv = mbedtls_version_get_number();
++ unsigned int pv = MBEDTLS_VERSION_NUMBER;
+ sprintf( mbedtls_version, "mbed TLS %d.%d.%d",
+ (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
+ return mbedtls_version;
+++ /dev/null
---- a/src/openvpn/ssl_polarssl.c
-+++ b/src/openvpn/ssl_polarssl.c
-@@ -1156,7 +1156,7 @@ const char *
- get_ssl_library_version(void)
- {
- static char polar_version[30];
-- unsigned int pv = version_get_number();
-+ unsigned int pv = POLARSSL_VERSION_NUMBER;
- sprintf( polar_version, "PolarSSL %d.%d.%d",
- (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
- return polar_version;
+++ /dev/null
-openvpn: fix build without POLARSSL_DEBUG_C
-
-Backport of upstream master commit
-b63f98633dbe2ca92cd43fc6f8597ab283a600bf.
-
-Signed-off-by: Magnus Kroken <mkroken@gmail.com>
-
-From b63f98633dbe2ca92cd43fc6f8597ab283a600bf Mon Sep 17 00:00:00 2001
-From: Steffan Karger <steffan@karger.me>
-Date: Tue, 14 Jun 2016 22:00:03 +0200
-Subject: [PATCH] mbedtls: don't set debug threshold if compiled without
- MBEDTLS_DEBUG_C
-
-For targets with space constraints, one might want to compile mbed TLS
-without MBEDTLS_DEBUG_C defined, to save some tens of kilobytes. Make
-sure OpenVPN still compiles if that is the case.
-
-Signed-off-by: Steffan Karger <steffan@karger.me>
-Acked-by: Gert Doering <gert@greenie.muc.de>
-Message-Id: <1465934403-22226-1-git-send-email-steffan@karger.me>
-URL: http://article.gmane.org/gmane.network.openvpn.devel/11922
-Signed-off-by: Gert Doering <gert@greenie.muc.de>
---- a/src/openvpn/ssl_polarssl.c
-+++ b/src/openvpn/ssl_polarssl.c
-@@ -747,7 +747,9 @@ void key_state_ssl_init(struct key_state
- if (polar_ok(ssl_init(ks_ssl->ctx)))
- {
- /* Initialise SSL context */
-+ #ifdef POLARSSL_DEBUG_C
- debug_set_threshold(3);
-+ #endif
- ssl_set_dbg (ks_ssl->ctx, my_debug, NULL);
- ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint);
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
-@@ -602,9 +602,7 @@ socket_defined (const socket_descriptor_
+@@ -589,9 +589,7 @@ socket_defined (const socket_descriptor_
/*
* Should we include OCC (options consistency check) code?
*/
--- /dev/null
+--- a/configure.ac
++++ b/configure.ac
+@@ -1014,37 +1014,14 @@ dnl
+ AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
+ AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
+ if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
+- AC_CHECKING([for LZ4 Library and Header files])
+- havelz4lib=1
+
+- # if LZ4_LIBS is set, we assume it will work, otherwise test
+- if test -z "${LZ4_LIBS}"; then
+- AC_CHECK_LIB(lz4, LZ4_compress,
+- [ LZ4_LIBS="-llz4" ],
+- [
+- AC_MSG_RESULT([LZ4 library not found.])
+- havelz4lib=0
+- ])
+- fi
++ AC_MSG_RESULT([Using LZ4 library in src/compat/compat-lz4.*])
++ AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
++ LZ4_LIBS=""
+
+- saved_CFLAGS="${CFLAGS}"
+- CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
+- AC_CHECK_HEADERS(lz4.h,
+- ,
+- [
+- AC_MSG_RESULT([LZ4 headers not found.])
+- havelz4lib=0
+- ])
+-
+- if test $havelz4lib = 0 ; then
+- AC_MSG_RESULT([LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+- AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
+- LZ4_LIBS=""
+- fi
+ OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
+ OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
+ AC_DEFINE(ENABLE_LZ4, 1, [Enable LZ4 compression library])
+- CFLAGS="${saved_CFLAGS}"
+ fi