--- /dev/null
+menu "Configuration"
+ depends on PACKAGE_openvpn
+
+config OPENVPN_DISABLE_LZO
+ bool "Disable LZO compression support"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_CRYPTO
+ bool "Disable OpenSSL crypto support"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_SSL
+ bool "Disable OpenSSL SSL support for TLS-based key exchange"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_X509_ALT_USERNAME
+ bool "Enable the --x509-username-field feature"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_MULTI
+ bool "Disable client/server support (--mode server + client mode)"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_SERVER
+ bool "Disable server support only (but retain client support)"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_EUREPHIA
+ bool "Disable support for the eurephia plug-in"
+ depends on PACKAGE_openvpn
+ default y
+
+config OPENVPN_DISABLE_MANAGEMENT
+ bool "Disable management server support"
+ depends on PACKAGE_openvpn
+ default y
+
+config OPENVPN_DISABLE_PKCS11
+ bool "Disable pkcs11 support"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_HTTP
+ bool "Disable HTTP proxy support"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_FRAGMENT
+ bool "Disable internal fragmentation support (--fragment)"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_MULTIHOME
+ bool "Disable multi-homed UDP server support (--multihome)"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_PORT_SHARE
+ bool "Disable TCP server port-share support (--port-share)"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_ENABLE_PASSWORD_SAVE
+ bool "Allow --askpass and --auth-user-pass passwords to be read from a file"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_DEF_AUTH
+ bool "Disable deferred authentication"
+ depends on PACKAGE_openvpn
+ default n
+
+config OPENVPN_DISABLE_PF
+ bool "Disable internal packet filter"
+ depends on PACKAGE_openvpn
+ default n
+
+endmenu
include $(TOPDIR)/rules.mk
PKG_NAME:=openvpn
-PKG_VERSION:=2.1.4
-PKG_RELEASE:=3
+PKG_VERSION:=2.2.1
+PKG_RELEASE:=4
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases @SF/openvpn
-PKG_MD5SUM:=96a11868082685802489254f03ff3bde
+PKG_MD5SUM:=500bee5449b29906150569aaf2eb2730
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
define Package/openvpn
SECTION:=net
CATEGORY:=Network
- DEPENDS:=+kmod-tun +libopenssl +PACKAGE_openvpn_complzo:liblzo
+ SUBMENU:=VPN
+ DEPENDS:=+kmod-tun +libopenssl +!OPENVPN_DISABLE_LZO:liblzo
TITLE:=Open source VPN solution using SSL
URL:=http://openvpn.net
- SUBMENU:=VPN
+ MENU:=1
endef
-define Package/openvpn/config
-config PACKAGE_openvpn_complzo
- bool "Enable --comp-lzo compression option"
- depends on PACKAGE_openvpn
- default y
+define Package/openvpn/description
+ Open source VPN solution using SSL
endef
-define Package/openvpn/conffiles
-/etc/config/openvpn
+define Package/openvpn/config
+ source "$(SOURCE)/Config.in"
endef
-define Package/openvpn/description
- Open source VPN solution using SSL
-endef
define Package/openvpn-easy-rsa
$(call Package/openvpn)
--with-ifconfig-path=/sbin/ifconfig \
--with-iproute-path=/usr/sbin/ip \
--with-route-path=/sbin/route \
- --disable-pthread \
--disable-debug \
--disable-plugins \
- --enable-management \
+ --disable-pthread \
+ --disable-selinux \
--disable-socks \
- --enable-password-save \
--enable-small
-ifndef CONFIG_PACKAGE_openvpn_complzo
+ifeq ($(CONFIG_OPENVPN_DISABLE_LZO),y)
CONFIGURE_ARGS += \
--disable-lzo
endif
+ifeq ($(CONFIG_OPENVPN_DISABLE_CRYPTO),y)
+CONFIGURE_ARGS += \
+ --disable-crypto
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_SSL),y)
+CONFIGURE_ARGS += \
+ --disable-ssl
+endif
+
+ifeq ($(CONFIG_OPENVPN_X509_ALT_USERNAME),y)
+CONFIGURE_ARGS += \
+ --enable-x509-alt-username
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_MULTI),y)
+CONFIGURE_ARGS += \
+ --disable-multi
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_SERVER),y)
+CONFIGURE_ARGS += \
+ --disable-server
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_EUREPHIA),y)
+CONFIGURE_ARGS += \
+ --disable-eurephia
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_MANAGEMENT),y)
+CONFIGURE_ARGS += \
+ --disable-management
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_PKCS11),y)
+CONFIGURE_ARGS += \
+ --disable-pkcs11
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_HTTP),y)
+CONFIGURE_ARGS += \
+ --disable-http
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_FRAGMENT),y)
+CONFIGURE_ARGS += \
+ --disable-fragment
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_MULTIHOME),y)
+CONFIGURE_ARGS += \
+ --disable-multihome
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_PORT_SHARE),y)
+CONFIGURE_ARGS += \
+ --disable-port-share
+endif
+
+ifeq ($(CONFIG_OPENVPN_ENABLE_PASSWORD_SAVE),y)
+CONFIGURE_ARGS += \
+ --enable-password-save
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_DEF_AUTH),y)
+CONFIGURE_ARGS += \
+ --disable-def-auth
+endif
+
+ifeq ($(CONFIG_OPENVPN_DISABLE_PF),y)
+CONFIGURE_ARGS += \
+ --disable-pf
+endif
+
+define Package/openvpn/conffiles
+/etc/config/openvpn
+endef
+
define Package/openvpn/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/openvpn $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/usr/sbin
$(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/easy-rsa
- $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl.cnf $(1)/etc/easy-rsa/openssl.cnf
+ $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl-1.0.0.cnf $(1)/etc/easy-rsa/openssl-1.0.0.cnf
$(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars
$(INSTALL_DIR) $(1)/etc/easy-rsa/keys
$(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt
config openvpn custom_config
# Set to 1 to enable this instance:
- option enable 0
+ option enabled 0
# Include OpenVPN configuration
option config /etc/openvpn/my-vpn.conf
config openvpn sample_server
# Set to 1 to enable this instance:
- option enable 0
+ option enabled 0
# Which local IP address should OpenVPN
# listen on? (optional)
config openvpn sample_client
# Set to 1 to enable this instance:
- option enable 0
+ option enabled 0
# Specify that we are a client and that we
# will be pulling certain config file directives
#!/bin/sh /etc/rc.common
-# OpenVPN init script
+# Copyright (C) 2008-2011 OpenWrt.org
# Copyright (C) 2008 Jo-Philipp Wich
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
START=95
-BIN=/usr/sbin/openvpn
-SSD=start-stop-daemon
+
+SERVICE_DAEMONIZE=1
+SERVICE_WRITE_PID=1
+
EXTRA_COMMANDS="up down"
LIST_SEP="
done
}
-start_service() {
+section_enabled() {
+ config_get_bool enable "$1" 'enable' 0
+ config_get_bool enabled "$1" 'enabled' 0
+ [ $enable -gt 0 ] || [ $enabled -gt 0 ]
+}
+
+start_instance() {
local s="$1"
- local enable=0
- # disabled?
- config_get_bool enable "$s" enable 0
- [ "$enable" == 0 ] && return 0
+ section_enabled "$s" || return 1
- PID="/var/run/openvpn-$s.pid"
ARGS=""
# append flags
down push up
- [ -n "$ARGS" ] && \
- eval "$SSD -q -b -p '$PID' -x $BIN -S -- --syslog 'openvpn($s)' --writepid '$PID' $ARGS"
+ SERVICE_PID_FILE="/var/run/openvpn-$s.pid"
+ service_start /usr/sbin/openvpn --syslog "openvpn($s)" --writepid "$SERVICE_PID_FILE" $ARGS
}
-kill_service() {
+stop_instance() {
local s="$1"
- local S="${2:-TERM}"
- local enable=0
-
- # disabled?
- config_get_bool enable "$s" enable 0
- [ "$enable" == 1 ] || [ "$S" == "TERM" ] || return 0
- PID="/var/run/openvpn-$s.pid"
+ section_enabled "$s" || return 1
- $SSD -q -p $PID -x $BIN -K -s $S
- [ "$S" == "TERM" ] && rm -f "$PID"
+ SERVICE_PID_FILE="/var/run/openvpn-$s.pid"
+ service_stop /usr/sbin/openvpn
}
-hup_service() { kill_service "$1" HUP; }
-stop_service() { kill_service "$1" TERM; }
+reload_instance() {
+ local s="$1"
+
+ section_enabled "$s" || return 1
+
+ SERVICE_PID_FILE="/var/run/openvpn-$s.pid"
+ service_reload /usr/sbin/openvpn
+}
start() {
- config_load openvpn
- config_foreach start_service openvpn
+ config_load 'openvpn'
+ config_foreach start_instance 'openvpn'
}
stop() {
- config_load openvpn
- config_foreach stop_service openvpn
+ config_load 'openvpn'
+ config_foreach stop_instance 'openvpn'
}
reload() {
- config_load openvpn
- config_foreach hup_service openvpn
-}
-
-restart() {
- stop; sleep 5; start
+ config_load 'openvpn'
+ config_foreach reload_instance 'openvpn'
}
up() {
local exists
- local INSTANCE
- config_load openvpn
- for INSTANCE in "$@"; do
- config_get exists "$INSTANCE" TYPE
+ local instance
+ config_load 'openvpn'
+ for instance in "$@"; do
+ config_get exists "$instance" 'TYPE'
if [ "$exists" == "openvpn" ]; then
- start_service "$INSTANCE"
+ start_instance "$instance"
fi
done
}
down() {
local exists
- local INSTANCE
- config_load openvpn
- for INSTANCE in "$@"; do
- config_get exists "$INSTANCE" TYPE
+ local instance
+ config_load 'openvpn'
+ for instance in "$@"; do
+ config_get exists "$instance" 'TYPE'
if [ "$exists" == "openvpn" ]; then
- stop_service "$INSTANCE"
+ stop_instance "$instance"
fi
done
}
--- a/easy-rsa/2.0/build-ca
+++ b/easy-rsa/2.0/build-ca
-@@ -1,8 +1,8 @@
--#!/bin/bash
-+#!/bin/sh
-
- #
- # Build a root certificate
+@@ -5,4 +5,4 @@
#
export EASY_RSA="${EASY_RSA:-.}"
+"/usr/sbin/pkitool" --interact --initca $*
--- a/easy-rsa/2.0/build-dh
+++ b/easy-rsa/2.0/build-dh
-@@ -1,4 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
+@@ -1,5 +1,7 @@
+ #!/bin/sh
++. /etc/easy-rsa/vars
++
# Build Diffie-Hellman parameters for the server side
# of an SSL/TLS connection.
+
--- a/easy-rsa/2.0/build-inter
+++ b/easy-rsa/2.0/build-inter
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Make an intermediate CA certificate/private key pair using a locally generated
+@@ -4,4 +4,4 @@
# root certificate.
export EASY_RSA="${EASY_RSA:-.}"
+"/usr/sbin/pkitool" --interact --inter $*
--- a/easy-rsa/2.0/build-key
+++ b/easy-rsa/2.0/build-key
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Make a certificate/private key pair using a locally generated
+@@ -4,4 +4,4 @@
# root certificate.
export EASY_RSA="${EASY_RSA:-.}"
+"/usr/sbin/pkitool" --interact $*
--- a/easy-rsa/2.0/build-key-pass
+++ b/easy-rsa/2.0/build-key-pass
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Similar to build-key, but protect the private key
+@@ -4,4 +4,4 @@
# with a password.
export EASY_RSA="${EASY_RSA:-.}"
+"/usr/sbin/pkitool" --interact --pass $*
--- a/easy-rsa/2.0/build-key-pkcs12
+++ b/easy-rsa/2.0/build-key-pkcs12
-@@ -1,8 +1,8 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Make a certificate/private key pair using a locally generated
- # root certificate and convert it to a PKCS #12 file including the
+@@ -5,4 +5,4 @@
# the CA certificate as well.
export EASY_RSA="${EASY_RSA:-.}"
+"/usr/sbin/pkitool" --interact --pkcs12 $*
--- a/easy-rsa/2.0/build-key-server
+++ b/easy-rsa/2.0/build-key-server
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Make a certificate/private key pair using a locally generated
- # root certificate.
@@ -7,4 +7,4 @@
# extension in the openssl.cnf file.
+"/usr/sbin/pkitool" --interact --server $*
--- a/easy-rsa/2.0/build-req
+++ b/easy-rsa/2.0/build-req
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Build a certificate signing request and private key. Use this
+@@ -4,4 +4,4 @@
# when your root certificate and key is not available locally.
export EASY_RSA="${EASY_RSA:-.}"
+"/usr/sbin/pkitool" --interact --csr $*
--- a/easy-rsa/2.0/build-req-pass
+++ b/easy-rsa/2.0/build-req-pass
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Like build-req, but protect your private key
+@@ -4,4 +4,4 @@
# with a password.
export EASY_RSA="${EASY_RSA:-.}"
+"/usr/sbin/pkitool" --interact --csr --pass $*
--- a/easy-rsa/2.0/clean-all
+++ b/easy-rsa/2.0/clean-all
-@@ -1,4 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
+@@ -1,5 +1,7 @@
+ #!/bin/sh
++. /etc/easy-rsa/vars
++
# Initialize the $KEY_DIR directory.
# Note that this script does a
+ # rm -rf on $KEY_DIR so be careful!
--- a/easy-rsa/2.0/inherit-inter
+++ b/easy-rsa/2.0/inherit-inter
-@@ -1,4 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
+@@ -1,5 +1,7 @@
+ #!/bin/sh
++. /etc/easy-rsa/vars
++
# Build a new PKI which is rooted on an intermediate certificate generated
# by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
+ # have independent vars settings, and must use a different KEY_DIR directory
--- a/easy-rsa/2.0/list-crl
+++ b/easy-rsa/2.0/list-crl
-@@ -1,4 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
+@@ -1,5 +1,7 @@
+ #!/bin/sh
++. /etc/easy-rsa/vars
++
# list revoked certificates
+ CRL="${1:-crl.pem}"
--- a/easy-rsa/2.0/pkitool
+++ b/easy-rsa/2.0/pkitool
@@ -1,5 +1,7 @@
# session authentication and key exchange,
--- a/easy-rsa/2.0/revoke-full
+++ b/easy-rsa/2.0/revoke-full
-@@ -1,4 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
+@@ -1,5 +1,7 @@
+ #!/bin/sh
++. /etc/easy-rsa/vars
++
# revoke a certificate, regenerate CRL,
# and verify revocation
+
--- a/easy-rsa/2.0/sign-req
+++ b/easy-rsa/2.0/sign-req
-@@ -1,7 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
-
- # Sign a certificate signing request (a .csr file)
+@@ -4,4 +4,4 @@
# with a local root certificate and key.
export EASY_RSA="${EASY_RSA:-.}"
projects / openwrt / svn-archive / archive.git / commitdiff