vpnc: initial import

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>

diff --git a/net/vpnc/Config.in b/net/vpnc/Config.in
new file mode 100644 (file)
index 0000000..5eacd97
--- /dev/null
+++ b/net/vpnc/Config.in
@@ -0,0 +1,18 @@
+# vpnc avanced configuration
+
+menu "Configuration"
+       depends on PACKAGE_vpnc
+
+choice
+       prompt "SSL library"
+       default VPNC_GNUTLS
+
+config VPNC_GNUTLS
+       bool "GnuTLS support"
+
+config VPNC_OPENSSL
+       bool "OpenSSL"
+
+endchoice
+
+endmenu

diff --git a/net/vpnc/Makefile b/net/vpnc/Makefile
new file mode 100644 (file)
index 0000000..16a45a4
--- /dev/null
+++ b/net/vpnc/Makefile
@@ -0,0 +1,94 @@
+#
+# Copyright (C) 2006-2015 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=vpnc
+PKG_REV:=550
+PKG_VERSION:=0.5.3.r$(PKG_REV)
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://svn.unix-ag.uni-kl.de/vpnc/trunk/
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=$(PKG_REV)
+PKG_SOURCE_PROTO:=svn
+
+PKG_MAINTAINER:=Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
+PKG_LICENSE:=VARIOUS
+PKG_LICENSE_FILES:=COPYING
+
+PKG_CONFIG_DEPENDS:= \
+       CONFIG_VPNC_GNUTLS \
+       CONFIG_VPNC_OPENSSL \
+
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/vpnc/config
+       source "$(SOURCE)/Config.in"
+endef
+
+define Package/vpnc
+  SECTION:=net
+  CATEGORY:=Network
+  DEPENDS:=+libgpg-error +libgcrypt +kmod-tun +VPNC_OPENSSL:libopenssl +VPNC_GNUTLS:libgnutls +vpnc-scripts +resolveip
+  TITLE:=VPN client for Cisco EasyVPN
+  URL:=http://www.unix-ag.uni-kl.de/~massar/vpnc/
+  SUBMENU:=VPN
+endef
+
+define Package/vpnc/description
+       A VPN client compatible with Cisco's EasyVPN equipment.
+
+       Supports IPSec (ESP) with Mode Configuration and Xauth.  Supports only
+       shared-secret IPSec authentication with Xauth, AES (256, 192, 128),
+       3DES, 1DES, MD5, SHA1, DH1/2/5 and IP tunneling.
+endef
+
+define Package/vpnc/conffiles
+/etc/vpnc/default.conf
+endef
+
+ifeq ($(CONFIG_VPNC_OPENSSL),y)
+define Build/Compile
+       $(call Build/Compile/Default, \
+               OFLAGS="$(TARGET_CFLAGS)" \
+               OS="Linux" VERSION="$(PKG_VERSION)" \
+               STAGING_DIR="$(STAGING_DIR)" \
+               DESTDIR="$(PKG_INSTALL_DIR)" \
+               OPENSSL_GPL_VIOLATION=yes PREFIX=/usr \
+               all install \
+       )
+endef
+else
+define Build/Compile
+       $(call Build/Compile/Default, \
+               OFLAGS="$(TARGET_CFLAGS)" \
+               OS="Linux" VERSION="$(PKG_VERSION)" \
+               STAGING_DIR="$(STAGING_DIR)" \
+               DESTDIR="$(PKG_INSTALL_DIR)" \
+               PREFIX=/usr \
+               all install \
+       )
+endef
+endif
+
+define Package/vpnc/install
+       $(INSTALL_DIR) $(1)/lib/netifd/proto
+       $(INSTALL_BIN) ./files/vpnc.sh $(1)/lib/netifd/proto/
+       $(INSTALL_DIR) $(1)/usr/sbin
+       $(CP)   $(PKG_INSTALL_DIR)/usr/sbin/vpnc \
+               $(PKG_INSTALL_DIR)/usr/sbin/vpnc-disconnect \
+               $(1)/usr/sbin/
+       $(INSTALL_DIR) $(1)/etc/vpnc
+       $(INSTALL_CONF) $(PKG_INSTALL_DIR)/etc/vpnc/default.conf $(1)/etc/vpnc/
+       $(INSTALL_DIR) $(1)/lib/upgrade/keep.d
+       $(INSTALL_DATA) ./files/vpnc.upgrade $(1)/lib/upgrade/keep.d/vpnc
+endef
+
+$(eval $(call BuildPackage,vpnc))

diff --git a/net/vpnc/README b/net/vpnc/README
new file mode 100644 (file)
index 0000000..b18777e
--- /dev/null
+++ b/net/vpnc/README
@@ -0,0 +1,39 @@
+The vpnc client expects to be configured using the uci interface.
+
+To setup a VPN connection, add the following to /etc/config/network:
+
+config interface 'MYVPN'
+        option proto 'vpnc'
+        option interface 'wan'
+        option server 'vpn.example.com'
+        option username 'test'
+        option password 'secret' # or:
+        option hexpasswd 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
+        option authgroup 'DEFAULT'
+        option passgroup 'groupsecret' # or:
+        option hexpassgroup '52B0BEAF6605C3CE9BE20A0DC0A0F6240A6FF7EA'
+        option domain 'WORKGROUP'
+        option vendor 'cisco' # or 'netscreen'
+        option natt_mode 'natt' # or 'none' or 'force-natt' or 'cisco-udp'
+        option dh_group 'dh2' # or 'dh1' or 'dh5'
+        option pfs 'server' # or 'nopfs' or 'dh1' or 'dh2' or 'dh5'
+        option enable_single_des '0'
+        option enable_no_enc '0' # '1' to enable unencrypted VPN
+        option mtu '0'
+        option local_addr '0.0.0.0'
+        option local_port '500' # '0' to use a random port
+        option udp_port '10000' # '0' to use a random port
+        option dpd_idle '300'
+        option auth_mode 'psk' # or 'hybrid'
+        option target_network '0.0.0.0/0.0.0.0' # network/netmask or CIDR
+
+The additional file(s) are also used:
+/etc/vpnc/ca-vpn-MYVPN.pem: The server's CA certificate (for auth_mode 'hybrid')
+
+After these are setup you can initiate the VPN using "ifup MYVPN", and
+deinitialize it using ifdown. You may also use the luci web interface
+(Network -> Interfaces -> MYVPN Connect).
+
+Note that you need to configure the firewall to allow communication between
+the MYVPN interface and lan.
+

diff --git a/net/vpnc/files/vpnc.sh b/net/vpnc/files/vpnc.sh
new file mode 100755 (executable)
index 0000000..31d0070
--- /dev/null
+++ b/net/vpnc/files/vpnc.sh
@@ -0,0 +1,98 @@
+#!/bin/sh
+. /lib/functions.sh
+. ../netifd-proto.sh
+init_proto "$@"
+
+proto_vpnc_init_config() {
+       proto_config_add_string "server"
+       proto_config_add_string "username"
+       proto_config_add_string "hexpasswd"
+       proto_config_add_string "authgroup"
+       proto_config_add_string "password"
+       proto_config_add_string "token_mode"
+       proto_config_add_string "token_secret"
+       proto_config_add_string "interface"
+       proto_config_add_string "passgroup"
+       proto_config_add_string "hexpassgroup"
+       proto_config_add_string "domain"
+       proto_config_add_string "vendor"
+       proto_config_add_string "natt_mode"
+       proto_config_add_string "dh_group"
+       proto_config_add_string "pfs"
+       proto_config_add_boolean "enable_single_des"
+       proto_config_add_boolean "enable_no_enc"
+       proto_config_add_int "mtu"
+       proto_config_add_string "local_addr"
+       proto_config_add_int "local_port"
+       proto_config_add_int "udp_port"
+       proto_config_add_int "dpd_idle"
+       proto_config_add_string "auth_mode"
+       proto_config_add_string "target_network"
+       no_device=1
+       available=1
+}
+
+proto_vpnc_setup() {
+       local config="$1"
+
+       json_get_vars server username hexpasswd authgroup password token_mode token_secret interface passgroup hexpassgroup domain vendor natt_mode dh_group pfs enable_single_des enable_no_enc mtu local_addr local_port udp_port dpd_idle auth_mode target_network
+
+       grep -q tun /proc/modules || insmod tun
+
+       logger -t vpnc "initializing..."
+       serv_addr=
+       for ip in $(resolveip -t 10 "$server"); do
+               ( proto_add_host_dependency "$config" "$ip" $interface )
+               serv_addr=1
+       done
+       [ -n "$serv_addr" ] || {
+               logger -t vpnc "Could not resolve server address: '$server'"
+               sleep 60
+               proto_setup_failed "$config"
+               exit 1
+       }
+
+       mkdir -p /var/etc
+       umask 077
+       pwfile="/var/etc/vpnc-$config.conf"
+       echo "IPSec gateway $server" > "$pwfile"
+       cmdline="--no-detach --pid-file /var/run/vpnc-$config.pid --ifname vpn-$config --non-inter --script /lib/netifd/vpnc-script $pwfile"
+
+       [ -f /etc/vpnc/ca-vpn-$config.pem ] && echo "CA-File /etc/vpnc/ca-vpn-$config.pem" >> "$pwfile"
+       [ -n "$hexpasswd" ] && echo "Xauth obfuscated password $hexpasswd" >> "$pwfile"
+       [ -n "$authgroup" ] && echo "IPSec ID $authgroup" >> "$pwfile"
+       [ -n "$username" ] && echo "Xauth username $username" >> "$pwfile"
+       [ -n "$password" ] && echo "Xauth password $password" >> "$pwfile"
+       [ -n "$passgroup" ] && echo "IPSec secret $passgroup" >> "$pwfile"
+       [ -n "$hexpassgroup" ] && echo "IPSec obfuscated secret $hexpassgroup" >> "$pwfile"
+       [ -n "$domain" ] && echo "Domain $domain" >> "$pwfile"
+       [ -n "$vendor" ] && echo "Vendor $vendor" >> "$pwfile"
+       [ -n "$natt_mode" ] && echo "NAT Traversal Mode $natt_mode" >> "$pwfile"
+       [ -n "$dh_group" ] && echo "IKE DH Group $dh_group" >> "$pwfile"
+       [ -n "$pfs" ] && echo "Perfect Forward Secrecy $pfs" >> "$pwfile"
+       [ "${enable_single_des:-0}" -gt 0 ] && echo "Enable Single DES" >> "$pwfile"
+       [ "${enable_no_enc:-0}" -gt 0 ] && echo "Enable no encryption" >> "$pwfile"
+       [ -n "$mtu" ] && echo "Interface MTU $mtu" >> "$pwfile"
+       [ -n "$local_addr" ] && echo "Local Addr $local_addr" >> "$pwfile"
+       [ -n "$local_port" ] && echo "Local Port $local_port" >> "$pwfile"
+       [ -n "$udp_port" ] && echo "Cisco UDP Encapsulation Port $udp_port" >> "$pwfile"
+       [ -n "$dpd_idle" ] && echo "DPD idle timeout (our side) $dpd_idle" >> "$pwfile"
+       [ -n "$auth_mode" ] && echo "IKE Authmode $auth_mode" >> "$pwfile"
+       [ -n "$target_network" ] && echo "IPSEC target network $target_network" >> "$pwfile"
+
+       proto_export INTERFACE="$config"
+       logger -t vpnc "executing 'vpnc $cmdline'"
+       proto_run_command "$config" /usr/sbin/vpnc $cmdline
+}
+
+proto_vpnc_teardown() {
+       local config="$1"
+
+       pwfile="/var/etc/vpnc-$config.conf"
+
+       rm -f $pwfile
+       logger -t vpnc "bringing down vpnc"
+       proto_kill_command "$config" 2
+}
+
+add_protocol vpnc

diff --git a/net/vpnc/files/vpnc.upgrade b/net/vpnc/files/vpnc.upgrade
new file mode 100644 (file)
index 0000000..585513d
--- /dev/null
+++ b/net/vpnc/files/vpnc.upgrade
@@ -0,0 +1,2 @@
+/etc/vpnc/ca-vpn-*.pem
+

diff --git a/net/vpnc/patches/001-cross.patch b/net/vpnc/patches/001-cross.patch
new file mode 100644 (file)
index 0000000..94b382c
--- /dev/null
+++ b/net/vpnc/patches/001-cross.patch
@@ -0,0 +1,42 @@
+--- a/Makefile
++++ b/Makefile
+@@ -20,7 +20,7 @@
+ # $Id$
+ 
+ DESTDIR=
+-PREFIX=/usr/local
++PREFIX=/usr
+ ETCDIR=/etc/vpnc
+ BINDIR=$(PREFIX)/bin
+ SBINDIR=$(PREFIX)/sbin
+@@ -57,18 +57,15 @@
+ CRYPTO_OBJS = $(addsuffix .o,$(basename $(CRYPTO_SRCS)))
+ BINOBJS = $(addsuffix .o,$(BINS))
+ BINSRCS = $(addsuffix .c,$(BINS))
+-VERSION := $(shell sh mk-version)
+ RELEASE_VERSION := $(shell cat VERSION)
+ 
+ CC ?= gcc
+-CFLAGS ?= -O3 -g
+ CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings
+-CFLAGS +=  $(shell libgcrypt-config --cflags) $(CRYPTO_CFLAGS)
++CFLAGS += -O3 -I$(STAGING_DIR)/usr/include -I$(STAGING_DIR)/include $(OFLAGS) $(CRYPTO_CFLAGS)
+ CPPFLAGS += -DVERSION=\"$(VERSION)\"
+-LDFLAGS ?= -g
+-LIBS += $(shell libgcrypt-config --libs) $(CRYPTO_LDADD)
++LIBS += -L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/lib -lgcrypt -lgpg-error $(CRYPTO_LDADD)
+ 
+-ifeq ($(shell uname -s), SunOS)
++ifeq ($(OS), SunOS)
+ LIBS += -lnsl -lresolv -lsocket
+ endif
+ ifneq (,$(findstring Apple,$(shell $(CC) --version)))
+@@ -82,7 +79,7 @@
+       $(CC) $(LDFLAGS) -o $@ $^ $(LIBS)
+ 
+ vpnc.8 : vpnc.8.template makeman.pl vpnc
+-      ./makeman.pl
++      touch vpnc.8
+ 
+ cisco-decrypt : cisco-decrypt.o decrypt-utils.o
+       $(CC) $(LDFLAGS) -o $@ $^ $(LIBS)