Date: Sun, 17 Apr 2005 16:38:00 GMT From: Kevin Leung <hysoka@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/80034: New Port: security/openvpn2 Flexible SSL based VPN solution Message-ID: <200504171638.j3HGc0IR051273@www.freebsd.org> Resent-Message-ID: <200504171640.j3HGeNpI026519@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 80034 >Category: ports >Synopsis: New Port: security/openvpn2 Flexible SSL based VPN solution >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sun Apr 17 16:40:23 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Kevin Leung >Release: FreeBSD-stable >Organization: >Environment: FreeBSD farm 5.4-PRERELEASE FreeBSD 5.4-PRERELEASE #0: Fri Mar 25 03:12:56 HKT 2005 root@farm:/usr/obj/usr/src/sys/OPIMIZE i386 >Description: >How-To-Repeat: OpenVPN is a reliable SSL VPN solution designed to be portable. It is known to be working on many platforms. As it is approaching version 2 release, it needs more intense testing. This port will encourage more FreeBSD users to test OpenVPN 2. P.S. This PR is the most up-to-date port of OpenVPN2. Please close the old PR at: http://www.freebsd.org/cgi/query-pr.cgi?pr=79099 >Fix: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # /usr/ports/security/openvpn2 # /usr/ports/security/openvpn2/files # /usr/ports/security/openvpn2/files/vpn-up # /usr/ports/security/openvpn2/files/openvpn2.sh.sample # /usr/ports/security/openvpn2/files/vpn-down # /usr/ports/security/openvpn2/pkg-message # /usr/ports/security/openvpn2/pkg-descr # /usr/ports/security/openvpn2/distinfo # /usr/ports/security/openvpn2/pkg-plist # /usr/ports/security/openvpn2/Makefile # echo c - /usr/ports/security/openvpn2 mkdir -p /usr/ports/security/openvpn2 > /dev/null 2>&1 echo c - /usr/ports/security/openvpn2/files mkdir -p /usr/ports/security/openvpn2/files > /dev/null 2>&1 echo x - /usr/ports/security/openvpn2/files/vpn-up sed 's/^X//' >/usr/ports/security/openvpn2/files/vpn-up << 'END-of-/usr/ports/security/openvpn2/files/vpn-up' X#!/bin/sh X# $FreeBSD$ X# The compilation of software known as FreeBSD is distributed under the X# following terms: X# X# Copyright (C) 1992-2005 The FreeBSD Project. All rights reserved. X# X# Redistribution and use in source and binary forms, with or without X# modification, are permitted provided that the following conditions X# are met: X# 1. Redistributions of source code must retain the above copyright X# notice, this list of conditions and the following disclaimer. X# 2. Redistributions in binary form must reproduce the above copyright X# notice, this list of conditions and the following disclaimer in the X# documentation and/or other materials provided with the distribution. X# X# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND X# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X# ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE X# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X# SUCH DAMAGE. X X XBRIDGE_KLD="bridge" XVLAN_DEV="vlan0" XVLAN_KLD="if_vlan" XVLAN_DEV_IP="192.168.1.1" XVLAN_DEV_NETMASK="255.255.255.0" XETH_DEV="rl0" XTAP_DEV="tap0" XTAP_KLD="if_tap" X X( kldstat -n $BRIDGE_KLD > /dev/null 2>&1 ) || kldload $BRIDGE_KLD X( kldstat -n $VLAN_KLD > /dev/null 2>&1 ) || kldload $VLAN_KLD X( kldstat -n $TAP_KLD > /dev/null 2>&1 ) || kldload $TAP_KLD X X__vlan_ip=`ifconfig $VLAN_DEV | grep -E '([0-9]{1,3}\.){3}' | awk '{print $2}'` Xif [ "$__vlan_ip" != "$VLAN_DEV_IP" ]; then X if ! `ifconfig $VLAN_DEV > /dev/null 2>&1`; then X ifconfig $VLAN_DEV create X ifconfig $VLAN_DEV vlan 1 vlandev $ETH_DEV X fi X ifconfig $VLAN_DEV inet $VLAN_DEV_IP netmask $VLAN_DEV_NETMASK Xfi X Xsysctl net.link.ether.bridge.enable=1 Xsysctl net.link.ether.bridge.config="${VLAN_DEV},${TAP_DEV}" Xsysctl net.inet.ip.forwarding=1 Xpfctl -e -f /etc/pf/pf.conf X Xexit 0 END-of-/usr/ports/security/openvpn2/files/vpn-up echo x - /usr/ports/security/openvpn2/files/openvpn2.sh.sample sed 's/^X//' >/usr/ports/security/openvpn2/files/openvpn2.sh.sample << 'END-of-/usr/ports/security/openvpn2/files/openvpn2.sh.sample' X#!/bin/sh X# X# $FreeBSD$ X# X X# PROVIDE: openvpn2 X# REQUIRE: NETWORKING SERVERS DAEMON X# BEFORE: LOGIN X# KEYWORD: shutdown X X# X# Add the following line to /etc/rc.conf to enable openvpn2: X# openvpn2_enable (bool): Set to "NO" by default. X# Set it to "YES" to enable OpenVPN. X# openvpn2_conf (string): Set to "server.conf" by default. X# Set it to other string if you have different X# config file. X# X X. /etc/rc.subr X Xname="openvpn2" Xrcvar=`set_rcvar` X Xload_rc_config $name X X: ${openvpn2_enable:="NO"} X: ${openvpn2_conf:="server.conf"} X Xcommand=/usr/local/sbin/${name} Xstart_cmd="${name}_start" Xstop_cmd="${name}_stop" Xrestart_cmd="${name}_restart" X Xopenvpn2_start() X{ X ${command} --cd /usr/local/etc/${name} --config ${openvpn2_conf} --daemon X X# Enable this line and add `redirect-gateway def1' to client.conf will X# enable traffic to route through the OpenVPN server. ie It breaks X# client side firewall and proxy restrictions. Client will be able to X# surf the internet freely. X# X# You *MUST* enable the line saying `.../vpn-down' in openvpn2_stop() X# too. Otherwise you may have security problems. X# X# ${command} --cd /usr/local/etc/${name} --config ${openvpn2_conf} --up /usr/local/libexec/openvpn2/vpn-up --daemon X} X Xopenvpn2_stop() X{ X killall ${name} X# /usr/local/libexec/openvpn2/vpn-down X} X Xopenvpn2_restart() X{ X $stop_cmd X $start_cmd X} X Xrun_rc_command "$1" END-of-/usr/ports/security/openvpn2/files/openvpn2.sh.sample echo x - /usr/ports/security/openvpn2/files/vpn-down sed 's/^X//' >/usr/ports/security/openvpn2/files/vpn-down << 'END-of-/usr/ports/security/openvpn2/files/vpn-down' X#!/bin/sh X# $FreeBSD$ X# The compilation of software known as FreeBSD is distributed under the X# following terms: X# X# Copyright (C) 1992-2005 The FreeBSD Project. All rights reserved. X# X# Redistribution and use in source and binary forms, with or without X# modification, are permitted provided that the following conditions X# are met: X# 1. Redistributions of source code must retain the above copyright X# notice, this list of conditions and the following disclaimer. X# 2. Redistributions in binary form must reproduce the above copyright X# notice, this list of conditions and the following disclaimer in the X# documentation and/or other materials provided with the distribution. X# X# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND X# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE X# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE X# ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE X# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL X# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS X# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) X# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT X# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY X# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF X# SUCH DAMAGE. X Xsysctl net.link.ether.bridge.enable=0 Xsysctl net.link.ether.bridge.config='' Xsysctl net.inet.ip.forwarding=0 Xpfctl -d X Xexit 0 END-of-/usr/ports/security/openvpn2/files/vpn-down echo x - /usr/ports/security/openvpn2/pkg-message sed 's/^X//' >/usr/ports/security/openvpn2/pkg-message << 'END-of-/usr/ports/security/openvpn2/pkg-message' X X### ---------------------------------------------------------------------- ### X### To use the tap driver, you may need to do: kldload if_tap ### X### See ${PREFIX}/etc/rc.d/openvpn.sh.sample for how to do this ### X### automatically at system boot-up time. ### X### ---------------------------------------------------------------------- ### X### In version 2.0, --tun-mtu 1500 --mssfix 1450 is now the default. X### In 1.x the default is --link-mtu 1300 for tun interfaces and X### --tun-mtu 1500 for tap interfaces, with --mssfix disabled). X### X### Also in verson 2.0, when using TLS, --key-method 2 is now the default. X### Use --key-method 1 on the 2.0 side to communicate with 1.x. X### X### Starting with version 2.0-beta12, OpenVPN has adopted a consistent X### approach to string remapping to prevent trusted or semi-trusted peers X### from sending maliciously crafted strings. The details are discussed X### in the String Types and Remapping section of the man page. X### ---------------------------------------------------------------------- ### END-of-/usr/ports/security/openvpn2/pkg-message echo x - /usr/ports/security/openvpn2/pkg-descr sed 's/^X//' >/usr/ports/security/openvpn2/pkg-descr << 'END-of-/usr/ports/security/openvpn2/pkg-descr' XOpenVPN is a robust and highly configurable VPN (Virtual Private XNetwork) daemon. OpenVPN implements OSI layer 2 or 3 secure network Xextension using the industry standard SSL/TLS protocol. The beauty Xis that it tunnels networks through connection-oriented stateful Xfirewalls without having to use explicit firewall rules. X XWWW: http://openvpn.net/ X X- Kevin Leung Xhysoka@gmail.com END-of-/usr/ports/security/openvpn2/pkg-descr echo x - /usr/ports/security/openvpn2/distinfo sed 's/^X//' >/usr/ports/security/openvpn2/distinfo << 'END-of-/usr/ports/security/openvpn2/distinfo' XMD5 (openvpn-2.0_rc21.tar.gz) = 949c51cb6c69da7054613d80042dc5a6 XSIZE (openvpn-2.0_rc21.tar.gz) = 639079 END-of-/usr/ports/security/openvpn2/distinfo echo x - /usr/ports/security/openvpn2/pkg-plist sed 's/^X//' >/usr/ports/security/openvpn2/pkg-plist << 'END-of-/usr/ports/security/openvpn2/pkg-plist' Xetc/openvpn2/client.conf.sample Xetc/openvpn2/server.conf.sample Xetc/rc.d/openvpn2.sh.sample Xlibexec/openvpn2/easy-rsa/README Xlibexec/openvpn2/easy-rsa/build-ca Xlibexec/openvpn2/easy-rsa/build-dh Xlibexec/openvpn2/easy-rsa/build-inter Xlibexec/openvpn2/easy-rsa/build-key Xlibexec/openvpn2/easy-rsa/build-key-pass Xlibexec/openvpn2/easy-rsa/build-key-pkcs12 Xlibexec/openvpn2/easy-rsa/build-key-server Xlibexec/openvpn2/easy-rsa/build-req Xlibexec/openvpn2/easy-rsa/build-req-pass Xlibexec/openvpn2/easy-rsa/clean-all Xlibexec/openvpn2/easy-rsa/list-crl Xlibexec/openvpn2/easy-rsa/make-crl Xlibexec/openvpn2/easy-rsa/openssl.cnf Xlibexec/openvpn2/easy-rsa/revoke-crt Xlibexec/openvpn2/easy-rsa/revoke-full Xlibexec/openvpn2/easy-rsa/sign-req Xlibexec/openvpn2/easy-rsa/vars Xlibexec/openvpn2/vpn-down Xlibexec/openvpn2/vpn-up Xsbin/openvpn2 Xshare/doc/openvpn2/AUTHORS Xshare/doc/openvpn2/COPYING Xshare/doc/openvpn2/COPYRIGHT.GPL Xshare/doc/openvpn2/ChangeLog Xshare/doc/openvpn2/INSTALL Xshare/doc/openvpn2/NEWS Xshare/doc/openvpn2/PORTS Xshare/doc/openvpn2/README Xshare/doc/openvpn2/sample-config-files/README Xshare/doc/openvpn2/sample-config-files/client.conf Xshare/doc/openvpn2/sample-config-files/firewall.sh Xshare/doc/openvpn2/sample-config-files/home.up Xshare/doc/openvpn2/sample-config-files/loopback-client Xshare/doc/openvpn2/sample-config-files/loopback-server Xshare/doc/openvpn2/sample-config-files/office.up Xshare/doc/openvpn2/sample-config-files/openvpn-shutdown.sh Xshare/doc/openvpn2/sample-config-files/openvpn-startup.sh Xshare/doc/openvpn2/sample-config-files/server.conf Xshare/doc/openvpn2/sample-config-files/static-home.conf Xshare/doc/openvpn2/sample-config-files/static-office.conf Xshare/doc/openvpn2/sample-config-files/tls-home.conf Xshare/doc/openvpn2/sample-config-files/tls-office.conf Xshare/doc/openvpn2/sample-config-files/xinetd-client-config Xshare/doc/openvpn2/sample-config-files/xinetd-server-config Xshare/doc/openvpn2/sample-scripts/auth-pam.pl Xshare/doc/openvpn2/sample-scripts/bridge-start Xshare/doc/openvpn2/sample-scripts/bridge-stop Xshare/doc/openvpn2/sample-scripts/openvpn.init Xshare/doc/openvpn2/sample-scripts/verify-cn X@dirrm share/nls/en_US.US-ASCII X@dirrm share/nls/POSIX X@dirrm share/doc/openvpn2/sample-scripts X@dirrm share/doc/openvpn2/sample-config-files X@dirrm share/doc/openvpn2 X@dirrm libexec/openvpn2/easy-rsa X@dirrm libexec/openvpn2 X@dirrm etc/openvpn2 END-of-/usr/ports/security/openvpn2/pkg-plist echo x - /usr/ports/security/openvpn2/Makefile sed 's/^X//' >/usr/ports/security/openvpn2/Makefile << 'END-of-/usr/ports/security/openvpn2/Makefile' X# New ports collection makefile for: openvpn2 X# Date created: 2005-03-13 X# Whom: Kevin Leung (hysoka.gmail.com) X# X# $FreeBSD$ X# X XPORTNAME= openvpn2 XPORTVERSION= 2.0p21 XCATEGORIES= security XMASTER_SITES= http://openvpn.net/release/ XMASTER_SITE_SUBDIR= openvpn XDISTNAME= openvpn-2.0_rc21 X XMAINTAINER= hysoka@gmail.com XCOMMENT= SSL/VPN solution X XLIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo X XGNU_CONFIGURE= yes XUSE_GMAKE= yes XUSE_OPENSSL= yes XUSE_REINPLACE= yes X XCONFIGURE_TARGET= --build=${ARCH}-portbld-freebsd${OSREL} XCONFIGURE_ARGS= --with-lzo-lib=${LOCALBASE}/lib \ X --with-lzo-headers=${LOCALBASE}/include \ X --prefix=${PREFIX} X XMAN8= ${PORTNAME}.8 X Xdo-install: X ${INSTALL_PROGRAM} ${WRKSRC}/openvpn ${PREFIX}/sbin/${PORTNAME} X ${INSTALL_MAN} ${WRKSRC}/openvpn.8 ${MANPREFIX}/man/man8/${MAN8} X Xpost-install: X ${INSTALL_SCRIPT} ${FILESDIR}/openvpn2.sh.sample \ X ${PREFIX}/etc/rc.d/openvpn2.sh.sample X ${MKDIR} ${PREFIX}/libexec/${PORTNAME} X for f in ${FILESDIR}/vpn-*; do \ X ${INSTALL_SCRIPT} $$f \ X ${PREFIX}/libexec/${PORTNAME}/`basename $$f` \ X ;done X X ${MKDIR} ${PREFIX}/etc/${PORTNAME} X ${INSTALL_DATA} ${WRKSRC}/sample-config-files/server.conf ${PREFIX}/etc/${PORTNAME}/server.conf.sample X ${INSTALL_DATA} ${WRKSRC}/sample-config-files/client.conf ${PREFIX}/etc/${PORTNAME}/client.conf.sample X X.if !defined(NOPORTDOCS) X @${MKDIR} ${DOCSDIR} X.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \ X PORTS README X @${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR} X.endfor X @${RM} -rf ${WRKSRC}/easy-rsa/Windows X.for dirs in easy-rsa X libexec_path=${PREFIX}/libexec/${PORTNAME}/${dirs} ; \ X ${MKDIR} $$libexec_path ; \ X ${INSTALL_SCRIPT} ${WRKSRC}/${dirs}/* $$libexec_path X.endfor X.for dirs in sample-scripts sample-config-files X @${MKDIR} ${DOCSDIR}/${dirs} X @${INSTALL_DATA} ${WRKSRC}/${dirs}/* ${DOCSDIR}/${dirs} X.endfor X.endif X @${CAT} ${PKGMESSAGE} X X.include <bsd.port.mk> END-of-/usr/ports/security/openvpn2/Makefile exit >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200504171638.j3HGc0IR051273>