HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: Graphviz: Fix CVE-2020-18032.
[jackhill/guix/guix.git] / gnu / packages / vpn.scm
CommitLineData
49f24f41
AE		 1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
b6bee63b 3;;; Copyright © 2013, 2016, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
d4bf49b1 4;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b 5;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
80005d03 6;;; Copyright © 2016, 2017, 2019, 2021 Efraim Flashner <efraim@flashner.co.il>
c3e6fcde 7;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8 8;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
fc4338b8 9;;; Copyright © 2018, 2020 Pierre Langlois <pierre.langlois@gmx.com>
7ba2b274 10;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
c1005113 11;;; Copyright © 2019, 2020 Leo Famulari <leo@famulari.name>
9fd6ad3e 12;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
b47e083b 13;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
3b177a6c 14;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
c873980d 15;;; Copyright © 2020 Ryan Prior <rprior@protonmail.com>
8331e235 16;;; Copyright © 2020 Ivan Kozlov <kanichos@yandex.ru>
18918ebe 17;;; Copyright © 2020 David Dashyan <mail@davie.li>
49f24f41
AE		 18;;;
19;;; This file is part of GNU Guix.
20;;;
21;;; GNU Guix is free software; you can redistribute it and/or modify it
22;;; under the terms of the GNU General Public License as published by
23;;; the Free Software Foundation; either version 3 of the License, or (at
24;;; your option) any later version.
25;;;
26;;; GNU Guix is distributed in the hope that it will be useful, but
27;;; WITHOUT ANY WARRANTY; without even the implied warranty of
28;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29;;; GNU General Public License for more details.
30;;;
31;;; You should have received a copy of the GNU General Public License
32;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
33
34(define-module (gnu packages vpn)
b5b73a82 35 #:use-module ((guix licenses) #:prefix license:)
49f24f41
AE		 36 #:use-module (guix packages)
37 #:use-module (guix download)
06d91fd9 38 #:use-module (guix git-download)
7ba2b274 39 #:use-module (guix build-system cmake)
49f24f41 40 #:use-module (guix build-system gnu)
3b177a6c 41 #:use-module (guix build-system linux-module)
5c863d57 42 #:use-module (guix build-system python)
598afe95 43 #:use-module (guix utils)
49f24f41 44 #:use-module (gnu packages)
1b17c23e 45 #:use-module (gnu packages admin)
06d91fd9 46 #:use-module (gnu packages base)
d084e71c 47 #:use-module (gnu packages bash)
ac257f12 48 #:use-module (gnu packages check)
d084e71c 49 #:use-module (gnu packages dns)
01224157 50 #:use-module (gnu packages autotools)
71f4b81a 51 #:use-module (gnu packages compression)
80005d03 52 #:use-module (gnu packages freedesktop)
1dba6407 53 #:use-module (gnu packages gettext)
49f24f41 54 #:use-module (gnu packages gnupg)
b47e083b 55 #:use-module (gnu packages guile)
01224157 56 #:use-module (gnu packages libevent)
dc77f0d3 57 #:use-module (gnu packages linux)
90a69913 58 #:use-module (gnu packages ncurses)
aff0cce9 59 #:use-module (gnu packages nss)
71f4b81a
AE		 60 #:use-module (gnu packages perl)
61 #:use-module (gnu packages pkg-config)
5c863d57 62 #:use-module (gnu packages python)
80005d03
EF		 63 #:use-module (gnu packages python-build)
64 #:use-module (gnu packages python-crypto)
44d10b1f 65 #:use-module (gnu packages python-xyz)
c873980d 66 #:use-module (gnu packages python-web)
80005d03 67 #:use-module (gnu packages qt)
8331e235 68 #:use-module (gnu packages samba)
a7fd7b68 69 #:use-module (gnu packages tls)
71f4b81a 70 #:use-module (gnu packages xml))
49f24f41 71
7af8a9b7
LC		 72(define-public gvpe
73 (package
74 (name "gvpe")
574d877e 75 (version "3.1")
7af8a9b7
LC		 76 (source (origin
77 (method url-fetch)
78 (uri (string-append "mirror://gnu/gvpe/gvpe-"
79 version ".tar.gz"))
80 (sha256
81 (base32
574d877e 82 "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi"))))
7af8a9b7
LC		 83 (build-system gnu-build-system)
84 (home-page "http://software.schmorp.de/pkg/gvpe.html")
574d877e 85 (native-inputs `(("pkg-config" ,pkg-config)))
7af8a9b7
LC		 86 (inputs `(("openssl" ,openssl)
87 ("zlib" ,zlib)))
88 (synopsis "Secure VPN among multiple nodes over an untrusted network")
89 (description
90 "The GNU Virtual Private Ethernet creates a virtual network
91with multiple nodes using a variety of transport protocols. It works
92by creating encrypted host-to-host tunnels between multiple
93endpoints.")
94 (license license:gpl3+)))
95
49f24f41
AE		 96(define-public vpnc
97 (package
98 (name "vpnc")
99 (version "0.5.3")
100 (source (origin
101 (method url-fetch)
594360f5 102 (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41
AE		 103 version ".tar.gz"))
104 (sha256 (base32
101e67ac 105 "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41
AE		 106 (build-system gnu-build-system)
107 (inputs `(("libgcrypt" ,libgcrypt)
42c97811 108 ("perl" ,perl)
101e67ac 109 ("vpnc-scripts" ,vpnc-scripts)))
49f24f41
AE		 110 (arguments
111 `(#:tests? #f ; there is no check target
49f24f41 112 #:phases
42c97811 113 (modify-phases %standard-phases
101e67ac 114 (add-after 'unpack 'use-store-paths
42c97811 115 (lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac
TGR		 116 (let ((out (assoc-ref outputs "out"))
117 (vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
118 (substitute* "config.c"
119 (("/etc/vpnc/vpnc-script")
120 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
121 (substitute* "Makefile"
122 (("ETCDIR=.*")
123 (string-append "ETCDIR=" out "/etc/vpnc\n"))
124 (("PREFIX=.*")
125 (string-append "PREFIX=" out "\n")))
126 #t)))
127 (delete 'configure)))) ; no configure script
799dcdc4 128 (synopsis "Client for Cisco VPN concentrators")
49f24f41
AE		 129 (description
130 "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423 131It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41 132shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423 1331DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41
AE		 134Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
135 (license license:gpl2+) ; some file are bsd-2, see COPYING
d61043c7 136 (home-page "https://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a 137
06d91fd9 138(define-public vpnc-scripts
fc4338b8 139 (let ((commit "3885f8bbc4ae03fd6da0ada6de12f7223a59595c"))
06d91fd9
TGR		 140 (package
141 (name "vpnc-scripts")
fc4338b8 142 (version (string-append "20200925." (string-take commit 7)))
06d91fd9
TGR		 143 (source (origin
144 (method git-fetch)
145 (uri
146 (git-reference
147 (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
148 (commit commit)))
728ee9d6 149 (file-name (git-file-name name version))
06d91fd9
TGR		 150 (sha256
151 (base32
fc4338b8 152 "1pmi4n58q81pmn9arvfixhvv6vkkf3rpwac3hwnwyl882q5q0ccx"))))
06d91fd9 153 (build-system gnu-build-system)
b6bee63b 154 (inputs `(("guile" ,guile-3.0) ; for the wrapper scripts
b47e083b 155 ("coreutils" ,coreutils)
06d91fd9
TGR		 156 ("grep" ,grep)
157 ("iproute2" ,iproute) ; for ‘ip’
158 ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
159 ("sed" ,sed)
160 ("which" ,which)))
161 (arguments
162 `(#:phases
163 (modify-phases %standard-phases
164 (add-after 'unpack 'use-relative-paths
165 ;; Patch the scripts to work with and use relative paths.
166 (lambda* _
167 (for-each (lambda (script)
168 (substitute* script
169 (("^PATH=.*") "")
92594b2e 170 (("/usr/s?bin/") "")
06d91fd9
TGR		 171 (("\\[ +-x +([^]]+) +\\]" _ command)
172 (string-append "command -v >/dev/null 2>&1 "
173 command))))
174 (find-files "." "^vpnc-script"))
175 #t))
176 (delete 'configure) ; no configure script
177 (replace 'build
178 (lambda _
863501b7 179 (invoke "gcc" "-o" "netunshare" "netunshare.c")))
06d91fd9
TGR		 180 (replace 'install
181 ;; There is no Makefile; manually install the relevant files.
182 (lambda* (#:key outputs #:allow-other-keys)
183 (let* ((out (assoc-ref outputs "out"))
184 (etc (string-append out "/etc/vpnc")))
185 (for-each (lambda (file)
186 (install-file file etc))
187 (append (find-files "." "^vpnc-script")
188 (list "netunshare"
189 "xinetd.netns.conf")))
190 #t)))
191 (add-after 'install 'wrap-scripts
192 ;; Wrap scripts with paths to their common hard dependencies.
193 ;; Optional dependencies will need to be installed by the user.
194 (lambda* (#:key inputs outputs #:allow-other-keys)
195 (let ((out (assoc-ref outputs "out")))
196 (for-each
197 (lambda (script)
b47e083b 198 (wrap-script (string-append out "/etc/vpnc/" script)
06d91fd9
TGR		 199 `("PATH" ":" prefix
200 ,(map (lambda (name)
201 (let ((input (assoc-ref inputs name)))
202 (string-append input "/bin:"
203 input "/sbin")))
204 (list "coreutils"
205 "grep"
206 "iproute2"
207 "net-tools"
208 "sed"
209 "which")))))
b47e083b
RW		 210 (list "vpnc-script-ptrtd"
211 "vpnc-script-sshd"
212 "vpnc-script"))
863501b7 213 #t))))
06d91fd9
TGR		 214 #:tests? #f)) ; no tests
215 (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
216 (synopsis "Network configuration scripts for Cisco VPN clients")
217 (description
218 "This set of scripts configures routing and name services when invoked
219by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
220
221The default @command{vpnc-script} automatically configures most common
222connections, and provides hooks for performing custom actions at various stages
223of the connection or disconnection process.
224
225Alternative scripts are provided for more complicated set-ups, or to serve as an
226example for writing your own. For example, @command{vpnc-script-sshd} contains
227the entire VPN in a network namespace accessible only through SSH.")
228 (license license:gpl2+))))
71f4b81a 229
01224157
PL		 230(define-public ocproxy
231 (package
232 (name "ocproxy")
233 (version "1.60")
234 (source (origin
98ebc8fd
EF		 235 (method git-fetch)
236 (uri (git-reference
b0e7b699 237 (url "https://github.com/cernekee/ocproxy")
98ebc8fd
EF		 238 (commit (string-append "v" version))))
239 (file-name (git-file-name name version))
01224157
PL		 240 (sha256
241 (base32
98ebc8fd 242 "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx"))))
01224157
PL		 243 (build-system gnu-build-system)
244 (native-inputs
245 `(("autoconf" ,autoconf)
246 ("automake" ,automake)))
247 (inputs
248 `(("libevent" ,libevent)))
01224157
PL		 249 (home-page "https://github.com/cernekee/ocproxy")
250 (synopsis "OpenConnect proxy")
251 (description
252 "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
253on LwIP. When using ocproxy, OpenConnect only handles network activity that
254the user specifically asks to proxy, so the @dfn{VPN} interface no longer
255\"hijacks\" all network traffic on the host.")
256 (license license:bsd-3)))
257
71f4b81a
AE		 258(define-public openconnect
259 (package
260 (name "openconnect")
57b13d1c 261 (version "8.10")
71f4b81a
AE		 262 (source (origin
263 (method url-fetch)
d4bf49b1
EB		 264 (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
265 "openconnect-" version ".tar.gz"))
c383c36e 266 (sha256
57b13d1c 267 (base32 "1cdsx4nsrwawbsisfkldfc9i4qn60g03vxb13nzppr2br9p4rrih"))))
71f4b81a 268 (build-system gnu-build-system)
0d7f282b 269 (propagated-inputs
c4c4cc05 270 `(("libxml2" ,libxml2)
51a365c1 271 ("gnutls" ,gnutls)
71f4b81a 272 ("zlib" ,zlib)))
0d7f282b 273 (inputs
1d7f3c00
TGR		 274 `(("lz4" ,lz4)
275 ("vpnc-scripts" ,vpnc-scripts)))
c4c4cc05 276 (native-inputs
b94a6ca0 277 `(("gettext" ,gettext-minimal)
c4c4cc05 278 ("pkg-config" ,pkg-config)))
71f4b81a 279 (arguments
d4bf49b1
EB		 280 `(#:configure-flags
281 `(,(string-append "--with-vpnc-script="
a6d06e86 282 (assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1 283 "/etc/vpnc/vpnc-script"))))
799dcdc4 284 (synopsis "Client for Cisco VPN")
71f4b81a
AE		 285 (description
286 "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
287supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
288870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
289and probably others.")
290 (license license:lgpl2.1)
8b1d0ff4 291 (home-page "https://www.infradead.org/openconnect/")))
dc77f0d3 292
80005d03
EF		 293(define-public openconnect-sso
294 (package
295 (name "openconnect-sso")
c13b9ae3 296 (version "0.7.3")
80005d03
EF		 297 (source
298 (origin
299 (method url-fetch)
300 (uri (pypi-uri "openconnect-sso" version))
301 (sha256
c13b9ae3 302 (base32 "065s5c8q80jh0psdw7694nlabwpra7aw6yc4jlgsc9vxx8rx2na1"))))
80005d03
EF		 303 (build-system python-build-system)
304 (arguments
305 `(#:tests? #f ; Tests not included, building from git requires poetry.
306 #:phases
307 (modify-phases %standard-phases
80005d03
EF		 308 (add-after 'unpack 'patch-openconnect
309 (lambda _
310 (substitute* "openconnect_sso/app.py"
311 (("\"openconnect\"")
312 (string-append "\"" (which "openconnect") "\"")))
313 #t))
314 (replace 'check
315 (lambda* (#:key tests? #:allow-other-keys)
316 (when tests?
317 (invoke "pytest" "-v"))
318 #t))
319 (add-after 'install 'wrap-qt-process-path
320 (lambda* (#:key inputs outputs #:allow-other-keys)
321 (let* ((out (assoc-ref outputs "out"))
322 (bin (string-append out "/bin/openconnect-sso"))
323 (qt-process-path (string-append
324 (assoc-ref inputs "qtwebengine")
325 "/lib/qt5/libexec/QtWebEngineProcess")))
326 (wrap-program bin
327 `("QTWEBENGINEPROCESS_PATH" = (,qt-process-path)))
328 #t))))))
329 (inputs
330 `(("openconnect" ,openconnect)
331 ("python-attrs" ,python-attrs)
332 ("python-colorama" ,python-colorama)
333 ("python-keyring" ,python-keyring)
334 ("python-lxml" ,python-lxml)
335 ("python-prompt-toolkit" ,python-prompt-toolkit)
336 ("python-requests" ,python-requests)
337 ("python-pyqt" ,python-pyqt)
338 ("python-pyqtwebengine" ,python-pyqtwebengine)
339 ("python-pysocks" ,python-pysocks)
340 ("python-pyxdg" ,python-pyxdg)
341 ("python-structlog" ,python-structlog)
342 ("python-toml" ,python-toml)
343 ("qtwebengine" ,qtwebengine)))
344 (native-inputs
345 `(("python-pytest" ,python-pytest)
346 ("python-setuptools-scm" ,python-setuptools-scm)))
347 (home-page "https://github.com/vlaci/openconnect-sso")
348 (synopsis "OpenConnect wrapper script supporting Azure AD (SAMLv2)")
349 (description
350 "This package provides a wrapper script for OpenConnect supporting Azure AD
351(SAMLv2) authentication to Cisco SSL-VPNs.")
352 (license license:gpl3)))
353
18918ebe
DD		 354(define-public openfortivpn
355 (package
356 (name "openfortivpn")
357 (version "1.15.0")
358 (source (origin
359 (method git-fetch)
360 (uri (git-reference
361 (url "https://github.com/adrienverge/openfortivpn")
362 (commit (string-append "v" version))))
363 (file-name (git-file-name name version))
364 (sha256
365 (base32
366 "1qsfgpxg553s8rc9cyrc4k96z0pislxsdxb9wyhp8fdprkak2mw2"))))
367 (build-system gnu-build-system)
368 (native-inputs
369 `(("autoconf" ,autoconf)
370 ("autotools" ,automake)
371 ("pkg-config" ,pkg-config)))
372 (inputs
373 `(("openssl" ,openssl)
374 ("ppp" ,ppp)))
375 (home-page "https://github.com/adrienverge/openfortivpn")
376 (synopsis "Client for PPP+SSL VPN tunnel services")
377 (description "Openfortivpn is a client for PPP+SSL VPN tunnel services. It
378spawns a pppd process and operates the communication between the gateway and
379this process. It is compatible with Fortinet VPNs.")
380 (license license:gpl3+)))
381
dc77f0d3
DT		 382(define-public openvpn
383 (package
384 (name "openvpn")
1fc10d94 385 (version "2.5.2")
dc77f0d3
DT		 386 (source (origin
387 (method url-fetch)
388 (uri (string-append
389 "https://swupdate.openvpn.org/community/releases/openvpn-"
390 version ".tar.xz"))
391 (sha256
392 (base32
1fc10d94 393 "1j0xkiya20hhvalfjg5l3v1226vyjs9j9aw2mzpnbwq1d61l69xi"))))
dc77f0d3
DT		 394 (build-system gnu-build-system)
395 (arguments
396 '(#:configure-flags '("--enable-iproute2=yes")))
397 (native-inputs
398 `(("iproute2" ,iproute)))
399 (inputs
dee9a262
EF		 400 `(("lz4" ,lz4)
401 ("lzo" ,lzo)
dc77f0d3
DT		 402 ("openssl" ,openssl)
403 ("linux-pam" ,linux-pam)))
404 (home-page "https://openvpn.net/")
405 (synopsis "Virtual private network daemon")
9599339c
TGR		 406 (description
407 "OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3
DT		 408for creating secure point-to-point or site-to-site connections in routed or
409bridged configurations and remote access facilities. It uses a custom
410security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c 411traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3 412 (license license:gpl2)))
feca8e2b 413
c873980d
RP		 414(define-public protonvpn-cli
415 (package
416 (name "protonvpn-cli")
04d50f0a 417 (version "2.2.6")
c873980d
RP		 418 (source
419 (origin
420 ;; PyPI has a ".whl" file but not a proper source release.
421 ;; Thus, fetch code from Git.
422 (method git-fetch)
423 (uri (git-reference
b0e7b699 424 (url "https://github.com/ProtonVPN/linux-cli")
c873980d
RP		 425 (commit (string-append "v" version))))
426 (file-name (git-file-name name version))
427 (sha256
04d50f0a 428 (base32 "0y7v9ikrmy5dbjlpbpacp08gy838i8z54m8m4ps7ldk1j6kyia3n"))))
c873980d 429 (build-system python-build-system)
bcfa8b4a
RP		 430 (arguments
431 '(#:tests? #f ; no tests in repo
432 #:phases
433 (modify-phases %standard-phases
434 (add-after 'wrap 'wrap-wrapper
435 ;; Wrap entrypoint with paths to its hard dependencies.
436 (lambda* (#:key inputs outputs #:allow-other-keys)
437 (let ((entrypoint (string-append (assoc-ref outputs "out")
438 "/bin/.protonvpn-real")))
439 (wrap-program entrypoint
440 `("PATH" ":" prefix
441 ,(map (lambda (name)
442 (let ((input (assoc-ref inputs name)))
443 (string-append input "/bin:"
444 input "/sbin")))
445 (list "dialog"
446 "iproute2"
447 "iptables"
448 "ncurses"
449 "openvpn"
450 "procps"
451 "which")))))
452 #t)))))
c873980d 453 (native-inputs
f39b7612 454 `(("python-docopt" ,python-docopt)))
c873980d 455 (inputs
bcfa8b4a
RP		 456 `(("dialog" ,dialog)
457 ("iproute2" ,iproute)
458 ("iptables" ,iptables)
459 ("ncurses" ,ncurses)
460 ("openvpn" ,openvpn)
461 ("procps" ,procps)
462 ("python-jinja2" ,python-jinja2)
36045fa6 463 ("python-pythondialog" ,python-pythondialog)
bcfa8b4a
RP		 464 ("python-requests" ,python-requests)
465 ("which" ,which)))
c873980d
RP		 466 (synopsis "Command-line client for ProtonVPN")
467 (description
86ac14b2
LC		 468 "This is the official command-line interface for ProtonVPN, a secure
469point-to-point virtual private networking (VPN) service with a gratis tier.
470It can automatically find and connect to the fastest servers or use Tor over
471VPN. The gratis tier offers unlimited bandwidth for up to 10 devices.")
c873980d
RP		 472 (home-page "https://github.com/ProtonVPN/linux-cli")
473 (license license:gpl3+)))
474
feca8e2b
JM		 475(define-public tinc
476 (package
477 (name "tinc")
2b247e51 478 (version "1.0.36")
feca8e2b
JM		 479 (source (origin
480 (method url-fetch)
e81ddeda 481 (uri (string-append "https://tinc-vpn.org/packages/"
657c3ff6 482 "tinc-" version ".tar.gz"))
feca8e2b
JM		 483 (sha256
484 (base32
2b247e51 485 "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0"))))
feca8e2b 486 (build-system gnu-build-system)
7b770eca
SB		 487 (arguments
488 '(#:configure-flags
489 '("--sysconfdir=/etc"
490 "--localstatedir=/var")))
feca8e2b
JM		 491 (inputs `(("zlib" ,zlib)
492 ("lzo" ,lzo)
493 ("openssl" ,openssl)))
e81ddeda 494 (home-page "https://tinc-vpn.org")
feca8e2b
JM		 495 (synopsis "Virtual Private Network (VPN) daemon")
496 (description
497 "Tinc is a VPN that uses tunnelling and encryption to create a secure
498private network between hosts on the internet.")
499 (license license:gpl2+)))
5c863d57
TGR		 500
501(define-public sshuttle
502 (package
503 (name "sshuttle")
627c6531 504 (version "0.78.5")
5c863d57
TGR		 505 (source
506 (origin
507 (method url-fetch)
508 (uri (pypi-uri name version))
509 (sha256
510 (base32
627c6531 511 "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"))))
5c863d57 512 (build-system python-build-system)
c32863e0
TGR		 513 (arguments
514 `(#:phases
515 (modify-phases %standard-phases
516 (add-after 'unpack 'patch-FHS-file-names
517 (lambda _
518 (substitute* "sshuttle/client.py"
519 (("/usr/bin/env") (which "env")))
520 (substitute* "sshuttle/ssh.py"
0e2d3ce2 521 (("/bin/sh") "sh"))
c32863e0 522 #t)))))
5c863d57 523 (native-inputs
3308591f 524 `(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57 525 ;; For tests only.
1628d57b 526 ("python-flake8" ,python-flake8)
5c863d57 527 ("python-mock" ,python-mock)
627c6531 528 ("python-pytest-cov" ,python-pytest-cov)
3308591f 529 ("python-pytest-runner" ,python-pytest-runner)))
5c863d57
TGR		 530 (home-page "https://github.com/sshuttle/sshuttle")
531 (synopsis "VPN that transparently forwards connections over SSH")
532 (description "sshuttle creates an encrypted virtual private network (VPN)
533connection to any remote server to which you have secure shell (SSH) access.
534The only requirement is a suitable version of Python on the server;
535administrative privileges are required only on the client. Unlike most VPNs,
536sshuttle forwards entire sessions, not packets, using kernel transparent
537proxying. This makes it faster and more reliable than SSH's own tunneling and
538port forwarding features. It can forward both TCP and UDP traffic, including
539DNS domain name queries.")
540 (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b
TGR		 541
542(define-public sshoot
543 (package
544 (name "sshoot")
3b4018d6 545 (version "1.2.6")
1ce6f33b
TGR		 546 (source
547 (origin
548 (method url-fetch)
549 (uri (pypi-uri name version))
550 (sha256
551 (base32
3b4018d6 552 "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b 553 (build-system python-build-system)
c0b12a60
MB		 554 (arguments
555 '(#:phases
556 (modify-phases %standard-phases
557 (add-after 'unpack 'patch-paths
558 (lambda _
559 (substitute* "sshoot/tests/test_manager.py"
560 (("/bin/sh") (which "sh")))
561 #t)))))
1ce6f33b
TGR		 562 (inputs
563 `(("python-argcomplete" ,python-argcomplete)
564 ("python-prettytable" ,python-prettytable)
565 ("python-pyyaml" ,python-pyyaml)))
566 ;; For tests only.
567 (native-inputs
568 `(("python-fixtures" ,python-fixtures)
569 ("python-pbr" ,python-pbr)
570 ("python-testtools" ,python-testtools)))
3b4018d6 571 (home-page "https://github.com/albertodonato/sshoot")
1ce6f33b
TGR		 572 (synopsis "sshuttle VPN session manager")
573 (description "sshoot provides a command-line interface to manage multiple
574@command{sshuttle} virtual private networks. It supports flexible profiles
575with configuration options for most of @command{sshuttle}’s features.")
576 (license license:gpl3+)))
7ba2b274
MP		 577
578(define-public badvpn
579 (package
580 (name "badvpn")
581 (version "1.999.130")
582 (source
583 (origin
584 (method git-fetch)
585 (uri (git-reference
b0e7b699 586 (url "https://github.com/ambrop72/badvpn")
7ba2b274
MP		 587 (commit version)))
588 (file-name (git-file-name name version))
589 (sha256
590 (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c"))))
591 (build-system cmake-build-system)
592 (arguments
593 '(#:tests? #f)) ; no tests
594 (inputs
595 `(("nspr" ,nspr)
596 ("nss" ,nss)
597 ("openssl" ,openssl)))
598 (native-inputs
599 `(("pkg-config" ,pkg-config)))
600 (home-page "https://github.com/ambrop72/badvpn")
601 (synopsis "Peer-to-peer virtual private network (VPN)")
602 (description "@code{BadVPN} is a collection of virtual private
603network (VPN) tools. It includes:
604
605@enumerate
606@item NCD programming language.\n
607NCD (Network Configuration Daemon) is a daemon and programming/scripting
608language for configuration of network interfaces and other aspects of the
609operating system.
610@item Tun2socks network-layer proxifier.\n
611The tun2socks program socksifes TCP connections at the network layer. It
612implements a TUN device which accepts all incoming TCP connections (regardless
613of destination IP), and forwards the connections through a SOCKS server.
614@item Peer-to-peer VPN.\n
615The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
616(VPN nodes).
617@end enumerate")
618 ;; This project contains a bundled lwIP. lwIP is also released under the
619 ;; 3-clause BSD license.
620 (license license:bsd-3)))
7a0479bb 621
336d7644 622(define-public wireguard-linux-compat
7a0479bb 623 (package
336d7644 624 (name "wireguard-linux-compat")
c3e6fcde 625 (version "1.0.20201221")
7a0479bb
LF		 626 (source (origin
627 (method url-fetch)
336d7644
LF		 628 (uri (string-append "https://git.zx2c4.com/wireguard-linux-compat/"
629 "snapshot/wireguard-linux-compat-" version
630 ".tar.xz"))
7a0479bb
LF		 631 (sha256
632 (base32
c3e6fcde 633 "0ci13in0fqq32n5qamch4qhjgbdq86ygrgmfhc9szsh2nsl8jlkf"))))
3b177a6c
BW		 634 (build-system linux-module-build-system)
635 (outputs '("out"
636 "kernel-patch"))
7a0479bb 637 (arguments
76ad9547
TGR		 638 `(#:linux ,linux-libre-5.4 ; mustn't have WG built-in
639 #:tests? #f ; no test suite
3b177a6c 640 #:modules ((guix build linux-module-build-system)
7a0479bb
LF		 641 (guix build utils)
642 (ice-9 popen)
643 (ice-9 textual-ports))
644 #:phases
645 (modify-phases %standard-phases
3b177a6c
BW		 646 (add-before 'build 'change-directory
647 (lambda _
648 (chdir "./src")
649 #t))
650 (add-after 'build 'build-patch
7a0479bb 651 (lambda* (#:key outputs #:allow-other-keys)
3b177a6c 652 (let* ((patch-builder "../kernel-tree-scripts/create-patch.sh")
7a0479bb
LF		 653 (port (open-input-pipe patch-builder))
654 (str (get-string-all port)))
655 (close-pipe port)
336d7644 656 (call-with-output-file "wireguard.patch"
7a0479bb
LF		 657 (lambda (port)
658 (format port "~a" str))))
76ad9547 659 #t))
3b177a6c 660 (add-after 'install 'install-patch
336d7644
LF		 661 (lambda* (#:key outputs #:allow-other-keys)
662 (install-file "wireguard.patch"
3b177a6c
BW		 663 (assoc-ref %outputs "kernel-patch"))
664 #t))
665 ;; So that 'install-license-files' works...
666 (add-before 'install-license-files 'reset-cwd
667 (lambda _
668 (chdir "..")
336d7644
LF		 669 #t)))))
670 (home-page "https://git.zx2c4.com/wireguard-linux-compat/")
671 (synopsis "WireGuard kernel module for Linux 3.10 through 5.5")
3b177a6c
BW		 672 (description "This package contains an out-of-tree kernel patch and
673a loadable module adding WireGuard to Linux kernel versions 3.10 through 5.5.
674WireGuard was added to Linux 5.6.")
7a0479bb 675 (license license:gpl2)))
1b17c23e 676
10650b89
TGR		 677(define-public wireguard-tools
678 (package
679 (name "wireguard-tools")
fecdc22e 680 (version "1.0.20210424")
10650b89
TGR		 681 (source
682 (origin
683 (method git-fetch)
684 (uri (git-reference
685 (url "https://git.zx2c4.com/wireguard-tools.git")
686 (commit (string-append "v" version))))
687 (file-name (git-file-name name version))
688 (sha256
fecdc22e 689 (base32 "12v0ykaz7phv1gqin35wf6ndgb9819vai17ynjxssq00xwcbsq43"))))
10650b89
TGR		 690 (build-system gnu-build-system)
691 (arguments
19781930 692 `(#:make-flags
598afe95 693 (list ,(string-append "CC=" (cc-for-target))
c1005113 694 "--directory=src"
10650b89
TGR		 695 "WITH_BASHCOMPLETION=yes"
696 ;; Install the ‘simple and dirty’ helper script wg-quick(8).
697 "WITH_WGQUICK=yes"
698 (string-append "PREFIX=" (assoc-ref %outputs "out"))
699 ;; Currently used only to create an empty /etc/wireguard directory.
700 (string-append "SYSCONFDIR=no-thanks"))
19781930
LF		 701 ;; The test suite is meant to be run interactively. It runs Clang's
702 ;; scan-build static analyzer and then starts a web server to display the
703 ;; results.
704 #:tests? #f
10650b89
TGR		 705 #:phases
706 (modify-phases %standard-phases
c1005113 707 ;; No configure script
d084e71c
BW		 708 (delete 'configure)
709 (add-after 'install 'install-contrib-docs
710 (lambda* (#:key outputs #:allow-other-keys)
711 (let ((out (assoc-ref outputs "out")))
712 (copy-recursively "contrib/"
713 (string-append out "/share/doc/wireguard-tools"))
714 #t)))
715 (add-after 'install 'wrap-wg-quick
716 (lambda* (#:key inputs outputs #:allow-other-keys)
717 (let* ((out (assoc-ref outputs "out"))
718 (inputs-sbin (map (lambda (input)
719 (string-append (assoc-ref inputs input) "/sbin"))
720 (list "resolvconf" "iproute" "procps"
721 "iptables")))
722 (coreutils (string-append (assoc-ref inputs "coreutils")
723 "/bin")))
724 (wrap-program (string-append out "/bin/wg-quick")
725 `("PATH" ":" prefix ,(append inputs-sbin
726 (list coreutils))))
727 #t))))))
728 (inputs
729 `(("resolvconf" ,openresolv)
730 ("coreutils" ,coreutils)
731 ("bash" ,bash) ; for scripts using /dev/tcp
732 ("procps" ,procps)
733 ("iproute" ,iproute)
734 ("iptables" ,iptables)))
10650b89
TGR		 735 (home-page "https://www.wireguard.com/")
736 (synopsis "Tools for configuring WireGuard tunnels")
737 (description
738 "This package provides the user-space command-line tools for using and
739configuring WireGuard tunnels.
740
741WireGuard is a simple and fast general-purpose @acronym{VPN, Virtual Private
742Network} that securely encapsulates IP packets over UDP. It aims to be as easy
743to configure and deploy as SSH. VPN connections are made simply by exchanging
744public keys and can roam across IP addresses.")
745 (license
746 (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library
747 license:gpl2)))) ; everything else
748
336d7644
LF		 749(define-public wireguard
750 (deprecated-package "wireguard" wireguard-tools))
751
1b17c23e
 752(define-public xl2tpd
753 (package
754 (name "xl2tpd")
c3469513 755 (version "1.3.16")
1b17c23e
 756 (source (origin
757 (method git-fetch)
758 (uri (git-reference
759 (url "https://github.com/xelerance/xl2tpd")
760 (commit (string-append "v" version))))
28341601 761 (file-name (git-file-name name version))
1b17c23e
 762 (sha256
763 (base32
c3469513 764 "0is5ccrvijz0pfm45pfrlbb9y8231yz3c4zqs8mkgakl9rxajy6l"))))
1b17c23e
 765 (build-system gnu-build-system)
766 (arguments
0309e004 767 `(#:make-flags (list (string-append "PREFIX=" %output)
1b17c23e
 768 "CC=gcc")
769 #:phases (modify-phases %standard-phases
8331e235
IK		 770 (delete 'configure) ;no configure script
771 (add-before 'build 'setup-environment
772 (lambda* (#:key inputs #:allow-other-keys)
0919d614
MO		 773 (substitute* "l2tp.h"
774 (("/usr/sbin/pppd")
775 (string-append (assoc-ref inputs "ppp")
776 "/sbin/pppd")))
8331e235
IK		 777 (setenv "KERNELSRC"
778 (assoc-ref inputs "linux-libre-headers"))
779 #t)))
14ccd8f8 780 #:tests? #f)) ; no tests provided
8331e235
IK		 781 (inputs `(("libpcap" ,libpcap)
782 ("linux-libre-headers" ,linux-libre-headers)
783 ("ppp" ,ppp)))
1b17c23e
 784 (home-page "https://www.xelerance.com/software/xl2tpd/")
785 (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)")
786 (description
787 "xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661).
788L2TP allows you to tunnel PPP over UDP.")
789 (license license:gpl2)))
jackhill's copy of GNU Guix: https://guix.gnu.org/