HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: tarlz: Update to 0.21.
[jackhill/guix/guix.git] / gnu / packages / vpn.scm
CommitLineData
49f24f41
AE		 1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
b6bee63b 3;;; Copyright © 2013, 2016, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
d4bf49b1 4;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b 5;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
80005d03 6;;; Copyright © 2016, 2017, 2019, 2021 Efraim Flashner <efraim@flashner.co.il>
c3e6fcde 7;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8 8;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
fc4338b8 9;;; Copyright © 2018, 2020 Pierre Langlois <pierre.langlois@gmx.com>
7ba2b274 10;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
c1005113 11;;; Copyright © 2019, 2020 Leo Famulari <leo@famulari.name>
9fd6ad3e 12;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
b47e083b 13;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
3b177a6c 14;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
c873980d 15;;; Copyright © 2020 Ryan Prior <rprior@protonmail.com>
8331e235 16;;; Copyright © 2020 Ivan Kozlov <kanichos@yandex.ru>
18918ebe 17;;; Copyright © 2020 David Dashyan <mail@davie.li>
c85ed0e7 18;;; Copyright © 2021 Domagoj Stolfa <ds815@gmx.com>
49f24f41
AE		 19;;;
20;;; This file is part of GNU Guix.
21;;;
22;;; GNU Guix is free software; you can redistribute it and/or modify it
23;;; under the terms of the GNU General Public License as published by
24;;; the Free Software Foundation; either version 3 of the License, or (at
25;;; your option) any later version.
26;;;
27;;; GNU Guix is distributed in the hope that it will be useful, but
28;;; WITHOUT ANY WARRANTY; without even the implied warranty of
29;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
30;;; GNU General Public License for more details.
31;;;
32;;; You should have received a copy of the GNU General Public License
33;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
34
35(define-module (gnu packages vpn)
b5b73a82 36 #:use-module ((guix licenses) #:prefix license:)
49f24f41
AE		 37 #:use-module (guix packages)
38 #:use-module (guix download)
06d91fd9 39 #:use-module (guix git-download)
7ba2b274 40 #:use-module (guix build-system cmake)
49f24f41 41 #:use-module (guix build-system gnu)
3b177a6c 42 #:use-module (guix build-system linux-module)
5c863d57 43 #:use-module (guix build-system python)
598afe95 44 #:use-module (guix utils)
49f24f41 45 #:use-module (gnu packages)
1b17c23e 46 #:use-module (gnu packages admin)
06d91fd9 47 #:use-module (gnu packages base)
d084e71c 48 #:use-module (gnu packages bash)
ac257f12 49 #:use-module (gnu packages check)
d084e71c 50 #:use-module (gnu packages dns)
01224157 51 #:use-module (gnu packages autotools)
71f4b81a 52 #:use-module (gnu packages compression)
ad879bff 53 #:use-module (gnu packages curl)
80005d03 54 #:use-module (gnu packages freedesktop)
1dba6407 55 #:use-module (gnu packages gettext)
ad879bff 56 #:use-module (gnu packages gnome)
49f24f41 57 #:use-module (gnu packages gnupg)
b47e083b 58 #:use-module (gnu packages guile)
01224157 59 #:use-module (gnu packages libevent)
dc77f0d3 60 #:use-module (gnu packages linux)
ad879bff 61 #:use-module (gnu packages multiprecision)
90a69913 62 #:use-module (gnu packages ncurses)
aff0cce9 63 #:use-module (gnu packages nss)
71f4b81a
AE		 64 #:use-module (gnu packages perl)
65 #:use-module (gnu packages pkg-config)
5c863d57 66 #:use-module (gnu packages python)
80005d03
EF		 67 #:use-module (gnu packages python-build)
68 #:use-module (gnu packages python-crypto)
44d10b1f 69 #:use-module (gnu packages python-xyz)
c873980d 70 #:use-module (gnu packages python-web)
80005d03 71 #:use-module (gnu packages qt)
8331e235 72 #:use-module (gnu packages samba)
a7fd7b68 73 #:use-module (gnu packages tls)
71f4b81a 74 #:use-module (gnu packages xml))
49f24f41 75
7af8a9b7
LC		 76(define-public gvpe
77 (package
78 (name "gvpe")
574d877e 79 (version "3.1")
7af8a9b7
LC		 80 (source (origin
81 (method url-fetch)
82 (uri (string-append "mirror://gnu/gvpe/gvpe-"
83 version ".tar.gz"))
84 (sha256
85 (base32
574d877e 86 "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi"))))
7af8a9b7
LC		 87 (build-system gnu-build-system)
88 (home-page "http://software.schmorp.de/pkg/gvpe.html")
574d877e 89 (native-inputs `(("pkg-config" ,pkg-config)))
7af8a9b7
LC		 90 (inputs `(("openssl" ,openssl)
91 ("zlib" ,zlib)))
92 (synopsis "Secure VPN among multiple nodes over an untrusted network")
93 (description
94 "The GNU Virtual Private Ethernet creates a virtual network
95with multiple nodes using a variety of transport protocols. It works
96by creating encrypted host-to-host tunnels between multiple
97endpoints.")
98 (license license:gpl3+)))
99
c85ed0e7
TGR		 100(define-public strongswan
101 (package
102 (name "strongswan")
103 (version "5.9.2")
104 (source
105 (origin
106 (method url-fetch)
107 (uri (string-append "https://download.strongswan.org/strongswan-"
108 version ".tar.bz2"))
109 (sha256
110 (base32 "0qxhbash2nyh5k2h9zcysgwv61512w1wxk5plyai4b6v3rs2ziv1"))))
111 (build-system gnu-build-system)
112 (arguments
113 `(#:phases
114 (modify-phases %standard-phases
115 (add-before 'build 'patch-command-file-names
116 (lambda* (#:key inputs #:allow-other-keys)
d0cc1d65
TGR		 117 (substitute* "src/ipsec/_ipsec.in"
118 (("cat|kill|sleep|rm|uname" command)
119 (string-append (assoc-ref inputs "coreutils")
120 "/bin/" command)))
c85ed0e7
TGR		 121 (substitute* "src/libstrongswan/utils/process.c"
122 (("/bin/sh")
123 (string-append (assoc-ref inputs "bash") "/bin/sh")))
124
125 (substitute* "src/libstrongswan/tests/suites/test_process.c"
126 (("/bin/sh") (which "sh"))
127 (("/bin/echo") (which "echo"))
128 (("cat") (which "cat")))
129 #t))
130 (add-before 'check 'set-up-test-environment
131 (lambda* (#:key inputs #:allow-other-keys)
132 (setenv "TZDIR" (string-append (assoc-ref inputs "tzdata")
133 "/share/zoneinfo"))
134 #t)))
135 #:configure-flags
136 (list
137 "--disable-ldap"
138 "--disable-mysql"
139 "--disable-systemd"
140
141 ;; Disable BSD-4 licensed plugins.
142 "--disable-blowfish"
143 "--disable-des"
144
145 ;; Make it usable. The default configuration is far too minimal to be
146 ;; used with most common VPN set-ups.
147 ;; See <https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf>.
148 "--enable-aesni"
149 "--enable-attr-sql"
150 "--enable-chapoly"
151 "--enable-curl"
152 "--enable-dhcp"
153 "--enable-eap-aka"
154 "--enable-eap-aka-3gpp"
155 "--enable-eap-dynamic"
156 "--enable-eap-identity"
157 "--enable-eap-md5"
158 "--enable-eap-mschapv2"
159 "--enable-eap-peap"
160 "--enable-eap-radius"
161 "--enable-eap-sim"
162 "--enable-eap-sim-file"
163 "--enable-eap-simaka-pseudonym"
164 "--enable-eap-simaka-reauth"
165 "--enable-eap-simaka-sql"
166 "--enable-eap-tls"
167 "--enable-eap-tnc"
168 "--enable-eap-ttls"
169 "--enable-ext-auth"
170 "--enable-farp"
171 "--enable-ha"
172 "--enable-led"
173 "--enable-md4"
174 "--enable-mediation"
175 "--enable-openssl"
176 "--enable-soup"
177 "--enable-sql"
178 "--enable-sqlite"
179 "--enable-xauth-eap"
180 "--enable-xauth-noauth"
181 "--enable-xauth-pam"
182
183 ;; Use libcap by default.
184 "--with-capabilities=libcap")))
185 (inputs
d0cc1d65
TGR		 186 `(("coreutils" ,coreutils)
187 ("curl" ,curl)
c85ed0e7
TGR		 188 ("gmp" ,gmp)
189 ("libcap" ,libcap)
190 ("libgcrypt" ,libgcrypt)
191 ("libsoup" ,libsoup)
192 ("linux-pam" ,linux-pam)
193 ("openssl" ,openssl)))
194 (native-inputs
195 `(("coreutils" ,coreutils)
196 ("pkg-config" ,pkg-config)
197 ("tzdata" ,tzdata-for-tests)))
198 (synopsis "IKEv1/v2 keying daemon")
199 (description "StrongSwan is an IPsec implementation originally based upon
200the FreeS/WAN project. It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
201NAT-T and more.")
202 (home-page "https://strongswan.org/")
203 (license
204 (list license:gpl2+
205 ;; src/aikgen/*
206 ;; src/libcharon/plugins/dnscert/*
207 ;; src/libcharon/plugins/ext_auth/*
208 ;; src/libcharon/plugins/vici/ruby/*
209 ;; src/libcharon/plugins/xauth_pam/xauth_pam_listener.[ch]
210 license:expat
211 ;; src/inclue/sys/*
212 license:bsd-3
213 ;; src/libstrongswan/plugins/sha3/sha3_keccak.c
214 license:public-domain
215 ;; src/libstrongswan/plugins/pkcs11/pkcs11.h
216 (license:non-copyleft
217 "file://src/libstrongswan/plugins/pkcs11/pkcs11.h"
218 "pkcs11 contains a unknown permissive license. View the specific
219file for more details.")
220 ;; These files are not included in the
221 ;; build, they are disabled through
222 ;; options to ./configure
223 ;;
224 ;; src/libstrongswan/plugins/blowfish/bf_enc.c
225 ;; src/libstrongswan/plugins/blowfish/bf_locl.h
226 ;; src/libstrongswan/plugins/blowfish/bf_pi.h
227 ;; src/libstrongswan/plugins/blowfish/bf_skey.c
228 ;; src/libstrongswan/plugins/blowfish/blowfish_crypter.c
229 ;; src/libstrongswan/plugins/des/des_crypter.c
230 license:bsd-4))))
231
49f24f41
AE		 232(define-public vpnc
233 (package
234 (name "vpnc")
235 (version "0.5.3")
236 (source (origin
237 (method url-fetch)
594360f5 238 (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41
AE		 239 version ".tar.gz"))
240 (sha256 (base32
101e67ac 241 "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41
AE		 242 (build-system gnu-build-system)
243 (inputs `(("libgcrypt" ,libgcrypt)
42c97811 244 ("perl" ,perl)
101e67ac 245 ("vpnc-scripts" ,vpnc-scripts)))
49f24f41
AE		 246 (arguments
247 `(#:tests? #f ; there is no check target
49f24f41 248 #:phases
42c97811 249 (modify-phases %standard-phases
101e67ac 250 (add-after 'unpack 'use-store-paths
42c97811 251 (lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac
TGR		 252 (let ((out (assoc-ref outputs "out"))
253 (vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
254 (substitute* "config.c"
255 (("/etc/vpnc/vpnc-script")
256 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
257 (substitute* "Makefile"
258 (("ETCDIR=.*")
259 (string-append "ETCDIR=" out "/etc/vpnc\n"))
260 (("PREFIX=.*")
261 (string-append "PREFIX=" out "\n")))
262 #t)))
263 (delete 'configure)))) ; no configure script
799dcdc4 264 (synopsis "Client for Cisco VPN concentrators")
49f24f41
AE		 265 (description
266 "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423 267It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41 268shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423 2691DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41
AE		 270Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
271 (license license:gpl2+) ; some file are bsd-2, see COPYING
d61043c7 272 (home-page "https://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a 273
06d91fd9 274(define-public vpnc-scripts
fc4338b8 275 (let ((commit "3885f8bbc4ae03fd6da0ada6de12f7223a59595c"))
06d91fd9
TGR		 276 (package
277 (name "vpnc-scripts")
fc4338b8 278 (version (string-append "20200925." (string-take commit 7)))
06d91fd9
TGR		 279 (source (origin
280 (method git-fetch)
281 (uri
282 (git-reference
283 (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
284 (commit commit)))
728ee9d6 285 (file-name (git-file-name name version))
06d91fd9
TGR		 286 (sha256
287 (base32
fc4338b8 288 "1pmi4n58q81pmn9arvfixhvv6vkkf3rpwac3hwnwyl882q5q0ccx"))))
06d91fd9 289 (build-system gnu-build-system)
b6bee63b 290 (inputs `(("guile" ,guile-3.0) ; for the wrapper scripts
b47e083b 291 ("coreutils" ,coreutils)
06d91fd9
TGR		 292 ("grep" ,grep)
293 ("iproute2" ,iproute) ; for ‘ip’
294 ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
295 ("sed" ,sed)
296 ("which" ,which)))
297 (arguments
298 `(#:phases
299 (modify-phases %standard-phases
300 (add-after 'unpack 'use-relative-paths
301 ;; Patch the scripts to work with and use relative paths.
302 (lambda* _
303 (for-each (lambda (script)
304 (substitute* script
305 (("^PATH=.*") "")
92594b2e 306 (("/usr/s?bin/") "")
06d91fd9
TGR		 307 (("\\[ +-x +([^]]+) +\\]" _ command)
308 (string-append "command -v >/dev/null 2>&1 "
309 command))))
310 (find-files "." "^vpnc-script"))
311 #t))
312 (delete 'configure) ; no configure script
313 (replace 'build
314 (lambda _
863501b7 315 (invoke "gcc" "-o" "netunshare" "netunshare.c")))
06d91fd9
TGR		 316 (replace 'install
317 ;; There is no Makefile; manually install the relevant files.
318 (lambda* (#:key outputs #:allow-other-keys)
319 (let* ((out (assoc-ref outputs "out"))
320 (etc (string-append out "/etc/vpnc")))
321 (for-each (lambda (file)
322 (install-file file etc))
323 (append (find-files "." "^vpnc-script")
324 (list "netunshare"
325 "xinetd.netns.conf")))
326 #t)))
327 (add-after 'install 'wrap-scripts
328 ;; Wrap scripts with paths to their common hard dependencies.
329 ;; Optional dependencies will need to be installed by the user.
330 (lambda* (#:key inputs outputs #:allow-other-keys)
331 (let ((out (assoc-ref outputs "out")))
332 (for-each
333 (lambda (script)
b47e083b 334 (wrap-script (string-append out "/etc/vpnc/" script)
06d91fd9
TGR		 335 `("PATH" ":" prefix
336 ,(map (lambda (name)
337 (let ((input (assoc-ref inputs name)))
338 (string-append input "/bin:"
339 input "/sbin")))
340 (list "coreutils"
341 "grep"
342 "iproute2"
343 "net-tools"
344 "sed"
345 "which")))))
b47e083b
RW		 346 (list "vpnc-script-ptrtd"
347 "vpnc-script-sshd"
348 "vpnc-script"))
863501b7 349 #t))))
06d91fd9
TGR		 350 #:tests? #f)) ; no tests
351 (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
352 (synopsis "Network configuration scripts for Cisco VPN clients")
353 (description
354 "This set of scripts configures routing and name services when invoked
355by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
356
357The default @command{vpnc-script} automatically configures most common
358connections, and provides hooks for performing custom actions at various stages
359of the connection or disconnection process.
360
361Alternative scripts are provided for more complicated set-ups, or to serve as an
362example for writing your own. For example, @command{vpnc-script-sshd} contains
363the entire VPN in a network namespace accessible only through SSH.")
364 (license license:gpl2+))))
71f4b81a 365
01224157
PL		 366(define-public ocproxy
367 (package
368 (name "ocproxy")
369 (version "1.60")
370 (source (origin
98ebc8fd
EF		 371 (method git-fetch)
372 (uri (git-reference
b0e7b699 373 (url "https://github.com/cernekee/ocproxy")
98ebc8fd
EF		 374 (commit (string-append "v" version))))
375 (file-name (git-file-name name version))
01224157
PL		 376 (sha256
377 (base32
98ebc8fd 378 "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx"))))
01224157
PL		 379 (build-system gnu-build-system)
380 (native-inputs
381 `(("autoconf" ,autoconf)
382 ("automake" ,automake)))
383 (inputs
384 `(("libevent" ,libevent)))
01224157
PL		 385 (home-page "https://github.com/cernekee/ocproxy")
386 (synopsis "OpenConnect proxy")
387 (description
388 "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
389on LwIP. When using ocproxy, OpenConnect only handles network activity that
390the user specifically asks to proxy, so the @dfn{VPN} interface no longer
391\"hijacks\" all network traffic on the host.")
392 (license license:bsd-3)))
393
71f4b81a
AE		 394(define-public openconnect
395 (package
396 (name "openconnect")
57b13d1c 397 (version "8.10")
71f4b81a
AE		 398 (source (origin
399 (method url-fetch)
d4bf49b1
EB		 400 (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
401 "openconnect-" version ".tar.gz"))
c383c36e 402 (sha256
57b13d1c 403 (base32 "1cdsx4nsrwawbsisfkldfc9i4qn60g03vxb13nzppr2br9p4rrih"))))
71f4b81a 404 (build-system gnu-build-system)
0d7f282b 405 (propagated-inputs
c4c4cc05 406 `(("libxml2" ,libxml2)
51a365c1 407 ("gnutls" ,gnutls)
71f4b81a 408 ("zlib" ,zlib)))
0d7f282b 409 (inputs
1d7f3c00
TGR		 410 `(("lz4" ,lz4)
411 ("vpnc-scripts" ,vpnc-scripts)))
c4c4cc05 412 (native-inputs
b94a6ca0 413 `(("gettext" ,gettext-minimal)
c4c4cc05 414 ("pkg-config" ,pkg-config)))
71f4b81a 415 (arguments
d4bf49b1
EB		 416 `(#:configure-flags
417 `(,(string-append "--with-vpnc-script="
a6d06e86 418 (assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1 419 "/etc/vpnc/vpnc-script"))))
799dcdc4 420 (synopsis "Client for Cisco VPN")
71f4b81a
AE		 421 (description
422 "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
423supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
424870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
425and probably others.")
426 (license license:lgpl2.1)
8b1d0ff4 427 (home-page "https://www.infradead.org/openconnect/")))
dc77f0d3 428
80005d03
EF		 429(define-public openconnect-sso
430 (package
431 (name "openconnect-sso")
c13b9ae3 432 (version "0.7.3")
80005d03
EF		 433 (source
434 (origin
435 (method url-fetch)
436 (uri (pypi-uri "openconnect-sso" version))
437 (sha256
c13b9ae3 438 (base32 "065s5c8q80jh0psdw7694nlabwpra7aw6yc4jlgsc9vxx8rx2na1"))))
80005d03
EF		 439 (build-system python-build-system)
440 (arguments
441 `(#:tests? #f ; Tests not included, building from git requires poetry.
442 #:phases
443 (modify-phases %standard-phases
80005d03
EF		 444 (add-after 'unpack 'patch-openconnect
445 (lambda _
446 (substitute* "openconnect_sso/app.py"
447 (("\"openconnect\"")
448 (string-append "\"" (which "openconnect") "\"")))
449 #t))
450 (replace 'check
451 (lambda* (#:key tests? #:allow-other-keys)
452 (when tests?
453 (invoke "pytest" "-v"))
454 #t))
455 (add-after 'install 'wrap-qt-process-path
456 (lambda* (#:key inputs outputs #:allow-other-keys)
457 (let* ((out (assoc-ref outputs "out"))
458 (bin (string-append out "/bin/openconnect-sso"))
459 (qt-process-path (string-append
460 (assoc-ref inputs "qtwebengine")
461 "/lib/qt5/libexec/QtWebEngineProcess")))
462 (wrap-program bin
463 `("QTWEBENGINEPROCESS_PATH" = (,qt-process-path)))
464 #t))))))
465 (inputs
466 `(("openconnect" ,openconnect)
467 ("python-attrs" ,python-attrs)
468 ("python-colorama" ,python-colorama)
469 ("python-keyring" ,python-keyring)
470 ("python-lxml" ,python-lxml)
471 ("python-prompt-toolkit" ,python-prompt-toolkit)
472 ("python-requests" ,python-requests)
473 ("python-pyqt" ,python-pyqt)
474 ("python-pyqtwebengine" ,python-pyqtwebengine)
475 ("python-pysocks" ,python-pysocks)
476 ("python-pyxdg" ,python-pyxdg)
477 ("python-structlog" ,python-structlog)
478 ("python-toml" ,python-toml)
479 ("qtwebengine" ,qtwebengine)))
480 (native-inputs
481 `(("python-pytest" ,python-pytest)
482 ("python-setuptools-scm" ,python-setuptools-scm)))
483 (home-page "https://github.com/vlaci/openconnect-sso")
484 (synopsis "OpenConnect wrapper script supporting Azure AD (SAMLv2)")
485 (description
486 "This package provides a wrapper script for OpenConnect supporting Azure AD
487(SAMLv2) authentication to Cisco SSL-VPNs.")
488 (license license:gpl3)))
489
18918ebe
DD		 490(define-public openfortivpn
491 (package
492 (name "openfortivpn")
493 (version "1.15.0")
494 (source (origin
495 (method git-fetch)
496 (uri (git-reference
497 (url "https://github.com/adrienverge/openfortivpn")
498 (commit (string-append "v" version))))
499 (file-name (git-file-name name version))
500 (sha256
501 (base32
502 "1qsfgpxg553s8rc9cyrc4k96z0pislxsdxb9wyhp8fdprkak2mw2"))))
503 (build-system gnu-build-system)
504 (native-inputs
505 `(("autoconf" ,autoconf)
506 ("autotools" ,automake)
507 ("pkg-config" ,pkg-config)))
508 (inputs
509 `(("openssl" ,openssl)
510 ("ppp" ,ppp)))
511 (home-page "https://github.com/adrienverge/openfortivpn")
512 (synopsis "Client for PPP+SSL VPN tunnel services")
513 (description "Openfortivpn is a client for PPP+SSL VPN tunnel services. It
514spawns a pppd process and operates the communication between the gateway and
515this process. It is compatible with Fortinet VPNs.")
516 (license license:gpl3+)))
517
dc77f0d3
DT		 518(define-public openvpn
519 (package
520 (name "openvpn")
7ab69074 521 (version "2.5.3")
dc77f0d3
DT		 522 (source (origin
523 (method url-fetch)
524 (uri (string-append
525 "https://swupdate.openvpn.org/community/releases/openvpn-"
526 version ".tar.xz"))
527 (sha256
528 (base32
7ab69074 529 "0zlski66mw10klmwvg445z051mld7xjng4iyl4f9b883qr1rjspv"))))
dc77f0d3
DT		 530 (build-system gnu-build-system)
531 (arguments
532 '(#:configure-flags '("--enable-iproute2=yes")))
533 (native-inputs
534 `(("iproute2" ,iproute)))
535 (inputs
dee9a262
EF		 536 `(("lz4" ,lz4)
537 ("lzo" ,lzo)
dc77f0d3
DT		 538 ("openssl" ,openssl)
539 ("linux-pam" ,linux-pam)))
540 (home-page "https://openvpn.net/")
541 (synopsis "Virtual private network daemon")
9599339c
TGR		 542 (description
543 "OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3
DT		 544for creating secure point-to-point or site-to-site connections in routed or
545bridged configurations and remote access facilities. It uses a custom
546security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c 547traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3 548 (license license:gpl2)))
feca8e2b 549
c873980d
RP		 550(define-public protonvpn-cli
551 (package
552 (name "protonvpn-cli")
04d50f0a 553 (version "2.2.6")
c873980d
RP		 554 (source
555 (origin
556 ;; PyPI has a ".whl" file but not a proper source release.
557 ;; Thus, fetch code from Git.
558 (method git-fetch)
559 (uri (git-reference
b0e7b699 560 (url "https://github.com/ProtonVPN/linux-cli")
c873980d
RP		 561 (commit (string-append "v" version))))
562 (file-name (git-file-name name version))
563 (sha256
04d50f0a 564 (base32 "0y7v9ikrmy5dbjlpbpacp08gy838i8z54m8m4ps7ldk1j6kyia3n"))))
c873980d 565 (build-system python-build-system)
bcfa8b4a
RP		 566 (arguments
567 '(#:tests? #f ; no tests in repo
568 #:phases
569 (modify-phases %standard-phases
570 (add-after 'wrap 'wrap-wrapper
571 ;; Wrap entrypoint with paths to its hard dependencies.
572 (lambda* (#:key inputs outputs #:allow-other-keys)
573 (let ((entrypoint (string-append (assoc-ref outputs "out")
574 "/bin/.protonvpn-real")))
575 (wrap-program entrypoint
576 `("PATH" ":" prefix
577 ,(map (lambda (name)
578 (let ((input (assoc-ref inputs name)))
579 (string-append input "/bin:"
580 input "/sbin")))
581 (list "dialog"
582 "iproute2"
583 "iptables"
584 "ncurses"
585 "openvpn"
586 "procps"
587 "which")))))
588 #t)))))
c873980d 589 (native-inputs
f39b7612 590 `(("python-docopt" ,python-docopt)))
c873980d 591 (inputs
bcfa8b4a
RP		 592 `(("dialog" ,dialog)
593 ("iproute2" ,iproute)
594 ("iptables" ,iptables)
595 ("ncurses" ,ncurses)
596 ("openvpn" ,openvpn)
597 ("procps" ,procps)
598 ("python-jinja2" ,python-jinja2)
36045fa6 599 ("python-pythondialog" ,python-pythondialog)
bcfa8b4a
RP		 600 ("python-requests" ,python-requests)
601 ("which" ,which)))
c873980d
RP		 602 (synopsis "Command-line client for ProtonVPN")
603 (description
86ac14b2
LC		 604 "This is the official command-line interface for ProtonVPN, a secure
605point-to-point virtual private networking (VPN) service with a gratis tier.
606It can automatically find and connect to the fastest servers or use Tor over
607VPN. The gratis tier offers unlimited bandwidth for up to 10 devices.")
c873980d
RP		 608 (home-page "https://github.com/ProtonVPN/linux-cli")
609 (license license:gpl3+)))
610
feca8e2b
JM		 611(define-public tinc
612 (package
613 (name "tinc")
2b247e51 614 (version "1.0.36")
feca8e2b
JM		 615 (source (origin
616 (method url-fetch)
e81ddeda 617 (uri (string-append "https://tinc-vpn.org/packages/"
657c3ff6 618 "tinc-" version ".tar.gz"))
feca8e2b
JM		 619 (sha256
620 (base32
2b247e51 621 "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0"))))
feca8e2b 622 (build-system gnu-build-system)
7b770eca
SB		 623 (arguments
624 '(#:configure-flags
625 '("--sysconfdir=/etc"
626 "--localstatedir=/var")))
feca8e2b
JM		 627 (inputs `(("zlib" ,zlib)
628 ("lzo" ,lzo)
629 ("openssl" ,openssl)))
e81ddeda 630 (home-page "https://tinc-vpn.org")
feca8e2b
JM		 631 (synopsis "Virtual Private Network (VPN) daemon")
632 (description
633 "Tinc is a VPN that uses tunnelling and encryption to create a secure
634private network between hosts on the internet.")
635 (license license:gpl2+)))
5c863d57
TGR		 636
637(define-public sshuttle
638 (package
639 (name "sshuttle")
627c6531 640 (version "0.78.5")
5c863d57
TGR		 641 (source
642 (origin
643 (method url-fetch)
644 (uri (pypi-uri name version))
645 (sha256
646 (base32
627c6531 647 "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"))))
5c863d57 648 (build-system python-build-system)
c32863e0
TGR		 649 (arguments
650 `(#:phases
651 (modify-phases %standard-phases
652 (add-after 'unpack 'patch-FHS-file-names
653 (lambda _
654 (substitute* "sshuttle/client.py"
655 (("/usr/bin/env") (which "env")))
656 (substitute* "sshuttle/ssh.py"
0e2d3ce2 657 (("/bin/sh") "sh"))
c32863e0 658 #t)))))
5c863d57 659 (native-inputs
3308591f 660 `(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57 661 ;; For tests only.
1628d57b 662 ("python-flake8" ,python-flake8)
5c863d57 663 ("python-mock" ,python-mock)
627c6531 664 ("python-pytest-cov" ,python-pytest-cov)
3308591f 665 ("python-pytest-runner" ,python-pytest-runner)))
5c863d57
TGR		 666 (home-page "https://github.com/sshuttle/sshuttle")
667 (synopsis "VPN that transparently forwards connections over SSH")
668 (description "sshuttle creates an encrypted virtual private network (VPN)
669connection to any remote server to which you have secure shell (SSH) access.
670The only requirement is a suitable version of Python on the server;
671administrative privileges are required only on the client. Unlike most VPNs,
672sshuttle forwards entire sessions, not packets, using kernel transparent
673proxying. This makes it faster and more reliable than SSH's own tunneling and
674port forwarding features. It can forward both TCP and UDP traffic, including
675DNS domain name queries.")
676 (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b
TGR		 677
678(define-public sshoot
679 (package
680 (name "sshoot")
3b4018d6 681 (version "1.2.6")
1ce6f33b
TGR		 682 (source
683 (origin
684 (method url-fetch)
685 (uri (pypi-uri name version))
686 (sha256
687 (base32
3b4018d6 688 "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b 689 (build-system python-build-system)
c0b12a60
MB		 690 (arguments
691 '(#:phases
692 (modify-phases %standard-phases
693 (add-after 'unpack 'patch-paths
694 (lambda _
695 (substitute* "sshoot/tests/test_manager.py"
696 (("/bin/sh") (which "sh")))
697 #t)))))
1ce6f33b
TGR		 698 (inputs
699 `(("python-argcomplete" ,python-argcomplete)
700 ("python-prettytable" ,python-prettytable)
701 ("python-pyyaml" ,python-pyyaml)))
702 ;; For tests only.
703 (native-inputs
704 `(("python-fixtures" ,python-fixtures)
705 ("python-pbr" ,python-pbr)
706 ("python-testtools" ,python-testtools)))
3b4018d6 707 (home-page "https://github.com/albertodonato/sshoot")
1ce6f33b
TGR		 708 (synopsis "sshuttle VPN session manager")
709 (description "sshoot provides a command-line interface to manage multiple
710@command{sshuttle} virtual private networks. It supports flexible profiles
711with configuration options for most of @command{sshuttle}’s features.")
712 (license license:gpl3+)))
7ba2b274
MP		 713
714(define-public badvpn
715 (package
716 (name "badvpn")
717 (version "1.999.130")
718 (source
719 (origin
720 (method git-fetch)
721 (uri (git-reference
b0e7b699 722 (url "https://github.com/ambrop72/badvpn")
7ba2b274
MP		 723 (commit version)))
724 (file-name (git-file-name name version))
725 (sha256
726 (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c"))))
727 (build-system cmake-build-system)
728 (arguments
729 '(#:tests? #f)) ; no tests
730 (inputs
731 `(("nspr" ,nspr)
732 ("nss" ,nss)
733 ("openssl" ,openssl)))
734 (native-inputs
735 `(("pkg-config" ,pkg-config)))
736 (home-page "https://github.com/ambrop72/badvpn")
737 (synopsis "Peer-to-peer virtual private network (VPN)")
738 (description "@code{BadVPN} is a collection of virtual private
739network (VPN) tools. It includes:
740
741@enumerate
742@item NCD programming language.\n
743NCD (Network Configuration Daemon) is a daemon and programming/scripting
744language for configuration of network interfaces and other aspects of the
745operating system.
746@item Tun2socks network-layer proxifier.\n
747The tun2socks program socksifes TCP connections at the network layer. It
748implements a TUN device which accepts all incoming TCP connections (regardless
749of destination IP), and forwards the connections through a SOCKS server.
750@item Peer-to-peer VPN.\n
751The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
752(VPN nodes).
753@end enumerate")
754 ;; This project contains a bundled lwIP. lwIP is also released under the
755 ;; 3-clause BSD license.
756 (license license:bsd-3)))
7a0479bb 757
336d7644 758(define-public wireguard-linux-compat
7a0479bb 759 (package
336d7644 760 (name "wireguard-linux-compat")
c3e6fcde 761 (version "1.0.20201221")
7a0479bb
LF		 762 (source (origin
763 (method url-fetch)
336d7644
LF		 764 (uri (string-append "https://git.zx2c4.com/wireguard-linux-compat/"
765 "snapshot/wireguard-linux-compat-" version
766 ".tar.xz"))
7a0479bb
LF		 767 (sha256
768 (base32
c3e6fcde 769 "0ci13in0fqq32n5qamch4qhjgbdq86ygrgmfhc9szsh2nsl8jlkf"))))
3b177a6c
BW		 770 (build-system linux-module-build-system)
771 (outputs '("out"
772 "kernel-patch"))
7a0479bb 773 (arguments
76ad9547
TGR		 774 `(#:linux ,linux-libre-5.4 ; mustn't have WG built-in
775 #:tests? #f ; no test suite
3b177a6c 776 #:modules ((guix build linux-module-build-system)
7a0479bb
LF		 777 (guix build utils)
778 (ice-9 popen)
779 (ice-9 textual-ports))
780 #:phases
781 (modify-phases %standard-phases
3b177a6c
BW		 782 (add-before 'build 'change-directory
783 (lambda _
784 (chdir "./src")
785 #t))
786 (add-after 'build 'build-patch
7a0479bb 787 (lambda* (#:key outputs #:allow-other-keys)
3b177a6c 788 (let* ((patch-builder "../kernel-tree-scripts/create-patch.sh")
7a0479bb
LF		 789 (port (open-input-pipe patch-builder))
790 (str (get-string-all port)))
791 (close-pipe port)
336d7644 792 (call-with-output-file "wireguard.patch"
7a0479bb
LF		 793 (lambda (port)
794 (format port "~a" str))))
76ad9547 795 #t))
3b177a6c 796 (add-after 'install 'install-patch
336d7644
LF		 797 (lambda* (#:key outputs #:allow-other-keys)
798 (install-file "wireguard.patch"
3b177a6c
BW		 799 (assoc-ref %outputs "kernel-patch"))
800 #t))
801 ;; So that 'install-license-files' works...
802 (add-before 'install-license-files 'reset-cwd
803 (lambda _
804 (chdir "..")
336d7644
LF		 805 #t)))))
806 (home-page "https://git.zx2c4.com/wireguard-linux-compat/")
807 (synopsis "WireGuard kernel module for Linux 3.10 through 5.5")
3b177a6c
BW		 808 (description "This package contains an out-of-tree kernel patch and
809a loadable module adding WireGuard to Linux kernel versions 3.10 through 5.5.
810WireGuard was added to Linux 5.6.")
7a0479bb 811 (license license:gpl2)))
1b17c23e 812
10650b89
TGR		 813(define-public wireguard-tools
814 (package
815 (name "wireguard-tools")
fecdc22e 816 (version "1.0.20210424")
10650b89
TGR		 817 (source
818 (origin
819 (method git-fetch)
820 (uri (git-reference
821 (url "https://git.zx2c4.com/wireguard-tools.git")
822 (commit (string-append "v" version))))
823 (file-name (git-file-name name version))
824 (sha256
fecdc22e 825 (base32 "12v0ykaz7phv1gqin35wf6ndgb9819vai17ynjxssq00xwcbsq43"))))
10650b89
TGR		 826 (build-system gnu-build-system)
827 (arguments
19781930 828 `(#:make-flags
598afe95 829 (list ,(string-append "CC=" (cc-for-target))
c1005113 830 "--directory=src"
10650b89
TGR		 831 "WITH_BASHCOMPLETION=yes"
832 ;; Install the ‘simple and dirty’ helper script wg-quick(8).
833 "WITH_WGQUICK=yes"
834 (string-append "PREFIX=" (assoc-ref %outputs "out"))
835 ;; Currently used only to create an empty /etc/wireguard directory.
836 (string-append "SYSCONFDIR=no-thanks"))
19781930
LF		 837 ;; The test suite is meant to be run interactively. It runs Clang's
838 ;; scan-build static analyzer and then starts a web server to display the
839 ;; results.
840 #:tests? #f
10650b89
TGR		 841 #:phases
842 (modify-phases %standard-phases
c1005113 843 ;; No configure script
d084e71c
BW		 844 (delete 'configure)
845 (add-after 'install 'install-contrib-docs
846 (lambda* (#:key outputs #:allow-other-keys)
847 (let ((out (assoc-ref outputs "out")))
848 (copy-recursively "contrib/"
849 (string-append out "/share/doc/wireguard-tools"))
850 #t)))
851 (add-after 'install 'wrap-wg-quick
852 (lambda* (#:key inputs outputs #:allow-other-keys)
853 (let* ((out (assoc-ref outputs "out"))
854 (inputs-sbin (map (lambda (input)
855 (string-append (assoc-ref inputs input) "/sbin"))
856 (list "resolvconf" "iproute" "procps"
857 "iptables")))
858 (coreutils (string-append (assoc-ref inputs "coreutils")
859 "/bin")))
860 (wrap-program (string-append out "/bin/wg-quick")
861 `("PATH" ":" prefix ,(append inputs-sbin
862 (list coreutils))))
863 #t))))))
864 (inputs
865 `(("resolvconf" ,openresolv)
866 ("coreutils" ,coreutils)
867 ("bash" ,bash) ; for scripts using /dev/tcp
868 ("procps" ,procps)
869 ("iproute" ,iproute)
870 ("iptables" ,iptables)))
10650b89
TGR		 871 (home-page "https://www.wireguard.com/")
872 (synopsis "Tools for configuring WireGuard tunnels")
873 (description
874 "This package provides the user-space command-line tools for using and
875configuring WireGuard tunnels.
876
877WireGuard is a simple and fast general-purpose @acronym{VPN, Virtual Private
878Network} that securely encapsulates IP packets over UDP. It aims to be as easy
879to configure and deploy as SSH. VPN connections are made simply by exchanging
880public keys and can roam across IP addresses.")
881 (license
882 (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library
883 license:gpl2)))) ; everything else
884
336d7644
LF		 885(define-public wireguard
886 (deprecated-package "wireguard" wireguard-tools))
887
1b17c23e
 888(define-public xl2tpd
889 (package
890 (name "xl2tpd")
c3469513 891 (version "1.3.16")
1b17c23e
 892 (source (origin
893 (method git-fetch)
894 (uri (git-reference
895 (url "https://github.com/xelerance/xl2tpd")
896 (commit (string-append "v" version))))
28341601 897 (file-name (git-file-name name version))
1b17c23e
 898 (sha256
899 (base32
c3469513 900 "0is5ccrvijz0pfm45pfrlbb9y8231yz3c4zqs8mkgakl9rxajy6l"))))
1b17c23e
 901 (build-system gnu-build-system)
902 (arguments
0309e004 903 `(#:make-flags (list (string-append "PREFIX=" %output)
1b17c23e
 904 "CC=gcc")
905 #:phases (modify-phases %standard-phases
8331e235
IK		 906 (delete 'configure) ;no configure script
907 (add-before 'build 'setup-environment
908 (lambda* (#:key inputs #:allow-other-keys)
0919d614
MO		 909 (substitute* "l2tp.h"
910 (("/usr/sbin/pppd")
911 (string-append (assoc-ref inputs "ppp")
912 "/sbin/pppd")))
8331e235
IK		 913 (setenv "KERNELSRC"
914 (assoc-ref inputs "linux-libre-headers"))
915 #t)))
14ccd8f8 916 #:tests? #f)) ; no tests provided
8331e235
IK		 917 (inputs `(("libpcap" ,libpcap)
918 ("linux-libre-headers" ,linux-libre-headers)
919 ("ppp" ,ppp)))
1b17c23e
 920 (home-page "https://www.xelerance.com/software/xl2tpd/")
921 (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)")
922 (description
923 "xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661).
924L2TP allows you to tunnel PPP over UDP.")
925 (license license:gpl2)))
jackhill's copy of GNU Guix: https://guix.gnu.org/