HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: emacs-helm: Update to 3.8.7.
[jackhill/guix/guix.git] / gnu / packages / vpn.scm
CommitLineData
49f24f41
AE		 1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
bc64d955 3;;; Copyright © 2013, 2016, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
d4bf49b1 4;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b 5;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
422e5d35 6;;; Copyright © 2016, 2017, 2019, 2021, 2022 Efraim Flashner <efraim@flashner.co.il>
c3e6fcde 7;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8 8;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
fc4338b8 9;;; Copyright © 2018, 2020 Pierre Langlois <pierre.langlois@gmx.com>
7ba2b274 10;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
c1005113 11;;; Copyright © 2019, 2020 Leo Famulari <leo@famulari.name>
9fd6ad3e 12;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
b47e083b 13;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
3b177a6c 14;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
c873980d 15;;; Copyright © 2020 Ryan Prior <rprior@protonmail.com>
8331e235 16;;; Copyright © 2020 Ivan Kozlov <kanichos@yandex.ru>
18918ebe 17;;; Copyright © 2020 David Dashyan <mail@davie.li>
c85ed0e7 18;;; Copyright © 2021 Domagoj Stolfa <ds815@gmx.com>
b30651ae
RG		 19;;; Copyright © 2021 Raghav Gururajan <rg@raghavgururajan.name>
20;;; Copyright © 2021 jgart <jgart@dismail.de>
9c8f68f4 21;;; Copyright © 2022 Josselin Poiret <josselin.poiret@protonmail.ch>
51736faa 22;;; Copyright © 2022 Lu hui <luhux76@gmail.com>
d45727f4 23;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
bb88505e 24;;; Copyright © 2022 Jean-Pierre De Jesus DIAZ <me@jeandudey.tech>
67375109 25;;; Copyright © 2022 Arun Isaac <arunisaac@systemreboot.net>
49f24f41
AE		 26;;;
27;;; This file is part of GNU Guix.
28;;;
29;;; GNU Guix is free software; you can redistribute it and/or modify it
30;;; under the terms of the GNU General Public License as published by
31;;; the Free Software Foundation; either version 3 of the License, or (at
32;;; your option) any later version.
33;;;
34;;; GNU Guix is distributed in the hope that it will be useful, but
35;;; WITHOUT ANY WARRANTY; without even the implied warranty of
36;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
37;;; GNU General Public License for more details.
38;;;
39;;; You should have received a copy of the GNU General Public License
40;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
41
42(define-module (gnu packages vpn)
b5b73a82 43 #:use-module ((guix licenses) #:prefix license:)
49f24f41
AE		 44 #:use-module (guix packages)
45 #:use-module (guix download)
51736faa 46 #:use-module (guix gexp)
06d91fd9 47 #:use-module (guix git-download)
7ba2b274 48 #:use-module (guix build-system cmake)
b30651ae 49 #:use-module (guix build-system copy)
49f24f41 50 #:use-module (guix build-system gnu)
b30651ae 51 #:use-module (guix build-system go)
3b177a6c 52 #:use-module (guix build-system linux-module)
5c863d57 53 #:use-module (guix build-system python)
b30651ae 54 #:use-module (guix build-system qt)
598afe95 55 #:use-module (guix utils)
49f24f41 56 #:use-module (gnu packages)
1b17c23e 57 #:use-module (gnu packages admin)
06d91fd9 58 #:use-module (gnu packages base)
d084e71c 59 #:use-module (gnu packages bash)
ac257f12 60 #:use-module (gnu packages check)
d084e71c 61 #:use-module (gnu packages dns)
01224157 62 #:use-module (gnu packages autotools)
71f4b81a 63 #:use-module (gnu packages compression)
ad879bff 64 #:use-module (gnu packages curl)
80005d03 65 #:use-module (gnu packages freedesktop)
1dba6407 66 #:use-module (gnu packages gettext)
ad879bff 67 #:use-module (gnu packages gnome)
b30651ae 68 #:use-module (gnu packages gl)
49f24f41 69 #:use-module (gnu packages gnupg)
b30651ae 70 #:use-module (gnu packages golang)
b47e083b 71 #:use-module (gnu packages guile)
01224157 72 #:use-module (gnu packages libevent)
dc77f0d3 73 #:use-module (gnu packages linux)
ad879bff 74 #:use-module (gnu packages multiprecision)
90a69913 75 #:use-module (gnu packages ncurses)
aff0cce9 76 #:use-module (gnu packages nss)
71f4b81a
AE		 77 #:use-module (gnu packages perl)
78 #:use-module (gnu packages pkg-config)
b30651ae 79 #:use-module (gnu packages polkit)
5c863d57 80 #:use-module (gnu packages python)
80005d03
EF		 81 #:use-module (gnu packages python-build)
82 #:use-module (gnu packages python-crypto)
44d10b1f 83 #:use-module (gnu packages python-xyz)
c873980d 84 #:use-module (gnu packages python-web)
80005d03 85 #:use-module (gnu packages qt)
8331e235 86 #:use-module (gnu packages samba)
a7fd7b68 87 #:use-module (gnu packages tls)
71f4b81a 88 #:use-module (gnu packages xml))
49f24f41 89
b30651ae
RG		 90(define-public bitmask
91 (package
92 (name "bitmask")
3b32297e 93 (version "0.21.11")
b30651ae
RG		 94 (source
95 (origin
96 (method git-fetch)
97 (uri
98 (git-reference
99 (url "https://0xacab.org/leap/bitmask-vpn")
100 (commit version)))
101 (file-name (git-file-name name version))
102 (sha256
3b32297e 103 (base32 "1zphigfrks1j3snbc748b3mk0qb1r7n2v7p7l6w1xiiil4dql6cs"))
b30651ae
RG		 104 (modules
105 '((guix build utils)))
106 (snippet
107 `(begin
108 (delete-file-recursively "branding/thirdparty")
109 (call-with-output-file "pkg/config/version/version.go"
110 (lambda (port)
111 (format port "package version\n")
112 (format port "\n")
113 (format port (string-append "var VERSION = \"" ,version "\""))))
114 #t))))
115 (build-system go-build-system)
116 (arguments
117 `(#:imported-modules
118 ((guix build cmake-build-system)
119 (guix build copy-build-system)
120 (guix build python-build-system)
121 (guix build qt-build-system)
122 (guix build qt-utils)
123 ,@%go-build-system-modules)
124 #:modules
125 (((guix build copy-build-system)
126 #:prefix copy:)
127 ((guix build python-build-system)
128 #:prefix python:)
129 ((guix build qt-build-system)
130 #:prefix qt:)
131 (guix build utils)
132 (guix build go-build-system))
133 #:unpack-path "0xacab.org/leap/bitmask-vpn"
134 #:import-path "0xacab.org/leap/bitmask-vpn/cmd/bitmask-helper"
135 #:phases
136 (modify-phases %standard-phases
137 (add-after 'setup-go-environment 'insert-missing-sources
138 ;; For some reason this package is left out.
139 (lambda* (#:key inputs #:allow-other-keys)
140 (let* ((name "go-0xacab-org-leap-shapeshifter")
141 (shapeshifter (assoc-ref inputs name))
142 (shapeshifter-src (string-append shapeshifter "/src")))
143 (copy-recursively shapeshifter-src "src"))))
144 (add-after 'unpack 'patch
145 (lambda* (#:key inputs outputs #:allow-other-keys)
146 (with-directory-excursion "src/0xacab.org/leap/bitmask-vpn"
147 ;; Use 'emersion/go-autostart',
148 ;; instead of 'ProtonMail/go-autostart',
149 ;; as the latter no longer exists.
150 (substitute* (find-files "." "\\.go$")
151 (("github.com/ProtonMail/go-autostart")
152 "github.com/emersion/go-autostart"))
153 ;; Use correct paths for referenced items.
154 (let* ((out (assoc-ref outputs "out"))
155 (policy-dir (string-append out "/share/polkit-1/actions"))
156 (policy-file "se.leap.bitmask.policy")
157 (policy-path (string-append policy-dir "/" policy-file))
158 (ip (string-append (assoc-ref inputs "iproute")
159 "/sbin/ip"))
160 (iptables (string-append (assoc-ref inputs "iptables")
161 "/sbin/iptables"))
162 (ip6tables (string-append (assoc-ref inputs "iptables")
163 "/sbin/ip6tables"))
164 (sysctl (string-append (assoc-ref inputs "procps")
165 "/sbin/sysctl"))
166 (pkttyagent (string-append (assoc-ref inputs "polkit")
167 "/bin/pkttyagent"))
168 (openvpn (string-append (assoc-ref inputs "openvpn")
169 "/sbin/openvpn"))
170 (bitmask-root (string-append (assoc-ref outputs "out")
171 "/sbin/bitmask-root")))
172 (substitute* (find-files "." "(\\.go$|\\.policy$|bitmask-root)")
173 (("swhich\\(\"ip\"\\)")
174 (string-append "\"" ip "\""))
175 (("swhich\\(\"iptables\"\\)")
176 (string-append "\"" iptables "\""))
177 (("swhich\\(\"ip6tables\"\\)")
178 (string-append "\"" ip6tables "\""))
179 (("swhich\\(\"sysctl\"\\)")
180 (string-append "\"" sysctl "\""))
181 (("/usr/(bin|lib|libexec)/.*(kit|agent|agent-1)") pkttyagent)
182 (("/usr/sbin/openvpn") openvpn)
183 (("/usr/sbin/bitmask-root") bitmask-root)
184 (("/usr/local/sbin/bitmask-root") bitmask-root)
185 (("/usr/share.*\\.policy") policy-path)))
186 (substitute* (find-files "." "\\.pro$")
187 ;; Use correct path for goshim files,
188 ;; which are generated in 'build-continued phase.
189 (("-L.*/lib") "-L./lib")
190 ;; FIXME: Unable to build i18n files.
191 (("TRANSLATIONS.*i18n.*$") "")
192 (("RESOURCES.*i18n.*$") "")))))
193 (add-after 'build 'build-continued
194 (lambda _
195 ;; Generate goshim library and header files.
196 (let* ((dir "src/0xacab.org/leap/bitmask-vpn")
197 (source (string-append dir "/gui/backend.go"))
198 (target (string-append dir "/lib/libgoshim.a")))
199 (mkdir-p (string-append dir "/lib"))
200 (invoke "go" "build" "-buildmode=c-archive" "-o" target source))
201 ;; Build bitmask application.
202 (with-directory-excursion "src/0xacab.org/leap/bitmask-vpn"
203 (delete-file "Makefile")
204 (invoke "qmake" "bitmask.pro")
205 (invoke "make"))))
206 (add-after 'check 'check-continued
207 (lambda* (#:key tests? #:allow-other-keys)
208 (when tests?
209 ;; Run bitmask test-suite.
210 (with-directory-excursion "src/0xacab.org/leap/bitmask-vpn"
211 (delete-file "Makefile")
212 (invoke "qmake" "test.pro")
213 ;; Tests require display-server.
214 (setenv "QT_QPA_PLATFORM" "offscreen")
215 ;; Tests look for $XDG_RUNTIME_DIR.
216 (setenv "XDG_RUNTIME_DIR" (getenv "TEMP"))
217 ;; Tests write to $HOME.
218 (setenv "HOME" (getenv "TEMP"))
219 (invoke "make" "check")))))
220 (add-after 'install 'install-continued
221 (lambda args
222 (apply (assoc-ref copy:%standard-phases 'install)
223 #:install-plan
224 ;; Install bitmask program.
225 '(("src/0xacab.org/leap/bitmask-vpn/release"
226 "bin"
227 #:include ("bitmask"))
228 ;; Install bitmask-root script.
229 ("src/0xacab.org/leap/bitmask-vpn/helpers"
230 "sbin"
231 #:include ("bitmask-root"))
232 ;; Install polkit-policy.
233 ("src/0xacab.org/leap/bitmask-vpn/helpers"
234 "share/polkit-1/actions"
235 #:include ("se.leap.bitmask.policy")))
236 args)))
237 (add-after 'install-continued 'post-install
238 (lambda* (#:key outputs #:allow-other-keys)
239 (let* ((out (assoc-ref outputs "out"))
240 (bitmask (string-append out "/bin/bitmask"))
241 (bitmask-root (string-append out "/sbin/bitmask-root")))
242 ;; Make bitmask-root script executable.
243 (chmod bitmask-root #o777))))
244 (add-after 'post-install 'python-wrap
245 (assoc-ref python:%standard-phases 'wrap))
246 (add-after 'python-wrap 'qt-wrap
247 (assoc-ref qt:%standard-phases 'qt-wrap)))))
248 (native-inputs
8394619b 249 (list pkg-config))
b30651ae
RG		 250 (inputs
251 `(("iproute" ,iproute)
252 ("iptables" ,iptables)
253 ("mesa" ,mesa)
254 ("openvpn" ,openvpn)
255 ("polkit" ,polkit)
256 ("procps" ,procps)
257 ("python" ,python)
258 ("qtbase" ,qtbase-5)
735d340a 259 ("qtdeclarative-5" ,qtdeclarative-5)
a78d101e 260 ("qtgraphicaleffects" ,qtgraphicaleffects)
65e5e85d 261 ("qtquickcontrols-5" ,qtquickcontrols-5)
1130fc59 262 ("qtquickcontrols2-5" ,qtquickcontrols2-5)
1ef04fb2 263 ("qtsvg-5" ,qtsvg-5)))
b30651ae 264 (propagated-inputs
8394619b
LC		 265 (list go-0xacab-org-leap-shapeshifter
266 go-github-com-apparentlymart-go-openvpn-mgmt
267 go-github-com-emersion-go-autostart
268 go-github-com-keybase-go-ps
269 go-github-com-rakyll-statik
270 go-github-com-sevlyar-go-daemon
271 go-golang-org-x-sys))
b30651ae
RG		 272 (synopsis "Generic VPN client by LEAP")
273 (description "Bitmask, by @acronym{LEAP, LEAP Encryption Access Project},
274is an application to provide easy and secure encrypted communication with a
275@acronym{VPN, Virtual Private Network}. It allows you to select from a variety
276of trusted service provider all from one app. Current providers include Riseup
277Networks and The Calyx Institute, where the former is default.")
278 (home-page "https://bitmask.net/")
279 (license license:gpl3+)))
280
7af8a9b7
LC		 281(define-public gvpe
282 (package
283 (name "gvpe")
574d877e 284 (version "3.1")
7af8a9b7
LC		 285 (source (origin
286 (method url-fetch)
287 (uri (string-append "mirror://gnu/gvpe/gvpe-"
288 version ".tar.gz"))
289 (sha256
290 (base32
574d877e 291 "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi"))))
7af8a9b7
LC		 292 (build-system gnu-build-system)
293 (home-page "http://software.schmorp.de/pkg/gvpe.html")
8394619b
LC		 294 (native-inputs (list pkg-config))
295 (inputs (list openssl zlib))
7af8a9b7
LC		 296 (synopsis "Secure VPN among multiple nodes over an untrusted network")
297 (description
298 "The GNU Virtual Private Ethernet creates a virtual network
299with multiple nodes using a variety of transport protocols. It works
300by creating encrypted host-to-host tunnels between multiple
301endpoints.")
302 (license license:gpl3+)))
303
51736faa
LH		 304(define-public n2n
305 (package
306 (name "n2n")
307 (version "2.8")
308 (source (origin
309 (method git-fetch)
310 (uri (git-reference
311 (url "https://github.com/ntop/n2n")
312 (commit version)))
313 (file-name (git-file-name name version))
314 (sha256
315 (base32
316 "1ph2npvnqh1xnmkp96pdzpxm033jkb8zznd3nc59l9arhn0pq4nv"))))
317 (build-system gnu-build-system)
318 (arguments
319 (list
320 #:make-flags
321 #~(list (string-append "PREFIX=" #$output)
322 (string-append "CC=" #$(cc-for-target)))
323 #:phases
324 #~(modify-phases %standard-phases
325 (add-before 'bootstrap 'move-configure
326 ;; Don't execute configure script in bootstrap.
346a6863 327 (lambda _
51736faa
LH		 328 (substitute* "autogen.sh"
329 (("./configure") ""))))
330 (add-before 'configure 'fix-configure
346a6863 331 (lambda* (#:key inputs native-inputs #:allow-other-keys)
51736faa 332 (substitute* "configure"
346a6863
NG		 333 (("/bin/sh")
334 (search-input-file (or native-inputs inputs) "/bin/sh"))))))
51736faa
LH		 335 #:tests? #f)) ;there is no check target
336 (native-inputs
337 (list autoconf automake bash-minimal pkg-config))
338 (home-page "https://github.com/ntop/n2n")
339 (synopsis "Peer-to-peer VPN client and server")
340 (description
341 "n2n is a light VPN software which makes it easy to create virtual
342networks bypassing intermediate firewalls.")
343 (license license:gpl3+)))
344
c85ed0e7
TGR		 345(define-public strongswan
346 (package
347 (name "strongswan")
95cea73e 348 (version "5.9.4")
c85ed0e7
TGR		 349 (source
350 (origin
351 (method url-fetch)
352 (uri (string-append "https://download.strongswan.org/strongswan-"
353 version ".tar.bz2"))
354 (sha256
95cea73e 355 (base32 "063mi0kdlpd7r7s3py35yf80hvrv3nrdfvxpyn7ns25gqajg3za5"))))
c85ed0e7
TGR		 356 (build-system gnu-build-system)
357 (arguments
358 `(#:phases
359 (modify-phases %standard-phases
360 (add-before 'build 'patch-command-file-names
361 (lambda* (#:key inputs #:allow-other-keys)
d0cc1d65
TGR		 362 (substitute* "src/ipsec/_ipsec.in"
363 (("cat|kill|sleep|rm|uname" command)
364 (string-append (assoc-ref inputs "coreutils")
365 "/bin/" command)))
c85ed0e7
TGR		 366 (substitute* "src/libstrongswan/utils/process.c"
367 (("/bin/sh")
bc64d955 368 (search-input-file inputs "/bin/sh")))
c85ed0e7
TGR		 369
370 (substitute* "src/libstrongswan/tests/suites/test_process.c"
371 (("/bin/sh") (which "sh"))
372 (("/bin/echo") (which "echo"))
95cea73e 373 (("cat") (which "cat")))))
c85ed0e7
TGR		 374 (add-before 'check 'set-up-test-environment
375 (lambda* (#:key inputs #:allow-other-keys)
6ea7297e
LC		 376 (setenv "TZDIR"
377 (search-input-directory inputs "share/zoneinfo")))))
c85ed0e7
TGR		 378 #:configure-flags
379 (list
380 "--disable-ldap"
381 "--disable-mysql"
382 "--disable-systemd"
383
384 ;; Disable BSD-4 licensed plugins.
385 "--disable-blowfish"
386 "--disable-des"
387
388 ;; Make it usable. The default configuration is far too minimal to be
389 ;; used with most common VPN set-ups.
390 ;; See <https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf>.
391 "--enable-aesni"
392 "--enable-attr-sql"
393 "--enable-chapoly"
394 "--enable-curl"
395 "--enable-dhcp"
396 "--enable-eap-aka"
397 "--enable-eap-aka-3gpp"
398 "--enable-eap-dynamic"
399 "--enable-eap-identity"
400 "--enable-eap-md5"
401 "--enable-eap-mschapv2"
402 "--enable-eap-peap"
403 "--enable-eap-radius"
404 "--enable-eap-sim"
405 "--enable-eap-sim-file"
406 "--enable-eap-simaka-pseudonym"
407 "--enable-eap-simaka-reauth"
408 "--enable-eap-simaka-sql"
409 "--enable-eap-tls"
410 "--enable-eap-tnc"
411 "--enable-eap-ttls"
412 "--enable-ext-auth"
413 "--enable-farp"
414 "--enable-ha"
415 "--enable-led"
416 "--enable-md4"
417 "--enable-mediation"
418 "--enable-openssl"
419 "--enable-soup"
420 "--enable-sql"
421 "--enable-sqlite"
422 "--enable-xauth-eap"
423 "--enable-xauth-noauth"
424 "--enable-xauth-pam"
425
426 ;; Use libcap by default.
427 "--with-capabilities=libcap")))
428 (inputs
8394619b
LC		 429 (list coreutils
430 curl
431 gmp
432 libcap
433 libgcrypt
ff093f57 434 libsoup-minimal-2
8394619b
LC		 435 linux-pam
436 openssl))
c85ed0e7 437 (native-inputs
8394619b 438 (list coreutils pkg-config tzdata-for-tests))
c85ed0e7
TGR		 439 (synopsis "IKEv1/v2 keying daemon")
440 (description "StrongSwan is an IPsec implementation originally based upon
441the FreeS/WAN project. It contains support for IKEv1, IKEv2, MOBIKE, IPv6,
442NAT-T and more.")
443 (home-page "https://strongswan.org/")
444 (license
445 (list license:gpl2+
446 ;; src/aikgen/*
447 ;; src/libcharon/plugins/dnscert/*
448 ;; src/libcharon/plugins/ext_auth/*
449 ;; src/libcharon/plugins/vici/ruby/*
450 ;; src/libcharon/plugins/xauth_pam/xauth_pam_listener.[ch]
451 license:expat
452 ;; src/inclue/sys/*
453 license:bsd-3
454 ;; src/libstrongswan/plugins/sha3/sha3_keccak.c
455 license:public-domain
456 ;; src/libstrongswan/plugins/pkcs11/pkcs11.h
457 (license:non-copyleft
458 "file://src/libstrongswan/plugins/pkcs11/pkcs11.h"
95cea73e 459 "pkcs11 contains an unknown permissive license. View the specific
c85ed0e7
TGR		 460file for more details.")
461 ;; These files are not included in the
462 ;; build, they are disabled through
463 ;; options to ./configure
464 ;;
465 ;; src/libstrongswan/plugins/blowfish/bf_enc.c
466 ;; src/libstrongswan/plugins/blowfish/bf_locl.h
467 ;; src/libstrongswan/plugins/blowfish/bf_pi.h
468 ;; src/libstrongswan/plugins/blowfish/bf_skey.c
469 ;; src/libstrongswan/plugins/blowfish/blowfish_crypter.c
470 ;; src/libstrongswan/plugins/des/des_crypter.c
471 license:bsd-4))))
472
49f24f41
AE		 473(define-public vpnc
474 (package
475 (name "vpnc")
476 (version "0.5.3")
477 (source (origin
478 (method url-fetch)
594360f5 479 (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41
AE		 480 version ".tar.gz"))
481 (sha256 (base32
101e67ac 482 "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41 483 (build-system gnu-build-system)
bb88505e
JPDJD		 484 (native-inputs (append (list perl pkg-config vpnc-scripts)
485 (if (%current-target-system)
486 (list this-package)
487 '())))
488 (inputs (list libgcrypt vpnc-scripts))
49f24f41 489 (arguments
bb88505e
JPDJD		 490 (list #:tests? #f ;; There is no check target
491 #:make-flags
492 #~(list (string-append "CC=" #$(cc-for-target))
493 (string-append "ETCDIR=" #$output "/etc/vpnc")
494 (string-append "PREFIX=" #$output))
495 #:phases
496 #~(modify-phases %standard-phases
497 (delete 'configure) ;; No configure script.
498 (add-after 'unpack 'use-store-paths
499 (lambda* (#:key inputs #:allow-other-keys)
500 (let ((vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
501 (substitute* "config.c"
502 (("/etc/vpnc/vpnc-script")
503 (string-append vpnc-scripts
504 "/etc/vpnc/vpnc-script"))))))
505 (add-after 'unpack 'patch-Makefile
506 (lambda* (#:key target #:allow-other-keys)
507 (let* ((pkg-config #$(pkg-config-for-target))
508 (includedir (string-append pkg-config
509 " --variable=includedir"
510 " libgcrypt"))
511 (cflags (string-append pkg-config
512 " --cflags"
513 " libgcrypt"))
514 (libdir (string-append pkg-config
515 " --variable=libdir"
516 " libgcrypt"))
517 (libs (string-append pkg-config
518 " --libs"
519 " libgcrypt")))
520 (substitute* "Makefile"
521 (("\\$\\(shell libgcrypt-config --cflags\\)")
522 (string-append "-I$(shell " includedir ") "
523 "$(shell " cflags ")"))
524 (("\\$\\(shell libgcrypt-config --libs\\)")
525 (string-append
526 "-L$(shell " libdir ") "
527 "$(shell " libs ")")))
528 ;; When cross-compiling the manpage can't be generated as the
529 ;; Makefile needs to execute the resulting `vpnc' binary.
530 (when target
531 (substitute* "Makefile"
532 (("all : \\$\\(BINS\\) vpnc\\.8 vpnc-script")
533 "all : $(BINS) vpnc-script")
534 (("install -m644 vpnc\\.8.*") ""))))))
535 (add-after 'unpack 'install-manpage
536 (lambda* (#:key native-inputs inputs target
537 #:allow-other-keys)
538 ;; As the manpage is not generated. Instead install it from
539 ;; the input vpnc package.
540 (when target
541 (let* ((vpnc (assoc-ref native-inputs "vpnc"))
542 (man (string-append vpnc
543 "/share/man/man8/vpnc.8.gz"))
544 (output (string-append #$output "/share/man/man8")))
545 (install-file man output))))))))
799dcdc4 546 (synopsis "Client for Cisco VPN concentrators")
49f24f41
AE		 547 (description
548 "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423 549It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41 550shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423 5511DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41 552Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
31e4eaf5 553 (license (list license:gpl2+ license:bsd-2))
d61043c7 554 (home-page "https://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a 555
06d91fd9 556(define-public vpnc-scripts
fc4338b8 557 (let ((commit "3885f8bbc4ae03fd6da0ada6de12f7223a59595c"))
06d91fd9
TGR		 558 (package
559 (name "vpnc-scripts")
fc4338b8 560 (version (string-append "20200925." (string-take commit 7)))
06d91fd9
TGR		 561 (source (origin
562 (method git-fetch)
563 (uri
564 (git-reference
565 (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
566 (commit commit)))
728ee9d6 567 (file-name (git-file-name name version))
06d91fd9
TGR		 568 (sha256
569 (base32
fc4338b8 570 "1pmi4n58q81pmn9arvfixhvv6vkkf3rpwac3hwnwyl882q5q0ccx"))))
06d91fd9 571 (build-system gnu-build-system)
8394619b
LC		 572 (inputs (list guile-3.0 ; for the wrapper scripts
573 coreutils
574 grep
575 iproute ; for ‘ip’
576 net-tools ; for ‘ifconfig’, ‘route’
577 sed
578 which))
06d91fd9
TGR		 579 (arguments
580 `(#:phases
581 (modify-phases %standard-phases
582 (add-after 'unpack 'use-relative-paths
583 ;; Patch the scripts to work with and use relative paths.
584 (lambda* _
585 (for-each (lambda (script)
586 (substitute* script
587 (("^PATH=.*") "")
92594b2e 588 (("/usr/s?bin/") "")
06d91fd9
TGR		 589 (("\\[ +-x +([^]]+) +\\]" _ command)
590 (string-append "command -v >/dev/null 2>&1 "
591 command))))
592 (find-files "." "^vpnc-script"))
593 #t))
594 (delete 'configure) ; no configure script
595 (replace 'build
596 (lambda _
863501b7 597 (invoke "gcc" "-o" "netunshare" "netunshare.c")))
06d91fd9
TGR		 598 (replace 'install
599 ;; There is no Makefile; manually install the relevant files.
600 (lambda* (#:key outputs #:allow-other-keys)
601 (let* ((out (assoc-ref outputs "out"))
602 (etc (string-append out "/etc/vpnc")))
603 (for-each (lambda (file)
604 (install-file file etc))
605 (append (find-files "." "^vpnc-script")
606 (list "netunshare"
607 "xinetd.netns.conf")))
608 #t)))
609 (add-after 'install 'wrap-scripts
610 ;; Wrap scripts with paths to their common hard dependencies.
611 ;; Optional dependencies will need to be installed by the user.
612 (lambda* (#:key inputs outputs #:allow-other-keys)
3bbb0ec8
MD		 613 (let ((out (assoc-ref outputs "out"))
614 (guile (search-input-file inputs "bin/guile")))
06d91fd9
TGR		 615 (for-each
616 (lambda (script)
b47e083b 617 (wrap-script (string-append out "/etc/vpnc/" script)
3bbb0ec8 618 #:guile guile
06d91fd9
TGR		 619 `("PATH" ":" prefix
620 ,(map (lambda (name)
621 (let ((input (assoc-ref inputs name)))
622 (string-append input "/bin:"
623 input "/sbin")))
624 (list "coreutils"
625 "grep"
626 "iproute2"
627 "net-tools"
628 "sed"
629 "which")))))
b47e083b
RW		 630 (list "vpnc-script-ptrtd"
631 "vpnc-script-sshd"
632 "vpnc-script"))
863501b7 633 #t))))
06d91fd9
TGR		 634 #:tests? #f)) ; no tests
635 (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
636 (synopsis "Network configuration scripts for Cisco VPN clients")
637 (description
638 "This set of scripts configures routing and name services when invoked
639by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
640
641The default @command{vpnc-script} automatically configures most common
642connections, and provides hooks for performing custom actions at various stages
643of the connection or disconnection process.
644
645Alternative scripts are provided for more complicated set-ups, or to serve as an
646example for writing your own. For example, @command{vpnc-script-sshd} contains
647the entire VPN in a network namespace accessible only through SSH.")
648 (license license:gpl2+))))
71f4b81a 649
01224157
PL		 650(define-public ocproxy
651 (package
652 (name "ocproxy")
653 (version "1.60")
654 (source (origin
98ebc8fd
EF		 655 (method git-fetch)
656 (uri (git-reference
b0e7b699 657 (url "https://github.com/cernekee/ocproxy")
98ebc8fd
EF		 658 (commit (string-append "v" version))))
659 (file-name (git-file-name name version))
01224157
PL		 660 (sha256
661 (base32
98ebc8fd 662 "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx"))))
01224157
PL		 663 (build-system gnu-build-system)
664 (native-inputs
8394619b 665 (list autoconf automake))
01224157 666 (inputs
8394619b 667 (list libevent))
01224157
PL		 668 (home-page "https://github.com/cernekee/ocproxy")
669 (synopsis "OpenConnect proxy")
670 (description
671 "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
672on LwIP. When using ocproxy, OpenConnect only handles network activity that
673the user specifically asks to proxy, so the @dfn{VPN} interface no longer
674\"hijacks\" all network traffic on the host.")
675 (license license:bsd-3)))
676
71f4b81a
AE		 677(define-public openconnect
678 (package
679 (name "openconnect")
08e64ee6 680 (version "9.01")
71f4b81a
AE		 681 (source (origin
682 (method url-fetch)
d4bf49b1
EB		 683 (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
684 "openconnect-" version ".tar.gz"))
c383c36e 685 (sha256
08e64ee6 686 (base32 "1iz4j00031a5ircrx30lkiwf58yl9kc827m4ssck4yg963wgmmxk"))))
71f4b81a 687 (build-system gnu-build-system)
0d7f282b 688 (propagated-inputs
8394619b 689 (list libxml2 gnutls zlib))
0d7f282b 690 (inputs
8394619b 691 (list lz4 vpnc-scripts))
c4c4cc05 692 (native-inputs
b94a6ca0 693 `(("gettext" ,gettext-minimal)
c4c4cc05 694 ("pkg-config" ,pkg-config)))
71f4b81a 695 (arguments
d4bf49b1
EB		 696 `(#:configure-flags
697 `(,(string-append "--with-vpnc-script="
a6d06e86 698 (assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1 699 "/etc/vpnc/vpnc-script"))))
799dcdc4 700 (synopsis "Client for Cisco VPN")
71f4b81a
AE		 701 (description
702 "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
703supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
704870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
705and probably others.")
706 (license license:lgpl2.1)
8b1d0ff4 707 (home-page "https://www.infradead.org/openconnect/")))
dc77f0d3 708
80005d03
EF		 709(define-public openconnect-sso
710 (package
711 (name "openconnect-sso")
c13b9ae3 712 (version "0.7.3")
80005d03
EF		 713 (source
714 (origin
715 (method url-fetch)
716 (uri (pypi-uri "openconnect-sso" version))
717 (sha256
c13b9ae3 718 (base32 "065s5c8q80jh0psdw7694nlabwpra7aw6yc4jlgsc9vxx8rx2na1"))))
80005d03
EF		 719 (build-system python-build-system)
720 (arguments
721 `(#:tests? #f ; Tests not included, building from git requires poetry.
722 #:phases
723 (modify-phases %standard-phases
80005d03
EF		 724 (add-after 'unpack 'patch-openconnect
725 (lambda _
726 (substitute* "openconnect_sso/app.py"
727 (("\"openconnect\"")
728 (string-append "\"" (which "openconnect") "\"")))
729 #t))
730 (replace 'check
731 (lambda* (#:key tests? #:allow-other-keys)
732 (when tests?
733 (invoke "pytest" "-v"))
734 #t))
735 (add-after 'install 'wrap-qt-process-path
736 (lambda* (#:key inputs outputs #:allow-other-keys)
737 (let* ((out (assoc-ref outputs "out"))
738 (bin (string-append out "/bin/openconnect-sso"))
739 (qt-process-path (string-append
a0beb297 740 (assoc-ref inputs "qtwebengine-5")
80005d03
EF		 741 "/lib/qt5/libexec/QtWebEngineProcess")))
742 (wrap-program bin
b74085ce 743 #:sh (search-input-file inputs "bin/bash")
80005d03
EF		 744 `("QTWEBENGINEPROCESS_PATH" = (,qt-process-path)))
745 #t))))))
746 (inputs
8394619b
LC		 747 (list openconnect
748 python-attrs
749 python-colorama
750 python-keyring
751 python-lxml
752 python-prompt-toolkit
753 python-requests
d0fbd336 754 python-pyqt-without-qtwebkit
8394619b
LC		 755 python-pyqtwebengine
756 python-pysocks
757 python-pyxdg
758 python-structlog
759 python-toml
a0beb297 760 qtwebengine-5))
80005d03 761 (native-inputs
8394619b 762 (list python-pytest python-setuptools-scm))
80005d03
EF		 763 (home-page "https://github.com/vlaci/openconnect-sso")
764 (synopsis "OpenConnect wrapper script supporting Azure AD (SAMLv2)")
765 (description
766 "This package provides a wrapper script for OpenConnect supporting Azure AD
767(SAMLv2) authentication to Cisco SSL-VPNs.")
768 (license license:gpl3)))
769
18918ebe
DD		 770(define-public openfortivpn
771 (package
772 (name "openfortivpn")
67375109 773 (version "1.17.3")
18918ebe
DD		 774 (source (origin
775 (method git-fetch)
776 (uri (git-reference
777 (url "https://github.com/adrienverge/openfortivpn")
778 (commit (string-append "v" version))))
779 (file-name (git-file-name name version))
780 (sha256
781 (base32
67375109 782 "0an58f0qcyxdx3d5zb5m8vi45a0251b950b5lh16572n8z2g6s2l"))))
18918ebe
DD		 783 (build-system gnu-build-system)
784 (native-inputs
e3196755 785 (list autoconf automake pkg-config))
18918ebe 786 (inputs
8394619b 787 (list openssl ppp))
18918ebe
DD		 788 (home-page "https://github.com/adrienverge/openfortivpn")
789 (synopsis "Client for PPP+SSL VPN tunnel services")
790 (description "Openfortivpn is a client for PPP+SSL VPN tunnel services. It
791spawns a pppd process and operates the communication between the gateway and
792this process. It is compatible with Fortinet VPNs.")
793 (license license:gpl3+)))
794
dc77f0d3
DT		 795(define-public openvpn
796 (package
797 (name "openvpn")
a8a3d31d 798 (version "2.5.6")
dc77f0d3
DT		 799 (source (origin
800 (method url-fetch)
801 (uri (string-append
802 "https://swupdate.openvpn.org/community/releases/openvpn-"
a8a3d31d 803 version ".tar.gz"))
dc77f0d3
DT		 804 (sha256
805 (base32
a8a3d31d 806 "0gdd88rcan9vfiwkzsqn6fxxdim7kb1bsxrcra59c5xksprpwfik"))))
dc77f0d3
DT		 807 (build-system gnu-build-system)
808 (arguments
809 '(#:configure-flags '("--enable-iproute2=yes")))
810 (native-inputs
8394619b 811 (list iproute))
dc77f0d3 812 (inputs
8394619b 813 (list lz4 lzo openssl linux-pam))
dc77f0d3
DT		 814 (home-page "https://openvpn.net/")
815 (synopsis "Virtual private network daemon")
9599339c
TGR		 816 (description
817 "OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3
DT		 818for creating secure point-to-point or site-to-site connections in routed or
819bridged configurations and remote access facilities. It uses a custom
820security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c 821traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3 822 (license license:gpl2)))
feca8e2b 823
c873980d
RP		 824(define-public protonvpn-cli
825 (package
826 (name "protonvpn-cli")
04d50f0a 827 (version "2.2.6")
c873980d
RP		 828 (source
829 (origin
830 ;; PyPI has a ".whl" file but not a proper source release.
831 ;; Thus, fetch code from Git.
832 (method git-fetch)
833 (uri (git-reference
b0e7b699 834 (url "https://github.com/ProtonVPN/linux-cli")
c873980d
RP		 835 (commit (string-append "v" version))))
836 (file-name (git-file-name name version))
837 (sha256
04d50f0a 838 (base32 "0y7v9ikrmy5dbjlpbpacp08gy838i8z54m8m4ps7ldk1j6kyia3n"))))
c873980d 839 (build-system python-build-system)
bcfa8b4a
RP		 840 (arguments
841 '(#:tests? #f ; no tests in repo
842 #:phases
843 (modify-phases %standard-phases
844 (add-after 'wrap 'wrap-wrapper
845 ;; Wrap entrypoint with paths to its hard dependencies.
846 (lambda* (#:key inputs outputs #:allow-other-keys)
847 (let ((entrypoint (string-append (assoc-ref outputs "out")
9c8f68f4 848 "/bin/protonvpn")))
bcfa8b4a 849 (wrap-program entrypoint
96a2ae40 850 #:sh (search-input-file inputs "bin/bash")
bcfa8b4a
RP		 851 `("PATH" ":" prefix
852 ,(map (lambda (name)
853 (let ((input (assoc-ref inputs name)))
854 (string-append input "/bin:"
855 input "/sbin")))
856 (list "dialog"
857 "iproute2"
858 "iptables"
859 "ncurses"
860 "openvpn"
861 "procps"
862 "which")))))
e641d707
JP		 863 #t))
864 ;; The `protonvpn' script wants to write to `~user' to initialize its
865 ;; logger, so simply setting HOME=/tmp won't cut it. Remove
866 ;; sanity-check.
867 (delete 'sanity-check))))
c873980d 868 (native-inputs
8394619b 869 (list python-docopt))
c873980d 870 (inputs
8394619b
LC		 871 (list dialog
872 iproute
873 iptables
874 ncurses
875 openvpn
876 procps
877 python-jinja2
878 python-pythondialog
879 python-requests
880 which))
c873980d
RP		 881 (synopsis "Command-line client for ProtonVPN")
882 (description
86ac14b2
LC		 883 "This is the official command-line interface for ProtonVPN, a secure
884point-to-point virtual private networking (VPN) service with a gratis tier.
885It can automatically find and connect to the fastest servers or use Tor over
886VPN. The gratis tier offers unlimited bandwidth for up to 10 devices.")
c873980d
RP		 887 (home-page "https://github.com/ProtonVPN/linux-cli")
888 (license license:gpl3+)))
889
feca8e2b
JM		 890(define-public tinc
891 (package
892 (name "tinc")
2b247e51 893 (version "1.0.36")
feca8e2b
JM		 894 (source (origin
895 (method url-fetch)
e81ddeda 896 (uri (string-append "https://tinc-vpn.org/packages/"
657c3ff6 897 "tinc-" version ".tar.gz"))
feca8e2b
JM		 898 (sha256
899 (base32
2b247e51 900 "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0"))))
feca8e2b 901 (build-system gnu-build-system)
7b770eca
SB		 902 (arguments
903 '(#:configure-flags
904 '("--sysconfdir=/etc"
905 "--localstatedir=/var")))
8394619b 906 (inputs (list zlib lzo openssl))
e81ddeda 907 (home-page "https://tinc-vpn.org")
feca8e2b
JM		 908 (synopsis "Virtual Private Network (VPN) daemon")
909 (description
910 "Tinc is a VPN that uses tunnelling and encryption to create a secure
911private network between hosts on the internet.")
912 (license license:gpl2+)))
5c863d57
TGR		 913
914(define-public sshuttle
915 (package
916 (name "sshuttle")
627c6531 917 (version "0.78.5")
5c863d57
TGR		 918 (source
919 (origin
920 (method url-fetch)
921 (uri (pypi-uri name version))
922 (sha256
923 (base32
627c6531 924 "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"))))
5c863d57 925 (build-system python-build-system)
c32863e0
TGR		 926 (arguments
927 `(#:phases
928 (modify-phases %standard-phases
929 (add-after 'unpack 'patch-FHS-file-names
930 (lambda _
931 (substitute* "sshuttle/client.py"
932 (("/usr/bin/env") (which "env")))
933 (substitute* "sshuttle/ssh.py"
0e2d3ce2 934 (("/bin/sh") "sh"))
c32863e0 935 #t)))))
5c863d57 936 (native-inputs
8394619b
LC		 937 (list python-setuptools-scm
938 ;; For tests only.
939 python-flake8
940 python-mock
941 python-pytest-cov
942 python-pytest-runner))
5c863d57
TGR		 943 (home-page "https://github.com/sshuttle/sshuttle")
944 (synopsis "VPN that transparently forwards connections over SSH")
945 (description "sshuttle creates an encrypted virtual private network (VPN)
946connection to any remote server to which you have secure shell (SSH) access.
947The only requirement is a suitable version of Python on the server;
948administrative privileges are required only on the client. Unlike most VPNs,
949sshuttle forwards entire sessions, not packets, using kernel transparent
950proxying. This makes it faster and more reliable than SSH's own tunneling and
951port forwarding features. It can forward both TCP and UDP traffic, including
952DNS domain name queries.")
953 (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b
TGR		 954
955(define-public sshoot
956 (package
957 (name "sshoot")
d45727f4 958 (version "1.5.1")
1ce6f33b
TGR		 959 (source
960 (origin
961 (method url-fetch)
962 (uri (pypi-uri name version))
963 (sha256
964 (base32
d45727f4 965 "05i54nga4vy660yy9yf6dl376yj0jc51303yr295qk3k9w0k96yd"))))
1ce6f33b 966 (build-system python-build-system)
c0b12a60
MB		 967 (arguments
968 '(#:phases
969 (modify-phases %standard-phases
970 (add-after 'unpack 'patch-paths
971 (lambda _
972 (substitute* "sshoot/tests/test_manager.py"
d45727f4
MC		 973 (("/bin/sh") (which "sh")))))
974 (replace 'check
975 (lambda* (#:key tests? #:allow-other-keys)
976 (when tests?
977 (invoke "pytest" "-vv" "--pyargs" "sshoot")))))))
1ce6f33b 978 (inputs
d45727f4
MC		 979 (list python-argcomplete
980 python-prettytable
981 python-pyyaml
982 python-pyxdg
983 python-toolrack))
1ce6f33b
TGR		 984 ;; For tests only.
985 (native-inputs
d45727f4 986 (list python-pytest python-pytest-mock))
3b4018d6 987 (home-page "https://github.com/albertodonato/sshoot")
1ce6f33b
TGR		 988 (synopsis "sshuttle VPN session manager")
989 (description "sshoot provides a command-line interface to manage multiple
990@command{sshuttle} virtual private networks. It supports flexible profiles
991with configuration options for most of @command{sshuttle}’s features.")
992 (license license:gpl3+)))
7ba2b274
MP		 993
994(define-public badvpn
995 (package
996 (name "badvpn")
997 (version "1.999.130")
998 (source
999 (origin
1000 (method git-fetch)
1001 (uri (git-reference
b0e7b699 1002 (url "https://github.com/ambrop72/badvpn")
7ba2b274
MP		 1003 (commit version)))
1004 (file-name (git-file-name name version))
1005 (sha256
1006 (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c"))))
1007 (build-system cmake-build-system)
1008 (arguments
1009 '(#:tests? #f)) ; no tests
1010 (inputs
8394619b 1011 (list nspr nss openssl))
7ba2b274 1012 (native-inputs
8394619b 1013 (list pkg-config))
7ba2b274
MP		 1014 (home-page "https://github.com/ambrop72/badvpn")
1015 (synopsis "Peer-to-peer virtual private network (VPN)")
1016 (description "@code{BadVPN} is a collection of virtual private
1017network (VPN) tools. It includes:
1018
1019@enumerate
1020@item NCD programming language.\n
1021NCD (Network Configuration Daemon) is a daemon and programming/scripting
1022language for configuration of network interfaces and other aspects of the
1023operating system.
1024@item Tun2socks network-layer proxifier.\n
1025The tun2socks program socksifes TCP connections at the network layer. It
1026implements a TUN device which accepts all incoming TCP connections (regardless
1027of destination IP), and forwards the connections through a SOCKS server.
1028@item Peer-to-peer VPN.\n
1029The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
1030(VPN nodes).
1031@end enumerate")
1032 ;; This project contains a bundled lwIP. lwIP is also released under the
1033 ;; 3-clause BSD license.
1034 (license license:bsd-3)))
7a0479bb 1035
336d7644 1036(define-public wireguard-linux-compat
7a0479bb 1037 (package
336d7644 1038 (name "wireguard-linux-compat")
c3e6fcde 1039 (version "1.0.20201221")
7a0479bb
LF		 1040 (source (origin
1041 (method url-fetch)
336d7644
LF		 1042 (uri (string-append "https://git.zx2c4.com/wireguard-linux-compat/"
1043 "snapshot/wireguard-linux-compat-" version
1044 ".tar.xz"))
7a0479bb
LF		 1045 (sha256
1046 (base32
c3e6fcde 1047 "0ci13in0fqq32n5qamch4qhjgbdq86ygrgmfhc9szsh2nsl8jlkf"))))
3b177a6c
BW		 1048 (build-system linux-module-build-system)
1049 (outputs '("out"
1050 "kernel-patch"))
7a0479bb 1051 (arguments
76ad9547
TGR		 1052 `(#:linux ,linux-libre-5.4 ; mustn't have WG built-in
1053 #:tests? #f ; no test suite
3b177a6c 1054 #:modules ((guix build linux-module-build-system)
7a0479bb
LF		 1055 (guix build utils)
1056 (ice-9 popen)
1057 (ice-9 textual-ports))
1058 #:phases
1059 (modify-phases %standard-phases
3b177a6c
BW		 1060 (add-before 'build 'change-directory
1061 (lambda _
1062 (chdir "./src")
1063 #t))
1064 (add-after 'build 'build-patch
7a0479bb 1065 (lambda* (#:key outputs #:allow-other-keys)
3b177a6c 1066 (let* ((patch-builder "../kernel-tree-scripts/create-patch.sh")
7a0479bb
LF		 1067 (port (open-input-pipe patch-builder))
1068 (str (get-string-all port)))
1069 (close-pipe port)
336d7644 1070 (call-with-output-file "wireguard.patch"
7a0479bb
LF		 1071 (lambda (port)
1072 (format port "~a" str))))
76ad9547 1073 #t))
3b177a6c 1074 (add-after 'install 'install-patch
336d7644
LF		 1075 (lambda* (#:key outputs #:allow-other-keys)
1076 (install-file "wireguard.patch"
3b177a6c
BW		 1077 (assoc-ref %outputs "kernel-patch"))
1078 #t))
1079 ;; So that 'install-license-files' works...
1080 (add-before 'install-license-files 'reset-cwd
1081 (lambda _
1082 (chdir "..")
336d7644
LF		 1083 #t)))))
1084 (home-page "https://git.zx2c4.com/wireguard-linux-compat/")
1085 (synopsis "WireGuard kernel module for Linux 3.10 through 5.5")
3b177a6c
BW		 1086 (description "This package contains an out-of-tree kernel patch and
1087a loadable module adding WireGuard to Linux kernel versions 3.10 through 5.5.
1088WireGuard was added to Linux 5.6.")
7a0479bb 1089 (license license:gpl2)))
1b17c23e 1090
10650b89
TGR		 1091(define-public wireguard-tools
1092 (package
1093 (name "wireguard-tools")
0fd3b422 1094 (version "1.0.20210914")
10650b89
TGR		 1095 (source
1096 (origin
1097 (method git-fetch)
1098 (uri (git-reference
1099 (url "https://git.zx2c4.com/wireguard-tools.git")
1100 (commit (string-append "v" version))))
1101 (file-name (git-file-name name version))
1102 (sha256
0fd3b422 1103 (base32 "1nafrb2naif0z7z3vijnlyp81z89ywzlagc64k4sqa3ayzn95sm0"))))
10650b89
TGR		 1104 (build-system gnu-build-system)
1105 (arguments
19781930 1106 `(#:make-flags
598afe95 1107 (list ,(string-append "CC=" (cc-for-target))
c1005113 1108 "--directory=src"
10650b89
TGR		 1109 "WITH_BASHCOMPLETION=yes"
1110 ;; Install the ‘simple and dirty’ helper script wg-quick(8).
1111 "WITH_WGQUICK=yes"
1112 (string-append "PREFIX=" (assoc-ref %outputs "out"))
1113 ;; Currently used only to create an empty /etc/wireguard directory.
1114 (string-append "SYSCONFDIR=no-thanks"))
19781930
LF		 1115 ;; The test suite is meant to be run interactively. It runs Clang's
1116 ;; scan-build static analyzer and then starts a web server to display the
1117 ;; results.
1118 #:tests? #f
10650b89
TGR		 1119 #:phases
1120 (modify-phases %standard-phases
0fd3b422 1121 (delete 'configure) ; no configure script
d084e71c
BW		 1122 (add-after 'install 'install-contrib-docs
1123 (lambda* (#:key outputs #:allow-other-keys)
226221df
TGR		 1124 (let* ((out (assoc-ref outputs "out"))
1125 (doc (string-append out "/share/doc/wireguard-tools")))
0fd3b422 1126 (copy-recursively "contrib/" doc))))
d084e71c
BW		 1127 (add-after 'install 'wrap-wg-quick
1128 (lambda* (#:key inputs outputs #:allow-other-keys)
1129 (let* ((out (assoc-ref outputs "out"))
1130 (inputs-sbin (map (lambda (input)
0fd3b422
TGR		 1131 (string-append (assoc-ref inputs input)
1132 "/sbin"))
1133 (list "iproute"
1134 "iptables"
1135 "procps"
1136 "resolvconf")))
1137 (coreutils (string-append (assoc-ref inputs "coreutils")
1138 "/bin")))
d084e71c 1139 (wrap-program (string-append out "/bin/wg-quick")
d1827d5c 1140 #:sh (search-input-file inputs "bin/bash")
d084e71c 1141 `("PATH" ":" prefix ,(append inputs-sbin
0fd3b422 1142 (list coreutils))))))))))
d084e71c
BW		 1143 (inputs
1144 `(("resolvconf" ,openresolv)
1145 ("coreutils" ,coreutils)
1146 ("bash" ,bash) ; for scripts using /dev/tcp
1147 ("procps" ,procps)
1148 ("iproute" ,iproute)
1149 ("iptables" ,iptables)))
10650b89
TGR		 1150 (home-page "https://www.wireguard.com/")
1151 (synopsis "Tools for configuring WireGuard tunnels")
1152 (description
1153 "This package provides the user-space command-line tools for using and
1154configuring WireGuard tunnels.
1155
1156WireGuard is a simple and fast general-purpose @acronym{VPN, Virtual Private
1157Network} that securely encapsulates IP packets over UDP. It aims to be as easy
1158to configure and deploy as SSH. VPN connections are made simply by exchanging
1159public keys and can roam across IP addresses.")
1160 (license
1161 (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library
1162 license:gpl2)))) ; everything else
1163
1b17c23e
 1164(define-public xl2tpd
1165 (package
1166 (name "xl2tpd")
f38adc47 1167 (version "1.3.17")
1b17c23e
 1168 (source (origin
1169 (method git-fetch)
1170 (uri (git-reference
1171 (url "https://github.com/xelerance/xl2tpd")
1172 (commit (string-append "v" version))))
28341601 1173 (file-name (git-file-name name version))
1b17c23e
 1174 (sha256
1175 (base32
f38adc47 1176 "06aiidwygywaa1jn8m2pw8l3vnsc2bjnacbjmlsdy1cqgr1f5cc9"))))
1b17c23e
 1177 (build-system gnu-build-system)
1178 (arguments
422e5d35
EF		 1179 (list
1180 #:make-flags
1181 #~(list (string-append "PREFIX=" #$output)
1182 (string-append "CC=" #$(cc-for-target)))
1183 #:phases
1184 #~(modify-phases %standard-phases
1185 (delete 'configure) ;no configure script
1186 (add-before 'build 'setup-environment
1187 (lambda* (#:key inputs #:allow-other-keys)
1188 (substitute* "l2tp.h"
1189 (("/usr/sbin/pppd")
1190 (search-input-file inputs "/sbin/pppd")))
1191 (setenv "KERNELSRC"
1192 (assoc-ref inputs "kernel-headers")))))
14ccd8f8 1193 #:tests? #f)) ; no tests provided
467485a5 1194 (inputs (list libpcap ppp))
1b17c23e
 1195 (home-page "https://www.xelerance.com/software/xl2tpd/")
1196 (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)")
1197 (description
1198 "xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661).
1199L2TP allows you to tunnel PPP over UDP.")
1200 (license license:gpl2)))
jackhill's copy of GNU Guix: https://guix.gnu.org/