Commit | Line | Data |
---|---|---|
49f24f41 AE |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> | |
bc64d955 | 3 | ;;; Copyright © 2013, 2016, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org> |
d4bf49b1 | 4 | ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> |
feca8e2b | 5 | ;;; Copyright © 2015 Jeff Mickey <j@codemac.net> |
422e5d35 | 6 | ;;; Copyright © 2016, 2017, 2019, 2021, 2022 Efraim Flashner <efraim@flashner.co.il> |
c3e6fcde | 7 | ;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me@tobias.gr> |
fa3346b8 | 8 | ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu> |
fc4338b8 | 9 | ;;; Copyright © 2018, 2020 Pierre Langlois <pierre.langlois@gmx.com> |
7ba2b274 | 10 | ;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com> |
c1005113 | 11 | ;;; Copyright © 2019, 2020 Leo Famulari <leo@famulari.name> |
9fd6ad3e | 12 | ;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com> |
b47e083b | 13 | ;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net> |
3b177a6c | 14 | ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re> |
c873980d | 15 | ;;; Copyright © 2020 Ryan Prior <rprior@protonmail.com> |
8331e235 | 16 | ;;; Copyright © 2020 Ivan Kozlov <kanichos@yandex.ru> |
18918ebe | 17 | ;;; Copyright © 2020 David Dashyan <mail@davie.li> |
c85ed0e7 | 18 | ;;; Copyright © 2021 Domagoj Stolfa <ds815@gmx.com> |
b30651ae RG |
19 | ;;; Copyright © 2021 Raghav Gururajan <rg@raghavgururajan.name> |
20 | ;;; Copyright © 2021 jgart <jgart@dismail.de> | |
9c8f68f4 | 21 | ;;; Copyright © 2022 Josselin Poiret <josselin.poiret@protonmail.ch> |
51736faa | 22 | ;;; Copyright © 2022 Lu hui <luhux76@gmail.com> |
d45727f4 | 23 | ;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com> |
bb88505e | 24 | ;;; Copyright © 2022 Jean-Pierre De Jesus DIAZ <me@jeandudey.tech> |
67375109 | 25 | ;;; Copyright © 2022 Arun Isaac <arunisaac@systemreboot.net> |
49f24f41 AE |
26 | ;;; |
27 | ;;; This file is part of GNU Guix. | |
28 | ;;; | |
29 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
30 | ;;; under the terms of the GNU General Public License as published by | |
31 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
32 | ;;; your option) any later version. | |
33 | ;;; | |
34 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
35 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
36 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
37 | ;;; GNU General Public License for more details. | |
38 | ;;; | |
39 | ;;; You should have received a copy of the GNU General Public License | |
40 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
41 | ||
42 | (define-module (gnu packages vpn) | |
b5b73a82 | 43 | #:use-module ((guix licenses) #:prefix license:) |
49f24f41 AE |
44 | #:use-module (guix packages) |
45 | #:use-module (guix download) | |
51736faa | 46 | #:use-module (guix gexp) |
06d91fd9 | 47 | #:use-module (guix git-download) |
7ba2b274 | 48 | #:use-module (guix build-system cmake) |
b30651ae | 49 | #:use-module (guix build-system copy) |
49f24f41 | 50 | #:use-module (guix build-system gnu) |
b30651ae | 51 | #:use-module (guix build-system go) |
3b177a6c | 52 | #:use-module (guix build-system linux-module) |
5c863d57 | 53 | #:use-module (guix build-system python) |
b30651ae | 54 | #:use-module (guix build-system qt) |
598afe95 | 55 | #:use-module (guix utils) |
49f24f41 | 56 | #:use-module (gnu packages) |
1b17c23e | 57 | #:use-module (gnu packages admin) |
06d91fd9 | 58 | #:use-module (gnu packages base) |
d084e71c | 59 | #:use-module (gnu packages bash) |
ac257f12 | 60 | #:use-module (gnu packages check) |
d084e71c | 61 | #:use-module (gnu packages dns) |
01224157 | 62 | #:use-module (gnu packages autotools) |
71f4b81a | 63 | #:use-module (gnu packages compression) |
ad879bff | 64 | #:use-module (gnu packages curl) |
80005d03 | 65 | #:use-module (gnu packages freedesktop) |
1dba6407 | 66 | #:use-module (gnu packages gettext) |
ad879bff | 67 | #:use-module (gnu packages gnome) |
b30651ae | 68 | #:use-module (gnu packages gl) |
49f24f41 | 69 | #:use-module (gnu packages gnupg) |
b30651ae | 70 | #:use-module (gnu packages golang) |
b47e083b | 71 | #:use-module (gnu packages guile) |
01224157 | 72 | #:use-module (gnu packages libevent) |
dc77f0d3 | 73 | #:use-module (gnu packages linux) |
ad879bff | 74 | #:use-module (gnu packages multiprecision) |
90a69913 | 75 | #:use-module (gnu packages ncurses) |
aff0cce9 | 76 | #:use-module (gnu packages nss) |
71f4b81a AE |
77 | #:use-module (gnu packages perl) |
78 | #:use-module (gnu packages pkg-config) | |
b30651ae | 79 | #:use-module (gnu packages polkit) |
5c863d57 | 80 | #:use-module (gnu packages python) |
80005d03 EF |
81 | #:use-module (gnu packages python-build) |
82 | #:use-module (gnu packages python-crypto) | |
44d10b1f | 83 | #:use-module (gnu packages python-xyz) |
c873980d | 84 | #:use-module (gnu packages python-web) |
80005d03 | 85 | #:use-module (gnu packages qt) |
8331e235 | 86 | #:use-module (gnu packages samba) |
a7fd7b68 | 87 | #:use-module (gnu packages tls) |
71f4b81a | 88 | #:use-module (gnu packages xml)) |
49f24f41 | 89 | |
b30651ae RG |
90 | (define-public bitmask |
91 | (package | |
92 | (name "bitmask") | |
3b32297e | 93 | (version "0.21.11") |
b30651ae RG |
94 | (source |
95 | (origin | |
96 | (method git-fetch) | |
97 | (uri | |
98 | (git-reference | |
99 | (url "https://0xacab.org/leap/bitmask-vpn") | |
100 | (commit version))) | |
101 | (file-name (git-file-name name version)) | |
102 | (sha256 | |
3b32297e | 103 | (base32 "1zphigfrks1j3snbc748b3mk0qb1r7n2v7p7l6w1xiiil4dql6cs")) |
b30651ae RG |
104 | (modules |
105 | '((guix build utils))) | |
106 | (snippet | |
107 | `(begin | |
108 | (delete-file-recursively "branding/thirdparty") | |
109 | (call-with-output-file "pkg/config/version/version.go" | |
110 | (lambda (port) | |
111 | (format port "package version\n") | |
112 | (format port "\n") | |
113 | (format port (string-append "var VERSION = \"" ,version "\"")))) | |
114 | #t)))) | |
115 | (build-system go-build-system) | |
116 | (arguments | |
117 | `(#:imported-modules | |
118 | ((guix build cmake-build-system) | |
119 | (guix build copy-build-system) | |
120 | (guix build python-build-system) | |
121 | (guix build qt-build-system) | |
122 | (guix build qt-utils) | |
123 | ,@%go-build-system-modules) | |
124 | #:modules | |
125 | (((guix build copy-build-system) | |
126 | #:prefix copy:) | |
127 | ((guix build python-build-system) | |
128 | #:prefix python:) | |
129 | ((guix build qt-build-system) | |
130 | #:prefix qt:) | |
131 | (guix build utils) | |
132 | (guix build go-build-system)) | |
133 | #:unpack-path "0xacab.org/leap/bitmask-vpn" | |
134 | #:import-path "0xacab.org/leap/bitmask-vpn/cmd/bitmask-helper" | |
135 | #:phases | |
136 | (modify-phases %standard-phases | |
137 | (add-after 'setup-go-environment 'insert-missing-sources | |
138 | ;; For some reason this package is left out. | |
139 | (lambda* (#:key inputs #:allow-other-keys) | |
140 | (let* ((name "go-0xacab-org-leap-shapeshifter") | |
141 | (shapeshifter (assoc-ref inputs name)) | |
142 | (shapeshifter-src (string-append shapeshifter "/src"))) | |
143 | (copy-recursively shapeshifter-src "src")))) | |
144 | (add-after 'unpack 'patch | |
145 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
146 | (with-directory-excursion "src/0xacab.org/leap/bitmask-vpn" | |
147 | ;; Use 'emersion/go-autostart', | |
148 | ;; instead of 'ProtonMail/go-autostart', | |
149 | ;; as the latter no longer exists. | |
150 | (substitute* (find-files "." "\\.go$") | |
151 | (("github.com/ProtonMail/go-autostart") | |
152 | "github.com/emersion/go-autostart")) | |
153 | ;; Use correct paths for referenced items. | |
154 | (let* ((out (assoc-ref outputs "out")) | |
155 | (policy-dir (string-append out "/share/polkit-1/actions")) | |
156 | (policy-file "se.leap.bitmask.policy") | |
157 | (policy-path (string-append policy-dir "/" policy-file)) | |
158 | (ip (string-append (assoc-ref inputs "iproute") | |
159 | "/sbin/ip")) | |
160 | (iptables (string-append (assoc-ref inputs "iptables") | |
161 | "/sbin/iptables")) | |
162 | (ip6tables (string-append (assoc-ref inputs "iptables") | |
163 | "/sbin/ip6tables")) | |
164 | (sysctl (string-append (assoc-ref inputs "procps") | |
165 | "/sbin/sysctl")) | |
166 | (pkttyagent (string-append (assoc-ref inputs "polkit") | |
167 | "/bin/pkttyagent")) | |
168 | (openvpn (string-append (assoc-ref inputs "openvpn") | |
169 | "/sbin/openvpn")) | |
170 | (bitmask-root (string-append (assoc-ref outputs "out") | |
171 | "/sbin/bitmask-root"))) | |
172 | (substitute* (find-files "." "(\\.go$|\\.policy$|bitmask-root)") | |
173 | (("swhich\\(\"ip\"\\)") | |
174 | (string-append "\"" ip "\"")) | |
175 | (("swhich\\(\"iptables\"\\)") | |
176 | (string-append "\"" iptables "\"")) | |
177 | (("swhich\\(\"ip6tables\"\\)") | |
178 | (string-append "\"" ip6tables "\"")) | |
179 | (("swhich\\(\"sysctl\"\\)") | |
180 | (string-append "\"" sysctl "\"")) | |
181 | (("/usr/(bin|lib|libexec)/.*(kit|agent|agent-1)") pkttyagent) | |
182 | (("/usr/sbin/openvpn") openvpn) | |
183 | (("/usr/sbin/bitmask-root") bitmask-root) | |
184 | (("/usr/local/sbin/bitmask-root") bitmask-root) | |
185 | (("/usr/share.*\\.policy") policy-path))) | |
186 | (substitute* (find-files "." "\\.pro$") | |
187 | ;; Use correct path for goshim files, | |
188 | ;; which are generated in 'build-continued phase. | |
189 | (("-L.*/lib") "-L./lib") | |
190 | ;; FIXME: Unable to build i18n files. | |
191 | (("TRANSLATIONS.*i18n.*$") "") | |
192 | (("RESOURCES.*i18n.*$") ""))))) | |
193 | (add-after 'build 'build-continued | |
194 | (lambda _ | |
195 | ;; Generate goshim library and header files. | |
196 | (let* ((dir "src/0xacab.org/leap/bitmask-vpn") | |
197 | (source (string-append dir "/gui/backend.go")) | |
198 | (target (string-append dir "/lib/libgoshim.a"))) | |
199 | (mkdir-p (string-append dir "/lib")) | |
200 | (invoke "go" "build" "-buildmode=c-archive" "-o" target source)) | |
201 | ;; Build bitmask application. | |
202 | (with-directory-excursion "src/0xacab.org/leap/bitmask-vpn" | |
203 | (delete-file "Makefile") | |
204 | (invoke "qmake" "bitmask.pro") | |
205 | (invoke "make")))) | |
206 | (add-after 'check 'check-continued | |
207 | (lambda* (#:key tests? #:allow-other-keys) | |
208 | (when tests? | |
209 | ;; Run bitmask test-suite. | |
210 | (with-directory-excursion "src/0xacab.org/leap/bitmask-vpn" | |
211 | (delete-file "Makefile") | |
212 | (invoke "qmake" "test.pro") | |
213 | ;; Tests require display-server. | |
214 | (setenv "QT_QPA_PLATFORM" "offscreen") | |
215 | ;; Tests look for $XDG_RUNTIME_DIR. | |
216 | (setenv "XDG_RUNTIME_DIR" (getenv "TEMP")) | |
217 | ;; Tests write to $HOME. | |
218 | (setenv "HOME" (getenv "TEMP")) | |
219 | (invoke "make" "check"))))) | |
220 | (add-after 'install 'install-continued | |
221 | (lambda args | |
222 | (apply (assoc-ref copy:%standard-phases 'install) | |
223 | #:install-plan | |
224 | ;; Install bitmask program. | |
225 | '(("src/0xacab.org/leap/bitmask-vpn/release" | |
226 | "bin" | |
227 | #:include ("bitmask")) | |
228 | ;; Install bitmask-root script. | |
229 | ("src/0xacab.org/leap/bitmask-vpn/helpers" | |
230 | "sbin" | |
231 | #:include ("bitmask-root")) | |
232 | ;; Install polkit-policy. | |
233 | ("src/0xacab.org/leap/bitmask-vpn/helpers" | |
234 | "share/polkit-1/actions" | |
235 | #:include ("se.leap.bitmask.policy"))) | |
236 | args))) | |
237 | (add-after 'install-continued 'post-install | |
238 | (lambda* (#:key outputs #:allow-other-keys) | |
239 | (let* ((out (assoc-ref outputs "out")) | |
240 | (bitmask (string-append out "/bin/bitmask")) | |
241 | (bitmask-root (string-append out "/sbin/bitmask-root"))) | |
242 | ;; Make bitmask-root script executable. | |
243 | (chmod bitmask-root #o777)))) | |
244 | (add-after 'post-install 'python-wrap | |
245 | (assoc-ref python:%standard-phases 'wrap)) | |
246 | (add-after 'python-wrap 'qt-wrap | |
247 | (assoc-ref qt:%standard-phases 'qt-wrap))))) | |
248 | (native-inputs | |
8394619b | 249 | (list pkg-config)) |
b30651ae RG |
250 | (inputs |
251 | `(("iproute" ,iproute) | |
252 | ("iptables" ,iptables) | |
253 | ("mesa" ,mesa) | |
254 | ("openvpn" ,openvpn) | |
255 | ("polkit" ,polkit) | |
256 | ("procps" ,procps) | |
257 | ("python" ,python) | |
258 | ("qtbase" ,qtbase-5) | |
735d340a | 259 | ("qtdeclarative-5" ,qtdeclarative-5) |
a78d101e | 260 | ("qtgraphicaleffects" ,qtgraphicaleffects) |
65e5e85d | 261 | ("qtquickcontrols-5" ,qtquickcontrols-5) |
1130fc59 | 262 | ("qtquickcontrols2-5" ,qtquickcontrols2-5) |
1ef04fb2 | 263 | ("qtsvg-5" ,qtsvg-5))) |
b30651ae | 264 | (propagated-inputs |
8394619b LC |
265 | (list go-0xacab-org-leap-shapeshifter |
266 | go-github-com-apparentlymart-go-openvpn-mgmt | |
267 | go-github-com-emersion-go-autostart | |
268 | go-github-com-keybase-go-ps | |
269 | go-github-com-rakyll-statik | |
270 | go-github-com-sevlyar-go-daemon | |
271 | go-golang-org-x-sys)) | |
b30651ae RG |
272 | (synopsis "Generic VPN client by LEAP") |
273 | (description "Bitmask, by @acronym{LEAP, LEAP Encryption Access Project}, | |
274 | is an application to provide easy and secure encrypted communication with a | |
275 | @acronym{VPN, Virtual Private Network}. It allows you to select from a variety | |
276 | of trusted service provider all from one app. Current providers include Riseup | |
277 | Networks and The Calyx Institute, where the former is default.") | |
278 | (home-page "https://bitmask.net/") | |
279 | (license license:gpl3+))) | |
280 | ||
7af8a9b7 LC |
281 | (define-public gvpe |
282 | (package | |
283 | (name "gvpe") | |
574d877e | 284 | (version "3.1") |
7af8a9b7 LC |
285 | (source (origin |
286 | (method url-fetch) | |
287 | (uri (string-append "mirror://gnu/gvpe/gvpe-" | |
288 | version ".tar.gz")) | |
289 | (sha256 | |
290 | (base32 | |
574d877e | 291 | "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi")))) |
7af8a9b7 LC |
292 | (build-system gnu-build-system) |
293 | (home-page "http://software.schmorp.de/pkg/gvpe.html") | |
8394619b LC |
294 | (native-inputs (list pkg-config)) |
295 | (inputs (list openssl zlib)) | |
7af8a9b7 LC |
296 | (synopsis "Secure VPN among multiple nodes over an untrusted network") |
297 | (description | |
298 | "The GNU Virtual Private Ethernet creates a virtual network | |
299 | with multiple nodes using a variety of transport protocols. It works | |
300 | by creating encrypted host-to-host tunnels between multiple | |
301 | endpoints.") | |
302 | (license license:gpl3+))) | |
303 | ||
51736faa LH |
304 | (define-public n2n |
305 | (package | |
306 | (name "n2n") | |
307 | (version "2.8") | |
308 | (source (origin | |
309 | (method git-fetch) | |
310 | (uri (git-reference | |
311 | (url "https://github.com/ntop/n2n") | |
312 | (commit version))) | |
313 | (file-name (git-file-name name version)) | |
314 | (sha256 | |
315 | (base32 | |
316 | "1ph2npvnqh1xnmkp96pdzpxm033jkb8zznd3nc59l9arhn0pq4nv")))) | |
317 | (build-system gnu-build-system) | |
318 | (arguments | |
319 | (list | |
320 | #:make-flags | |
321 | #~(list (string-append "PREFIX=" #$output) | |
322 | (string-append "CC=" #$(cc-for-target))) | |
323 | #:phases | |
324 | #~(modify-phases %standard-phases | |
325 | (add-before 'bootstrap 'move-configure | |
326 | ;; Don't execute configure script in bootstrap. | |
346a6863 | 327 | (lambda _ |
51736faa LH |
328 | (substitute* "autogen.sh" |
329 | (("./configure") "")))) | |
330 | (add-before 'configure 'fix-configure | |
346a6863 | 331 | (lambda* (#:key inputs native-inputs #:allow-other-keys) |
51736faa | 332 | (substitute* "configure" |
346a6863 NG |
333 | (("/bin/sh") |
334 | (search-input-file (or native-inputs inputs) "/bin/sh")))))) | |
51736faa LH |
335 | #:tests? #f)) ;there is no check target |
336 | (native-inputs | |
337 | (list autoconf automake bash-minimal pkg-config)) | |
338 | (home-page "https://github.com/ntop/n2n") | |
339 | (synopsis "Peer-to-peer VPN client and server") | |
340 | (description | |
341 | "n2n is a light VPN software which makes it easy to create virtual | |
342 | networks bypassing intermediate firewalls.") | |
343 | (license license:gpl3+))) | |
344 | ||
c85ed0e7 TGR |
345 | (define-public strongswan |
346 | (package | |
347 | (name "strongswan") | |
95cea73e | 348 | (version "5.9.4") |
c85ed0e7 TGR |
349 | (source |
350 | (origin | |
351 | (method url-fetch) | |
352 | (uri (string-append "https://download.strongswan.org/strongswan-" | |
353 | version ".tar.bz2")) | |
354 | (sha256 | |
95cea73e | 355 | (base32 "063mi0kdlpd7r7s3py35yf80hvrv3nrdfvxpyn7ns25gqajg3za5")))) |
c85ed0e7 TGR |
356 | (build-system gnu-build-system) |
357 | (arguments | |
358 | `(#:phases | |
359 | (modify-phases %standard-phases | |
360 | (add-before 'build 'patch-command-file-names | |
361 | (lambda* (#:key inputs #:allow-other-keys) | |
d0cc1d65 TGR |
362 | (substitute* "src/ipsec/_ipsec.in" |
363 | (("cat|kill|sleep|rm|uname" command) | |
364 | (string-append (assoc-ref inputs "coreutils") | |
365 | "/bin/" command))) | |
c85ed0e7 TGR |
366 | (substitute* "src/libstrongswan/utils/process.c" |
367 | (("/bin/sh") | |
bc64d955 | 368 | (search-input-file inputs "/bin/sh"))) |
c85ed0e7 TGR |
369 | |
370 | (substitute* "src/libstrongswan/tests/suites/test_process.c" | |
371 | (("/bin/sh") (which "sh")) | |
372 | (("/bin/echo") (which "echo")) | |
95cea73e | 373 | (("cat") (which "cat"))))) |
c85ed0e7 TGR |
374 | (add-before 'check 'set-up-test-environment |
375 | (lambda* (#:key inputs #:allow-other-keys) | |
6ea7297e LC |
376 | (setenv "TZDIR" |
377 | (search-input-directory inputs "share/zoneinfo"))))) | |
c85ed0e7 TGR |
378 | #:configure-flags |
379 | (list | |
380 | "--disable-ldap" | |
381 | "--disable-mysql" | |
382 | "--disable-systemd" | |
383 | ||
384 | ;; Disable BSD-4 licensed plugins. | |
385 | "--disable-blowfish" | |
386 | "--disable-des" | |
387 | ||
388 | ;; Make it usable. The default configuration is far too minimal to be | |
389 | ;; used with most common VPN set-ups. | |
390 | ;; See <https://wiki.strongswan.org/projects/strongswan/wiki/Autoconf>. | |
391 | "--enable-aesni" | |
392 | "--enable-attr-sql" | |
393 | "--enable-chapoly" | |
394 | "--enable-curl" | |
395 | "--enable-dhcp" | |
396 | "--enable-eap-aka" | |
397 | "--enable-eap-aka-3gpp" | |
398 | "--enable-eap-dynamic" | |
399 | "--enable-eap-identity" | |
400 | "--enable-eap-md5" | |
401 | "--enable-eap-mschapv2" | |
402 | "--enable-eap-peap" | |
403 | "--enable-eap-radius" | |
404 | "--enable-eap-sim" | |
405 | "--enable-eap-sim-file" | |
406 | "--enable-eap-simaka-pseudonym" | |
407 | "--enable-eap-simaka-reauth" | |
408 | "--enable-eap-simaka-sql" | |
409 | "--enable-eap-tls" | |
410 | "--enable-eap-tnc" | |
411 | "--enable-eap-ttls" | |
412 | "--enable-ext-auth" | |
413 | "--enable-farp" | |
414 | "--enable-ha" | |
415 | "--enable-led" | |
416 | "--enable-md4" | |
417 | "--enable-mediation" | |
418 | "--enable-openssl" | |
419 | "--enable-soup" | |
420 | "--enable-sql" | |
421 | "--enable-sqlite" | |
422 | "--enable-xauth-eap" | |
423 | "--enable-xauth-noauth" | |
424 | "--enable-xauth-pam" | |
425 | ||
426 | ;; Use libcap by default. | |
427 | "--with-capabilities=libcap"))) | |
428 | (inputs | |
8394619b LC |
429 | (list coreutils |
430 | curl | |
431 | gmp | |
432 | libcap | |
433 | libgcrypt | |
ff093f57 | 434 | libsoup-minimal-2 |
8394619b LC |
435 | linux-pam |
436 | openssl)) | |
c85ed0e7 | 437 | (native-inputs |
8394619b | 438 | (list coreutils pkg-config tzdata-for-tests)) |
c85ed0e7 TGR |
439 | (synopsis "IKEv1/v2 keying daemon") |
440 | (description "StrongSwan is an IPsec implementation originally based upon | |
441 | the FreeS/WAN project. It contains support for IKEv1, IKEv2, MOBIKE, IPv6, | |
442 | NAT-T and more.") | |
443 | (home-page "https://strongswan.org/") | |
444 | (license | |
445 | (list license:gpl2+ | |
446 | ;; src/aikgen/* | |
447 | ;; src/libcharon/plugins/dnscert/* | |
448 | ;; src/libcharon/plugins/ext_auth/* | |
449 | ;; src/libcharon/plugins/vici/ruby/* | |
450 | ;; src/libcharon/plugins/xauth_pam/xauth_pam_listener.[ch] | |
451 | license:expat | |
452 | ;; src/inclue/sys/* | |
453 | license:bsd-3 | |
454 | ;; src/libstrongswan/plugins/sha3/sha3_keccak.c | |
455 | license:public-domain | |
456 | ;; src/libstrongswan/plugins/pkcs11/pkcs11.h | |
457 | (license:non-copyleft | |
458 | "file://src/libstrongswan/plugins/pkcs11/pkcs11.h" | |
95cea73e | 459 | "pkcs11 contains an unknown permissive license. View the specific |
c85ed0e7 TGR |
460 | file for more details.") |
461 | ;; These files are not included in the | |
462 | ;; build, they are disabled through | |
463 | ;; options to ./configure | |
464 | ;; | |
465 | ;; src/libstrongswan/plugins/blowfish/bf_enc.c | |
466 | ;; src/libstrongswan/plugins/blowfish/bf_locl.h | |
467 | ;; src/libstrongswan/plugins/blowfish/bf_pi.h | |
468 | ;; src/libstrongswan/plugins/blowfish/bf_skey.c | |
469 | ;; src/libstrongswan/plugins/blowfish/blowfish_crypter.c | |
470 | ;; src/libstrongswan/plugins/des/des_crypter.c | |
471 | license:bsd-4)))) | |
472 | ||
49f24f41 AE |
473 | (define-public vpnc |
474 | (package | |
475 | (name "vpnc") | |
476 | (version "0.5.3") | |
477 | (source (origin | |
478 | (method url-fetch) | |
594360f5 | 479 | (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-" |
49f24f41 AE |
480 | version ".tar.gz")) |
481 | (sha256 (base32 | |
101e67ac | 482 | "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6")))) |
49f24f41 | 483 | (build-system gnu-build-system) |
bb88505e JPDJD |
484 | (native-inputs (append (list perl pkg-config vpnc-scripts) |
485 | (if (%current-target-system) | |
486 | (list this-package) | |
487 | '()))) | |
488 | (inputs (list libgcrypt vpnc-scripts)) | |
49f24f41 | 489 | (arguments |
bb88505e JPDJD |
490 | (list #:tests? #f ;; There is no check target |
491 | #:make-flags | |
492 | #~(list (string-append "CC=" #$(cc-for-target)) | |
493 | (string-append "ETCDIR=" #$output "/etc/vpnc") | |
494 | (string-append "PREFIX=" #$output)) | |
495 | #:phases | |
496 | #~(modify-phases %standard-phases | |
497 | (delete 'configure) ;; No configure script. | |
498 | (add-after 'unpack 'use-store-paths | |
499 | (lambda* (#:key inputs #:allow-other-keys) | |
500 | (let ((vpnc-scripts (assoc-ref inputs "vpnc-scripts"))) | |
501 | (substitute* "config.c" | |
502 | (("/etc/vpnc/vpnc-script") | |
503 | (string-append vpnc-scripts | |
504 | "/etc/vpnc/vpnc-script")))))) | |
505 | (add-after 'unpack 'patch-Makefile | |
506 | (lambda* (#:key target #:allow-other-keys) | |
507 | (let* ((pkg-config #$(pkg-config-for-target)) | |
508 | (includedir (string-append pkg-config | |
509 | " --variable=includedir" | |
510 | " libgcrypt")) | |
511 | (cflags (string-append pkg-config | |
512 | " --cflags" | |
513 | " libgcrypt")) | |
514 | (libdir (string-append pkg-config | |
515 | " --variable=libdir" | |
516 | " libgcrypt")) | |
517 | (libs (string-append pkg-config | |
518 | " --libs" | |
519 | " libgcrypt"))) | |
520 | (substitute* "Makefile" | |
521 | (("\\$\\(shell libgcrypt-config --cflags\\)") | |
522 | (string-append "-I$(shell " includedir ") " | |
523 | "$(shell " cflags ")")) | |
524 | (("\\$\\(shell libgcrypt-config --libs\\)") | |
525 | (string-append | |
526 | "-L$(shell " libdir ") " | |
527 | "$(shell " libs ")"))) | |
528 | ;; When cross-compiling the manpage can't be generated as the | |
529 | ;; Makefile needs to execute the resulting `vpnc' binary. | |
530 | (when target | |
531 | (substitute* "Makefile" | |
532 | (("all : \\$\\(BINS\\) vpnc\\.8 vpnc-script") | |
533 | "all : $(BINS) vpnc-script") | |
534 | (("install -m644 vpnc\\.8.*") "")))))) | |
535 | (add-after 'unpack 'install-manpage | |
536 | (lambda* (#:key native-inputs inputs target | |
537 | #:allow-other-keys) | |
538 | ;; As the manpage is not generated. Instead install it from | |
539 | ;; the input vpnc package. | |
540 | (when target | |
541 | (let* ((vpnc (assoc-ref native-inputs "vpnc")) | |
542 | (man (string-append vpnc | |
543 | "/share/man/man8/vpnc.8.gz")) | |
544 | (output (string-append #$output "/share/man/man8"))) | |
545 | (install-file man output)))))))) | |
799dcdc4 | 546 | (synopsis "Client for Cisco VPN concentrators") |
49f24f41 AE |
547 | (description |
548 | "vpnc is a VPN client compatible with Cisco's EasyVPN equipment. | |
35b9e423 | 549 | It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only |
49f24f41 | 550 | shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES, |
35b9e423 | 551 | 1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace. |
49f24f41 | 552 | Only \"Universal TUN/TAP device driver support\" is needed in the kernel.") |
31e4eaf5 | 553 | (license (list license:gpl2+ license:bsd-2)) |
d61043c7 | 554 | (home-page "https://www.unix-ag.uni-kl.de/~massar/vpnc/"))) |
71f4b81a | 555 | |
06d91fd9 | 556 | (define-public vpnc-scripts |
fc4338b8 | 557 | (let ((commit "3885f8bbc4ae03fd6da0ada6de12f7223a59595c")) |
06d91fd9 TGR |
558 | (package |
559 | (name "vpnc-scripts") | |
fc4338b8 | 560 | (version (string-append "20200925." (string-take commit 7))) |
06d91fd9 TGR |
561 | (source (origin |
562 | (method git-fetch) | |
563 | (uri | |
564 | (git-reference | |
565 | (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
566 | (commit commit))) | |
728ee9d6 | 567 | (file-name (git-file-name name version)) |
06d91fd9 TGR |
568 | (sha256 |
569 | (base32 | |
fc4338b8 | 570 | "1pmi4n58q81pmn9arvfixhvv6vkkf3rpwac3hwnwyl882q5q0ccx")))) |
06d91fd9 | 571 | (build-system gnu-build-system) |
8394619b LC |
572 | (inputs (list guile-3.0 ; for the wrapper scripts |
573 | coreutils | |
574 | grep | |
575 | iproute ; for ‘ip’ | |
576 | net-tools ; for ‘ifconfig’, ‘route’ | |
577 | sed | |
578 | which)) | |
06d91fd9 TGR |
579 | (arguments |
580 | `(#:phases | |
581 | (modify-phases %standard-phases | |
582 | (add-after 'unpack 'use-relative-paths | |
583 | ;; Patch the scripts to work with and use relative paths. | |
584 | (lambda* _ | |
585 | (for-each (lambda (script) | |
586 | (substitute* script | |
587 | (("^PATH=.*") "") | |
92594b2e | 588 | (("/usr/s?bin/") "") |
06d91fd9 TGR |
589 | (("\\[ +-x +([^]]+) +\\]" _ command) |
590 | (string-append "command -v >/dev/null 2>&1 " | |
591 | command)))) | |
592 | (find-files "." "^vpnc-script")) | |
593 | #t)) | |
594 | (delete 'configure) ; no configure script | |
595 | (replace 'build | |
596 | (lambda _ | |
863501b7 | 597 | (invoke "gcc" "-o" "netunshare" "netunshare.c"))) |
06d91fd9 TGR |
598 | (replace 'install |
599 | ;; There is no Makefile; manually install the relevant files. | |
600 | (lambda* (#:key outputs #:allow-other-keys) | |
601 | (let* ((out (assoc-ref outputs "out")) | |
602 | (etc (string-append out "/etc/vpnc"))) | |
603 | (for-each (lambda (file) | |
604 | (install-file file etc)) | |
605 | (append (find-files "." "^vpnc-script") | |
606 | (list "netunshare" | |
607 | "xinetd.netns.conf"))) | |
608 | #t))) | |
609 | (add-after 'install 'wrap-scripts | |
610 | ;; Wrap scripts with paths to their common hard dependencies. | |
611 | ;; Optional dependencies will need to be installed by the user. | |
612 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
3bbb0ec8 MD |
613 | (let ((out (assoc-ref outputs "out")) |
614 | (guile (search-input-file inputs "bin/guile"))) | |
06d91fd9 TGR |
615 | (for-each |
616 | (lambda (script) | |
b47e083b | 617 | (wrap-script (string-append out "/etc/vpnc/" script) |
3bbb0ec8 | 618 | #:guile guile |
06d91fd9 TGR |
619 | `("PATH" ":" prefix |
620 | ,(map (lambda (name) | |
621 | (let ((input (assoc-ref inputs name))) | |
622 | (string-append input "/bin:" | |
623 | input "/sbin"))) | |
624 | (list "coreutils" | |
625 | "grep" | |
626 | "iproute2" | |
627 | "net-tools" | |
628 | "sed" | |
629 | "which"))))) | |
b47e083b RW |
630 | (list "vpnc-script-ptrtd" |
631 | "vpnc-script-sshd" | |
632 | "vpnc-script")) | |
863501b7 | 633 | #t)))) |
06d91fd9 TGR |
634 | #:tests? #f)) ; no tests |
635 | (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
636 | (synopsis "Network configuration scripts for Cisco VPN clients") | |
637 | (description | |
638 | "This set of scripts configures routing and name services when invoked | |
639 | by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients. | |
640 | ||
641 | The default @command{vpnc-script} automatically configures most common | |
642 | connections, and provides hooks for performing custom actions at various stages | |
643 | of the connection or disconnection process. | |
644 | ||
645 | Alternative scripts are provided for more complicated set-ups, or to serve as an | |
646 | example for writing your own. For example, @command{vpnc-script-sshd} contains | |
647 | the entire VPN in a network namespace accessible only through SSH.") | |
648 | (license license:gpl2+)))) | |
71f4b81a | 649 | |
01224157 PL |
650 | (define-public ocproxy |
651 | (package | |
652 | (name "ocproxy") | |
653 | (version "1.60") | |
654 | (source (origin | |
98ebc8fd EF |
655 | (method git-fetch) |
656 | (uri (git-reference | |
b0e7b699 | 657 | (url "https://github.com/cernekee/ocproxy") |
98ebc8fd EF |
658 | (commit (string-append "v" version)))) |
659 | (file-name (git-file-name name version)) | |
01224157 PL |
660 | (sha256 |
661 | (base32 | |
98ebc8fd | 662 | "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx")))) |
01224157 PL |
663 | (build-system gnu-build-system) |
664 | (native-inputs | |
8394619b | 665 | (list autoconf automake)) |
01224157 | 666 | (inputs |
8394619b | 667 | (list libevent)) |
01224157 PL |
668 | (home-page "https://github.com/cernekee/ocproxy") |
669 | (synopsis "OpenConnect proxy") | |
670 | (description | |
671 | "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based | |
672 | on LwIP. When using ocproxy, OpenConnect only handles network activity that | |
673 | the user specifically asks to proxy, so the @dfn{VPN} interface no longer | |
674 | \"hijacks\" all network traffic on the host.") | |
675 | (license license:bsd-3))) | |
676 | ||
71f4b81a AE |
677 | (define-public openconnect |
678 | (package | |
679 | (name "openconnect") | |
08e64ee6 | 680 | (version "9.01") |
71f4b81a AE |
681 | (source (origin |
682 | (method url-fetch) | |
d4bf49b1 EB |
683 | (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/" |
684 | "openconnect-" version ".tar.gz")) | |
c383c36e | 685 | (sha256 |
08e64ee6 | 686 | (base32 "1iz4j00031a5ircrx30lkiwf58yl9kc827m4ssck4yg963wgmmxk")))) |
71f4b81a | 687 | (build-system gnu-build-system) |
0d7f282b | 688 | (propagated-inputs |
8394619b | 689 | (list libxml2 gnutls zlib)) |
0d7f282b | 690 | (inputs |
8394619b | 691 | (list lz4 vpnc-scripts)) |
c4c4cc05 | 692 | (native-inputs |
b94a6ca0 | 693 | `(("gettext" ,gettext-minimal) |
c4c4cc05 | 694 | ("pkg-config" ,pkg-config))) |
71f4b81a | 695 | (arguments |
d4bf49b1 EB |
696 | `(#:configure-flags |
697 | `(,(string-append "--with-vpnc-script=" | |
a6d06e86 | 698 | (assoc-ref %build-inputs "vpnc-scripts") |
d4bf49b1 | 699 | "/etc/vpnc/vpnc-script")))) |
799dcdc4 | 700 | (synopsis "Client for Cisco VPN") |
71f4b81a AE |
701 | (description |
702 | "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is | |
703 | supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500, | |
704 | 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers, | |
705 | and probably others.") | |
706 | (license license:lgpl2.1) | |
8b1d0ff4 | 707 | (home-page "https://www.infradead.org/openconnect/"))) |
dc77f0d3 | 708 | |
80005d03 EF |
709 | (define-public openconnect-sso |
710 | (package | |
711 | (name "openconnect-sso") | |
c13b9ae3 | 712 | (version "0.7.3") |
80005d03 EF |
713 | (source |
714 | (origin | |
715 | (method url-fetch) | |
716 | (uri (pypi-uri "openconnect-sso" version)) | |
717 | (sha256 | |
c13b9ae3 | 718 | (base32 "065s5c8q80jh0psdw7694nlabwpra7aw6yc4jlgsc9vxx8rx2na1")))) |
80005d03 EF |
719 | (build-system python-build-system) |
720 | (arguments | |
721 | `(#:tests? #f ; Tests not included, building from git requires poetry. | |
722 | #:phases | |
723 | (modify-phases %standard-phases | |
80005d03 EF |
724 | (add-after 'unpack 'patch-openconnect |
725 | (lambda _ | |
726 | (substitute* "openconnect_sso/app.py" | |
727 | (("\"openconnect\"") | |
728 | (string-append "\"" (which "openconnect") "\""))) | |
729 | #t)) | |
730 | (replace 'check | |
731 | (lambda* (#:key tests? #:allow-other-keys) | |
732 | (when tests? | |
733 | (invoke "pytest" "-v")) | |
734 | #t)) | |
735 | (add-after 'install 'wrap-qt-process-path | |
736 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
737 | (let* ((out (assoc-ref outputs "out")) | |
738 | (bin (string-append out "/bin/openconnect-sso")) | |
739 | (qt-process-path (string-append | |
a0beb297 | 740 | (assoc-ref inputs "qtwebengine-5") |
80005d03 EF |
741 | "/lib/qt5/libexec/QtWebEngineProcess"))) |
742 | (wrap-program bin | |
b74085ce | 743 | #:sh (search-input-file inputs "bin/bash") |
80005d03 EF |
744 | `("QTWEBENGINEPROCESS_PATH" = (,qt-process-path))) |
745 | #t)))))) | |
746 | (inputs | |
8394619b LC |
747 | (list openconnect |
748 | python-attrs | |
749 | python-colorama | |
750 | python-keyring | |
751 | python-lxml | |
752 | python-prompt-toolkit | |
753 | python-requests | |
d0fbd336 | 754 | python-pyqt-without-qtwebkit |
8394619b LC |
755 | python-pyqtwebengine |
756 | python-pysocks | |
757 | python-pyxdg | |
758 | python-structlog | |
759 | python-toml | |
a0beb297 | 760 | qtwebengine-5)) |
80005d03 | 761 | (native-inputs |
8394619b | 762 | (list python-pytest python-setuptools-scm)) |
80005d03 EF |
763 | (home-page "https://github.com/vlaci/openconnect-sso") |
764 | (synopsis "OpenConnect wrapper script supporting Azure AD (SAMLv2)") | |
765 | (description | |
766 | "This package provides a wrapper script for OpenConnect supporting Azure AD | |
767 | (SAMLv2) authentication to Cisco SSL-VPNs.") | |
768 | (license license:gpl3))) | |
769 | ||
18918ebe DD |
770 | (define-public openfortivpn |
771 | (package | |
772 | (name "openfortivpn") | |
67375109 | 773 | (version "1.17.3") |
18918ebe DD |
774 | (source (origin |
775 | (method git-fetch) | |
776 | (uri (git-reference | |
777 | (url "https://github.com/adrienverge/openfortivpn") | |
778 | (commit (string-append "v" version)))) | |
779 | (file-name (git-file-name name version)) | |
780 | (sha256 | |
781 | (base32 | |
67375109 | 782 | "0an58f0qcyxdx3d5zb5m8vi45a0251b950b5lh16572n8z2g6s2l")))) |
18918ebe DD |
783 | (build-system gnu-build-system) |
784 | (native-inputs | |
e3196755 | 785 | (list autoconf automake pkg-config)) |
18918ebe | 786 | (inputs |
8394619b | 787 | (list openssl ppp)) |
18918ebe DD |
788 | (home-page "https://github.com/adrienverge/openfortivpn") |
789 | (synopsis "Client for PPP+SSL VPN tunnel services") | |
790 | (description "Openfortivpn is a client for PPP+SSL VPN tunnel services. It | |
791 | spawns a pppd process and operates the communication between the gateway and | |
792 | this process. It is compatible with Fortinet VPNs.") | |
793 | (license license:gpl3+))) | |
794 | ||
dc77f0d3 DT |
795 | (define-public openvpn |
796 | (package | |
797 | (name "openvpn") | |
a8a3d31d | 798 | (version "2.5.6") |
dc77f0d3 DT |
799 | (source (origin |
800 | (method url-fetch) | |
801 | (uri (string-append | |
802 | "https://swupdate.openvpn.org/community/releases/openvpn-" | |
a8a3d31d | 803 | version ".tar.gz")) |
dc77f0d3 DT |
804 | (sha256 |
805 | (base32 | |
a8a3d31d | 806 | "0gdd88rcan9vfiwkzsqn6fxxdim7kb1bsxrcra59c5xksprpwfik")))) |
dc77f0d3 DT |
807 | (build-system gnu-build-system) |
808 | (arguments | |
809 | '(#:configure-flags '("--enable-iproute2=yes"))) | |
810 | (native-inputs | |
8394619b | 811 | (list iproute)) |
dc77f0d3 | 812 | (inputs |
8394619b | 813 | (list lz4 lzo openssl linux-pam)) |
dc77f0d3 DT |
814 | (home-page "https://openvpn.net/") |
815 | (synopsis "Virtual private network daemon") | |
9599339c TGR |
816 | (description |
817 | "OpenVPN implements virtual private network (@dfn{VPN}) techniques | |
dc77f0d3 DT |
818 | for creating secure point-to-point or site-to-site connections in routed or |
819 | bridged configurations and remote access facilities. It uses a custom | |
820 | security protocol that utilizes SSL/TLS for key exchange. It is capable of | |
9599339c | 821 | traversing network address translators (@dfn{NAT}s) and firewalls.") |
dc77f0d3 | 822 | (license license:gpl2))) |
feca8e2b | 823 | |
c873980d RP |
824 | (define-public protonvpn-cli |
825 | (package | |
826 | (name "protonvpn-cli") | |
04d50f0a | 827 | (version "2.2.6") |
c873980d RP |
828 | (source |
829 | (origin | |
830 | ;; PyPI has a ".whl" file but not a proper source release. | |
831 | ;; Thus, fetch code from Git. | |
832 | (method git-fetch) | |
833 | (uri (git-reference | |
b0e7b699 | 834 | (url "https://github.com/ProtonVPN/linux-cli") |
c873980d RP |
835 | (commit (string-append "v" version)))) |
836 | (file-name (git-file-name name version)) | |
837 | (sha256 | |
04d50f0a | 838 | (base32 "0y7v9ikrmy5dbjlpbpacp08gy838i8z54m8m4ps7ldk1j6kyia3n")))) |
c873980d | 839 | (build-system python-build-system) |
bcfa8b4a RP |
840 | (arguments |
841 | '(#:tests? #f ; no tests in repo | |
842 | #:phases | |
843 | (modify-phases %standard-phases | |
844 | (add-after 'wrap 'wrap-wrapper | |
845 | ;; Wrap entrypoint with paths to its hard dependencies. | |
846 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
847 | (let ((entrypoint (string-append (assoc-ref outputs "out") | |
9c8f68f4 | 848 | "/bin/protonvpn"))) |
bcfa8b4a | 849 | (wrap-program entrypoint |
96a2ae40 | 850 | #:sh (search-input-file inputs "bin/bash") |
bcfa8b4a RP |
851 | `("PATH" ":" prefix |
852 | ,(map (lambda (name) | |
853 | (let ((input (assoc-ref inputs name))) | |
854 | (string-append input "/bin:" | |
855 | input "/sbin"))) | |
856 | (list "dialog" | |
857 | "iproute2" | |
858 | "iptables" | |
859 | "ncurses" | |
860 | "openvpn" | |
861 | "procps" | |
862 | "which"))))) | |
e641d707 JP |
863 | #t)) |
864 | ;; The `protonvpn' script wants to write to `~user' to initialize its | |
865 | ;; logger, so simply setting HOME=/tmp won't cut it. Remove | |
866 | ;; sanity-check. | |
867 | (delete 'sanity-check)))) | |
c873980d | 868 | (native-inputs |
8394619b | 869 | (list python-docopt)) |
c873980d | 870 | (inputs |
8394619b LC |
871 | (list dialog |
872 | iproute | |
873 | iptables | |
874 | ncurses | |
875 | openvpn | |
876 | procps | |
877 | python-jinja2 | |
878 | python-pythondialog | |
879 | python-requests | |
880 | which)) | |
c873980d RP |
881 | (synopsis "Command-line client for ProtonVPN") |
882 | (description | |
86ac14b2 LC |
883 | "This is the official command-line interface for ProtonVPN, a secure |
884 | point-to-point virtual private networking (VPN) service with a gratis tier. | |
885 | It can automatically find and connect to the fastest servers or use Tor over | |
886 | VPN. The gratis tier offers unlimited bandwidth for up to 10 devices.") | |
c873980d RP |
887 | (home-page "https://github.com/ProtonVPN/linux-cli") |
888 | (license license:gpl3+))) | |
889 | ||
feca8e2b JM |
890 | (define-public tinc |
891 | (package | |
892 | (name "tinc") | |
2b247e51 | 893 | (version "1.0.36") |
feca8e2b JM |
894 | (source (origin |
895 | (method url-fetch) | |
e81ddeda | 896 | (uri (string-append "https://tinc-vpn.org/packages/" |
657c3ff6 | 897 | "tinc-" version ".tar.gz")) |
feca8e2b JM |
898 | (sha256 |
899 | (base32 | |
2b247e51 | 900 | "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0")))) |
feca8e2b | 901 | (build-system gnu-build-system) |
7b770eca SB |
902 | (arguments |
903 | '(#:configure-flags | |
904 | '("--sysconfdir=/etc" | |
905 | "--localstatedir=/var"))) | |
8394619b | 906 | (inputs (list zlib lzo openssl)) |
e81ddeda | 907 | (home-page "https://tinc-vpn.org") |
feca8e2b JM |
908 | (synopsis "Virtual Private Network (VPN) daemon") |
909 | (description | |
910 | "Tinc is a VPN that uses tunnelling and encryption to create a secure | |
911 | private network between hosts on the internet.") | |
912 | (license license:gpl2+))) | |
5c863d57 TGR |
913 | |
914 | (define-public sshuttle | |
915 | (package | |
916 | (name "sshuttle") | |
627c6531 | 917 | (version "0.78.5") |
5c863d57 TGR |
918 | (source |
919 | (origin | |
920 | (method url-fetch) | |
921 | (uri (pypi-uri name version)) | |
922 | (sha256 | |
923 | (base32 | |
627c6531 | 924 | "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8")))) |
5c863d57 | 925 | (build-system python-build-system) |
c32863e0 TGR |
926 | (arguments |
927 | `(#:phases | |
928 | (modify-phases %standard-phases | |
929 | (add-after 'unpack 'patch-FHS-file-names | |
930 | (lambda _ | |
931 | (substitute* "sshuttle/client.py" | |
932 | (("/usr/bin/env") (which "env"))) | |
933 | (substitute* "sshuttle/ssh.py" | |
0e2d3ce2 | 934 | (("/bin/sh") "sh")) |
c32863e0 | 935 | #t))))) |
5c863d57 | 936 | (native-inputs |
8394619b LC |
937 | (list python-setuptools-scm |
938 | ;; For tests only. | |
939 | python-flake8 | |
940 | python-mock | |
941 | python-pytest-cov | |
942 | python-pytest-runner)) | |
5c863d57 TGR |
943 | (home-page "https://github.com/sshuttle/sshuttle") |
944 | (synopsis "VPN that transparently forwards connections over SSH") | |
945 | (description "sshuttle creates an encrypted virtual private network (VPN) | |
946 | connection to any remote server to which you have secure shell (SSH) access. | |
947 | The only requirement is a suitable version of Python on the server; | |
948 | administrative privileges are required only on the client. Unlike most VPNs, | |
949 | sshuttle forwards entire sessions, not packets, using kernel transparent | |
950 | proxying. This makes it faster and more reliable than SSH's own tunneling and | |
951 | port forwarding features. It can forward both TCP and UDP traffic, including | |
952 | DNS domain name queries.") | |
953 | (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’ | |
1ce6f33b TGR |
954 | |
955 | (define-public sshoot | |
956 | (package | |
957 | (name "sshoot") | |
d45727f4 | 958 | (version "1.5.1") |
1ce6f33b TGR |
959 | (source |
960 | (origin | |
961 | (method url-fetch) | |
962 | (uri (pypi-uri name version)) | |
963 | (sha256 | |
964 | (base32 | |
d45727f4 | 965 | "05i54nga4vy660yy9yf6dl376yj0jc51303yr295qk3k9w0k96yd")))) |
1ce6f33b | 966 | (build-system python-build-system) |
c0b12a60 MB |
967 | (arguments |
968 | '(#:phases | |
969 | (modify-phases %standard-phases | |
970 | (add-after 'unpack 'patch-paths | |
971 | (lambda _ | |
972 | (substitute* "sshoot/tests/test_manager.py" | |
d45727f4 MC |
973 | (("/bin/sh") (which "sh"))))) |
974 | (replace 'check | |
975 | (lambda* (#:key tests? #:allow-other-keys) | |
976 | (when tests? | |
977 | (invoke "pytest" "-vv" "--pyargs" "sshoot"))))))) | |
1ce6f33b | 978 | (inputs |
d45727f4 MC |
979 | (list python-argcomplete |
980 | python-prettytable | |
981 | python-pyyaml | |
982 | python-pyxdg | |
983 | python-toolrack)) | |
1ce6f33b TGR |
984 | ;; For tests only. |
985 | (native-inputs | |
d45727f4 | 986 | (list python-pytest python-pytest-mock)) |
3b4018d6 | 987 | (home-page "https://github.com/albertodonato/sshoot") |
1ce6f33b TGR |
988 | (synopsis "sshuttle VPN session manager") |
989 | (description "sshoot provides a command-line interface to manage multiple | |
990 | @command{sshuttle} virtual private networks. It supports flexible profiles | |
991 | with configuration options for most of @command{sshuttle}’s features.") | |
992 | (license license:gpl3+))) | |
7ba2b274 MP |
993 | |
994 | (define-public badvpn | |
995 | (package | |
996 | (name "badvpn") | |
997 | (version "1.999.130") | |
998 | (source | |
999 | (origin | |
1000 | (method git-fetch) | |
1001 | (uri (git-reference | |
b0e7b699 | 1002 | (url "https://github.com/ambrop72/badvpn") |
7ba2b274 MP |
1003 | (commit version))) |
1004 | (file-name (git-file-name name version)) | |
1005 | (sha256 | |
1006 | (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c")))) | |
1007 | (build-system cmake-build-system) | |
1008 | (arguments | |
1009 | '(#:tests? #f)) ; no tests | |
1010 | (inputs | |
8394619b | 1011 | (list nspr nss openssl)) |
7ba2b274 | 1012 | (native-inputs |
8394619b | 1013 | (list pkg-config)) |
7ba2b274 MP |
1014 | (home-page "https://github.com/ambrop72/badvpn") |
1015 | (synopsis "Peer-to-peer virtual private network (VPN)") | |
1016 | (description "@code{BadVPN} is a collection of virtual private | |
1017 | network (VPN) tools. It includes: | |
1018 | ||
1019 | @enumerate | |
1020 | @item NCD programming language.\n | |
1021 | NCD (Network Configuration Daemon) is a daemon and programming/scripting | |
1022 | language for configuration of network interfaces and other aspects of the | |
1023 | operating system. | |
1024 | @item Tun2socks network-layer proxifier.\n | |
1025 | The tun2socks program socksifes TCP connections at the network layer. It | |
1026 | implements a TUN device which accepts all incoming TCP connections (regardless | |
1027 | of destination IP), and forwards the connections through a SOCKS server. | |
1028 | @item Peer-to-peer VPN.\n | |
1029 | The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers | |
1030 | (VPN nodes). | |
1031 | @end enumerate") | |
1032 | ;; This project contains a bundled lwIP. lwIP is also released under the | |
1033 | ;; 3-clause BSD license. | |
1034 | (license license:bsd-3))) | |
7a0479bb | 1035 | |
336d7644 | 1036 | (define-public wireguard-linux-compat |
7a0479bb | 1037 | (package |
336d7644 | 1038 | (name "wireguard-linux-compat") |
c3e6fcde | 1039 | (version "1.0.20201221") |
7a0479bb LF |
1040 | (source (origin |
1041 | (method url-fetch) | |
336d7644 LF |
1042 | (uri (string-append "https://git.zx2c4.com/wireguard-linux-compat/" |
1043 | "snapshot/wireguard-linux-compat-" version | |
1044 | ".tar.xz")) | |
7a0479bb LF |
1045 | (sha256 |
1046 | (base32 | |
c3e6fcde | 1047 | "0ci13in0fqq32n5qamch4qhjgbdq86ygrgmfhc9szsh2nsl8jlkf")))) |
3b177a6c BW |
1048 | (build-system linux-module-build-system) |
1049 | (outputs '("out" | |
1050 | "kernel-patch")) | |
7a0479bb | 1051 | (arguments |
76ad9547 TGR |
1052 | `(#:linux ,linux-libre-5.4 ; mustn't have WG built-in |
1053 | #:tests? #f ; no test suite | |
3b177a6c | 1054 | #:modules ((guix build linux-module-build-system) |
7a0479bb LF |
1055 | (guix build utils) |
1056 | (ice-9 popen) | |
1057 | (ice-9 textual-ports)) | |
1058 | #:phases | |
1059 | (modify-phases %standard-phases | |
3b177a6c BW |
1060 | (add-before 'build 'change-directory |
1061 | (lambda _ | |
1062 | (chdir "./src") | |
1063 | #t)) | |
1064 | (add-after 'build 'build-patch | |
7a0479bb | 1065 | (lambda* (#:key outputs #:allow-other-keys) |
3b177a6c | 1066 | (let* ((patch-builder "../kernel-tree-scripts/create-patch.sh") |
7a0479bb LF |
1067 | (port (open-input-pipe patch-builder)) |
1068 | (str (get-string-all port))) | |
1069 | (close-pipe port) | |
336d7644 | 1070 | (call-with-output-file "wireguard.patch" |
7a0479bb LF |
1071 | (lambda (port) |
1072 | (format port "~a" str)))) | |
76ad9547 | 1073 | #t)) |
3b177a6c | 1074 | (add-after 'install 'install-patch |
336d7644 LF |
1075 | (lambda* (#:key outputs #:allow-other-keys) |
1076 | (install-file "wireguard.patch" | |
3b177a6c BW |
1077 | (assoc-ref %outputs "kernel-patch")) |
1078 | #t)) | |
1079 | ;; So that 'install-license-files' works... | |
1080 | (add-before 'install-license-files 'reset-cwd | |
1081 | (lambda _ | |
1082 | (chdir "..") | |
336d7644 LF |
1083 | #t))))) |
1084 | (home-page "https://git.zx2c4.com/wireguard-linux-compat/") | |
1085 | (synopsis "WireGuard kernel module for Linux 3.10 through 5.5") | |
3b177a6c BW |
1086 | (description "This package contains an out-of-tree kernel patch and |
1087 | a loadable module adding WireGuard to Linux kernel versions 3.10 through 5.5. | |
1088 | WireGuard was added to Linux 5.6.") | |
7a0479bb | 1089 | (license license:gpl2))) |
1b17c23e | 1090 | |
10650b89 TGR |
1091 | (define-public wireguard-tools |
1092 | (package | |
1093 | (name "wireguard-tools") | |
0fd3b422 | 1094 | (version "1.0.20210914") |
10650b89 TGR |
1095 | (source |
1096 | (origin | |
1097 | (method git-fetch) | |
1098 | (uri (git-reference | |
1099 | (url "https://git.zx2c4.com/wireguard-tools.git") | |
1100 | (commit (string-append "v" version)))) | |
1101 | (file-name (git-file-name name version)) | |
1102 | (sha256 | |
0fd3b422 | 1103 | (base32 "1nafrb2naif0z7z3vijnlyp81z89ywzlagc64k4sqa3ayzn95sm0")))) |
10650b89 TGR |
1104 | (build-system gnu-build-system) |
1105 | (arguments | |
19781930 | 1106 | `(#:make-flags |
598afe95 | 1107 | (list ,(string-append "CC=" (cc-for-target)) |
c1005113 | 1108 | "--directory=src" |
10650b89 TGR |
1109 | "WITH_BASHCOMPLETION=yes" |
1110 | ;; Install the ‘simple and dirty’ helper script wg-quick(8). | |
1111 | "WITH_WGQUICK=yes" | |
1112 | (string-append "PREFIX=" (assoc-ref %outputs "out")) | |
1113 | ;; Currently used only to create an empty /etc/wireguard directory. | |
1114 | (string-append "SYSCONFDIR=no-thanks")) | |
19781930 LF |
1115 | ;; The test suite is meant to be run interactively. It runs Clang's |
1116 | ;; scan-build static analyzer and then starts a web server to display the | |
1117 | ;; results. | |
1118 | #:tests? #f | |
10650b89 TGR |
1119 | #:phases |
1120 | (modify-phases %standard-phases | |
0fd3b422 | 1121 | (delete 'configure) ; no configure script |
d084e71c BW |
1122 | (add-after 'install 'install-contrib-docs |
1123 | (lambda* (#:key outputs #:allow-other-keys) | |
226221df TGR |
1124 | (let* ((out (assoc-ref outputs "out")) |
1125 | (doc (string-append out "/share/doc/wireguard-tools"))) | |
0fd3b422 | 1126 | (copy-recursively "contrib/" doc)))) |
d084e71c BW |
1127 | (add-after 'install 'wrap-wg-quick |
1128 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
1129 | (let* ((out (assoc-ref outputs "out")) | |
1130 | (inputs-sbin (map (lambda (input) | |
0fd3b422 TGR |
1131 | (string-append (assoc-ref inputs input) |
1132 | "/sbin")) | |
1133 | (list "iproute" | |
1134 | "iptables" | |
1135 | "procps" | |
1136 | "resolvconf"))) | |
1137 | (coreutils (string-append (assoc-ref inputs "coreutils") | |
1138 | "/bin"))) | |
d084e71c | 1139 | (wrap-program (string-append out "/bin/wg-quick") |
d1827d5c | 1140 | #:sh (search-input-file inputs "bin/bash") |
d084e71c | 1141 | `("PATH" ":" prefix ,(append inputs-sbin |
0fd3b422 | 1142 | (list coreutils)))))))))) |
d084e71c BW |
1143 | (inputs |
1144 | `(("resolvconf" ,openresolv) | |
1145 | ("coreutils" ,coreutils) | |
1146 | ("bash" ,bash) ; for scripts using /dev/tcp | |
1147 | ("procps" ,procps) | |
1148 | ("iproute" ,iproute) | |
1149 | ("iptables" ,iptables))) | |
10650b89 TGR |
1150 | (home-page "https://www.wireguard.com/") |
1151 | (synopsis "Tools for configuring WireGuard tunnels") | |
1152 | (description | |
1153 | "This package provides the user-space command-line tools for using and | |
1154 | configuring WireGuard tunnels. | |
1155 | ||
1156 | WireGuard is a simple and fast general-purpose @acronym{VPN, Virtual Private | |
1157 | Network} that securely encapsulates IP packets over UDP. It aims to be as easy | |
1158 | to configure and deploy as SSH. VPN connections are made simply by exchanging | |
1159 | public keys and can roam across IP addresses.") | |
1160 | (license | |
1161 | (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library | |
1162 | license:gpl2)))) ; everything else | |
1163 | ||
1b17c23e TČ |
1164 | (define-public xl2tpd |
1165 | (package | |
1166 | (name "xl2tpd") | |
f38adc47 | 1167 | (version "1.3.17") |
1b17c23e TČ |
1168 | (source (origin |
1169 | (method git-fetch) | |
1170 | (uri (git-reference | |
1171 | (url "https://github.com/xelerance/xl2tpd") | |
1172 | (commit (string-append "v" version)))) | |
28341601 | 1173 | (file-name (git-file-name name version)) |
1b17c23e TČ |
1174 | (sha256 |
1175 | (base32 | |
f38adc47 | 1176 | "06aiidwygywaa1jn8m2pw8l3vnsc2bjnacbjmlsdy1cqgr1f5cc9")))) |
1b17c23e TČ |
1177 | (build-system gnu-build-system) |
1178 | (arguments | |
422e5d35 EF |
1179 | (list |
1180 | #:make-flags | |
1181 | #~(list (string-append "PREFIX=" #$output) | |
1182 | (string-append "CC=" #$(cc-for-target))) | |
1183 | #:phases | |
1184 | #~(modify-phases %standard-phases | |
1185 | (delete 'configure) ;no configure script | |
1186 | (add-before 'build 'setup-environment | |
1187 | (lambda* (#:key inputs #:allow-other-keys) | |
1188 | (substitute* "l2tp.h" | |
1189 | (("/usr/sbin/pppd") | |
1190 | (search-input-file inputs "/sbin/pppd"))) | |
1191 | (setenv "KERNELSRC" | |
1192 | (assoc-ref inputs "kernel-headers"))))) | |
14ccd8f8 | 1193 | #:tests? #f)) ; no tests provided |
467485a5 | 1194 | (inputs (list libpcap ppp)) |
1b17c23e TČ |
1195 | (home-page "https://www.xelerance.com/software/xl2tpd/") |
1196 | (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)") | |
1197 | (description | |
1198 | "xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). | |
1199 | L2TP allows you to tunnel PPP over UDP.") | |
1200 | (license license:gpl2))) |