;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2016, 2018, 2019 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
-;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
+;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
+;;; Copyright © 2019, 2020 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
+;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
;;;
;;; This file is part of GNU Guix.
;;;
#:use-module (guix packages)
#:use-module (guix download)
#:use-module (guix git-download)
+ #:use-module (guix build-system cmake)
#:use-module (guix build-system gnu)
#:use-module (guix build-system python)
#:use-module (gnu packages)
+ #:use-module (gnu packages admin)
#:use-module (gnu packages base)
#:use-module (gnu packages check)
#:use-module (gnu packages autotools)
#:use-module (gnu packages compression)
#:use-module (gnu packages gettext)
#:use-module (gnu packages gnupg)
+ #:use-module (gnu packages guile)
#:use-module (gnu packages libevent)
#:use-module (gnu packages linux)
+ #:use-module (gnu packages nss)
#:use-module (gnu packages perl)
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
+ #:use-module (gnu packages python-xyz)
#:use-module (gnu packages tls)
#:use-module (gnu packages xml))
(define-public gvpe
(package
(name "gvpe")
- (version "3.0")
+ (version "3.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/gvpe/gvpe-"
version ".tar.gz"))
(sha256
(base32
- "1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf"))
- (modules '((guix build utils)))
- (snippet
- '(begin
- ;; Remove the outdated bundled copy of glibc's getopt, which
- ;; provides a 'getopt' declaration that conflicts with that
- ;; of glibc 2.26.
- (substitute* "lib/Makefile.in"
- (("getopt1?\\.(c|h|\\$\\(OBJEXT\\))") ""))
- (for-each delete-file
- '("lib/getopt.h" "lib/getopt.c"))
- #t))))
+ "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi"))))
(build-system gnu-build-system)
(home-page "http://software.schmorp.de/pkg/gvpe.html")
+ (native-inputs `(("pkg-config" ,pkg-config)))
(inputs `(("openssl" ,openssl)
("zlib" ,zlib)))
(synopsis "Secure VPN among multiple nodes over an untrusted network")
1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
(license license:gpl2+) ; some file are bsd-2, see COPYING
- (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))
+ (home-page "https://www.unix-ag.uni-kl.de/~massar/vpnc/")))
(define-public vpnc-scripts
- (let ((commit "07c3518dd6b8dc424e9c3650a62bed994a4dcbe1"))
+ (let ((commit "1000e0f6dd7d6bff163169a46359211c1fc3a6d2"))
(package
(name "vpnc-scripts")
- (version (string-append "20180226." (string-take commit 7)))
+ (version (string-append "20190116." (string-take commit 7)))
(source (origin
(method git-fetch)
(uri
(file-name (git-file-name name version))
(sha256
(base32
- "02d29nrmnj6kfa889cavqn1pkn9ssb5gyp4lz1v47spwx7abpdi7"))))
+ "1g41yarz2bl0f73kbjqnywr485ghanbp7nmspklfb0n07yp0z6ak"))))
(build-system gnu-build-system)
- (inputs `(("coreutils" ,coreutils)
+ (inputs `(("guile" ,guile-2.2) ; for the wrapper scripts
+ ("coreutils" ,coreutils)
("grep" ,grep)
("iproute2" ,iproute) ; for ‘ip’
("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
(let ((out (assoc-ref outputs "out")))
(for-each
(lambda (script)
- (wrap-program script
+ (wrap-script (string-append out "/etc/vpnc/" script)
`("PATH" ":" prefix
,(map (lambda (name)
(let ((input (assoc-ref inputs name)))
"net-tools"
"sed"
"which")))))
- (find-files (string-append out "/etc/vpnc/vpnc-script")
- "^vpnc-script"))
+ (list "vpnc-script-ptrtd"
+ "vpnc-script-sshd"
+ "vpnc-script"))
#t))))
#:tests? #f)) ; no tests
(home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
(name "ocproxy")
(version "1.60")
(source (origin
- (method url-fetch)
- (uri (string-append
- "https://github.com/cernekee/ocproxy/archive/v"
- version ".tar.gz"))
- (file-name (string-append name "-" version ".tar.gz"))
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/cernekee/ocproxy.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
(sha256
(base32
- "1b4rg3xq5jnrp2l14sw0msan8kqhdxmsd7gpw9lkiwvxy13pcdm7"))))
+ "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx"))))
(build-system gnu-build-system)
(native-inputs
`(("autoconf" ,autoconf)
("automake" ,automake)))
(inputs
`(("libevent" ,libevent)))
- (arguments
- '(#:phases
- (modify-phases %standard-phases
- (add-after 'unpack 'autogen
- (lambda _ (invoke "sh" "autogen.sh"))))))
(home-page "https://github.com/cernekee/ocproxy")
(synopsis "OpenConnect proxy")
(description
(define-public openconnect
(package
(name "openconnect")
- (version "7.08")
+ (version "8.05")
(source (origin
(method url-fetch)
(uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
"openconnect-" version ".tar.gz"))
- (sha256 (base32
- "00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w"))))
+ (sha256
+ (base32 "14i9q727c2zc9xhzp1a9hz3gzb5lwgsslbhircm84dnbs192jp1k"))))
(build-system gnu-build-system)
- (inputs
+ (propagated-inputs
`(("libxml2" ,libxml2)
("gnutls" ,gnutls)
- ("vpnc-scripts" ,vpnc-scripts)
("zlib" ,zlib)))
+ (inputs
+ `(("vpnc-scripts" ,vpnc-scripts)))
(native-inputs
`(("gettext" ,gettext-minimal)
("pkg-config" ,pkg-config)))
870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
and probably others.")
(license license:lgpl2.1)
- (home-page "http://www.infradead.org/openconnect/")))
+ (home-page "https://www.infradead.org/openconnect/")))
(define-public openvpn
(package
(name "openvpn")
- (version "2.4.6")
+ (version "2.4.8")
(source (origin
(method url-fetch)
(uri (string-append
version ".tar.xz"))
(sha256
(base32
- "09lck4wmkas3iyrzaspin9gn3wiclqb1m9sf8diy7j8wakx38r2g"))))
+ "149z3agjy03i66mcj5bplim2mh45s2ps1wmxbxczyzw0nxmsd37v"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--enable-iproute2=yes")))
(define-public tinc
(package
(name "tinc")
- (version "1.0.35")
+ (version "1.0.36")
(source (origin
(method url-fetch)
- (uri (string-append "http://tinc-vpn.org/packages/"
- name "-" version ".tar.gz"))
+ (uri (string-append "https://tinc-vpn.org/packages/"
+ "tinc-" version ".tar.gz"))
(sha256
(base32
- "0pl92sdwrkiwgll78x0ww06hfljd07mkwm62g8x17qn3gha3pj0q"))))
+ "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags
(inputs `(("zlib" ,zlib)
("lzo" ,lzo)
("openssl" ,openssl)))
- (home-page "http://tinc-vpn.org")
+ (home-page "https://tinc-vpn.org")
(synopsis "Virtual Private Network (VPN) daemon")
(description
"Tinc is a VPN that uses tunnelling and encryption to create a secure
(define-public sshuttle
(package
(name "sshuttle")
- (version "0.78.4")
+ (version "0.78.5")
(source
(origin
(method url-fetch)
(uri (pypi-uri name version))
(sha256
(base32
- "0pqk43kd7crqhg6qgnl8kapncwgw1xgaf02zarzypcw64kvdih9h"))))
+ "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"))))
(build-system python-build-system)
(arguments
`(#:phases
(native-inputs
`(("python-setuptools-scm" ,python-setuptools-scm)
;; For tests only.
+ ("python-flake8", python-flake8)
("python-mock" ,python-mock)
- ("python-pytest" ,python-pytest)
+ ("python-pytest-cov" ,python-pytest-cov)
("python-pytest-runner" ,python-pytest-runner)))
(home-page "https://github.com/sshuttle/sshuttle")
(synopsis "VPN that transparently forwards connections over SSH")
@command{sshuttle} virtual private networks. It supports flexible profiles
with configuration options for most of @command{sshuttle}’s features.")
(license license:gpl3+)))
+
+(define-public badvpn
+ (package
+ (name "badvpn")
+ (version "1.999.130")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/ambrop72/badvpn.git")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c"))))
+ (build-system cmake-build-system)
+ (arguments
+ '(#:tests? #f)) ; no tests
+ (inputs
+ `(("nspr" ,nspr)
+ ("nss" ,nss)
+ ("openssl" ,openssl)))
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
+ (home-page "https://github.com/ambrop72/badvpn")
+ (synopsis "Peer-to-peer virtual private network (VPN)")
+ (description "@code{BadVPN} is a collection of virtual private
+network (VPN) tools. It includes:
+
+@enumerate
+@item NCD programming language.\n
+NCD (Network Configuration Daemon) is a daemon and programming/scripting
+language for configuration of network interfaces and other aspects of the
+operating system.
+@item Tun2socks network-layer proxifier.\n
+The tun2socks program socksifes TCP connections at the network layer. It
+implements a TUN device which accepts all incoming TCP connections (regardless
+of destination IP), and forwards the connections through a SOCKS server.
+@item Peer-to-peer VPN.\n
+The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
+(VPN nodes).
+@end enumerate")
+ ;; This project contains a bundled lwIP. lwIP is also released under the
+ ;; 3-clause BSD license.
+ (license license:bsd-3)))
+
+(define-public wireguard
+ (package
+ (name "wireguard")
+ (version "0.0.20191219")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append "https://git.zx2c4.com/WireGuard/snapshot/"
+ "WireGuard-" version ".tar.xz"))
+ (sha256
+ (base32
+ "1rxhhf18vnlbxpaxib6y55gbvr5h9dcvl8sn2l5slzz97066zfjs"))))
+ (build-system gnu-build-system)
+ (outputs '("out" ; The WireGuard userspace tools
+ "kernel-patch")) ; A patch to build Linux with WireGuard support
+ (arguments
+ `(#:tests? #f ; No tests available.
+ #:make-flags
+ (list "CC=gcc"
+ "--directory=src/tools"
+ "WITH_BASHCOMPLETION=yes"
+ ;; Build and install the helper script wg-quick(8).
+ "WITH_WGQUICK=yes"
+ (string-append "PREFIX=" (assoc-ref %outputs "out"))
+ (string-append "SYSCONFDIR=" (assoc-ref %outputs "out") "/etc"))
+ #:modules ((guix build gnu-build-system)
+ (guix build utils)
+ (ice-9 popen)
+ (ice-9 textual-ports))
+ #:phases
+ (modify-phases %standard-phases
+ ;; There is no ./configure script.
+ (delete 'configure)
+ ;; Until WireGuard is added to the upstream Linux kernel, it is
+ ;; distributed as a kernel patch generated by this script.
+ (add-after 'patch-source-shebangs 'make-patch
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((output (string-append (assoc-ref outputs "kernel-patch")
+ "/wireguard.patch"))
+ (patch-builder "./contrib/kernel-tree/create-patch.sh")
+ (port (open-input-pipe patch-builder))
+ (str (get-string-all port)))
+ (close-pipe port)
+ (mkdir-p (dirname output))
+ (call-with-output-file output
+ (lambda (port)
+ (format port "~a" str))))
+ #t)))))
+ (inputs
+ `(("libmnl" ,libmnl)))
+ (home-page "https://www.wireguard.com/")
+ (synopsis "Tools for configuring WireGuard")
+ (description "This package provides the userspace tools for setting and
+retrieving configuration of WireGuard network tunnel interfaces, and a patch
+that can be applied to a Linux kernel source tree in order to build it with
+WireGuard support.")
+ (license license:gpl2)))
+
+(define-public wireguard-tools
+ (package
+ (name "wireguard-tools")
+ (version "1.0.20200206")
+ (source
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://git.zx2c4.com/wireguard-tools.git")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32 "0ivc08lds5w39a6f2xdfih9wlk5g724hl3kpdvxvh5yff4l84qb7"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags
+ (list "CC=gcc"
+ "--directory=src"
+ "WITH_BASHCOMPLETION=yes"
+ ;; Install the ‘simple and dirty’ helper script wg-quick(8).
+ "WITH_WGQUICK=yes"
+ (string-append "PREFIX=" (assoc-ref %outputs "out"))
+ ;; Currently used only to create an empty /etc/wireguard directory.
+ (string-append "SYSCONFDIR=no-thanks"))
+ ;; The test suite is meant to be run interactively. It runs Clang's
+ ;; scan-build static analyzer and then starts a web server to display the
+ ;; results.
+ #:tests? #f
+ #:phases
+ (modify-phases %standard-phases
+ ;; No configure script
+ (delete 'configure))))
+ (home-page "https://www.wireguard.com/")
+ (synopsis "Tools for configuring WireGuard tunnels")
+ (description
+ "This package provides the user-space command-line tools for using and
+configuring WireGuard tunnels.
+
+WireGuard is a simple and fast general-purpose @acronym{VPN, Virtual Private
+Network} that securely encapsulates IP packets over UDP. It aims to be as easy
+to configure and deploy as SSH. VPN connections are made simply by exchanging
+public keys and can roam across IP addresses.")
+ (license
+ (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library
+ license:gpl2)))) ; everything else
+
+(define-public xl2tpd
+ (package
+ (name "xl2tpd")
+ (version "1.3.15")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/xelerance/xl2tpd")
+ (commit (string-append "v" version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "0ppwza8nwm1av1vldw40gin9wrjrs4l9si50jad414js3k8ycaag"))))
+ (build-system gnu-build-system)
+ (arguments
+ `(#:make-flags (list (string-append "PREFIX=" %output)
+ "CC=gcc")
+ #:phases (modify-phases %standard-phases
+ (delete 'configure)) ; no configure script
+ #:tests? #f)) ; no tests provided
+ (inputs `(("libpcap" ,libpcap)))
+ (home-page "https://www.xelerance.com/software/xl2tpd/")
+ (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)")
+ (description
+ "xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661).
+L2TP allows you to tunnel PPP over UDP.")
+ (license license:gpl2)))