[jackhill/guix/guix.git] / gnu / packages / vpn.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages vpn)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system python)
  #:use-module (gnu packages)
  #:use-module (gnu packages base)
  #:use-module (gnu packages check)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages python)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages xml))

(define-public gvpe
  (package
    (name "gvpe")
    (version "3.0")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gvpe/gvpe-"
                                  version ".tar.gz"))
              (sha256
               (base32
                "1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf"))))
    (build-system gnu-build-system)
    (home-page "http://software.schmorp.de/pkg/gvpe.html")
    (inputs `(("openssl" ,openssl)
              ("zlib" ,zlib)))
    (synopsis "Secure VPN among multiple nodes over an untrusted network")
    (description
     "The GNU Virtual Private Ethernet creates a virtual network
with multiple nodes using a variety of transport protocols.  It works
by creating encrypted host-to-host tunnels between multiple
endpoints.")
    (license license:gpl3+)))

(define-public vpnc
  (package
   (name "vpnc")
   (version "0.5.3")
   (source (origin
            (method url-fetch)
            (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
                                version ".tar.gz"))
            (sha256 (base32
                     "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
   (build-system gnu-build-system)
   (inputs `(("libgcrypt" ,libgcrypt)
             ("perl" ,perl)
             ("vpnc-scripts" ,vpnc-scripts)))
   (arguments
    `(#:tests? #f ; there is no check target
      #:phases
      (modify-phases %standard-phases
        (add-after 'unpack 'use-store-paths
          (lambda* (#:key inputs outputs #:allow-other-keys)
            (let ((out          (assoc-ref outputs "out"))
                  (vpnc-scripts (assoc-ref inputs  "vpnc-scripts")))
              (substitute* "config.c"
                (("/etc/vpnc/vpnc-script")
                 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
              (substitute* "Makefile"
                (("ETCDIR=.*")
                 (string-append "ETCDIR=" out "/etc/vpnc\n"))
                (("PREFIX=.*")
                 (string-append "PREFIX=" out "\n")))
              #t)))
        (delete 'configure))))          ; no configure script
   (synopsis "Client for Cisco VPN concentrators")
   (description
    "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
It supports IPSec (ESP) with Mode Configuration and Xauth.  It supports only
shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
1DES, MD5, SHA1, DH1/2/5 and IP tunneling.  It runs entirely in userspace.
Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
   (license license:gpl2+) ; some file are bsd-2, see COPYING
   (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))

(define-public vpnc-scripts
  (let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3"))
    (package
      (name "vpnc-scripts")
      (version (string-append "20161214." (string-take commit 7)))
      (source (origin
                (method git-fetch)
                (uri
                 (git-reference
                  (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
                  (commit commit)))
                (sha256
                 (base32
                  "0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h"))))
      (build-system gnu-build-system)
      (inputs `(("coreutils" ,coreutils)
                ("grep" ,grep)
                ("iproute2" ,iproute)    ; for ‘ip’
                ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
                ("sed" ,sed)
                ("which" ,which)))
      (arguments
       `(#:phases
         (modify-phases %standard-phases
           (add-after 'unpack 'use-relative-paths
             ;; Patch the scripts to work with and use relative paths.
             (lambda* _
               (for-each (lambda (script)
                           (substitute* script
                             (("^PATH=.*") "")
                             (("(/usr|)/s?bin/") "")
                             (("\\[ +-x +([^]]+) +\\]" _ command)
                              (string-append "command -v >/dev/null 2>&1 "
                                             command))))
                         (find-files "." "^vpnc-script"))
               #t))
           (delete 'configure)          ; no configure script
           (replace 'build
             (lambda _
               (zero? (system* "gcc" "-o" "netunshare" "netunshare.c"))))
           (replace 'install
             ;; There is no Makefile; manually install the relevant files.
             (lambda* (#:key outputs #:allow-other-keys)
               (let* ((out (assoc-ref outputs "out"))
                      (etc (string-append out "/etc/vpnc")))
                 (for-each (lambda (file)
                             (install-file file etc))
                           (append (find-files "." "^vpnc-script")
                                   (list "netunshare"
                                         "xinetd.netns.conf")))
                 #t)))
           (add-after 'install 'wrap-scripts
             ;; Wrap scripts with paths to their common hard dependencies.
             ;; Optional dependencies will need to be installed by the user.
             (lambda* (#:key inputs outputs #:allow-other-keys)
               (let ((out (assoc-ref outputs "out")))
                 (for-each
                  (lambda (script)
                    (wrap-program script
                      `("PATH" ":" prefix
                        ,(map (lambda (name)
                                (let ((input (assoc-ref inputs name)))
                                  (string-append input "/bin:"
                                                 input "/sbin")))
                              (list "coreutils"
                                    "grep"
                                    "iproute2"
                                    "net-tools"
                                    "sed"
                                    "which")))))
                  (find-files (string-append out "/etc/vpnc/vpnc-script")
                              "^vpnc-script"))))))
         #:tests? #f))                  ; no tests
      (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
      (synopsis "Network configuration scripts for Cisco VPN clients")
      (description
       "This set of scripts configures routing and name services when invoked
by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.

The default @command{vpnc-script} automatically configures most common
connections, and provides hooks for performing custom actions at various stages
of the connection or disconnection process.

Alternative scripts are provided for more complicated set-ups, or to serve as an
example for writing your own.  For example, @command{vpnc-script-sshd} contains
the entire VPN in a network namespace accessible only through SSH.")
      (license license:gpl2+))))

(define-public openconnect
  (package
   (name "openconnect")
   (version "7.08")
   (source (origin
            (method url-fetch)
            (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
                                "openconnect-" version ".tar.gz"))
            (sha256 (base32
                     "00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w"))))
   (build-system gnu-build-system)
   (inputs
    `(("libxml2" ,libxml2)
      ("gnutls" ,gnutls)
      ("vpnc" ,vpnc)
      ("zlib" ,zlib)))
   (native-inputs
    `(("gettext" ,gettext-minimal)
      ("pkg-config" ,pkg-config)))
   (arguments
    `(#:configure-flags
      `(,(string-append "--with-vpnc-script="
                        (assoc-ref %build-inputs "vpnc")
                        "/etc/vpnc/vpnc-script"))))
   (synopsis "Client for Cisco VPN")
   (description
    "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
and probably others.")
   (license license:lgpl2.1)
   (home-page "http://www.infradead.org/openconnect/")))

(define-public openvpn
  (package
    (name "openvpn")
    (version "2.4.4")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://swupdate.openvpn.org/community/releases/openvpn-"
                    version ".tar.xz"))
              (sha256
               (base32
                "102an395nv8l7qfx3syydzhmd9xfbycd6gvwy0h2kjz8w67ipkcn"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags '("--enable-iproute2=yes")))
    (native-inputs
     `(("iproute2" ,iproute)))
    (inputs
     `(("lz4" ,lz4)
       ("lzo" ,lzo)
       ("openssl" ,openssl)
       ("linux-pam" ,linux-pam)))
    (home-page "https://openvpn.net/")
    (synopsis "Virtual private network daemon")
    (description "OpenVPN implements virtual private network (VPN) techniques
for creating secure point-to-point or site-to-site connections in routed or
bridged configurations and remote access facilities.  It uses a custom
security protocol that utilizes SSL/TLS for key exchange.  It is capable of
traversing network address translators (NATs) and firewalls.")
    (license license:gpl2)))

(define-public tinc
  (package
    (name "tinc")
    (version "1.0.28")
    (source (origin
              (method url-fetch)
              (uri (string-append "http://tinc-vpn.org/packages/"
                                  name "-" version ".tar.gz"))
              (sha256
               (base32
                "0i5kx3hza359nclyhb60kxlzqyx0phmg175350hww28g6scjcl0b"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags
       '("--sysconfdir=/etc"
         "--localstatedir=/var")))
    (inputs `(("zlib" ,zlib)
              ("lzo" ,lzo)
              ("openssl" ,openssl)))
    (home-page "http://tinc-vpn.org")
    (synopsis "Virtual Private Network (VPN) daemon")
    (description
     "Tinc is a VPN that uses tunnelling and encryption to create a secure
private network between hosts on the internet.")
    (license license:gpl2+)))

(define-public sshuttle
  (package
    (name "sshuttle")
    (version "0.78.3")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "12xyq5h77b57cnkljdk8qyjxzys512b73019s20x6ck5brj1m8wa"))))
    (build-system python-build-system)
    (native-inputs
     `(("python-setuptools-scm" ,python-setuptools-scm)
       ;; For tests only.
       ("python-mock" ,python-mock)
       ("python-pytest" ,python-pytest)
       ("python-pytest-runner" ,python-pytest-runner)))
    (home-page "https://github.com/sshuttle/sshuttle")
    (synopsis "VPN that transparently forwards connections over SSH")
    (description "sshuttle creates an encrypted virtual private network (VPN)
connection to any remote server to which you have secure shell (SSH) access.
The only requirement is a suitable version of Python on the server;
administrative privileges are required only on the client.  Unlike most VPNs,
sshuttle forwards entire sessions, not packets, using kernel transparent
proxying.  This makes it faster and more reliable than SSH's own tunneling and
port forwarding features.  It can forward both TCP and UDP traffic, including
DNS domain name queries.")
    (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’

(define-public sshoot
  (package
    (name "sshoot")
    (version "1.2.6")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
    (build-system python-build-system)
    (arguments
     '(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'patch-paths
           (lambda _
             (substitute* "sshoot/tests/test_manager.py"
               (("/bin/sh") (which "sh")))
             #t)))))
    (inputs
     `(("python-argcomplete" ,python-argcomplete)
       ("python-prettytable" ,python-prettytable)
       ("python-pyyaml" ,python-pyyaml)))
    ;; For tests only.
    (native-inputs
     `(("python-fixtures" ,python-fixtures)
       ("python-pbr" ,python-pbr)
       ("python-testtools" ,python-testtools)))
    (home-page "https://github.com/albertodonato/sshoot")
    (synopsis "sshuttle VPN session manager")
    (description "sshoot provides a command-line interface to manage multiple
@command{sshuttle} virtual private networks.  It supports flexible profiles
with configuration options for most of @command{sshuttle}’s features.")
    (license license:gpl3+)))
Commit	Line	Data
49f24f41 AE	1	;;; GNU Guix --- Functional package management for GNU
49f24f41 AE	2	;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
42c97811	3	;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
d4bf49b1	4	;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b	5	;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
8d2de491	6	;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
06d91fd9	7	;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8	8	;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
49f24f41 AE	9	;;;
	10	;;; This file is part of GNU Guix.
	11	;;;
	12	;;; GNU Guix is free software; you can redistribute it and/or modify it
	13	;;; under the terms of the GNU General Public License as published by
	14	;;; the Free Software Foundation; either version 3 of the License, or (at
	15	;;; your option) any later version.
	16	;;;
	17	;;; GNU Guix is distributed in the hope that it will be useful, but
	18	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	19	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	;;; GNU General Public License for more details.
	21	;;;
	22	;;; You should have received a copy of the GNU General Public License
	23	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	24
	25	(define-module (gnu packages vpn)
b5b73a82	26	#:use-module ((guix licenses) #:prefix license:)
49f24f41 AE	27	#:use-module (guix packages)
49f24f41 AE	28	#:use-module (guix download)
06d91fd9	29	#:use-module (guix git-download)
49f24f41	30	#:use-module (guix build-system gnu)
5c863d57	31	#:use-module (guix build-system python)
49f24f41	32	#:use-module (gnu packages)
06d91fd9	33	#:use-module (gnu packages base)
ac257f12	34	#:use-module (gnu packages check)
71f4b81a	35	#:use-module (gnu packages compression)
1dba6407	36	#:use-module (gnu packages gettext)
49f24f41	37	#:use-module (gnu packages gnupg)
dc77f0d3	38	#:use-module (gnu packages linux)
71f4b81a AE	39	#:use-module (gnu packages perl)
71f4b81a AE	40	#:use-module (gnu packages pkg-config)
5c863d57	41	#:use-module (gnu packages python)
a7fd7b68	42	#:use-module (gnu packages tls)
71f4b81a	43	#:use-module (gnu packages xml))
49f24f41	44
7af8a9b7 LC	45	(define-public gvpe
	46	(package
	47	(name "gvpe")
3ded2761	48	(version "3.0")
7af8a9b7 LC	49	(source (origin
	50	(method url-fetch)
	51	(uri (string-append "mirror://gnu/gvpe/gvpe-"
	52	version ".tar.gz"))
	53	(sha256
	54	(base32
3ded2761	55	"1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf"))))
7af8a9b7 LC	56	(build-system gnu-build-system)
	57	(home-page "http://software.schmorp.de/pkg/gvpe.html")
	58	(inputs `(("openssl" ,openssl)
	59	("zlib" ,zlib)))
	60	(synopsis "Secure VPN among multiple nodes over an untrusted network")
	61	(description
	62	"The GNU Virtual Private Ethernet creates a virtual network
	63	with multiple nodes using a variety of transport protocols. It works
	64	by creating encrypted host-to-host tunnels between multiple
	65	endpoints.")
	66	(license license:gpl3+)))
	67
49f24f41 AE	68	(define-public vpnc
	69	(package
	70	(name "vpnc")
	71	(version "0.5.3")
	72	(source (origin
	73	(method url-fetch)
594360f5	74	(uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41 AE	75	version ".tar.gz"))
49f24f41 AE	76	(sha256 (base32
101e67ac	77	"1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41 AE	78	(build-system gnu-build-system)
49f24f41 AE	79	(inputs `(("libgcrypt" ,libgcrypt)
42c97811	80	("perl" ,perl)
101e67ac	81	("vpnc-scripts" ,vpnc-scripts)))
49f24f41 AE	82	(arguments
49f24f41 AE	83	`(#:tests? #f ; there is no check target
49f24f41	84	#:phases
42c97811	85	(modify-phases %standard-phases
101e67ac	86	(add-after 'unpack 'use-store-paths
42c97811	87	(lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac TGR	88	(let ((out (assoc-ref outputs "out"))
	89	(vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
	90	(substitute* "config.c"
	91	(("/etc/vpnc/vpnc-script")
	92	(string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
	93	(substitute* "Makefile"
	94	(("ETCDIR=.*")
	95	(string-append "ETCDIR=" out "/etc/vpnc\n"))
	96	(("PREFIX=.*")
	97	(string-append "PREFIX=" out "\n")))
	98	#t)))
	99	(delete 'configure)))) ; no configure script
799dcdc4	100	(synopsis "Client for Cisco VPN concentrators")
49f24f41 AE	101	(description
49f24f41 AE	102	"vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423	103	It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41	104	shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423	105	1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41 AE	106	Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
	107	(license license:gpl2+) ; some file are bsd-2, see COPYING
	108	(home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a	109
06d91fd9 TGR	110	(define-public vpnc-scripts
	111	(let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3"))
	112	(package
	113	(name "vpnc-scripts")
	114	(version (string-append "20161214." (string-take commit 7)))
	115	(source (origin
	116	(method git-fetch)
	117	(uri
	118	(git-reference
	119	(url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
	120	(commit commit)))
	121	(sha256
	122	(base32
	123	"0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h"))))
	124	(build-system gnu-build-system)
	125	(inputs `(("coreutils" ,coreutils)
	126	("grep" ,grep)
	127	("iproute2" ,iproute) ; for ‘ip’
	128	("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
	129	("sed" ,sed)
	130	("which" ,which)))
	131	(arguments
	132	`(#:phases
	133	(modify-phases %standard-phases
	134	(add-after 'unpack 'use-relative-paths
	135	;; Patch the scripts to work with and use relative paths.
	136	(lambda* _
	137	(for-each (lambda (script)
	138	(substitute* script
	139	(("^PATH=.*") "")
	140	(("(/usr\|)/s?bin/") "")
	141	(("\\[ +-x +([^]]+) +\\]" _ command)
	142	(string-append "command -v >/dev/null 2>&1 "
	143	command))))
	144	(find-files "." "^vpnc-script"))
	145	#t))
	146	(delete 'configure) ; no configure script
	147	(replace 'build
	148	(lambda _
	149	(zero? (system* "gcc" "-o" "netunshare" "netunshare.c"))))
	150	(replace 'install
	151	;; There is no Makefile; manually install the relevant files.
	152	(lambda* (#:key outputs #:allow-other-keys)
	153	(let* ((out (assoc-ref outputs "out"))
	154	(etc (string-append out "/etc/vpnc")))
	155	(for-each (lambda (file)
	156	(install-file file etc))
	157	(append (find-files "." "^vpnc-script")
	158	(list "netunshare"
	159	"xinetd.netns.conf")))
	160	#t)))
	161	(add-after 'install 'wrap-scripts
	162	;; Wrap scripts with paths to their common hard dependencies.
	163	;; Optional dependencies will need to be installed by the user.
	164	(lambda* (#:key inputs outputs #:allow-other-keys)
	165	(let ((out (assoc-ref outputs "out")))
	166	(for-each
	167	(lambda (script)
	168	(wrap-program script
	169	`("PATH" ":" prefix
	170	,(map (lambda (name)
	171	(let ((input (assoc-ref inputs name)))
	172	(string-append input "/bin:"
	173	input "/sbin")))
174	(list "coreutils"
175	"grep"
176	"iproute2"
177	"net-tools"
178	"sed"
179	"which")))))
180	(find-files (string-append out "/etc/vpnc/vpnc-script")
181	"^vpnc-script"))))))
182	#:tests? #f)) ; no tests
183	(home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
184	(synopsis "Network configuration scripts for Cisco VPN clients")
185	(description
186	"This set of scripts configures routing and name services when invoked
187	by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
188
189	The default @command{vpnc-script} automatically configures most common
190	connections, and provides hooks for performing custom actions at various stages
191	of the connection or disconnection process.
192
193	Alternative scripts are provided for more complicated set-ups, or to serve as an
194	example for writing your own. For example, @command{vpnc-script-sshd} contains
195	the entire VPN in a network namespace accessible only through SSH.")
196	(license license:gpl2+))))
71f4b81a AE	197
	198	(define-public openconnect
	199	(package
	200	(name "openconnect")
426aecfd	201	(version "7.08")
71f4b81a AE	202	(source (origin
71f4b81a AE	203	(method url-fetch)
d4bf49b1 EB	204	(uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
d4bf49b1 EB	205	"openconnect-" version ".tar.gz"))
71f4b81a	206	(sha256 (base32
426aecfd	207	"00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w"))))
71f4b81a AE	208	(build-system gnu-build-system)
71f4b81a AE	209	(inputs
c4c4cc05	210	`(("libxml2" ,libxml2)
060e365a	211	("gnutls" ,gnutls)
71f4b81a AE	212	("vpnc" ,vpnc)
71f4b81a AE	213	("zlib" ,zlib)))
c4c4cc05	214	(native-inputs
b94a6ca0	215	`(("gettext" ,gettext-minimal)
c4c4cc05	216	("pkg-config" ,pkg-config)))
71f4b81a	217	(arguments
d4bf49b1 EB	218	`(#:configure-flags
	219	`(,(string-append "--with-vpnc-script="
	220	(assoc-ref %build-inputs "vpnc")
	221	"/etc/vpnc/vpnc-script"))))
799dcdc4	222	(synopsis "Client for Cisco VPN")
71f4b81a AE	223	(description
	224	"OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
	225	supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
	226	870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
	227	and probably others.")
	228	(license license:lgpl2.1)
	229	(home-page "http://www.infradead.org/openconnect/")))
dc77f0d3 DT	230
	231	(define-public openvpn
	232	(package
	233	(name "openvpn")
dee9a262	234	(version "2.4.4")
dc77f0d3 DT	235	(source (origin
	236	(method url-fetch)
	237	(uri (string-append
	238	"https://swupdate.openvpn.org/community/releases/openvpn-"
	239	version ".tar.xz"))
	240	(sha256
	241	(base32
dee9a262	242	"102an395nv8l7qfx3syydzhmd9xfbycd6gvwy0h2kjz8w67ipkcn"))))
dc77f0d3 DT	243	(build-system gnu-build-system)
	244	(arguments
	245	'(#:configure-flags '("--enable-iproute2=yes")))
	246	(native-inputs
	247	`(("iproute2" ,iproute)))
	248	(inputs
dee9a262 EF	249	`(("lz4" ,lz4)
dee9a262 EF	250	("lzo" ,lzo)
dc77f0d3 DT	251	("openssl" ,openssl)
	252	("linux-pam" ,linux-pam)))
	253	(home-page "https://openvpn.net/")
	254	(synopsis "Virtual private network daemon")
	255	(description "OpenVPN implements virtual private network (VPN) techniques
	256	for creating secure point-to-point or site-to-site connections in routed or
	257	bridged configurations and remote access facilities. It uses a custom
	258	security protocol that utilizes SSL/TLS for key exchange. It is capable of
e881752c	259	traversing network address translators (NATs) and firewalls.")
dc77f0d3	260	(license license:gpl2)))
feca8e2b JM	261
	262	(define-public tinc
	263	(package
	264	(name "tinc")
7e19194d	265	(version "1.0.28")
feca8e2b JM	266	(source (origin
	267	(method url-fetch)
	268	(uri (string-append "http://tinc-vpn.org/packages/"
	269	name "-" version ".tar.gz"))
	270	(sha256
	271	(base32
7e19194d	272	"0i5kx3hza359nclyhb60kxlzqyx0phmg175350hww28g6scjcl0b"))))
feca8e2b	273	(build-system gnu-build-system)
7b770eca SB	274	(arguments
	275	'(#:configure-flags
	276	'("--sysconfdir=/etc"
	277	"--localstatedir=/var")))
feca8e2b JM	278	(inputs `(("zlib" ,zlib)
	279	("lzo" ,lzo)
	280	("openssl" ,openssl)))
	281	(home-page "http://tinc-vpn.org")
	282	(synopsis "Virtual Private Network (VPN) daemon")
	283	(description
	284	"Tinc is a VPN that uses tunnelling and encryption to create a secure
	285	private network between hosts on the internet.")
	286	(license license:gpl2+)))
5c863d57 TGR	287
	288	(define-public sshuttle
	289	(package
	290	(name "sshuttle")
447f7582	291	(version "0.78.3")
5c863d57 TGR	292	(source
	293	(origin
	294	(method url-fetch)
	295	(uri (pypi-uri name version))
	296	(sha256
	297	(base32
447f7582	298	"12xyq5h77b57cnkljdk8qyjxzys512b73019s20x6ck5brj1m8wa"))))
5c863d57 TGR	299	(build-system python-build-system)
5c863d57 TGR	300	(native-inputs
3308591f	301	`(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57 TGR	302	;; For tests only.
5c863d57 TGR	303	("python-mock" ,python-mock)
3308591f TGR	304	("python-pytest" ,python-pytest)
3308591f TGR	305	("python-pytest-runner" ,python-pytest-runner)))
5c863d57 TGR	306	(home-page "https://github.com/sshuttle/sshuttle")
	307	(synopsis "VPN that transparently forwards connections over SSH")
	308	(description "sshuttle creates an encrypted virtual private network (VPN)
	309	connection to any remote server to which you have secure shell (SSH) access.
	310	The only requirement is a suitable version of Python on the server;
	311	administrative privileges are required only on the client. Unlike most VPNs,
	312	sshuttle forwards entire sessions, not packets, using kernel transparent
	313	proxying. This makes it faster and more reliable than SSH's own tunneling and
	314	port forwarding features. It can forward both TCP and UDP traffic, including
	315	DNS domain name queries.")
	316	(license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b TGR	317
	318	(define-public sshoot
	319	(package
	320	(name "sshoot")
3b4018d6	321	(version "1.2.6")
1ce6f33b TGR	322	(source
	323	(origin
	324	(method url-fetch)
	325	(uri (pypi-uri name version))
	326	(sha256
	327	(base32
3b4018d6	328	"1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b	329	(build-system python-build-system)
c0b12a60 MB	330	(arguments
	331	'(#:phases
	332	(modify-phases %standard-phases
	333	(add-after 'unpack 'patch-paths
	334	(lambda _
	335	(substitute* "sshoot/tests/test_manager.py"
	336	(("/bin/sh") (which "sh")))
	337	#t)))))
1ce6f33b TGR	338	(inputs
	339	`(("python-argcomplete" ,python-argcomplete)
	340	("python-prettytable" ,python-prettytable)
	341	("python-pyyaml" ,python-pyyaml)))
	342	;; For tests only.
	343	(native-inputs
	344	`(("python-fixtures" ,python-fixtures)
	345	("python-pbr" ,python-pbr)
	346	("python-testtools" ,python-testtools)))
3b4018d6	347	(home-page "https://github.com/albertodonato/sshoot")
1ce6f33b TGR	348	(synopsis "sshuttle VPN session manager")
	349	(description "sshoot provides a command-line interface to manage multiple
	350	@command{sshuttle} virtual private networks. It supports flexible profiles
	351	with configuration options for most of @command{sshuttle}’s features.")
	352	(license license:gpl3+)))