Commit | Line | Data |
---|---|---|
49f24f41 AE |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> | |
42c97811 | 3 | ;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org> |
d4bf49b1 | 4 | ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> |
feca8e2b | 5 | ;;; Copyright © 2015 Jeff Mickey <j@codemac.net> |
8d2de491 | 6 | ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> |
06d91fd9 | 7 | ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr> |
fa3346b8 | 8 | ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu> |
49f24f41 AE |
9 | ;;; |
10 | ;;; This file is part of GNU Guix. | |
11 | ;;; | |
12 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
13 | ;;; under the terms of the GNU General Public License as published by | |
14 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
15 | ;;; your option) any later version. | |
16 | ;;; | |
17 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
18 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | ;;; GNU General Public License for more details. | |
21 | ;;; | |
22 | ;;; You should have received a copy of the GNU General Public License | |
23 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
24 | ||
25 | (define-module (gnu packages vpn) | |
b5b73a82 | 26 | #:use-module ((guix licenses) #:prefix license:) |
49f24f41 AE |
27 | #:use-module (guix packages) |
28 | #:use-module (guix download) | |
06d91fd9 | 29 | #:use-module (guix git-download) |
49f24f41 | 30 | #:use-module (guix build-system gnu) |
5c863d57 | 31 | #:use-module (guix build-system python) |
49f24f41 | 32 | #:use-module (gnu packages) |
06d91fd9 | 33 | #:use-module (gnu packages base) |
ac257f12 | 34 | #:use-module (gnu packages check) |
71f4b81a | 35 | #:use-module (gnu packages compression) |
1dba6407 | 36 | #:use-module (gnu packages gettext) |
49f24f41 | 37 | #:use-module (gnu packages gnupg) |
dc77f0d3 | 38 | #:use-module (gnu packages linux) |
71f4b81a AE |
39 | #:use-module (gnu packages perl) |
40 | #:use-module (gnu packages pkg-config) | |
5c863d57 | 41 | #:use-module (gnu packages python) |
a7fd7b68 | 42 | #:use-module (gnu packages tls) |
71f4b81a | 43 | #:use-module (gnu packages xml)) |
49f24f41 | 44 | |
7af8a9b7 LC |
45 | (define-public gvpe |
46 | (package | |
47 | (name "gvpe") | |
3ded2761 | 48 | (version "3.0") |
7af8a9b7 LC |
49 | (source (origin |
50 | (method url-fetch) | |
51 | (uri (string-append "mirror://gnu/gvpe/gvpe-" | |
52 | version ".tar.gz")) | |
53 | (sha256 | |
54 | (base32 | |
3ded2761 | 55 | "1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf")))) |
7af8a9b7 LC |
56 | (build-system gnu-build-system) |
57 | (home-page "http://software.schmorp.de/pkg/gvpe.html") | |
58 | (inputs `(("openssl" ,openssl) | |
59 | ("zlib" ,zlib))) | |
60 | (synopsis "Secure VPN among multiple nodes over an untrusted network") | |
61 | (description | |
62 | "The GNU Virtual Private Ethernet creates a virtual network | |
63 | with multiple nodes using a variety of transport protocols. It works | |
64 | by creating encrypted host-to-host tunnels between multiple | |
65 | endpoints.") | |
66 | (license license:gpl3+))) | |
67 | ||
49f24f41 AE |
68 | (define-public vpnc |
69 | (package | |
70 | (name "vpnc") | |
71 | (version "0.5.3") | |
72 | (source (origin | |
73 | (method url-fetch) | |
594360f5 | 74 | (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-" |
49f24f41 AE |
75 | version ".tar.gz")) |
76 | (sha256 (base32 | |
101e67ac | 77 | "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6")))) |
49f24f41 AE |
78 | (build-system gnu-build-system) |
79 | (inputs `(("libgcrypt" ,libgcrypt) | |
42c97811 | 80 | ("perl" ,perl) |
101e67ac | 81 | ("vpnc-scripts" ,vpnc-scripts))) |
49f24f41 AE |
82 | (arguments |
83 | `(#:tests? #f ; there is no check target | |
49f24f41 | 84 | #:phases |
42c97811 | 85 | (modify-phases %standard-phases |
101e67ac | 86 | (add-after 'unpack 'use-store-paths |
42c97811 | 87 | (lambda* (#:key inputs outputs #:allow-other-keys) |
101e67ac TGR |
88 | (let ((out (assoc-ref outputs "out")) |
89 | (vpnc-scripts (assoc-ref inputs "vpnc-scripts"))) | |
90 | (substitute* "config.c" | |
91 | (("/etc/vpnc/vpnc-script") | |
92 | (string-append vpnc-scripts "/etc/vpnc/vpnc-script"))) | |
93 | (substitute* "Makefile" | |
94 | (("ETCDIR=.*") | |
95 | (string-append "ETCDIR=" out "/etc/vpnc\n")) | |
96 | (("PREFIX=.*") | |
97 | (string-append "PREFIX=" out "\n"))) | |
98 | #t))) | |
99 | (delete 'configure)))) ; no configure script | |
799dcdc4 | 100 | (synopsis "Client for Cisco VPN concentrators") |
49f24f41 AE |
101 | (description |
102 | "vpnc is a VPN client compatible with Cisco's EasyVPN equipment. | |
35b9e423 | 103 | It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only |
49f24f41 | 104 | shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES, |
35b9e423 | 105 | 1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace. |
49f24f41 AE |
106 | Only \"Universal TUN/TAP device driver support\" is needed in the kernel.") |
107 | (license license:gpl2+) ; some file are bsd-2, see COPYING | |
108 | (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/"))) | |
71f4b81a | 109 | |
06d91fd9 TGR |
110 | (define-public vpnc-scripts |
111 | (let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3")) | |
112 | (package | |
113 | (name "vpnc-scripts") | |
114 | (version (string-append "20161214." (string-take commit 7))) | |
115 | (source (origin | |
116 | (method git-fetch) | |
117 | (uri | |
118 | (git-reference | |
119 | (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
120 | (commit commit))) | |
121 | (sha256 | |
122 | (base32 | |
123 | "0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h")))) | |
124 | (build-system gnu-build-system) | |
125 | (inputs `(("coreutils" ,coreutils) | |
126 | ("grep" ,grep) | |
127 | ("iproute2" ,iproute) ; for ‘ip’ | |
128 | ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’ | |
129 | ("sed" ,sed) | |
130 | ("which" ,which))) | |
131 | (arguments | |
132 | `(#:phases | |
133 | (modify-phases %standard-phases | |
134 | (add-after 'unpack 'use-relative-paths | |
135 | ;; Patch the scripts to work with and use relative paths. | |
136 | (lambda* _ | |
137 | (for-each (lambda (script) | |
138 | (substitute* script | |
139 | (("^PATH=.*") "") | |
140 | (("(/usr|)/s?bin/") "") | |
141 | (("\\[ +-x +([^]]+) +\\]" _ command) | |
142 | (string-append "command -v >/dev/null 2>&1 " | |
143 | command)))) | |
144 | (find-files "." "^vpnc-script")) | |
145 | #t)) | |
146 | (delete 'configure) ; no configure script | |
147 | (replace 'build | |
148 | (lambda _ | |
149 | (zero? (system* "gcc" "-o" "netunshare" "netunshare.c")))) | |
150 | (replace 'install | |
151 | ;; There is no Makefile; manually install the relevant files. | |
152 | (lambda* (#:key outputs #:allow-other-keys) | |
153 | (let* ((out (assoc-ref outputs "out")) | |
154 | (etc (string-append out "/etc/vpnc"))) | |
155 | (for-each (lambda (file) | |
156 | (install-file file etc)) | |
157 | (append (find-files "." "^vpnc-script") | |
158 | (list "netunshare" | |
159 | "xinetd.netns.conf"))) | |
160 | #t))) | |
161 | (add-after 'install 'wrap-scripts | |
162 | ;; Wrap scripts with paths to their common hard dependencies. | |
163 | ;; Optional dependencies will need to be installed by the user. | |
164 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
165 | (let ((out (assoc-ref outputs "out"))) | |
166 | (for-each | |
167 | (lambda (script) | |
168 | (wrap-program script | |
169 | `("PATH" ":" prefix | |
170 | ,(map (lambda (name) | |
171 | (let ((input (assoc-ref inputs name))) | |
172 | (string-append input "/bin:" | |
173 | input "/sbin"))) | |
174 | (list "coreutils" | |
175 | "grep" | |
176 | "iproute2" | |
177 | "net-tools" | |
178 | "sed" | |
179 | "which"))))) | |
180 | (find-files (string-append out "/etc/vpnc/vpnc-script") | |
181 | "^vpnc-script")))))) | |
182 | #:tests? #f)) ; no tests | |
183 | (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
184 | (synopsis "Network configuration scripts for Cisco VPN clients") | |
185 | (description | |
186 | "This set of scripts configures routing and name services when invoked | |
187 | by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients. | |
188 | ||
189 | The default @command{vpnc-script} automatically configures most common | |
190 | connections, and provides hooks for performing custom actions at various stages | |
191 | of the connection or disconnection process. | |
192 | ||
193 | Alternative scripts are provided for more complicated set-ups, or to serve as an | |
194 | example for writing your own. For example, @command{vpnc-script-sshd} contains | |
195 | the entire VPN in a network namespace accessible only through SSH.") | |
196 | (license license:gpl2+)))) | |
71f4b81a AE |
197 | |
198 | (define-public openconnect | |
199 | (package | |
200 | (name "openconnect") | |
426aecfd | 201 | (version "7.08") |
71f4b81a AE |
202 | (source (origin |
203 | (method url-fetch) | |
d4bf49b1 EB |
204 | (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/" |
205 | "openconnect-" version ".tar.gz")) | |
71f4b81a | 206 | (sha256 (base32 |
426aecfd | 207 | "00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w")))) |
71f4b81a AE |
208 | (build-system gnu-build-system) |
209 | (inputs | |
c4c4cc05 | 210 | `(("libxml2" ,libxml2) |
060e365a | 211 | ("gnutls" ,gnutls) |
71f4b81a AE |
212 | ("vpnc" ,vpnc) |
213 | ("zlib" ,zlib))) | |
c4c4cc05 | 214 | (native-inputs |
b94a6ca0 | 215 | `(("gettext" ,gettext-minimal) |
c4c4cc05 | 216 | ("pkg-config" ,pkg-config))) |
71f4b81a | 217 | (arguments |
d4bf49b1 EB |
218 | `(#:configure-flags |
219 | `(,(string-append "--with-vpnc-script=" | |
220 | (assoc-ref %build-inputs "vpnc") | |
221 | "/etc/vpnc/vpnc-script")))) | |
799dcdc4 | 222 | (synopsis "Client for Cisco VPN") |
71f4b81a AE |
223 | (description |
224 | "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is | |
225 | supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500, | |
226 | 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers, | |
227 | and probably others.") | |
228 | (license license:lgpl2.1) | |
229 | (home-page "http://www.infradead.org/openconnect/"))) | |
dc77f0d3 DT |
230 | |
231 | (define-public openvpn | |
232 | (package | |
233 | (name "openvpn") | |
dee9a262 | 234 | (version "2.4.4") |
dc77f0d3 DT |
235 | (source (origin |
236 | (method url-fetch) | |
237 | (uri (string-append | |
238 | "https://swupdate.openvpn.org/community/releases/openvpn-" | |
239 | version ".tar.xz")) | |
240 | (sha256 | |
241 | (base32 | |
dee9a262 | 242 | "102an395nv8l7qfx3syydzhmd9xfbycd6gvwy0h2kjz8w67ipkcn")))) |
dc77f0d3 DT |
243 | (build-system gnu-build-system) |
244 | (arguments | |
245 | '(#:configure-flags '("--enable-iproute2=yes"))) | |
246 | (native-inputs | |
247 | `(("iproute2" ,iproute))) | |
248 | (inputs | |
dee9a262 EF |
249 | `(("lz4" ,lz4) |
250 | ("lzo" ,lzo) | |
dc77f0d3 DT |
251 | ("openssl" ,openssl) |
252 | ("linux-pam" ,linux-pam))) | |
253 | (home-page "https://openvpn.net/") | |
254 | (synopsis "Virtual private network daemon") | |
255 | (description "OpenVPN implements virtual private network (VPN) techniques | |
256 | for creating secure point-to-point or site-to-site connections in routed or | |
257 | bridged configurations and remote access facilities. It uses a custom | |
258 | security protocol that utilizes SSL/TLS for key exchange. It is capable of | |
e881752c | 259 | traversing network address translators (NATs) and firewalls.") |
dc77f0d3 | 260 | (license license:gpl2))) |
feca8e2b JM |
261 | |
262 | (define-public tinc | |
263 | (package | |
264 | (name "tinc") | |
7e19194d | 265 | (version "1.0.28") |
feca8e2b JM |
266 | (source (origin |
267 | (method url-fetch) | |
268 | (uri (string-append "http://tinc-vpn.org/packages/" | |
269 | name "-" version ".tar.gz")) | |
270 | (sha256 | |
271 | (base32 | |
7e19194d | 272 | "0i5kx3hza359nclyhb60kxlzqyx0phmg175350hww28g6scjcl0b")))) |
feca8e2b | 273 | (build-system gnu-build-system) |
7b770eca SB |
274 | (arguments |
275 | '(#:configure-flags | |
276 | '("--sysconfdir=/etc" | |
277 | "--localstatedir=/var"))) | |
feca8e2b JM |
278 | (inputs `(("zlib" ,zlib) |
279 | ("lzo" ,lzo) | |
280 | ("openssl" ,openssl))) | |
281 | (home-page "http://tinc-vpn.org") | |
282 | (synopsis "Virtual Private Network (VPN) daemon") | |
283 | (description | |
284 | "Tinc is a VPN that uses tunnelling and encryption to create a secure | |
285 | private network between hosts on the internet.") | |
286 | (license license:gpl2+))) | |
5c863d57 TGR |
287 | |
288 | (define-public sshuttle | |
289 | (package | |
290 | (name "sshuttle") | |
447f7582 | 291 | (version "0.78.3") |
5c863d57 TGR |
292 | (source |
293 | (origin | |
294 | (method url-fetch) | |
295 | (uri (pypi-uri name version)) | |
296 | (sha256 | |
297 | (base32 | |
447f7582 | 298 | "12xyq5h77b57cnkljdk8qyjxzys512b73019s20x6ck5brj1m8wa")))) |
5c863d57 TGR |
299 | (build-system python-build-system) |
300 | (native-inputs | |
3308591f | 301 | `(("python-setuptools-scm" ,python-setuptools-scm) |
5c863d57 TGR |
302 | ;; For tests only. |
303 | ("python-mock" ,python-mock) | |
3308591f TGR |
304 | ("python-pytest" ,python-pytest) |
305 | ("python-pytest-runner" ,python-pytest-runner))) | |
5c863d57 TGR |
306 | (home-page "https://github.com/sshuttle/sshuttle") |
307 | (synopsis "VPN that transparently forwards connections over SSH") | |
308 | (description "sshuttle creates an encrypted virtual private network (VPN) | |
309 | connection to any remote server to which you have secure shell (SSH) access. | |
310 | The only requirement is a suitable version of Python on the server; | |
311 | administrative privileges are required only on the client. Unlike most VPNs, | |
312 | sshuttle forwards entire sessions, not packets, using kernel transparent | |
313 | proxying. This makes it faster and more reliable than SSH's own tunneling and | |
314 | port forwarding features. It can forward both TCP and UDP traffic, including | |
315 | DNS domain name queries.") | |
316 | (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’ | |
1ce6f33b TGR |
317 | |
318 | (define-public sshoot | |
319 | (package | |
320 | (name "sshoot") | |
3b4018d6 | 321 | (version "1.2.6") |
1ce6f33b TGR |
322 | (source |
323 | (origin | |
324 | (method url-fetch) | |
325 | (uri (pypi-uri name version)) | |
326 | (sha256 | |
327 | (base32 | |
3b4018d6 | 328 | "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0")))) |
1ce6f33b | 329 | (build-system python-build-system) |
c0b12a60 MB |
330 | (arguments |
331 | '(#:phases | |
332 | (modify-phases %standard-phases | |
333 | (add-after 'unpack 'patch-paths | |
334 | (lambda _ | |
335 | (substitute* "sshoot/tests/test_manager.py" | |
336 | (("/bin/sh") (which "sh"))) | |
337 | #t))))) | |
1ce6f33b TGR |
338 | (inputs |
339 | `(("python-argcomplete" ,python-argcomplete) | |
340 | ("python-prettytable" ,python-prettytable) | |
341 | ("python-pyyaml" ,python-pyyaml))) | |
342 | ;; For tests only. | |
343 | (native-inputs | |
344 | `(("python-fixtures" ,python-fixtures) | |
345 | ("python-pbr" ,python-pbr) | |
346 | ("python-testtools" ,python-testtools))) | |
3b4018d6 | 347 | (home-page "https://github.com/albertodonato/sshoot") |
1ce6f33b TGR |
348 | (synopsis "sshuttle VPN session manager") |
349 | (description "sshoot provides a command-line interface to manage multiple | |
350 | @command{sshuttle} virtual private networks. It supports flexible profiles | |
351 | with configuration options for most of @command{sshuttle}’s features.") | |
352 | (license license:gpl3+))) |