Commit | Line | Data |
---|---|---|
49f24f41 AE |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> | |
aff0cce9 | 3 | ;;; Copyright © 2013, 2016, 2018, 2019 Ludovic Courtès <ludo@gnu.org> |
d4bf49b1 | 4 | ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> |
feca8e2b | 5 | ;;; Copyright © 2015 Jeff Mickey <j@codemac.net> |
0d7f282b | 6 | ;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il> |
e4aa83be | 7 | ;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr> |
fa3346b8 | 8 | ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu> |
01224157 | 9 | ;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com> |
7ba2b274 | 10 | ;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com> |
c1005113 | 11 | ;;; Copyright © 2019, 2020 Leo Famulari <leo@famulari.name> |
9fd6ad3e | 12 | ;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com> |
b47e083b | 13 | ;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net> |
3b177a6c | 14 | ;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re> |
49f24f41 AE |
15 | ;;; |
16 | ;;; This file is part of GNU Guix. | |
17 | ;;; | |
18 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
19 | ;;; under the terms of the GNU General Public License as published by | |
20 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
21 | ;;; your option) any later version. | |
22 | ;;; | |
23 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
24 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
25 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
26 | ;;; GNU General Public License for more details. | |
27 | ;;; | |
28 | ;;; You should have received a copy of the GNU General Public License | |
29 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
30 | ||
31 | (define-module (gnu packages vpn) | |
b5b73a82 | 32 | #:use-module ((guix licenses) #:prefix license:) |
49f24f41 AE |
33 | #:use-module (guix packages) |
34 | #:use-module (guix download) | |
06d91fd9 | 35 | #:use-module (guix git-download) |
7ba2b274 | 36 | #:use-module (guix build-system cmake) |
49f24f41 | 37 | #:use-module (guix build-system gnu) |
3b177a6c | 38 | #:use-module (guix build-system linux-module) |
5c863d57 | 39 | #:use-module (guix build-system python) |
49f24f41 | 40 | #:use-module (gnu packages) |
1b17c23e | 41 | #:use-module (gnu packages admin) |
06d91fd9 | 42 | #:use-module (gnu packages base) |
ac257f12 | 43 | #:use-module (gnu packages check) |
01224157 | 44 | #:use-module (gnu packages autotools) |
71f4b81a | 45 | #:use-module (gnu packages compression) |
1dba6407 | 46 | #:use-module (gnu packages gettext) |
49f24f41 | 47 | #:use-module (gnu packages gnupg) |
b47e083b | 48 | #:use-module (gnu packages guile) |
01224157 | 49 | #:use-module (gnu packages libevent) |
dc77f0d3 | 50 | #:use-module (gnu packages linux) |
aff0cce9 | 51 | #:use-module (gnu packages nss) |
71f4b81a AE |
52 | #:use-module (gnu packages perl) |
53 | #:use-module (gnu packages pkg-config) | |
5c863d57 | 54 | #:use-module (gnu packages python) |
44d10b1f | 55 | #:use-module (gnu packages python-xyz) |
a7fd7b68 | 56 | #:use-module (gnu packages tls) |
71f4b81a | 57 | #:use-module (gnu packages xml)) |
49f24f41 | 58 | |
7af8a9b7 LC |
59 | (define-public gvpe |
60 | (package | |
61 | (name "gvpe") | |
574d877e | 62 | (version "3.1") |
7af8a9b7 LC |
63 | (source (origin |
64 | (method url-fetch) | |
65 | (uri (string-append "mirror://gnu/gvpe/gvpe-" | |
66 | version ".tar.gz")) | |
67 | (sha256 | |
68 | (base32 | |
574d877e | 69 | "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi")))) |
7af8a9b7 LC |
70 | (build-system gnu-build-system) |
71 | (home-page "http://software.schmorp.de/pkg/gvpe.html") | |
574d877e | 72 | (native-inputs `(("pkg-config" ,pkg-config))) |
7af8a9b7 LC |
73 | (inputs `(("openssl" ,openssl) |
74 | ("zlib" ,zlib))) | |
75 | (synopsis "Secure VPN among multiple nodes over an untrusted network") | |
76 | (description | |
77 | "The GNU Virtual Private Ethernet creates a virtual network | |
78 | with multiple nodes using a variety of transport protocols. It works | |
79 | by creating encrypted host-to-host tunnels between multiple | |
80 | endpoints.") | |
81 | (license license:gpl3+))) | |
82 | ||
49f24f41 AE |
83 | (define-public vpnc |
84 | (package | |
85 | (name "vpnc") | |
86 | (version "0.5.3") | |
87 | (source (origin | |
88 | (method url-fetch) | |
594360f5 | 89 | (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-" |
49f24f41 AE |
90 | version ".tar.gz")) |
91 | (sha256 (base32 | |
101e67ac | 92 | "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6")))) |
49f24f41 AE |
93 | (build-system gnu-build-system) |
94 | (inputs `(("libgcrypt" ,libgcrypt) | |
42c97811 | 95 | ("perl" ,perl) |
101e67ac | 96 | ("vpnc-scripts" ,vpnc-scripts))) |
49f24f41 AE |
97 | (arguments |
98 | `(#:tests? #f ; there is no check target | |
49f24f41 | 99 | #:phases |
42c97811 | 100 | (modify-phases %standard-phases |
101e67ac | 101 | (add-after 'unpack 'use-store-paths |
42c97811 | 102 | (lambda* (#:key inputs outputs #:allow-other-keys) |
101e67ac TGR |
103 | (let ((out (assoc-ref outputs "out")) |
104 | (vpnc-scripts (assoc-ref inputs "vpnc-scripts"))) | |
105 | (substitute* "config.c" | |
106 | (("/etc/vpnc/vpnc-script") | |
107 | (string-append vpnc-scripts "/etc/vpnc/vpnc-script"))) | |
108 | (substitute* "Makefile" | |
109 | (("ETCDIR=.*") | |
110 | (string-append "ETCDIR=" out "/etc/vpnc\n")) | |
111 | (("PREFIX=.*") | |
112 | (string-append "PREFIX=" out "\n"))) | |
113 | #t))) | |
114 | (delete 'configure)))) ; no configure script | |
799dcdc4 | 115 | (synopsis "Client for Cisco VPN concentrators") |
49f24f41 AE |
116 | (description |
117 | "vpnc is a VPN client compatible with Cisco's EasyVPN equipment. | |
35b9e423 | 118 | It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only |
49f24f41 | 119 | shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES, |
35b9e423 | 120 | 1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace. |
49f24f41 AE |
121 | Only \"Universal TUN/TAP device driver support\" is needed in the kernel.") |
122 | (license license:gpl2+) ; some file are bsd-2, see COPYING | |
d61043c7 | 123 | (home-page "https://www.unix-ag.uni-kl.de/~massar/vpnc/"))) |
71f4b81a | 124 | |
06d91fd9 | 125 | (define-public vpnc-scripts |
e3eaac98 | 126 | (let ((commit "1000e0f6dd7d6bff163169a46359211c1fc3a6d2")) |
06d91fd9 TGR |
127 | (package |
128 | (name "vpnc-scripts") | |
e3eaac98 | 129 | (version (string-append "20190116." (string-take commit 7))) |
06d91fd9 TGR |
130 | (source (origin |
131 | (method git-fetch) | |
132 | (uri | |
133 | (git-reference | |
134 | (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
135 | (commit commit))) | |
728ee9d6 | 136 | (file-name (git-file-name name version)) |
06d91fd9 TGR |
137 | (sha256 |
138 | (base32 | |
e3eaac98 | 139 | "1g41yarz2bl0f73kbjqnywr485ghanbp7nmspklfb0n07yp0z6ak")))) |
06d91fd9 | 140 | (build-system gnu-build-system) |
b47e083b RW |
141 | (inputs `(("guile" ,guile-2.2) ; for the wrapper scripts |
142 | ("coreutils" ,coreutils) | |
06d91fd9 TGR |
143 | ("grep" ,grep) |
144 | ("iproute2" ,iproute) ; for ‘ip’ | |
145 | ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’ | |
146 | ("sed" ,sed) | |
147 | ("which" ,which))) | |
148 | (arguments | |
149 | `(#:phases | |
150 | (modify-phases %standard-phases | |
151 | (add-after 'unpack 'use-relative-paths | |
152 | ;; Patch the scripts to work with and use relative paths. | |
153 | (lambda* _ | |
154 | (for-each (lambda (script) | |
155 | (substitute* script | |
156 | (("^PATH=.*") "") | |
157 | (("(/usr|)/s?bin/") "") | |
158 | (("\\[ +-x +([^]]+) +\\]" _ command) | |
159 | (string-append "command -v >/dev/null 2>&1 " | |
160 | command)))) | |
161 | (find-files "." "^vpnc-script")) | |
162 | #t)) | |
163 | (delete 'configure) ; no configure script | |
164 | (replace 'build | |
165 | (lambda _ | |
863501b7 | 166 | (invoke "gcc" "-o" "netunshare" "netunshare.c"))) |
06d91fd9 TGR |
167 | (replace 'install |
168 | ;; There is no Makefile; manually install the relevant files. | |
169 | (lambda* (#:key outputs #:allow-other-keys) | |
170 | (let* ((out (assoc-ref outputs "out")) | |
171 | (etc (string-append out "/etc/vpnc"))) | |
172 | (for-each (lambda (file) | |
173 | (install-file file etc)) | |
174 | (append (find-files "." "^vpnc-script") | |
175 | (list "netunshare" | |
176 | "xinetd.netns.conf"))) | |
177 | #t))) | |
178 | (add-after 'install 'wrap-scripts | |
179 | ;; Wrap scripts with paths to their common hard dependencies. | |
180 | ;; Optional dependencies will need to be installed by the user. | |
181 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
182 | (let ((out (assoc-ref outputs "out"))) | |
183 | (for-each | |
184 | (lambda (script) | |
b47e083b | 185 | (wrap-script (string-append out "/etc/vpnc/" script) |
06d91fd9 TGR |
186 | `("PATH" ":" prefix |
187 | ,(map (lambda (name) | |
188 | (let ((input (assoc-ref inputs name))) | |
189 | (string-append input "/bin:" | |
190 | input "/sbin"))) | |
191 | (list "coreutils" | |
192 | "grep" | |
193 | "iproute2" | |
194 | "net-tools" | |
195 | "sed" | |
196 | "which"))))) | |
b47e083b RW |
197 | (list "vpnc-script-ptrtd" |
198 | "vpnc-script-sshd" | |
199 | "vpnc-script")) | |
863501b7 | 200 | #t)))) |
06d91fd9 TGR |
201 | #:tests? #f)) ; no tests |
202 | (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
203 | (synopsis "Network configuration scripts for Cisco VPN clients") | |
204 | (description | |
205 | "This set of scripts configures routing and name services when invoked | |
206 | by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients. | |
207 | ||
208 | The default @command{vpnc-script} automatically configures most common | |
209 | connections, and provides hooks for performing custom actions at various stages | |
210 | of the connection or disconnection process. | |
211 | ||
212 | Alternative scripts are provided for more complicated set-ups, or to serve as an | |
213 | example for writing your own. For example, @command{vpnc-script-sshd} contains | |
214 | the entire VPN in a network namespace accessible only through SSH.") | |
215 | (license license:gpl2+)))) | |
71f4b81a | 216 | |
01224157 PL |
217 | (define-public ocproxy |
218 | (package | |
219 | (name "ocproxy") | |
220 | (version "1.60") | |
221 | (source (origin | |
98ebc8fd EF |
222 | (method git-fetch) |
223 | (uri (git-reference | |
224 | (url "https://github.com/cernekee/ocproxy.git") | |
225 | (commit (string-append "v" version)))) | |
226 | (file-name (git-file-name name version)) | |
01224157 PL |
227 | (sha256 |
228 | (base32 | |
98ebc8fd | 229 | "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx")))) |
01224157 PL |
230 | (build-system gnu-build-system) |
231 | (native-inputs | |
232 | `(("autoconf" ,autoconf) | |
233 | ("automake" ,automake))) | |
234 | (inputs | |
235 | `(("libevent" ,libevent))) | |
01224157 PL |
236 | (home-page "https://github.com/cernekee/ocproxy") |
237 | (synopsis "OpenConnect proxy") | |
238 | (description | |
239 | "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based | |
240 | on LwIP. When using ocproxy, OpenConnect only handles network activity that | |
241 | the user specifically asks to proxy, so the @dfn{VPN} interface no longer | |
242 | \"hijacks\" all network traffic on the host.") | |
243 | (license license:bsd-3))) | |
244 | ||
71f4b81a AE |
245 | (define-public openconnect |
246 | (package | |
247 | (name "openconnect") | |
e4aa83be | 248 | (version "8.09") |
71f4b81a AE |
249 | (source (origin |
250 | (method url-fetch) | |
d4bf49b1 EB |
251 | (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/" |
252 | "openconnect-" version ".tar.gz")) | |
c383c36e | 253 | (sha256 |
e4aa83be | 254 | (base32 "19p91hs6j348qp0v9c7abl3rb8d9ncc37k743qhrn29s9jz0567k")))) |
71f4b81a | 255 | (build-system gnu-build-system) |
0d7f282b | 256 | (propagated-inputs |
c4c4cc05 | 257 | `(("libxml2" ,libxml2) |
a5ab71c7 | 258 | ("gnutls" ,gnutls-3.6.13) |
71f4b81a | 259 | ("zlib" ,zlib))) |
0d7f282b | 260 | (inputs |
1d7f3c00 TGR |
261 | `(("lz4" ,lz4) |
262 | ("vpnc-scripts" ,vpnc-scripts))) | |
c4c4cc05 | 263 | (native-inputs |
b94a6ca0 | 264 | `(("gettext" ,gettext-minimal) |
c4c4cc05 | 265 | ("pkg-config" ,pkg-config))) |
71f4b81a | 266 | (arguments |
d4bf49b1 EB |
267 | `(#:configure-flags |
268 | `(,(string-append "--with-vpnc-script=" | |
a6d06e86 | 269 | (assoc-ref %build-inputs "vpnc-scripts") |
d4bf49b1 | 270 | "/etc/vpnc/vpnc-script")))) |
799dcdc4 | 271 | (synopsis "Client for Cisco VPN") |
71f4b81a AE |
272 | (description |
273 | "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is | |
274 | supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500, | |
275 | 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers, | |
276 | and probably others.") | |
277 | (license license:lgpl2.1) | |
8b1d0ff4 | 278 | (home-page "https://www.infradead.org/openconnect/"))) |
dc77f0d3 DT |
279 | |
280 | (define-public openvpn | |
281 | (package | |
282 | (name "openvpn") | |
a2fd72c7 | 283 | (version "2.4.8") |
dc77f0d3 DT |
284 | (source (origin |
285 | (method url-fetch) | |
286 | (uri (string-append | |
287 | "https://swupdate.openvpn.org/community/releases/openvpn-" | |
288 | version ".tar.xz")) | |
289 | (sha256 | |
290 | (base32 | |
a2fd72c7 | 291 | "149z3agjy03i66mcj5bplim2mh45s2ps1wmxbxczyzw0nxmsd37v")))) |
dc77f0d3 DT |
292 | (build-system gnu-build-system) |
293 | (arguments | |
294 | '(#:configure-flags '("--enable-iproute2=yes"))) | |
295 | (native-inputs | |
296 | `(("iproute2" ,iproute))) | |
297 | (inputs | |
dee9a262 EF |
298 | `(("lz4" ,lz4) |
299 | ("lzo" ,lzo) | |
dc77f0d3 DT |
300 | ("openssl" ,openssl) |
301 | ("linux-pam" ,linux-pam))) | |
302 | (home-page "https://openvpn.net/") | |
303 | (synopsis "Virtual private network daemon") | |
9599339c TGR |
304 | (description |
305 | "OpenVPN implements virtual private network (@dfn{VPN}) techniques | |
dc77f0d3 DT |
306 | for creating secure point-to-point or site-to-site connections in routed or |
307 | bridged configurations and remote access facilities. It uses a custom | |
308 | security protocol that utilizes SSL/TLS for key exchange. It is capable of | |
9599339c | 309 | traversing network address translators (@dfn{NAT}s) and firewalls.") |
dc77f0d3 | 310 | (license license:gpl2))) |
feca8e2b JM |
311 | |
312 | (define-public tinc | |
313 | (package | |
314 | (name "tinc") | |
2b247e51 | 315 | (version "1.0.36") |
feca8e2b JM |
316 | (source (origin |
317 | (method url-fetch) | |
e81ddeda | 318 | (uri (string-append "https://tinc-vpn.org/packages/" |
657c3ff6 | 319 | "tinc-" version ".tar.gz")) |
feca8e2b JM |
320 | (sha256 |
321 | (base32 | |
2b247e51 | 322 | "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0")))) |
feca8e2b | 323 | (build-system gnu-build-system) |
7b770eca SB |
324 | (arguments |
325 | '(#:configure-flags | |
326 | '("--sysconfdir=/etc" | |
327 | "--localstatedir=/var"))) | |
feca8e2b JM |
328 | (inputs `(("zlib" ,zlib) |
329 | ("lzo" ,lzo) | |
330 | ("openssl" ,openssl))) | |
e81ddeda | 331 | (home-page "https://tinc-vpn.org") |
feca8e2b JM |
332 | (synopsis "Virtual Private Network (VPN) daemon") |
333 | (description | |
334 | "Tinc is a VPN that uses tunnelling and encryption to create a secure | |
335 | private network between hosts on the internet.") | |
336 | (license license:gpl2+))) | |
5c863d57 TGR |
337 | |
338 | (define-public sshuttle | |
339 | (package | |
340 | (name "sshuttle") | |
627c6531 | 341 | (version "0.78.5") |
5c863d57 TGR |
342 | (source |
343 | (origin | |
344 | (method url-fetch) | |
345 | (uri (pypi-uri name version)) | |
346 | (sha256 | |
347 | (base32 | |
627c6531 | 348 | "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8")))) |
5c863d57 | 349 | (build-system python-build-system) |
c32863e0 TGR |
350 | (arguments |
351 | `(#:phases | |
352 | (modify-phases %standard-phases | |
353 | (add-after 'unpack 'patch-FHS-file-names | |
354 | (lambda _ | |
355 | (substitute* "sshuttle/client.py" | |
356 | (("/usr/bin/env") (which "env"))) | |
357 | (substitute* "sshuttle/ssh.py" | |
0e2d3ce2 | 358 | (("/bin/sh") "sh")) |
c32863e0 | 359 | #t))))) |
5c863d57 | 360 | (native-inputs |
3308591f | 361 | `(("python-setuptools-scm" ,python-setuptools-scm) |
5c863d57 | 362 | ;; For tests only. |
627c6531 | 363 | ("python-flake8", python-flake8) |
5c863d57 | 364 | ("python-mock" ,python-mock) |
627c6531 | 365 | ("python-pytest-cov" ,python-pytest-cov) |
3308591f | 366 | ("python-pytest-runner" ,python-pytest-runner))) |
5c863d57 TGR |
367 | (home-page "https://github.com/sshuttle/sshuttle") |
368 | (synopsis "VPN that transparently forwards connections over SSH") | |
369 | (description "sshuttle creates an encrypted virtual private network (VPN) | |
370 | connection to any remote server to which you have secure shell (SSH) access. | |
371 | The only requirement is a suitable version of Python on the server; | |
372 | administrative privileges are required only on the client. Unlike most VPNs, | |
373 | sshuttle forwards entire sessions, not packets, using kernel transparent | |
374 | proxying. This makes it faster and more reliable than SSH's own tunneling and | |
375 | port forwarding features. It can forward both TCP and UDP traffic, including | |
376 | DNS domain name queries.") | |
377 | (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’ | |
1ce6f33b TGR |
378 | |
379 | (define-public sshoot | |
380 | (package | |
381 | (name "sshoot") | |
3b4018d6 | 382 | (version "1.2.6") |
1ce6f33b TGR |
383 | (source |
384 | (origin | |
385 | (method url-fetch) | |
386 | (uri (pypi-uri name version)) | |
387 | (sha256 | |
388 | (base32 | |
3b4018d6 | 389 | "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0")))) |
1ce6f33b | 390 | (build-system python-build-system) |
c0b12a60 MB |
391 | (arguments |
392 | '(#:phases | |
393 | (modify-phases %standard-phases | |
394 | (add-after 'unpack 'patch-paths | |
395 | (lambda _ | |
396 | (substitute* "sshoot/tests/test_manager.py" | |
397 | (("/bin/sh") (which "sh"))) | |
398 | #t))))) | |
1ce6f33b TGR |
399 | (inputs |
400 | `(("python-argcomplete" ,python-argcomplete) | |
401 | ("python-prettytable" ,python-prettytable) | |
402 | ("python-pyyaml" ,python-pyyaml))) | |
403 | ;; For tests only. | |
404 | (native-inputs | |
405 | `(("python-fixtures" ,python-fixtures) | |
406 | ("python-pbr" ,python-pbr) | |
407 | ("python-testtools" ,python-testtools))) | |
3b4018d6 | 408 | (home-page "https://github.com/albertodonato/sshoot") |
1ce6f33b TGR |
409 | (synopsis "sshuttle VPN session manager") |
410 | (description "sshoot provides a command-line interface to manage multiple | |
411 | @command{sshuttle} virtual private networks. It supports flexible profiles | |
412 | with configuration options for most of @command{sshuttle}’s features.") | |
413 | (license license:gpl3+))) | |
7ba2b274 MP |
414 | |
415 | (define-public badvpn | |
416 | (package | |
417 | (name "badvpn") | |
418 | (version "1.999.130") | |
419 | (source | |
420 | (origin | |
421 | (method git-fetch) | |
422 | (uri (git-reference | |
423 | (url "https://github.com/ambrop72/badvpn.git") | |
424 | (commit version))) | |
425 | (file-name (git-file-name name version)) | |
426 | (sha256 | |
427 | (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c")))) | |
428 | (build-system cmake-build-system) | |
429 | (arguments | |
430 | '(#:tests? #f)) ; no tests | |
431 | (inputs | |
432 | `(("nspr" ,nspr) | |
433 | ("nss" ,nss) | |
434 | ("openssl" ,openssl))) | |
435 | (native-inputs | |
436 | `(("pkg-config" ,pkg-config))) | |
437 | (home-page "https://github.com/ambrop72/badvpn") | |
438 | (synopsis "Peer-to-peer virtual private network (VPN)") | |
439 | (description "@code{BadVPN} is a collection of virtual private | |
440 | network (VPN) tools. It includes: | |
441 | ||
442 | @enumerate | |
443 | @item NCD programming language.\n | |
444 | NCD (Network Configuration Daemon) is a daemon and programming/scripting | |
445 | language for configuration of network interfaces and other aspects of the | |
446 | operating system. | |
447 | @item Tun2socks network-layer proxifier.\n | |
448 | The tun2socks program socksifes TCP connections at the network layer. It | |
449 | implements a TUN device which accepts all incoming TCP connections (regardless | |
450 | of destination IP), and forwards the connections through a SOCKS server. | |
451 | @item Peer-to-peer VPN.\n | |
452 | The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers | |
453 | (VPN nodes). | |
454 | @end enumerate") | |
455 | ;; This project contains a bundled lwIP. lwIP is also released under the | |
456 | ;; 3-clause BSD license. | |
457 | (license license:bsd-3))) | |
7a0479bb | 458 | |
336d7644 | 459 | (define-public wireguard-linux-compat |
7a0479bb | 460 | (package |
336d7644 LF |
461 | (name "wireguard-linux-compat") |
462 | (version "1.0.20200401") | |
7a0479bb LF |
463 | (source (origin |
464 | (method url-fetch) | |
336d7644 LF |
465 | (uri (string-append "https://git.zx2c4.com/wireguard-linux-compat/" |
466 | "snapshot/wireguard-linux-compat-" version | |
467 | ".tar.xz")) | |
7a0479bb LF |
468 | (sha256 |
469 | (base32 | |
336d7644 | 470 | "0ymprz3h4b92wlcqm5k5vmcgap8pjv202bgkdx0axmp12n1lmyvx")))) |
3b177a6c BW |
471 | (build-system linux-module-build-system) |
472 | (outputs '("out" | |
473 | "kernel-patch")) | |
7a0479bb | 474 | (arguments |
336d7644 | 475 | `(#:tests? #f ; No test suite |
3b177a6c | 476 | #:modules ((guix build linux-module-build-system) |
7a0479bb LF |
477 | (guix build utils) |
478 | (ice-9 popen) | |
479 | (ice-9 textual-ports)) | |
480 | #:phases | |
481 | (modify-phases %standard-phases | |
3b177a6c BW |
482 | (add-before 'build 'change-directory |
483 | (lambda _ | |
484 | (chdir "./src") | |
485 | #t)) | |
486 | (add-after 'build 'build-patch | |
7a0479bb | 487 | (lambda* (#:key outputs #:allow-other-keys) |
3b177a6c | 488 | (let* ((patch-builder "../kernel-tree-scripts/create-patch.sh") |
7a0479bb LF |
489 | (port (open-input-pipe patch-builder)) |
490 | (str (get-string-all port))) | |
491 | (close-pipe port) | |
336d7644 | 492 | (call-with-output-file "wireguard.patch" |
7a0479bb LF |
493 | (lambda (port) |
494 | (format port "~a" str)))) | |
336d7644 | 495 | #t)) |
3b177a6c | 496 | (add-after 'install 'install-patch |
336d7644 LF |
497 | (lambda* (#:key outputs #:allow-other-keys) |
498 | (install-file "wireguard.patch" | |
3b177a6c BW |
499 | (assoc-ref %outputs "kernel-patch")) |
500 | #t)) | |
501 | ;; So that 'install-license-files' works... | |
502 | (add-before 'install-license-files 'reset-cwd | |
503 | (lambda _ | |
504 | (chdir "..") | |
336d7644 LF |
505 | #t))))) |
506 | (home-page "https://git.zx2c4.com/wireguard-linux-compat/") | |
507 | (synopsis "WireGuard kernel module for Linux 3.10 through 5.5") | |
3b177a6c BW |
508 | (description "This package contains an out-of-tree kernel patch and |
509 | a loadable module adding WireGuard to Linux kernel versions 3.10 through 5.5. | |
510 | WireGuard was added to Linux 5.6.") | |
7a0479bb | 511 | (license license:gpl2))) |
1b17c23e | 512 | |
10650b89 TGR |
513 | (define-public wireguard-tools |
514 | (package | |
515 | (name "wireguard-tools") | |
516 | (version "1.0.20200206") | |
517 | (source | |
518 | (origin | |
519 | (method git-fetch) | |
520 | (uri (git-reference | |
521 | (url "https://git.zx2c4.com/wireguard-tools.git") | |
522 | (commit (string-append "v" version)))) | |
523 | (file-name (git-file-name name version)) | |
524 | (sha256 | |
525 | (base32 "0ivc08lds5w39a6f2xdfih9wlk5g724hl3kpdvxvh5yff4l84qb7")))) | |
526 | (build-system gnu-build-system) | |
527 | (arguments | |
19781930 | 528 | `(#:make-flags |
10650b89 | 529 | (list "CC=gcc" |
c1005113 | 530 | "--directory=src" |
10650b89 TGR |
531 | "WITH_BASHCOMPLETION=yes" |
532 | ;; Install the ‘simple and dirty’ helper script wg-quick(8). | |
533 | "WITH_WGQUICK=yes" | |
534 | (string-append "PREFIX=" (assoc-ref %outputs "out")) | |
535 | ;; Currently used only to create an empty /etc/wireguard directory. | |
536 | (string-append "SYSCONFDIR=no-thanks")) | |
19781930 LF |
537 | ;; The test suite is meant to be run interactively. It runs Clang's |
538 | ;; scan-build static analyzer and then starts a web server to display the | |
539 | ;; results. | |
540 | #:tests? #f | |
10650b89 TGR |
541 | #:phases |
542 | (modify-phases %standard-phases | |
c1005113 LF |
543 | ;; No configure script |
544 | (delete 'configure)))) | |
10650b89 TGR |
545 | (home-page "https://www.wireguard.com/") |
546 | (synopsis "Tools for configuring WireGuard tunnels") | |
547 | (description | |
548 | "This package provides the user-space command-line tools for using and | |
549 | configuring WireGuard tunnels. | |
550 | ||
551 | WireGuard is a simple and fast general-purpose @acronym{VPN, Virtual Private | |
552 | Network} that securely encapsulates IP packets over UDP. It aims to be as easy | |
553 | to configure and deploy as SSH. VPN connections are made simply by exchanging | |
554 | public keys and can roam across IP addresses.") | |
555 | (license | |
556 | (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library | |
557 | license:gpl2)))) ; everything else | |
558 | ||
336d7644 LF |
559 | (define-public wireguard |
560 | (deprecated-package "wireguard" wireguard-tools)) | |
561 | ||
1b17c23e TČ |
562 | (define-public xl2tpd |
563 | (package | |
564 | (name "xl2tpd") | |
1f3700a4 | 565 | (version "1.3.15") |
1b17c23e TČ |
566 | (source (origin |
567 | (method git-fetch) | |
568 | (uri (git-reference | |
569 | (url "https://github.com/xelerance/xl2tpd") | |
570 | (commit (string-append "v" version)))) | |
28341601 | 571 | (file-name (git-file-name name version)) |
1b17c23e TČ |
572 | (sha256 |
573 | (base32 | |
1f3700a4 | 574 | "0ppwza8nwm1av1vldw40gin9wrjrs4l9si50jad414js3k8ycaag")))) |
1b17c23e TČ |
575 | (build-system gnu-build-system) |
576 | (arguments | |
0309e004 | 577 | `(#:make-flags (list (string-append "PREFIX=" %output) |
1b17c23e TČ |
578 | "CC=gcc") |
579 | #:phases (modify-phases %standard-phases | |
14ccd8f8 TGR |
580 | (delete 'configure)) ; no configure script |
581 | #:tests? #f)) ; no tests provided | |
1b17c23e TČ |
582 | (inputs `(("libpcap" ,libpcap))) |
583 | (home-page "https://www.xelerance.com/software/xl2tpd/") | |
584 | (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)") | |
585 | (description | |
586 | "xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661). | |
587 | L2TP allows you to tunnel PPP over UDP.") | |
588 | (license license:gpl2))) |