Commit | Line | Data |
---|---|---|
49f24f41 AE |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> | |
a9d4a9ad | 3 | ;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org> |
d4bf49b1 | 4 | ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> |
feca8e2b | 5 | ;;; Copyright © 2015 Jeff Mickey <j@codemac.net> |
8d2de491 | 6 | ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> |
383ad03e | 7 | ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> |
fa3346b8 | 8 | ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu> |
01224157 | 9 | ;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com> |
49f24f41 AE |
10 | ;;; |
11 | ;;; This file is part of GNU Guix. | |
12 | ;;; | |
13 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
14 | ;;; under the terms of the GNU General Public License as published by | |
15 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
16 | ;;; your option) any later version. | |
17 | ;;; | |
18 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
19 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | ;;; GNU General Public License for more details. | |
22 | ;;; | |
23 | ;;; You should have received a copy of the GNU General Public License | |
24 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
25 | ||
26 | (define-module (gnu packages vpn) | |
b5b73a82 | 27 | #:use-module ((guix licenses) #:prefix license:) |
49f24f41 AE |
28 | #:use-module (guix packages) |
29 | #:use-module (guix download) | |
06d91fd9 | 30 | #:use-module (guix git-download) |
49f24f41 | 31 | #:use-module (guix build-system gnu) |
5c863d57 | 32 | #:use-module (guix build-system python) |
49f24f41 | 33 | #:use-module (gnu packages) |
06d91fd9 | 34 | #:use-module (gnu packages base) |
ac257f12 | 35 | #:use-module (gnu packages check) |
01224157 | 36 | #:use-module (gnu packages autotools) |
71f4b81a | 37 | #:use-module (gnu packages compression) |
1dba6407 | 38 | #:use-module (gnu packages gettext) |
49f24f41 | 39 | #:use-module (gnu packages gnupg) |
01224157 | 40 | #:use-module (gnu packages libevent) |
dc77f0d3 | 41 | #:use-module (gnu packages linux) |
71f4b81a AE |
42 | #:use-module (gnu packages perl) |
43 | #:use-module (gnu packages pkg-config) | |
5c863d57 | 44 | #:use-module (gnu packages python) |
a7fd7b68 | 45 | #:use-module (gnu packages tls) |
71f4b81a | 46 | #:use-module (gnu packages xml)) |
49f24f41 | 47 | |
7af8a9b7 LC |
48 | (define-public gvpe |
49 | (package | |
50 | (name "gvpe") | |
3ded2761 | 51 | (version "3.0") |
7af8a9b7 LC |
52 | (source (origin |
53 | (method url-fetch) | |
54 | (uri (string-append "mirror://gnu/gvpe/gvpe-" | |
55 | version ".tar.gz")) | |
56 | (sha256 | |
57 | (base32 | |
a9d4a9ad LC |
58 | "1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf")) |
59 | (modules '((guix build utils))) | |
60 | (snippet | |
61 | '(begin | |
62 | ;; Remove the outdated bundled copy of glibc's getopt, which | |
63 | ;; provides a 'getopt' declaration that conflicts with that | |
64 | ;; of glibc 2.26. | |
65 | (substitute* "lib/Makefile.in" | |
66 | (("getopt1?\\.(c|h|\\$\\(OBJEXT\\))") "")) | |
67 | (for-each delete-file | |
6cbee49d MW |
68 | '("lib/getopt.h" "lib/getopt.c")) |
69 | #t)))) | |
7af8a9b7 LC |
70 | (build-system gnu-build-system) |
71 | (home-page "http://software.schmorp.de/pkg/gvpe.html") | |
72 | (inputs `(("openssl" ,openssl) | |
73 | ("zlib" ,zlib))) | |
74 | (synopsis "Secure VPN among multiple nodes over an untrusted network") | |
75 | (description | |
76 | "The GNU Virtual Private Ethernet creates a virtual network | |
77 | with multiple nodes using a variety of transport protocols. It works | |
78 | by creating encrypted host-to-host tunnels between multiple | |
79 | endpoints.") | |
80 | (license license:gpl3+))) | |
81 | ||
49f24f41 AE |
82 | (define-public vpnc |
83 | (package | |
84 | (name "vpnc") | |
85 | (version "0.5.3") | |
86 | (source (origin | |
87 | (method url-fetch) | |
594360f5 | 88 | (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-" |
49f24f41 AE |
89 | version ".tar.gz")) |
90 | (sha256 (base32 | |
101e67ac | 91 | "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6")))) |
49f24f41 AE |
92 | (build-system gnu-build-system) |
93 | (inputs `(("libgcrypt" ,libgcrypt) | |
42c97811 | 94 | ("perl" ,perl) |
101e67ac | 95 | ("vpnc-scripts" ,vpnc-scripts))) |
49f24f41 AE |
96 | (arguments |
97 | `(#:tests? #f ; there is no check target | |
49f24f41 | 98 | #:phases |
42c97811 | 99 | (modify-phases %standard-phases |
101e67ac | 100 | (add-after 'unpack 'use-store-paths |
42c97811 | 101 | (lambda* (#:key inputs outputs #:allow-other-keys) |
101e67ac TGR |
102 | (let ((out (assoc-ref outputs "out")) |
103 | (vpnc-scripts (assoc-ref inputs "vpnc-scripts"))) | |
104 | (substitute* "config.c" | |
105 | (("/etc/vpnc/vpnc-script") | |
106 | (string-append vpnc-scripts "/etc/vpnc/vpnc-script"))) | |
107 | (substitute* "Makefile" | |
108 | (("ETCDIR=.*") | |
109 | (string-append "ETCDIR=" out "/etc/vpnc\n")) | |
110 | (("PREFIX=.*") | |
111 | (string-append "PREFIX=" out "\n"))) | |
112 | #t))) | |
113 | (delete 'configure)))) ; no configure script | |
799dcdc4 | 114 | (synopsis "Client for Cisco VPN concentrators") |
49f24f41 AE |
115 | (description |
116 | "vpnc is a VPN client compatible with Cisco's EasyVPN equipment. | |
35b9e423 | 117 | It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only |
49f24f41 | 118 | shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES, |
35b9e423 | 119 | 1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace. |
49f24f41 AE |
120 | Only \"Universal TUN/TAP device driver support\" is needed in the kernel.") |
121 | (license license:gpl2+) ; some file are bsd-2, see COPYING | |
122 | (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/"))) | |
71f4b81a | 123 | |
06d91fd9 TGR |
124 | (define-public vpnc-scripts |
125 | (let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3")) | |
126 | (package | |
127 | (name "vpnc-scripts") | |
128 | (version (string-append "20161214." (string-take commit 7))) | |
129 | (source (origin | |
130 | (method git-fetch) | |
131 | (uri | |
132 | (git-reference | |
133 | (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
134 | (commit commit))) | |
728ee9d6 | 135 | (file-name (git-file-name name version)) |
06d91fd9 TGR |
136 | (sha256 |
137 | (base32 | |
138 | "0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h")))) | |
139 | (build-system gnu-build-system) | |
140 | (inputs `(("coreutils" ,coreutils) | |
141 | ("grep" ,grep) | |
142 | ("iproute2" ,iproute) ; for ‘ip’ | |
143 | ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’ | |
144 | ("sed" ,sed) | |
145 | ("which" ,which))) | |
146 | (arguments | |
147 | `(#:phases | |
148 | (modify-phases %standard-phases | |
149 | (add-after 'unpack 'use-relative-paths | |
150 | ;; Patch the scripts to work with and use relative paths. | |
151 | (lambda* _ | |
152 | (for-each (lambda (script) | |
153 | (substitute* script | |
154 | (("^PATH=.*") "") | |
155 | (("(/usr|)/s?bin/") "") | |
156 | (("\\[ +-x +([^]]+) +\\]" _ command) | |
157 | (string-append "command -v >/dev/null 2>&1 " | |
158 | command)))) | |
159 | (find-files "." "^vpnc-script")) | |
160 | #t)) | |
161 | (delete 'configure) ; no configure script | |
162 | (replace 'build | |
163 | (lambda _ | |
164 | (zero? (system* "gcc" "-o" "netunshare" "netunshare.c")))) | |
165 | (replace 'install | |
166 | ;; There is no Makefile; manually install the relevant files. | |
167 | (lambda* (#:key outputs #:allow-other-keys) | |
168 | (let* ((out (assoc-ref outputs "out")) | |
169 | (etc (string-append out "/etc/vpnc"))) | |
170 | (for-each (lambda (file) | |
171 | (install-file file etc)) | |
172 | (append (find-files "." "^vpnc-script") | |
173 | (list "netunshare" | |
174 | "xinetd.netns.conf"))) | |
175 | #t))) | |
176 | (add-after 'install 'wrap-scripts | |
177 | ;; Wrap scripts with paths to their common hard dependencies. | |
178 | ;; Optional dependencies will need to be installed by the user. | |
179 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
180 | (let ((out (assoc-ref outputs "out"))) | |
181 | (for-each | |
182 | (lambda (script) | |
183 | (wrap-program script | |
184 | `("PATH" ":" prefix | |
185 | ,(map (lambda (name) | |
186 | (let ((input (assoc-ref inputs name))) | |
187 | (string-append input "/bin:" | |
188 | input "/sbin"))) | |
189 | (list "coreutils" | |
190 | "grep" | |
191 | "iproute2" | |
192 | "net-tools" | |
193 | "sed" | |
194 | "which"))))) | |
195 | (find-files (string-append out "/etc/vpnc/vpnc-script") | |
196 | "^vpnc-script")))))) | |
197 | #:tests? #f)) ; no tests | |
198 | (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
199 | (synopsis "Network configuration scripts for Cisco VPN clients") | |
200 | (description | |
201 | "This set of scripts configures routing and name services when invoked | |
202 | by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients. | |
203 | ||
204 | The default @command{vpnc-script} automatically configures most common | |
205 | connections, and provides hooks for performing custom actions at various stages | |
206 | of the connection or disconnection process. | |
207 | ||
208 | Alternative scripts are provided for more complicated set-ups, or to serve as an | |
209 | example for writing your own. For example, @command{vpnc-script-sshd} contains | |
210 | the entire VPN in a network namespace accessible only through SSH.") | |
211 | (license license:gpl2+)))) | |
71f4b81a | 212 | |
01224157 PL |
213 | (define-public ocproxy |
214 | (package | |
215 | (name "ocproxy") | |
216 | (version "1.60") | |
217 | (source (origin | |
218 | (method url-fetch) | |
219 | (uri (string-append | |
220 | "https://github.com/cernekee/ocproxy/archive/v" | |
221 | version ".tar.gz")) | |
222 | (file-name (string-append name "-" version ".tar.gz")) | |
223 | (sha256 | |
224 | (base32 | |
225 | "1b4rg3xq5jnrp2l14sw0msan8kqhdxmsd7gpw9lkiwvxy13pcdm7")))) | |
226 | (build-system gnu-build-system) | |
227 | (native-inputs | |
228 | `(("autoconf" ,autoconf) | |
229 | ("automake" ,automake))) | |
230 | (inputs | |
231 | `(("libevent" ,libevent))) | |
232 | (arguments | |
233 | '(#:phases | |
234 | (modify-phases %standard-phases | |
235 | (add-after 'unpack 'autogen | |
236 | (lambda _ (invoke "sh" "autogen.sh")))))) | |
237 | (home-page "https://github.com/cernekee/ocproxy") | |
238 | (synopsis "OpenConnect proxy") | |
239 | (description | |
240 | "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based | |
241 | on LwIP. When using ocproxy, OpenConnect only handles network activity that | |
242 | the user specifically asks to proxy, so the @dfn{VPN} interface no longer | |
243 | \"hijacks\" all network traffic on the host.") | |
244 | (license license:bsd-3))) | |
245 | ||
71f4b81a AE |
246 | (define-public openconnect |
247 | (package | |
248 | (name "openconnect") | |
426aecfd | 249 | (version "7.08") |
71f4b81a AE |
250 | (source (origin |
251 | (method url-fetch) | |
d4bf49b1 EB |
252 | (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/" |
253 | "openconnect-" version ".tar.gz")) | |
71f4b81a | 254 | (sha256 (base32 |
426aecfd | 255 | "00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w")))) |
71f4b81a AE |
256 | (build-system gnu-build-system) |
257 | (inputs | |
c4c4cc05 | 258 | `(("libxml2" ,libxml2) |
060e365a | 259 | ("gnutls" ,gnutls) |
a6d06e86 | 260 | ("vpnc-scripts" ,vpnc-scripts) |
71f4b81a | 261 | ("zlib" ,zlib))) |
c4c4cc05 | 262 | (native-inputs |
b94a6ca0 | 263 | `(("gettext" ,gettext-minimal) |
c4c4cc05 | 264 | ("pkg-config" ,pkg-config))) |
71f4b81a | 265 | (arguments |
d4bf49b1 EB |
266 | `(#:configure-flags |
267 | `(,(string-append "--with-vpnc-script=" | |
a6d06e86 | 268 | (assoc-ref %build-inputs "vpnc-scripts") |
d4bf49b1 | 269 | "/etc/vpnc/vpnc-script")))) |
799dcdc4 | 270 | (synopsis "Client for Cisco VPN") |
71f4b81a AE |
271 | (description |
272 | "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is | |
273 | supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500, | |
274 | 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers, | |
275 | and probably others.") | |
276 | (license license:lgpl2.1) | |
277 | (home-page "http://www.infradead.org/openconnect/"))) | |
dc77f0d3 DT |
278 | |
279 | (define-public openvpn | |
280 | (package | |
281 | (name "openvpn") | |
a3cbd75b | 282 | (version "2.4.6") |
dc77f0d3 DT |
283 | (source (origin |
284 | (method url-fetch) | |
285 | (uri (string-append | |
286 | "https://swupdate.openvpn.org/community/releases/openvpn-" | |
287 | version ".tar.xz")) | |
288 | (sha256 | |
289 | (base32 | |
a3cbd75b | 290 | "09lck4wmkas3iyrzaspin9gn3wiclqb1m9sf8diy7j8wakx38r2g")))) |
dc77f0d3 DT |
291 | (build-system gnu-build-system) |
292 | (arguments | |
293 | '(#:configure-flags '("--enable-iproute2=yes"))) | |
294 | (native-inputs | |
295 | `(("iproute2" ,iproute))) | |
296 | (inputs | |
dee9a262 EF |
297 | `(("lz4" ,lz4) |
298 | ("lzo" ,lzo) | |
dc77f0d3 DT |
299 | ("openssl" ,openssl) |
300 | ("linux-pam" ,linux-pam))) | |
301 | (home-page "https://openvpn.net/") | |
302 | (synopsis "Virtual private network daemon") | |
9599339c TGR |
303 | (description |
304 | "OpenVPN implements virtual private network (@dfn{VPN}) techniques | |
dc77f0d3 DT |
305 | for creating secure point-to-point or site-to-site connections in routed or |
306 | bridged configurations and remote access facilities. It uses a custom | |
307 | security protocol that utilizes SSL/TLS for key exchange. It is capable of | |
9599339c | 308 | traversing network address translators (@dfn{NAT}s) and firewalls.") |
dc77f0d3 | 309 | (license license:gpl2))) |
feca8e2b JM |
310 | |
311 | (define-public tinc | |
312 | (package | |
313 | (name "tinc") | |
383ad03e | 314 | (version "1.0.33") |
feca8e2b JM |
315 | (source (origin |
316 | (method url-fetch) | |
317 | (uri (string-append "http://tinc-vpn.org/packages/" | |
318 | name "-" version ".tar.gz")) | |
319 | (sha256 | |
320 | (base32 | |
383ad03e | 321 | "1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz")))) |
feca8e2b | 322 | (build-system gnu-build-system) |
7b770eca SB |
323 | (arguments |
324 | '(#:configure-flags | |
325 | '("--sysconfdir=/etc" | |
326 | "--localstatedir=/var"))) | |
feca8e2b JM |
327 | (inputs `(("zlib" ,zlib) |
328 | ("lzo" ,lzo) | |
329 | ("openssl" ,openssl))) | |
330 | (home-page "http://tinc-vpn.org") | |
331 | (synopsis "Virtual Private Network (VPN) daemon") | |
332 | (description | |
333 | "Tinc is a VPN that uses tunnelling and encryption to create a secure | |
334 | private network between hosts on the internet.") | |
335 | (license license:gpl2+))) | |
5c863d57 TGR |
336 | |
337 | (define-public sshuttle | |
338 | (package | |
339 | (name "sshuttle") | |
dc944249 | 340 | (version "0.78.4") |
5c863d57 TGR |
341 | (source |
342 | (origin | |
343 | (method url-fetch) | |
344 | (uri (pypi-uri name version)) | |
345 | (sha256 | |
346 | (base32 | |
dc944249 | 347 | "0pqk43kd7crqhg6qgnl8kapncwgw1xgaf02zarzypcw64kvdih9h")))) |
5c863d57 TGR |
348 | (build-system python-build-system) |
349 | (native-inputs | |
3308591f | 350 | `(("python-setuptools-scm" ,python-setuptools-scm) |
5c863d57 TGR |
351 | ;; For tests only. |
352 | ("python-mock" ,python-mock) | |
3308591f TGR |
353 | ("python-pytest" ,python-pytest) |
354 | ("python-pytest-runner" ,python-pytest-runner))) | |
5c863d57 TGR |
355 | (home-page "https://github.com/sshuttle/sshuttle") |
356 | (synopsis "VPN that transparently forwards connections over SSH") | |
357 | (description "sshuttle creates an encrypted virtual private network (VPN) | |
358 | connection to any remote server to which you have secure shell (SSH) access. | |
359 | The only requirement is a suitable version of Python on the server; | |
360 | administrative privileges are required only on the client. Unlike most VPNs, | |
361 | sshuttle forwards entire sessions, not packets, using kernel transparent | |
362 | proxying. This makes it faster and more reliable than SSH's own tunneling and | |
363 | port forwarding features. It can forward both TCP and UDP traffic, including | |
364 | DNS domain name queries.") | |
365 | (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’ | |
1ce6f33b TGR |
366 | |
367 | (define-public sshoot | |
368 | (package | |
369 | (name "sshoot") | |
3b4018d6 | 370 | (version "1.2.6") |
1ce6f33b TGR |
371 | (source |
372 | (origin | |
373 | (method url-fetch) | |
374 | (uri (pypi-uri name version)) | |
375 | (sha256 | |
376 | (base32 | |
3b4018d6 | 377 | "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0")))) |
1ce6f33b | 378 | (build-system python-build-system) |
c0b12a60 MB |
379 | (arguments |
380 | '(#:phases | |
381 | (modify-phases %standard-phases | |
382 | (add-after 'unpack 'patch-paths | |
383 | (lambda _ | |
384 | (substitute* "sshoot/tests/test_manager.py" | |
385 | (("/bin/sh") (which "sh"))) | |
386 | #t))))) | |
1ce6f33b TGR |
387 | (inputs |
388 | `(("python-argcomplete" ,python-argcomplete) | |
389 | ("python-prettytable" ,python-prettytable) | |
390 | ("python-pyyaml" ,python-pyyaml))) | |
391 | ;; For tests only. | |
392 | (native-inputs | |
393 | `(("python-fixtures" ,python-fixtures) | |
394 | ("python-pbr" ,python-pbr) | |
395 | ("python-testtools" ,python-testtools))) | |
3b4018d6 | 396 | (home-page "https://github.com/albertodonato/sshoot") |
1ce6f33b TGR |
397 | (synopsis "sshuttle VPN session manager") |
398 | (description "sshoot provides a command-line interface to manage multiple | |
399 | @command{sshuttle} virtual private networks. It supports flexible profiles | |
400 | with configuration options for most of @command{sshuttle}’s features.") | |
401 | (license license:gpl3+))) |