[jackhill/guix/guix.git] / gnu / packages / vpn.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages vpn)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system python)
  #:use-module (gnu packages)
  #:use-module (gnu packages base)
  #:use-module (gnu packages check)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages libevent)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages python)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages xml))

(define-public gvpe
  (package
    (name "gvpe")
    (version "3.0")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gvpe/gvpe-"
                                  version ".tar.gz"))
              (sha256
               (base32
                "1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf"))
              (modules '((guix build utils)))
              (snippet
               '(begin
                  ;; Remove the outdated bundled copy of glibc's getopt, which
                  ;; provides a 'getopt' declaration that conflicts with that
                  ;; of glibc 2.26.
                  (substitute* "lib/Makefile.in"
                    (("getopt1?\\.(c|h|\\$\\(OBJEXT\\))") ""))
                  (for-each delete-file
                            '("lib/getopt.h" "lib/getopt.c"))
                  #t))))
    (build-system gnu-build-system)
    (home-page "http://software.schmorp.de/pkg/gvpe.html")
    (inputs `(("openssl" ,openssl)
              ("zlib" ,zlib)))
    (synopsis "Secure VPN among multiple nodes over an untrusted network")
    (description
     "The GNU Virtual Private Ethernet creates a virtual network
with multiple nodes using a variety of transport protocols.  It works
by creating encrypted host-to-host tunnels between multiple
endpoints.")
    (license license:gpl3+)))

(define-public vpnc
  (package
   (name "vpnc")
   (version "0.5.3")
   (source (origin
            (method url-fetch)
            (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
                                version ".tar.gz"))
            (sha256 (base32
                     "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
   (build-system gnu-build-system)
   (inputs `(("libgcrypt" ,libgcrypt)
             ("perl" ,perl)
             ("vpnc-scripts" ,vpnc-scripts)))
   (arguments
    `(#:tests? #f ; there is no check target
      #:phases
      (modify-phases %standard-phases
        (add-after 'unpack 'use-store-paths
          (lambda* (#:key inputs outputs #:allow-other-keys)
            (let ((out          (assoc-ref outputs "out"))
                  (vpnc-scripts (assoc-ref inputs  "vpnc-scripts")))
              (substitute* "config.c"
                (("/etc/vpnc/vpnc-script")
                 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
              (substitute* "Makefile"
                (("ETCDIR=.*")
                 (string-append "ETCDIR=" out "/etc/vpnc\n"))
                (("PREFIX=.*")
                 (string-append "PREFIX=" out "\n")))
              #t)))
        (delete 'configure))))          ; no configure script
   (synopsis "Client for Cisco VPN concentrators")
   (description
    "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
It supports IPSec (ESP) with Mode Configuration and Xauth.  It supports only
shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
1DES, MD5, SHA1, DH1/2/5 and IP tunneling.  It runs entirely in userspace.
Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
   (license license:gpl2+) ; some file are bsd-2, see COPYING
   (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))

(define-public vpnc-scripts
  (let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3"))
    (package
      (name "vpnc-scripts")
      (version (string-append "20161214." (string-take commit 7)))
      (source (origin
                (method git-fetch)
                (uri
                 (git-reference
                  (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
                  (commit commit)))
                (file-name (git-file-name name version))
                (sha256
                 (base32
                  "0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h"))))
      (build-system gnu-build-system)
      (inputs `(("coreutils" ,coreutils)
                ("grep" ,grep)
                ("iproute2" ,iproute)    ; for ‘ip’
                ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
                ("sed" ,sed)
                ("which" ,which)))
      (arguments
       `(#:phases
         (modify-phases %standard-phases
           (add-after 'unpack 'use-relative-paths
             ;; Patch the scripts to work with and use relative paths.
             (lambda* _
               (for-each (lambda (script)
                           (substitute* script
                             (("^PATH=.*") "")
                             (("(/usr|)/s?bin/") "")
                             (("\\[ +-x +([^]]+) +\\]" _ command)
                              (string-append "command -v >/dev/null 2>&1 "
                                             command))))
                         (find-files "." "^vpnc-script"))
               #t))
           (delete 'configure)          ; no configure script
           (replace 'build
             (lambda _
               (zero? (system* "gcc" "-o" "netunshare" "netunshare.c"))))
           (replace 'install
             ;; There is no Makefile; manually install the relevant files.
             (lambda* (#:key outputs #:allow-other-keys)
               (let* ((out (assoc-ref outputs "out"))
                      (etc (string-append out "/etc/vpnc")))
                 (for-each (lambda (file)
                             (install-file file etc))
                           (append (find-files "." "^vpnc-script")
                                   (list "netunshare"
                                         "xinetd.netns.conf")))
                 #t)))
           (add-after 'install 'wrap-scripts
             ;; Wrap scripts with paths to their common hard dependencies.
             ;; Optional dependencies will need to be installed by the user.
             (lambda* (#:key inputs outputs #:allow-other-keys)
               (let ((out (assoc-ref outputs "out")))
                 (for-each
                  (lambda (script)
                    (wrap-program script
                      `("PATH" ":" prefix
                        ,(map (lambda (name)
                                (let ((input (assoc-ref inputs name)))
                                  (string-append input "/bin:"
                                                 input "/sbin")))
                              (list "coreutils"
                                    "grep"
                                    "iproute2"
                                    "net-tools"
                                    "sed"
                                    "which")))))
                  (find-files (string-append out "/etc/vpnc/vpnc-script")
                              "^vpnc-script"))))))
         #:tests? #f))                  ; no tests
      (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
      (synopsis "Network configuration scripts for Cisco VPN clients")
      (description
       "This set of scripts configures routing and name services when invoked
by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.

The default @command{vpnc-script} automatically configures most common
connections, and provides hooks for performing custom actions at various stages
of the connection or disconnection process.

Alternative scripts are provided for more complicated set-ups, or to serve as an
example for writing your own.  For example, @command{vpnc-script-sshd} contains
the entire VPN in a network namespace accessible only through SSH.")
      (license license:gpl2+))))

(define-public ocproxy
  (package
    (name "ocproxy")
    (version "1.60")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://github.com/cernekee/ocproxy/archive/v"
                    version ".tar.gz"))
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
                "1b4rg3xq5jnrp2l14sw0msan8kqhdxmsd7gpw9lkiwvxy13pcdm7"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("autoconf" ,autoconf)
       ("automake" ,automake)))
    (inputs
     `(("libevent" ,libevent)))
    (arguments
     '(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'autogen
           (lambda _ (invoke "sh" "autogen.sh"))))))
    (home-page "https://github.com/cernekee/ocproxy")
    (synopsis "OpenConnect proxy")
    (description
     "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
on LwIP.  When using ocproxy, OpenConnect only handles network activity that
the user specifically asks to proxy, so the @dfn{VPN} interface no longer
\"hijacks\" all network traffic on the host.")
    (license license:bsd-3)))

(define-public openconnect
  (package
   (name "openconnect")
   (version "7.08")
   (source (origin
            (method url-fetch)
            (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
                                "openconnect-" version ".tar.gz"))
            (sha256 (base32
                     "00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w"))))
   (build-system gnu-build-system)
   (inputs
    `(("libxml2" ,libxml2)
      ("gnutls" ,gnutls)
      ("vpnc-scripts" ,vpnc-scripts)
      ("zlib" ,zlib)))
   (native-inputs
    `(("gettext" ,gettext-minimal)
      ("pkg-config" ,pkg-config)))
   (arguments
    `(#:configure-flags
      `(,(string-append "--with-vpnc-script="
                        (assoc-ref %build-inputs "vpnc-scripts")
                        "/etc/vpnc/vpnc-script"))))
   (synopsis "Client for Cisco VPN")
   (description
    "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
and probably others.")
   (license license:lgpl2.1)
   (home-page "http://www.infradead.org/openconnect/")))

(define-public openvpn
  (package
    (name "openvpn")
    (version "2.4.6")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://swupdate.openvpn.org/community/releases/openvpn-"
                    version ".tar.xz"))
              (sha256
               (base32
                "09lck4wmkas3iyrzaspin9gn3wiclqb1m9sf8diy7j8wakx38r2g"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags '("--enable-iproute2=yes")))
    (native-inputs
     `(("iproute2" ,iproute)))
    (inputs
     `(("lz4" ,lz4)
       ("lzo" ,lzo)
       ("openssl" ,openssl)
       ("linux-pam" ,linux-pam)))
    (home-page "https://openvpn.net/")
    (synopsis "Virtual private network daemon")
    (description
     "OpenVPN implements virtual private network (@dfn{VPN}) techniques
for creating secure point-to-point or site-to-site connections in routed or
bridged configurations and remote access facilities.  It uses a custom
security protocol that utilizes SSL/TLS for key exchange.  It is capable of
traversing network address translators (@dfn{NAT}s) and firewalls.")
    (license license:gpl2)))

(define-public tinc
  (package
    (name "tinc")
    (version "1.0.33")
    (source (origin
              (method url-fetch)
              (uri (string-append "http://tinc-vpn.org/packages/"
                                  name "-" version ".tar.gz"))
              (sha256
               (base32
                "1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags
       '("--sysconfdir=/etc"
         "--localstatedir=/var")))
    (inputs `(("zlib" ,zlib)
              ("lzo" ,lzo)
              ("openssl" ,openssl)))
    (home-page "http://tinc-vpn.org")
    (synopsis "Virtual Private Network (VPN) daemon")
    (description
     "Tinc is a VPN that uses tunnelling and encryption to create a secure
private network between hosts on the internet.")
    (license license:gpl2+)))

(define-public sshuttle
  (package
    (name "sshuttle")
    (version "0.78.4")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "0pqk43kd7crqhg6qgnl8kapncwgw1xgaf02zarzypcw64kvdih9h"))))
    (build-system python-build-system)
    (native-inputs
     `(("python-setuptools-scm" ,python-setuptools-scm)
       ;; For tests only.
       ("python-mock" ,python-mock)
       ("python-pytest" ,python-pytest)
       ("python-pytest-runner" ,python-pytest-runner)))
    (home-page "https://github.com/sshuttle/sshuttle")
    (synopsis "VPN that transparently forwards connections over SSH")
    (description "sshuttle creates an encrypted virtual private network (VPN)
connection to any remote server to which you have secure shell (SSH) access.
The only requirement is a suitable version of Python on the server;
administrative privileges are required only on the client.  Unlike most VPNs,
sshuttle forwards entire sessions, not packets, using kernel transparent
proxying.  This makes it faster and more reliable than SSH's own tunneling and
port forwarding features.  It can forward both TCP and UDP traffic, including
DNS domain name queries.")
    (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’

(define-public sshoot
  (package
    (name "sshoot")
    (version "1.2.6")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
    (build-system python-build-system)
    (arguments
     '(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'patch-paths
           (lambda _
             (substitute* "sshoot/tests/test_manager.py"
               (("/bin/sh") (which "sh")))
             #t)))))
    (inputs
     `(("python-argcomplete" ,python-argcomplete)
       ("python-prettytable" ,python-prettytable)
       ("python-pyyaml" ,python-pyyaml)))
    ;; For tests only.
    (native-inputs
     `(("python-fixtures" ,python-fixtures)
       ("python-pbr" ,python-pbr)
       ("python-testtools" ,python-testtools)))
    (home-page "https://github.com/albertodonato/sshoot")
    (synopsis "sshuttle VPN session manager")
    (description "sshoot provides a command-line interface to manage multiple
@command{sshuttle} virtual private networks.  It supports flexible profiles
with configuration options for most of @command{sshuttle}’s features.")
    (license license:gpl3+)))
Commit	Line	Data
49f24f41 AE	1	;;; GNU Guix --- Functional package management for GNU
49f24f41 AE	2	;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
a9d4a9ad	3	;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
d4bf49b1	4	;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b	5	;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
8d2de491	6	;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
383ad03e	7	;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8	8	;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
01224157	9	;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
49f24f41 AE	10	;;;
	11	;;; This file is part of GNU Guix.
	12	;;;
	13	;;; GNU Guix is free software; you can redistribute it and/or modify it
	14	;;; under the terms of the GNU General Public License as published by
	15	;;; the Free Software Foundation; either version 3 of the License, or (at
	16	;;; your option) any later version.
	17	;;;
	18	;;; GNU Guix is distributed in the hope that it will be useful, but
	19	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	20	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	21	;;; GNU General Public License for more details.
	22	;;;
	23	;;; You should have received a copy of the GNU General Public License
	24	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	25
	26	(define-module (gnu packages vpn)
b5b73a82	27	#:use-module ((guix licenses) #:prefix license:)
49f24f41 AE	28	#:use-module (guix packages)
49f24f41 AE	29	#:use-module (guix download)
06d91fd9	30	#:use-module (guix git-download)
49f24f41	31	#:use-module (guix build-system gnu)
5c863d57	32	#:use-module (guix build-system python)
49f24f41	33	#:use-module (gnu packages)
06d91fd9	34	#:use-module (gnu packages base)
ac257f12	35	#:use-module (gnu packages check)
01224157	36	#:use-module (gnu packages autotools)
71f4b81a	37	#:use-module (gnu packages compression)
1dba6407	38	#:use-module (gnu packages gettext)
49f24f41	39	#:use-module (gnu packages gnupg)
01224157	40	#:use-module (gnu packages libevent)
dc77f0d3	41	#:use-module (gnu packages linux)
71f4b81a AE	42	#:use-module (gnu packages perl)
71f4b81a AE	43	#:use-module (gnu packages pkg-config)
5c863d57	44	#:use-module (gnu packages python)
a7fd7b68	45	#:use-module (gnu packages tls)
71f4b81a	46	#:use-module (gnu packages xml))
49f24f41	47
7af8a9b7 LC	48	(define-public gvpe
	49	(package
	50	(name "gvpe")
3ded2761	51	(version "3.0")
7af8a9b7 LC	52	(source (origin
	53	(method url-fetch)
	54	(uri (string-append "mirror://gnu/gvpe/gvpe-"
	55	version ".tar.gz"))
	56	(sha256
	57	(base32
a9d4a9ad LC	58	"1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf"))
	59	(modules '((guix build utils)))
	60	(snippet
	61	'(begin
	62	;; Remove the outdated bundled copy of glibc's getopt, which
	63	;; provides a 'getopt' declaration that conflicts with that
	64	;; of glibc 2.26.
	65	(substitute* "lib/Makefile.in"
	66	(("getopt1?\\.(c\|h\|\\$\\(OBJEXT\\))") ""))
	67	(for-each delete-file
6cbee49d MW	68	'("lib/getopt.h" "lib/getopt.c"))
6cbee49d MW	69	#t))))
7af8a9b7 LC	70	(build-system gnu-build-system)
	71	(home-page "http://software.schmorp.de/pkg/gvpe.html")
	72	(inputs `(("openssl" ,openssl)
	73	("zlib" ,zlib)))
	74	(synopsis "Secure VPN among multiple nodes over an untrusted network")
	75	(description
	76	"The GNU Virtual Private Ethernet creates a virtual network
	77	with multiple nodes using a variety of transport protocols. It works
	78	by creating encrypted host-to-host tunnels between multiple
	79	endpoints.")
	80	(license license:gpl3+)))
	81
49f24f41 AE	82	(define-public vpnc
	83	(package
	84	(name "vpnc")
	85	(version "0.5.3")
	86	(source (origin
	87	(method url-fetch)
594360f5	88	(uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41 AE	89	version ".tar.gz"))
49f24f41 AE	90	(sha256 (base32
101e67ac	91	"1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41 AE	92	(build-system gnu-build-system)
49f24f41 AE	93	(inputs `(("libgcrypt" ,libgcrypt)
42c97811	94	("perl" ,perl)
101e67ac	95	("vpnc-scripts" ,vpnc-scripts)))
49f24f41 AE	96	(arguments
49f24f41 AE	97	`(#:tests? #f ; there is no check target
49f24f41	98	#:phases
42c97811	99	(modify-phases %standard-phases
101e67ac	100	(add-after 'unpack 'use-store-paths
42c97811	101	(lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac TGR	102	(let ((out (assoc-ref outputs "out"))
	103	(vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
	104	(substitute* "config.c"
	105	(("/etc/vpnc/vpnc-script")
	106	(string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
	107	(substitute* "Makefile"
	108	(("ETCDIR=.*")
	109	(string-append "ETCDIR=" out "/etc/vpnc\n"))
	110	(("PREFIX=.*")
	111	(string-append "PREFIX=" out "\n")))
	112	#t)))
	113	(delete 'configure)))) ; no configure script
799dcdc4	114	(synopsis "Client for Cisco VPN concentrators")
49f24f41 AE	115	(description
49f24f41 AE	116	"vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423	117	It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41	118	shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423	119	1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41 AE	120	Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
	121	(license license:gpl2+) ; some file are bsd-2, see COPYING
	122	(home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a	123
06d91fd9 TGR	124	(define-public vpnc-scripts
	125	(let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3"))
	126	(package
	127	(name "vpnc-scripts")
	128	(version (string-append "20161214." (string-take commit 7)))
	129	(source (origin
	130	(method git-fetch)
	131	(uri
	132	(git-reference
	133	(url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
	134	(commit commit)))
728ee9d6	135	(file-name (git-file-name name version))
06d91fd9 TGR	136	(sha256
	137	(base32
	138	"0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h"))))
	139	(build-system gnu-build-system)
	140	(inputs `(("coreutils" ,coreutils)
	141	("grep" ,grep)
	142	("iproute2" ,iproute) ; for ‘ip’
	143	("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
	144	("sed" ,sed)
	145	("which" ,which)))
	146	(arguments
	147	`(#:phases
	148	(modify-phases %standard-phases
	149	(add-after 'unpack 'use-relative-paths
	150	;; Patch the scripts to work with and use relative paths.
	151	(lambda* _
	152	(for-each (lambda (script)
	153	(substitute* script
	154	(("^PATH=.*") "")
	155	(("(/usr\|)/s?bin/") "")
	156	(("\\[ +-x +([^]]+) +\\]" _ command)
	157	(string-append "command -v >/dev/null 2>&1 "
	158	command))))
	159	(find-files "." "^vpnc-script"))
	160	#t))
	161	(delete 'configure) ; no configure script
	162	(replace 'build
	163	(lambda _
	164	(zero? (system* "gcc" "-o" "netunshare" "netunshare.c"))))
	165	(replace 'install
	166	;; There is no Makefile; manually install the relevant files.
	167	(lambda* (#:key outputs #:allow-other-keys)
	168	(let* ((out (assoc-ref outputs "out"))
	169	(etc (string-append out "/etc/vpnc")))
	170	(for-each (lambda (file)
	171	(install-file file etc))
	172	(append (find-files "." "^vpnc-script")
	173	(list "netunshare"
	174	"xinetd.netns.conf")))
	175	#t)))
	176	(add-after 'install 'wrap-scripts
	177	;; Wrap scripts with paths to their common hard dependencies.
	178	;; Optional dependencies will need to be installed by the user.
	179	(lambda* (#:key inputs outputs #:allow-other-keys)
	180	(let ((out (assoc-ref outputs "out")))
	181	(for-each
	182	(lambda (script)
	183	(wrap-program script
	184	`("PATH" ":" prefix
	185	,(map (lambda (name)
	186	(let ((input (assoc-ref inputs name)))
	187	(string-append input "/bin:"
	188	input "/sbin")))
	189	(list "coreutils"
	190	"grep"
	191	"iproute2"
	192	"net-tools"
	193	"sed"
	194	"which")))))
	195	(find-files (string-append out "/etc/vpnc/vpnc-script")
	196	"^vpnc-script"))))))
	197	#:tests? #f)) ; no tests
	198	(home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
	199	(synopsis "Network configuration scripts for Cisco VPN clients")
200	(description
201	"This set of scripts configures routing and name services when invoked
202	by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
203
204	The default @command{vpnc-script} automatically configures most common
205	connections, and provides hooks for performing custom actions at various stages
206	of the connection or disconnection process.
207
208	Alternative scripts are provided for more complicated set-ups, or to serve as an
209	example for writing your own. For example, @command{vpnc-script-sshd} contains
210	the entire VPN in a network namespace accessible only through SSH.")
211	(license license:gpl2+))))
71f4b81a	212
01224157 PL	213	(define-public ocproxy
	214	(package
	215	(name "ocproxy")
	216	(version "1.60")
	217	(source (origin
	218	(method url-fetch)
	219	(uri (string-append
	220	"https://github.com/cernekee/ocproxy/archive/v"
	221	version ".tar.gz"))
	222	(file-name (string-append name "-" version ".tar.gz"))
	223	(sha256
	224	(base32
	225	"1b4rg3xq5jnrp2l14sw0msan8kqhdxmsd7gpw9lkiwvxy13pcdm7"))))
	226	(build-system gnu-build-system)
	227	(native-inputs
	228	`(("autoconf" ,autoconf)
	229	("automake" ,automake)))
	230	(inputs
	231	`(("libevent" ,libevent)))
	232	(arguments
	233	'(#:phases
	234	(modify-phases %standard-phases
	235	(add-after 'unpack 'autogen
	236	(lambda _ (invoke "sh" "autogen.sh"))))))
	237	(home-page "https://github.com/cernekee/ocproxy")
	238	(synopsis "OpenConnect proxy")
	239	(description
	240	"User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
	241	on LwIP. When using ocproxy, OpenConnect only handles network activity that
	242	the user specifically asks to proxy, so the @dfn{VPN} interface no longer
	243	\"hijacks\" all network traffic on the host.")
	244	(license license:bsd-3)))
	245
71f4b81a AE	246	(define-public openconnect
	247	(package
	248	(name "openconnect")
426aecfd	249	(version "7.08")
71f4b81a AE	250	(source (origin
71f4b81a AE	251	(method url-fetch)
d4bf49b1 EB	252	(uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
d4bf49b1 EB	253	"openconnect-" version ".tar.gz"))
71f4b81a	254	(sha256 (base32
426aecfd	255	"00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w"))))
71f4b81a AE	256	(build-system gnu-build-system)
71f4b81a AE	257	(inputs
c4c4cc05	258	`(("libxml2" ,libxml2)
060e365a	259	("gnutls" ,gnutls)
a6d06e86	260	("vpnc-scripts" ,vpnc-scripts)
71f4b81a	261	("zlib" ,zlib)))
c4c4cc05	262	(native-inputs
b94a6ca0	263	`(("gettext" ,gettext-minimal)
c4c4cc05	264	("pkg-config" ,pkg-config)))
71f4b81a	265	(arguments
d4bf49b1 EB	266	`(#:configure-flags
d4bf49b1 EB	267	`(,(string-append "--with-vpnc-script="
a6d06e86	268	(assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1	269	"/etc/vpnc/vpnc-script"))))
799dcdc4	270	(synopsis "Client for Cisco VPN")
71f4b81a AE	271	(description
	272	"OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
	273	supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
	274	870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
	275	and probably others.")
	276	(license license:lgpl2.1)
	277	(home-page "http://www.infradead.org/openconnect/")))
dc77f0d3 DT	278
	279	(define-public openvpn
	280	(package
	281	(name "openvpn")
a3cbd75b	282	(version "2.4.6")
dc77f0d3 DT	283	(source (origin
	284	(method url-fetch)
	285	(uri (string-append
	286	"https://swupdate.openvpn.org/community/releases/openvpn-"
	287	version ".tar.xz"))
	288	(sha256
	289	(base32
a3cbd75b	290	"09lck4wmkas3iyrzaspin9gn3wiclqb1m9sf8diy7j8wakx38r2g"))))
dc77f0d3 DT	291	(build-system gnu-build-system)
	292	(arguments
	293	'(#:configure-flags '("--enable-iproute2=yes")))
	294	(native-inputs
	295	`(("iproute2" ,iproute)))
	296	(inputs
dee9a262 EF	297	`(("lz4" ,lz4)
dee9a262 EF	298	("lzo" ,lzo)
dc77f0d3 DT	299	("openssl" ,openssl)
	300	("linux-pam" ,linux-pam)))
	301	(home-page "https://openvpn.net/")
	302	(synopsis "Virtual private network daemon")
9599339c TGR	303	(description
9599339c TGR	304	"OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3 DT	305	for creating secure point-to-point or site-to-site connections in routed or
	306	bridged configurations and remote access facilities. It uses a custom
	307	security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c	308	traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3	309	(license license:gpl2)))
feca8e2b JM	310
	311	(define-public tinc
	312	(package
	313	(name "tinc")
383ad03e	314	(version "1.0.33")
feca8e2b JM	315	(source (origin
	316	(method url-fetch)
	317	(uri (string-append "http://tinc-vpn.org/packages/"
	318	name "-" version ".tar.gz"))
	319	(sha256
	320	(base32
383ad03e	321	"1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz"))))
feca8e2b	322	(build-system gnu-build-system)
7b770eca SB	323	(arguments
	324	'(#:configure-flags
	325	'("--sysconfdir=/etc"
	326	"--localstatedir=/var")))
feca8e2b JM	327	(inputs `(("zlib" ,zlib)
	328	("lzo" ,lzo)
	329	("openssl" ,openssl)))
	330	(home-page "http://tinc-vpn.org")
	331	(synopsis "Virtual Private Network (VPN) daemon")
	332	(description
	333	"Tinc is a VPN that uses tunnelling and encryption to create a secure
	334	private network between hosts on the internet.")
	335	(license license:gpl2+)))
5c863d57 TGR	336
	337	(define-public sshuttle
	338	(package
	339	(name "sshuttle")
dc944249	340	(version "0.78.4")
5c863d57 TGR	341	(source
	342	(origin
	343	(method url-fetch)
	344	(uri (pypi-uri name version))
	345	(sha256
	346	(base32
dc944249	347	"0pqk43kd7crqhg6qgnl8kapncwgw1xgaf02zarzypcw64kvdih9h"))))
5c863d57 TGR	348	(build-system python-build-system)
5c863d57 TGR	349	(native-inputs
3308591f	350	`(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57 TGR	351	;; For tests only.
5c863d57 TGR	352	("python-mock" ,python-mock)
3308591f TGR	353	("python-pytest" ,python-pytest)
3308591f TGR	354	("python-pytest-runner" ,python-pytest-runner)))
5c863d57 TGR	355	(home-page "https://github.com/sshuttle/sshuttle")
	356	(synopsis "VPN that transparently forwards connections over SSH")
	357	(description "sshuttle creates an encrypted virtual private network (VPN)
	358	connection to any remote server to which you have secure shell (SSH) access.
	359	The only requirement is a suitable version of Python on the server;
	360	administrative privileges are required only on the client. Unlike most VPNs,
	361	sshuttle forwards entire sessions, not packets, using kernel transparent
	362	proxying. This makes it faster and more reliable than SSH's own tunneling and
	363	port forwarding features. It can forward both TCP and UDP traffic, including
	364	DNS domain name queries.")
	365	(license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b TGR	366
	367	(define-public sshoot
	368	(package
	369	(name "sshoot")
3b4018d6	370	(version "1.2.6")
1ce6f33b TGR	371	(source
	372	(origin
	373	(method url-fetch)
	374	(uri (pypi-uri name version))
	375	(sha256
	376	(base32
3b4018d6	377	"1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b	378	(build-system python-build-system)
c0b12a60 MB	379	(arguments
	380	'(#:phases
	381	(modify-phases %standard-phases
	382	(add-after 'unpack 'patch-paths
	383	(lambda _
	384	(substitute* "sshoot/tests/test_manager.py"
	385	(("/bin/sh") (which "sh")))
	386	#t)))))
1ce6f33b TGR	387	(inputs
	388	`(("python-argcomplete" ,python-argcomplete)
	389	("python-prettytable" ,python-prettytable)
	390	("python-pyyaml" ,python-pyyaml)))
	391	;; For tests only.
	392	(native-inputs
	393	`(("python-fixtures" ,python-fixtures)
	394	("python-pbr" ,python-pbr)
	395	("python-testtools" ,python-testtools)))
3b4018d6	396	(home-page "https://github.com/albertodonato/sshoot")
1ce6f33b TGR	397	(synopsis "sshuttle VPN session manager")
	398	(description "sshoot provides a command-line interface to manage multiple
	399	@command{sshuttle} virtual private networks. It supports flexible profiles
	400	with configuration options for most of @command{sshuttle}’s features.")
	401	(license license:gpl3+)))