HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: public-inbox: Make git a regular input.
[jackhill/guix/guix.git] / gnu / packages / vpn.scm
CommitLineData
49f24f41
AE		 1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
b6bee63b 3;;; Copyright © 2013, 2016, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
d4bf49b1 4;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b 5;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
0d7f282b 6;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
e4aa83be 7;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8 8;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
01224157 9;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
7ba2b274 10;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
c1005113 11;;; Copyright © 2019, 2020 Leo Famulari <leo@famulari.name>
9fd6ad3e 12;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
b47e083b 13;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
3b177a6c 14;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
c873980d 15;;; Copyright © 2020 Ryan Prior <rprior@protonmail.com>
8331e235 16;;; Copyright © 2020 Ivan Kozlov <kanichos@yandex.ru>
49f24f41
AE		 17;;;
18;;; This file is part of GNU Guix.
19;;;
20;;; GNU Guix is free software; you can redistribute it and/or modify it
21;;; under the terms of the GNU General Public License as published by
22;;; the Free Software Foundation; either version 3 of the License, or (at
23;;; your option) any later version.
24;;;
25;;; GNU Guix is distributed in the hope that it will be useful, but
26;;; WITHOUT ANY WARRANTY; without even the implied warranty of
27;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28;;; GNU General Public License for more details.
29;;;
30;;; You should have received a copy of the GNU General Public License
31;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
32
33(define-module (gnu packages vpn)
b5b73a82 34 #:use-module ((guix licenses) #:prefix license:)
49f24f41
AE		 35 #:use-module (guix packages)
36 #:use-module (guix download)
06d91fd9 37 #:use-module (guix git-download)
7ba2b274 38 #:use-module (guix build-system cmake)
49f24f41 39 #:use-module (guix build-system gnu)
3b177a6c 40 #:use-module (guix build-system linux-module)
5c863d57 41 #:use-module (guix build-system python)
49f24f41 42 #:use-module (gnu packages)
1b17c23e 43 #:use-module (gnu packages admin)
06d91fd9 44 #:use-module (gnu packages base)
d084e71c 45 #:use-module (gnu packages bash)
ac257f12 46 #:use-module (gnu packages check)
d084e71c 47 #:use-module (gnu packages dns)
01224157 48 #:use-module (gnu packages autotools)
71f4b81a 49 #:use-module (gnu packages compression)
1dba6407 50 #:use-module (gnu packages gettext)
49f24f41 51 #:use-module (gnu packages gnupg)
b47e083b 52 #:use-module (gnu packages guile)
01224157 53 #:use-module (gnu packages libevent)
dc77f0d3 54 #:use-module (gnu packages linux)
aff0cce9 55 #:use-module (gnu packages nss)
71f4b81a
AE		 56 #:use-module (gnu packages perl)
57 #:use-module (gnu packages pkg-config)
5c863d57 58 #:use-module (gnu packages python)
44d10b1f 59 #:use-module (gnu packages python-xyz)
c873980d 60 #:use-module (gnu packages python-web)
8331e235 61 #:use-module (gnu packages samba)
a7fd7b68 62 #:use-module (gnu packages tls)
71f4b81a 63 #:use-module (gnu packages xml))
49f24f41 64
7af8a9b7
LC		 65(define-public gvpe
66 (package
67 (name "gvpe")
574d877e 68 (version "3.1")
7af8a9b7
LC		 69 (source (origin
70 (method url-fetch)
71 (uri (string-append "mirror://gnu/gvpe/gvpe-"
72 version ".tar.gz"))
73 (sha256
74 (base32
574d877e 75 "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi"))))
7af8a9b7
LC		 76 (build-system gnu-build-system)
77 (home-page "http://software.schmorp.de/pkg/gvpe.html")
574d877e 78 (native-inputs `(("pkg-config" ,pkg-config)))
7af8a9b7
LC		 79 (inputs `(("openssl" ,openssl)
80 ("zlib" ,zlib)))
81 (synopsis "Secure VPN among multiple nodes over an untrusted network")
82 (description
83 "The GNU Virtual Private Ethernet creates a virtual network
84with multiple nodes using a variety of transport protocols. It works
85by creating encrypted host-to-host tunnels between multiple
86endpoints.")
87 (license license:gpl3+)))
88
49f24f41
AE		 89(define-public vpnc
90 (package
91 (name "vpnc")
92 (version "0.5.3")
93 (source (origin
94 (method url-fetch)
594360f5 95 (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41
AE		 96 version ".tar.gz"))
97 (sha256 (base32
101e67ac 98 "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41
AE		 99 (build-system gnu-build-system)
100 (inputs `(("libgcrypt" ,libgcrypt)
42c97811 101 ("perl" ,perl)
101e67ac 102 ("vpnc-scripts" ,vpnc-scripts)))
49f24f41
AE		 103 (arguments
104 `(#:tests? #f ; there is no check target
49f24f41 105 #:phases
42c97811 106 (modify-phases %standard-phases
101e67ac 107 (add-after 'unpack 'use-store-paths
42c97811 108 (lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac
TGR		 109 (let ((out (assoc-ref outputs "out"))
110 (vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
111 (substitute* "config.c"
112 (("/etc/vpnc/vpnc-script")
113 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
114 (substitute* "Makefile"
115 (("ETCDIR=.*")
116 (string-append "ETCDIR=" out "/etc/vpnc\n"))
117 (("PREFIX=.*")
118 (string-append "PREFIX=" out "\n")))
119 #t)))
120 (delete 'configure)))) ; no configure script
799dcdc4 121 (synopsis "Client for Cisco VPN concentrators")
49f24f41
AE		 122 (description
123 "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423 124It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41 125shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423 1261DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41
AE		 127Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
128 (license license:gpl2+) ; some file are bsd-2, see COPYING
d61043c7 129 (home-page "https://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a 130
06d91fd9 131(define-public vpnc-scripts
e3eaac98 132 (let ((commit "1000e0f6dd7d6bff163169a46359211c1fc3a6d2"))
06d91fd9
TGR		 133 (package
134 (name "vpnc-scripts")
e3eaac98 135 (version (string-append "20190116." (string-take commit 7)))
06d91fd9
TGR		 136 (source (origin
137 (method git-fetch)
138 (uri
139 (git-reference
140 (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
141 (commit commit)))
728ee9d6 142 (file-name (git-file-name name version))
06d91fd9
TGR		 143 (sha256
144 (base32
e3eaac98 145 "1g41yarz2bl0f73kbjqnywr485ghanbp7nmspklfb0n07yp0z6ak"))))
06d91fd9 146 (build-system gnu-build-system)
b6bee63b 147 (inputs `(("guile" ,guile-3.0) ; for the wrapper scripts
b47e083b 148 ("coreutils" ,coreutils)
06d91fd9
TGR		 149 ("grep" ,grep)
150 ("iproute2" ,iproute) ; for ‘ip’
151 ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
152 ("sed" ,sed)
153 ("which" ,which)))
154 (arguments
155 `(#:phases
156 (modify-phases %standard-phases
157 (add-after 'unpack 'use-relative-paths
158 ;; Patch the scripts to work with and use relative paths.
159 (lambda* _
160 (for-each (lambda (script)
161 (substitute* script
162 (("^PATH=.*") "")
92594b2e 163 (("/usr/s?bin/") "")
06d91fd9
TGR		 164 (("\\[ +-x +([^]]+) +\\]" _ command)
165 (string-append "command -v >/dev/null 2>&1 "
166 command))))
167 (find-files "." "^vpnc-script"))
168 #t))
169 (delete 'configure) ; no configure script
170 (replace 'build
171 (lambda _
863501b7 172 (invoke "gcc" "-o" "netunshare" "netunshare.c")))
06d91fd9
TGR		 173 (replace 'install
174 ;; There is no Makefile; manually install the relevant files.
175 (lambda* (#:key outputs #:allow-other-keys)
176 (let* ((out (assoc-ref outputs "out"))
177 (etc (string-append out "/etc/vpnc")))
178 (for-each (lambda (file)
179 (install-file file etc))
180 (append (find-files "." "^vpnc-script")
181 (list "netunshare"
182 "xinetd.netns.conf")))
183 #t)))
184 (add-after 'install 'wrap-scripts
185 ;; Wrap scripts with paths to their common hard dependencies.
186 ;; Optional dependencies will need to be installed by the user.
187 (lambda* (#:key inputs outputs #:allow-other-keys)
188 (let ((out (assoc-ref outputs "out")))
189 (for-each
190 (lambda (script)
b47e083b 191 (wrap-script (string-append out "/etc/vpnc/" script)
06d91fd9
TGR		 192 `("PATH" ":" prefix
193 ,(map (lambda (name)
194 (let ((input (assoc-ref inputs name)))
195 (string-append input "/bin:"
196 input "/sbin")))
197 (list "coreutils"
198 "grep"
199 "iproute2"
200 "net-tools"
201 "sed"
202 "which")))))
b47e083b
RW		 203 (list "vpnc-script-ptrtd"
204 "vpnc-script-sshd"
205 "vpnc-script"))
863501b7 206 #t))))
06d91fd9
TGR		 207 #:tests? #f)) ; no tests
208 (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
209 (synopsis "Network configuration scripts for Cisco VPN clients")
210 (description
211 "This set of scripts configures routing and name services when invoked
212by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
213
214The default @command{vpnc-script} automatically configures most common
215connections, and provides hooks for performing custom actions at various stages
216of the connection or disconnection process.
217
218Alternative scripts are provided for more complicated set-ups, or to serve as an
219example for writing your own. For example, @command{vpnc-script-sshd} contains
220the entire VPN in a network namespace accessible only through SSH.")
221 (license license:gpl2+))))
71f4b81a 222
01224157
PL		 223(define-public ocproxy
224 (package
225 (name "ocproxy")
226 (version "1.60")
227 (source (origin
98ebc8fd
EF		 228 (method git-fetch)
229 (uri (git-reference
b0e7b699 230 (url "https://github.com/cernekee/ocproxy")
98ebc8fd
EF		 231 (commit (string-append "v" version))))
232 (file-name (git-file-name name version))
01224157
PL		 233 (sha256
234 (base32
98ebc8fd 235 "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx"))))
01224157
PL		 236 (build-system gnu-build-system)
237 (native-inputs
238 `(("autoconf" ,autoconf)
239 ("automake" ,automake)))
240 (inputs
241 `(("libevent" ,libevent)))
01224157
PL		 242 (home-page "https://github.com/cernekee/ocproxy")
243 (synopsis "OpenConnect proxy")
244 (description
245 "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
246on LwIP. When using ocproxy, OpenConnect only handles network activity that
247the user specifically asks to proxy, so the @dfn{VPN} interface no longer
248\"hijacks\" all network traffic on the host.")
249 (license license:bsd-3)))
250
71f4b81a
AE		 251(define-public openconnect
252 (package
253 (name "openconnect")
57b13d1c 254 (version "8.10")
71f4b81a
AE		 255 (source (origin
256 (method url-fetch)
d4bf49b1
EB		 257 (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
258 "openconnect-" version ".tar.gz"))
c383c36e 259 (sha256
57b13d1c 260 (base32 "1cdsx4nsrwawbsisfkldfc9i4qn60g03vxb13nzppr2br9p4rrih"))))
71f4b81a 261 (build-system gnu-build-system)
0d7f282b 262 (propagated-inputs
c4c4cc05 263 `(("libxml2" ,libxml2)
5c5bd76f
TGR		 264 ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’
265 ;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>.
8951b949 266 ("gnutls" ,gnutls-3.6.14)
71f4b81a 267 ("zlib" ,zlib)))
0d7f282b 268 (inputs
1d7f3c00
TGR		 269 `(("lz4" ,lz4)
270 ("vpnc-scripts" ,vpnc-scripts)))
c4c4cc05 271 (native-inputs
b94a6ca0 272 `(("gettext" ,gettext-minimal)
c4c4cc05 273 ("pkg-config" ,pkg-config)))
71f4b81a 274 (arguments
d4bf49b1
EB		 275 `(#:configure-flags
276 `(,(string-append "--with-vpnc-script="
a6d06e86 277 (assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1 278 "/etc/vpnc/vpnc-script"))))
799dcdc4 279 (synopsis "Client for Cisco VPN")
71f4b81a
AE		 280 (description
281 "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
282supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
283870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
284and probably others.")
285 (license license:lgpl2.1)
8b1d0ff4 286 (home-page "https://www.infradead.org/openconnect/")))
dc77f0d3
DT		 287
288(define-public openvpn
289 (package
290 (name "openvpn")
c5a2b701 291 (version "2.4.9")
dc77f0d3
DT		 292 (source (origin
293 (method url-fetch)
294 (uri (string-append
295 "https://swupdate.openvpn.org/community/releases/openvpn-"
296 version ".tar.xz"))
297 (sha256
298 (base32
c5a2b701 299 "1qpbllwlha7cffsd5dlddb8rl22g9rar5zflkz1wrcllhvfkl7v4"))))
dc77f0d3
DT		 300 (build-system gnu-build-system)
301 (arguments
302 '(#:configure-flags '("--enable-iproute2=yes")))
303 (native-inputs
304 `(("iproute2" ,iproute)))
305 (inputs
dee9a262
EF		 306 `(("lz4" ,lz4)
307 ("lzo" ,lzo)
dc77f0d3
DT		 308 ("openssl" ,openssl)
309 ("linux-pam" ,linux-pam)))
310 (home-page "https://openvpn.net/")
311 (synopsis "Virtual private network daemon")
9599339c
TGR		 312 (description
313 "OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3
DT		 314for creating secure point-to-point or site-to-site connections in routed or
315bridged configurations and remote access facilities. It uses a custom
316security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c 317traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3 318 (license license:gpl2)))
feca8e2b 319
c873980d
RP		 320(define-public protonvpn-cli
321 (package
322 (name "protonvpn-cli")
323 (version "2.2.2")
324 (source
325 (origin
326 ;; PyPI has a ".whl" file but not a proper source release.
327 ;; Thus, fetch code from Git.
328 (method git-fetch)
329 (uri (git-reference
b0e7b699 330 (url "https://github.com/ProtonVPN/linux-cli")
c873980d
RP		 331 (commit (string-append "v" version))))
332 (file-name (git-file-name name version))
333 (sha256
334 (base32
335 "0ixjb02kj4z79whm1izd8mrn2h0rp9cmw4im1qvp93rahqxdd4n8"))))
336 (build-system python-build-system)
337 (arguments '(#:tests? #f)) ; no tests in repo
338 (native-inputs
339 `(("docopt" ,python-docopt)))
340 (inputs
341 `(("pythondialog" ,python-pythondialog)
342 ("requests" ,python-requests)))
343 (propagated-inputs
344 `(("openvpn" ,openvpn)))
345 (synopsis "Command-line client for ProtonVPN")
346 (description
86ac14b2
LC		 347 "This is the official command-line interface for ProtonVPN, a secure
348point-to-point virtual private networking (VPN) service with a gratis tier.
349It can automatically find and connect to the fastest servers or use Tor over
350VPN. The gratis tier offers unlimited bandwidth for up to 10 devices.")
c873980d
RP		 351 (home-page "https://github.com/ProtonVPN/linux-cli")
352 (license license:gpl3+)))
353
feca8e2b
JM		 354(define-public tinc
355 (package
356 (name "tinc")
2b247e51 357 (version "1.0.36")
feca8e2b
JM		 358 (source (origin
359 (method url-fetch)
e81ddeda 360 (uri (string-append "https://tinc-vpn.org/packages/"
657c3ff6 361 "tinc-" version ".tar.gz"))
feca8e2b
JM		 362 (sha256
363 (base32
2b247e51 364 "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0"))))
feca8e2b 365 (build-system gnu-build-system)
7b770eca
SB		 366 (arguments
367 '(#:configure-flags
368 '("--sysconfdir=/etc"
369 "--localstatedir=/var")))
feca8e2b
JM		 370 (inputs `(("zlib" ,zlib)
371 ("lzo" ,lzo)
372 ("openssl" ,openssl)))
e81ddeda 373 (home-page "https://tinc-vpn.org")
feca8e2b
JM		 374 (synopsis "Virtual Private Network (VPN) daemon")
375 (description
376 "Tinc is a VPN that uses tunnelling and encryption to create a secure
377private network between hosts on the internet.")
378 (license license:gpl2+)))
5c863d57
TGR		 379
380(define-public sshuttle
381 (package
382 (name "sshuttle")
627c6531 383 (version "0.78.5")
5c863d57
TGR		 384 (source
385 (origin
386 (method url-fetch)
387 (uri (pypi-uri name version))
388 (sha256
389 (base32
627c6531 390 "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"))))
5c863d57 391 (build-system python-build-system)
c32863e0
TGR		 392 (arguments
393 `(#:phases
394 (modify-phases %standard-phases
395 (add-after 'unpack 'patch-FHS-file-names
396 (lambda _
397 (substitute* "sshuttle/client.py"
398 (("/usr/bin/env") (which "env")))
399 (substitute* "sshuttle/ssh.py"
0e2d3ce2 400 (("/bin/sh") "sh"))
c32863e0 401 #t)))))
5c863d57 402 (native-inputs
3308591f 403 `(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57 404 ;; For tests only.
627c6531 405 ("python-flake8", python-flake8)
5c863d57 406 ("python-mock" ,python-mock)
627c6531 407 ("python-pytest-cov" ,python-pytest-cov)
3308591f 408 ("python-pytest-runner" ,python-pytest-runner)))
5c863d57
TGR		 409 (home-page "https://github.com/sshuttle/sshuttle")
410 (synopsis "VPN that transparently forwards connections over SSH")
411 (description "sshuttle creates an encrypted virtual private network (VPN)
412connection to any remote server to which you have secure shell (SSH) access.
413The only requirement is a suitable version of Python on the server;
414administrative privileges are required only on the client. Unlike most VPNs,
415sshuttle forwards entire sessions, not packets, using kernel transparent
416proxying. This makes it faster and more reliable than SSH's own tunneling and
417port forwarding features. It can forward both TCP and UDP traffic, including
418DNS domain name queries.")
419 (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b
TGR		 420
421(define-public sshoot
422 (package
423 (name "sshoot")
3b4018d6 424 (version "1.2.6")
1ce6f33b
TGR		 425 (source
426 (origin
427 (method url-fetch)
428 (uri (pypi-uri name version))
429 (sha256
430 (base32
3b4018d6 431 "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b 432 (build-system python-build-system)
c0b12a60
MB		 433 (arguments
434 '(#:phases
435 (modify-phases %standard-phases
436 (add-after 'unpack 'patch-paths
437 (lambda _
438 (substitute* "sshoot/tests/test_manager.py"
439 (("/bin/sh") (which "sh")))
440 #t)))))
1ce6f33b
TGR		 441 (inputs
442 `(("python-argcomplete" ,python-argcomplete)
443 ("python-prettytable" ,python-prettytable)
444 ("python-pyyaml" ,python-pyyaml)))
445 ;; For tests only.
446 (native-inputs
447 `(("python-fixtures" ,python-fixtures)
448 ("python-pbr" ,python-pbr)
449 ("python-testtools" ,python-testtools)))
3b4018d6 450 (home-page "https://github.com/albertodonato/sshoot")
1ce6f33b
TGR		 451 (synopsis "sshuttle VPN session manager")
452 (description "sshoot provides a command-line interface to manage multiple
453@command{sshuttle} virtual private networks. It supports flexible profiles
454with configuration options for most of @command{sshuttle}’s features.")
455 (license license:gpl3+)))
7ba2b274
MP		 456
457(define-public badvpn
458 (package
459 (name "badvpn")
460 (version "1.999.130")
461 (source
462 (origin
463 (method git-fetch)
464 (uri (git-reference
b0e7b699 465 (url "https://github.com/ambrop72/badvpn")
7ba2b274
MP		 466 (commit version)))
467 (file-name (git-file-name name version))
468 (sha256
469 (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c"))))
470 (build-system cmake-build-system)
471 (arguments
472 '(#:tests? #f)) ; no tests
473 (inputs
474 `(("nspr" ,nspr)
475 ("nss" ,nss)
476 ("openssl" ,openssl)))
477 (native-inputs
478 `(("pkg-config" ,pkg-config)))
479 (home-page "https://github.com/ambrop72/badvpn")
480 (synopsis "Peer-to-peer virtual private network (VPN)")
481 (description "@code{BadVPN} is a collection of virtual private
482network (VPN) tools. It includes:
483
484@enumerate
485@item NCD programming language.\n
486NCD (Network Configuration Daemon) is a daemon and programming/scripting
487language for configuration of network interfaces and other aspects of the
488operating system.
489@item Tun2socks network-layer proxifier.\n
490The tun2socks program socksifes TCP connections at the network layer. It
491implements a TUN device which accepts all incoming TCP connections (regardless
492of destination IP), and forwards the connections through a SOCKS server.
493@item Peer-to-peer VPN.\n
494The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
495(VPN nodes).
496@end enumerate")
497 ;; This project contains a bundled lwIP. lwIP is also released under the
498 ;; 3-clause BSD license.
499 (license license:bsd-3)))
7a0479bb 500
336d7644 501(define-public wireguard-linux-compat
7a0479bb 502 (package
336d7644 503 (name "wireguard-linux-compat")
d5255a4f 504 (version "1.0.20200623")
7a0479bb
LF		 505 (source (origin
506 (method url-fetch)
336d7644
LF		 507 (uri (string-append "https://git.zx2c4.com/wireguard-linux-compat/"
508 "snapshot/wireguard-linux-compat-" version
509 ".tar.xz"))
7a0479bb
LF		 510 (sha256
511 (base32
d5255a4f 512 "0iclixsqfckaz6kz6a4lhzdary3xhfy1d0pz0pgrwy8m8mr3f28k"))))
3b177a6c
BW		 513 (build-system linux-module-build-system)
514 (outputs '("out"
515 "kernel-patch"))
7a0479bb 516 (arguments
336d7644 517 `(#:tests? #f ; No test suite
3b177a6c 518 #:modules ((guix build linux-module-build-system)
7a0479bb
LF		 519 (guix build utils)
520 (ice-9 popen)
521 (ice-9 textual-ports))
522 #:phases
523 (modify-phases %standard-phases
3b177a6c
BW		 524 (add-before 'build 'change-directory
525 (lambda _
526 (chdir "./src")
527 #t))
528 (add-after 'build 'build-patch
7a0479bb 529 (lambda* (#:key outputs #:allow-other-keys)
3b177a6c 530 (let* ((patch-builder "../kernel-tree-scripts/create-patch.sh")
7a0479bb
LF		 531 (port (open-input-pipe patch-builder))
532 (str (get-string-all port)))
533 (close-pipe port)
336d7644 534 (call-with-output-file "wireguard.patch"
7a0479bb
LF		 535 (lambda (port)
536 (format port "~a" str))))
336d7644 537 #t))
3b177a6c 538 (add-after 'install 'install-patch
336d7644
LF		 539 (lambda* (#:key outputs #:allow-other-keys)
540 (install-file "wireguard.patch"
3b177a6c
BW		 541 (assoc-ref %outputs "kernel-patch"))
542 #t))
543 ;; So that 'install-license-files' works...
544 (add-before 'install-license-files 'reset-cwd
545 (lambda _
546 (chdir "..")
336d7644
LF		 547 #t)))))
548 (home-page "https://git.zx2c4.com/wireguard-linux-compat/")
549 (synopsis "WireGuard kernel module for Linux 3.10 through 5.5")
3b177a6c
BW		 550 (description "This package contains an out-of-tree kernel patch and
551a loadable module adding WireGuard to Linux kernel versions 3.10 through 5.5.
552WireGuard was added to Linux 5.6.")
7a0479bb 553 (license license:gpl2)))
1b17c23e 554
10650b89
TGR		 555(define-public wireguard-tools
556 (package
557 (name "wireguard-tools")
eeaeac23 558 (version "1.0.20200513")
10650b89
TGR		 559 (source
560 (origin
561 (method git-fetch)
562 (uri (git-reference
563 (url "https://git.zx2c4.com/wireguard-tools.git")
564 (commit (string-append "v" version))))
565 (file-name (git-file-name name version))
566 (sha256
eeaeac23 567 (base32 "1yk8hng0qw2rf76hnawjbdpjssmah88bd5fk20h1c0j1yazlx0a9"))))
10650b89
TGR		 568 (build-system gnu-build-system)
569 (arguments
19781930 570 `(#:make-flags
10650b89 571 (list "CC=gcc"
c1005113 572 "--directory=src"
10650b89
TGR		 573 "WITH_BASHCOMPLETION=yes"
574 ;; Install the ‘simple and dirty’ helper script wg-quick(8).
575 "WITH_WGQUICK=yes"
576 (string-append "PREFIX=" (assoc-ref %outputs "out"))
577 ;; Currently used only to create an empty /etc/wireguard directory.
578 (string-append "SYSCONFDIR=no-thanks"))
19781930
LF		 579 ;; The test suite is meant to be run interactively. It runs Clang's
580 ;; scan-build static analyzer and then starts a web server to display the
581 ;; results.
582 #:tests? #f
10650b89
TGR		 583 #:phases
584 (modify-phases %standard-phases
c1005113 585 ;; No configure script
d084e71c
BW		 586 (delete 'configure)
587 (add-after 'install 'install-contrib-docs
588 (lambda* (#:key outputs #:allow-other-keys)
589 (let ((out (assoc-ref outputs "out")))
590 (copy-recursively "contrib/"
591 (string-append out "/share/doc/wireguard-tools"))
592 #t)))
593 (add-after 'install 'wrap-wg-quick
594 (lambda* (#:key inputs outputs #:allow-other-keys)
595 (let* ((out (assoc-ref outputs "out"))
596 (inputs-sbin (map (lambda (input)
597 (string-append (assoc-ref inputs input) "/sbin"))
598 (list "resolvconf" "iproute" "procps"
599 "iptables")))
600 (coreutils (string-append (assoc-ref inputs "coreutils")
601 "/bin")))
602 (wrap-program (string-append out "/bin/wg-quick")
603 `("PATH" ":" prefix ,(append inputs-sbin
604 (list coreutils))))
605 #t))))))
606 (inputs
607 `(("resolvconf" ,openresolv)
608 ("coreutils" ,coreutils)
609 ("bash" ,bash) ; for scripts using /dev/tcp
610 ("procps" ,procps)
611 ("iproute" ,iproute)
612 ("iptables" ,iptables)))
10650b89
TGR		 613 (home-page "https://www.wireguard.com/")
614 (synopsis "Tools for configuring WireGuard tunnels")
615 (description
616 "This package provides the user-space command-line tools for using and
617configuring WireGuard tunnels.
618
619WireGuard is a simple and fast general-purpose @acronym{VPN, Virtual Private
620Network} that securely encapsulates IP packets over UDP. It aims to be as easy
621to configure and deploy as SSH. VPN connections are made simply by exchanging
622public keys and can roam across IP addresses.")
623 (license
624 (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library
625 license:gpl2)))) ; everything else
626
336d7644
LF		 627(define-public wireguard
628 (deprecated-package "wireguard" wireguard-tools))
629
1b17c23e
 630(define-public xl2tpd
631 (package
632 (name "xl2tpd")
1f3700a4 633 (version "1.3.15")
1b17c23e
 634 (source (origin
635 (method git-fetch)
636 (uri (git-reference
637 (url "https://github.com/xelerance/xl2tpd")
638 (commit (string-append "v" version))))
28341601 639 (file-name (git-file-name name version))
1b17c23e
 640 (sha256
641 (base32
1f3700a4 642 "0ppwza8nwm1av1vldw40gin9wrjrs4l9si50jad414js3k8ycaag"))))
1b17c23e
 643 (build-system gnu-build-system)
644 (arguments
0309e004 645 `(#:make-flags (list (string-append "PREFIX=" %output)
1b17c23e
 646 "CC=gcc")
647 #:phases (modify-phases %standard-phases
8331e235
IK		 648 (delete 'configure) ;no configure script
649 (add-before 'build 'setup-environment
650 (lambda* (#:key inputs #:allow-other-keys)
0919d614
MO		 651 (substitute* "l2tp.h"
652 (("/usr/sbin/pppd")
653 (string-append (assoc-ref inputs "ppp")
654 "/sbin/pppd")))
8331e235
IK		 655 (setenv "KERNELSRC"
656 (assoc-ref inputs "linux-libre-headers"))
657 #t)))
14ccd8f8 658 #:tests? #f)) ; no tests provided
8331e235
IK		 659 (inputs `(("libpcap" ,libpcap)
660 ("linux-libre-headers" ,linux-libre-headers)
661 ("ppp" ,ppp)))
1b17c23e
 662 (home-page "https://www.xelerance.com/software/xl2tpd/")
663 (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)")
664 (description
665 "xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661).
666L2TP allows you to tunnel PPP over UDP.")
667 (license license:gpl2)))
jackhill's copy of GNU Guix: https://guix.gnu.org/