HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: emacs-which-key: Update to 3.5.0.
[jackhill/guix/guix.git] / gnu / packages / vpn.scm
CommitLineData
49f24f41
AE		 1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
b6bee63b 3;;; Copyright © 2013, 2016, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
d4bf49b1 4;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b 5;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
0d7f282b 6;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
e4aa83be 7;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8 8;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
01224157 9;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
7ba2b274 10;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
c1005113 11;;; Copyright © 2019, 2020 Leo Famulari <leo@famulari.name>
9fd6ad3e 12;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
b47e083b 13;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
3b177a6c 14;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
c873980d 15;;; Copyright © 2020 Ryan Prior <rprior@protonmail.com>
8331e235 16;;; Copyright © 2020 Ivan Kozlov <kanichos@yandex.ru>
49f24f41
AE		 17;;;
18;;; This file is part of GNU Guix.
19;;;
20;;; GNU Guix is free software; you can redistribute it and/or modify it
21;;; under the terms of the GNU General Public License as published by
22;;; the Free Software Foundation; either version 3 of the License, or (at
23;;; your option) any later version.
24;;;
25;;; GNU Guix is distributed in the hope that it will be useful, but
26;;; WITHOUT ANY WARRANTY; without even the implied warranty of
27;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
28;;; GNU General Public License for more details.
29;;;
30;;; You should have received a copy of the GNU General Public License
31;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
32
33(define-module (gnu packages vpn)
b5b73a82 34 #:use-module ((guix licenses) #:prefix license:)
49f24f41
AE		 35 #:use-module (guix packages)
36 #:use-module (guix download)
06d91fd9 37 #:use-module (guix git-download)
7ba2b274 38 #:use-module (guix build-system cmake)
49f24f41 39 #:use-module (guix build-system gnu)
3b177a6c 40 #:use-module (guix build-system linux-module)
5c863d57 41 #:use-module (guix build-system python)
598afe95 42 #:use-module (guix utils)
49f24f41 43 #:use-module (gnu packages)
1b17c23e 44 #:use-module (gnu packages admin)
06d91fd9 45 #:use-module (gnu packages base)
d084e71c 46 #:use-module (gnu packages bash)
ac257f12 47 #:use-module (gnu packages check)
d084e71c 48 #:use-module (gnu packages dns)
01224157 49 #:use-module (gnu packages autotools)
71f4b81a 50 #:use-module (gnu packages compression)
1dba6407 51 #:use-module (gnu packages gettext)
49f24f41 52 #:use-module (gnu packages gnupg)
b47e083b 53 #:use-module (gnu packages guile)
01224157 54 #:use-module (gnu packages libevent)
dc77f0d3 55 #:use-module (gnu packages linux)
aff0cce9 56 #:use-module (gnu packages nss)
71f4b81a
AE		 57 #:use-module (gnu packages perl)
58 #:use-module (gnu packages pkg-config)
5c863d57 59 #:use-module (gnu packages python)
44d10b1f 60 #:use-module (gnu packages python-xyz)
c873980d 61 #:use-module (gnu packages python-web)
8331e235 62 #:use-module (gnu packages samba)
a7fd7b68 63 #:use-module (gnu packages tls)
71f4b81a 64 #:use-module (gnu packages xml))
49f24f41 65
7af8a9b7
LC		 66(define-public gvpe
67 (package
68 (name "gvpe")
574d877e 69 (version "3.1")
7af8a9b7
LC		 70 (source (origin
71 (method url-fetch)
72 (uri (string-append "mirror://gnu/gvpe/gvpe-"
73 version ".tar.gz"))
74 (sha256
75 (base32
574d877e 76 "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi"))))
7af8a9b7
LC		 77 (build-system gnu-build-system)
78 (home-page "http://software.schmorp.de/pkg/gvpe.html")
574d877e 79 (native-inputs `(("pkg-config" ,pkg-config)))
7af8a9b7
LC		 80 (inputs `(("openssl" ,openssl)
81 ("zlib" ,zlib)))
82 (synopsis "Secure VPN among multiple nodes over an untrusted network")
83 (description
84 "The GNU Virtual Private Ethernet creates a virtual network
85with multiple nodes using a variety of transport protocols. It works
86by creating encrypted host-to-host tunnels between multiple
87endpoints.")
88 (license license:gpl3+)))
89
49f24f41
AE		 90(define-public vpnc
91 (package
92 (name "vpnc")
93 (version "0.5.3")
94 (source (origin
95 (method url-fetch)
594360f5 96 (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41
AE		 97 version ".tar.gz"))
98 (sha256 (base32
101e67ac 99 "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41
AE		 100 (build-system gnu-build-system)
101 (inputs `(("libgcrypt" ,libgcrypt)
42c97811 102 ("perl" ,perl)
101e67ac 103 ("vpnc-scripts" ,vpnc-scripts)))
49f24f41
AE		 104 (arguments
105 `(#:tests? #f ; there is no check target
49f24f41 106 #:phases
42c97811 107 (modify-phases %standard-phases
101e67ac 108 (add-after 'unpack 'use-store-paths
42c97811 109 (lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac
TGR		 110 (let ((out (assoc-ref outputs "out"))
111 (vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
112 (substitute* "config.c"
113 (("/etc/vpnc/vpnc-script")
114 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
115 (substitute* "Makefile"
116 (("ETCDIR=.*")
117 (string-append "ETCDIR=" out "/etc/vpnc\n"))
118 (("PREFIX=.*")
119 (string-append "PREFIX=" out "\n")))
120 #t)))
121 (delete 'configure)))) ; no configure script
799dcdc4 122 (synopsis "Client for Cisco VPN concentrators")
49f24f41
AE		 123 (description
124 "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423 125It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41 126shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423 1271DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41
AE		 128Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
129 (license license:gpl2+) ; some file are bsd-2, see COPYING
d61043c7 130 (home-page "https://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a 131
06d91fd9 132(define-public vpnc-scripts
e3eaac98 133 (let ((commit "1000e0f6dd7d6bff163169a46359211c1fc3a6d2"))
06d91fd9
TGR		 134 (package
135 (name "vpnc-scripts")
e3eaac98 136 (version (string-append "20190116." (string-take commit 7)))
06d91fd9
TGR		 137 (source (origin
138 (method git-fetch)
139 (uri
140 (git-reference
141 (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
142 (commit commit)))
728ee9d6 143 (file-name (git-file-name name version))
06d91fd9
TGR		 144 (sha256
145 (base32
e3eaac98 146 "1g41yarz2bl0f73kbjqnywr485ghanbp7nmspklfb0n07yp0z6ak"))))
06d91fd9 147 (build-system gnu-build-system)
b6bee63b 148 (inputs `(("guile" ,guile-3.0) ; for the wrapper scripts
b47e083b 149 ("coreutils" ,coreutils)
06d91fd9
TGR		 150 ("grep" ,grep)
151 ("iproute2" ,iproute) ; for ‘ip’
152 ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
153 ("sed" ,sed)
154 ("which" ,which)))
155 (arguments
156 `(#:phases
157 (modify-phases %standard-phases
158 (add-after 'unpack 'use-relative-paths
159 ;; Patch the scripts to work with and use relative paths.
160 (lambda* _
161 (for-each (lambda (script)
162 (substitute* script
163 (("^PATH=.*") "")
92594b2e 164 (("/usr/s?bin/") "")
06d91fd9
TGR		 165 (("\\[ +-x +([^]]+) +\\]" _ command)
166 (string-append "command -v >/dev/null 2>&1 "
167 command))))
168 (find-files "." "^vpnc-script"))
169 #t))
170 (delete 'configure) ; no configure script
171 (replace 'build
172 (lambda _
863501b7 173 (invoke "gcc" "-o" "netunshare" "netunshare.c")))
06d91fd9
TGR		 174 (replace 'install
175 ;; There is no Makefile; manually install the relevant files.
176 (lambda* (#:key outputs #:allow-other-keys)
177 (let* ((out (assoc-ref outputs "out"))
178 (etc (string-append out "/etc/vpnc")))
179 (for-each (lambda (file)
180 (install-file file etc))
181 (append (find-files "." "^vpnc-script")
182 (list "netunshare"
183 "xinetd.netns.conf")))
184 #t)))
185 (add-after 'install 'wrap-scripts
186 ;; Wrap scripts with paths to their common hard dependencies.
187 ;; Optional dependencies will need to be installed by the user.
188 (lambda* (#:key inputs outputs #:allow-other-keys)
189 (let ((out (assoc-ref outputs "out")))
190 (for-each
191 (lambda (script)
b47e083b 192 (wrap-script (string-append out "/etc/vpnc/" script)
06d91fd9
TGR		 193 `("PATH" ":" prefix
194 ,(map (lambda (name)
195 (let ((input (assoc-ref inputs name)))
196 (string-append input "/bin:"
197 input "/sbin")))
198 (list "coreutils"
199 "grep"
200 "iproute2"
201 "net-tools"
202 "sed"
203 "which")))))
b47e083b
RW		 204 (list "vpnc-script-ptrtd"
205 "vpnc-script-sshd"
206 "vpnc-script"))
863501b7 207 #t))))
06d91fd9
TGR		 208 #:tests? #f)) ; no tests
209 (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
210 (synopsis "Network configuration scripts for Cisco VPN clients")
211 (description
212 "This set of scripts configures routing and name services when invoked
213by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
214
215The default @command{vpnc-script} automatically configures most common
216connections, and provides hooks for performing custom actions at various stages
217of the connection or disconnection process.
218
219Alternative scripts are provided for more complicated set-ups, or to serve as an
220example for writing your own. For example, @command{vpnc-script-sshd} contains
221the entire VPN in a network namespace accessible only through SSH.")
222 (license license:gpl2+))))
71f4b81a 223
01224157
PL		 224(define-public ocproxy
225 (package
226 (name "ocproxy")
227 (version "1.60")
228 (source (origin
98ebc8fd
EF		 229 (method git-fetch)
230 (uri (git-reference
b0e7b699 231 (url "https://github.com/cernekee/ocproxy")
98ebc8fd
EF		 232 (commit (string-append "v" version))))
233 (file-name (git-file-name name version))
01224157
PL		 234 (sha256
235 (base32
98ebc8fd 236 "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx"))))
01224157
PL		 237 (build-system gnu-build-system)
238 (native-inputs
239 `(("autoconf" ,autoconf)
240 ("automake" ,automake)))
241 (inputs
242 `(("libevent" ,libevent)))
01224157
PL		 243 (home-page "https://github.com/cernekee/ocproxy")
244 (synopsis "OpenConnect proxy")
245 (description
246 "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
247on LwIP. When using ocproxy, OpenConnect only handles network activity that
248the user specifically asks to proxy, so the @dfn{VPN} interface no longer
249\"hijacks\" all network traffic on the host.")
250 (license license:bsd-3)))
251
71f4b81a
AE		 252(define-public openconnect
253 (package
254 (name "openconnect")
57b13d1c 255 (version "8.10")
71f4b81a
AE		 256 (source (origin
257 (method url-fetch)
d4bf49b1
EB		 258 (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
259 "openconnect-" version ".tar.gz"))
c383c36e 260 (sha256
57b13d1c 261 (base32 "1cdsx4nsrwawbsisfkldfc9i4qn60g03vxb13nzppr2br9p4rrih"))))
71f4b81a 262 (build-system gnu-build-system)
0d7f282b 263 (propagated-inputs
c4c4cc05 264 `(("libxml2" ,libxml2)
5c5bd76f
TGR		 265 ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’
266 ;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>.
8951b949 267 ("gnutls" ,gnutls-3.6.14)
71f4b81a 268 ("zlib" ,zlib)))
0d7f282b 269 (inputs
1d7f3c00
TGR		 270 `(("lz4" ,lz4)
271 ("vpnc-scripts" ,vpnc-scripts)))
c4c4cc05 272 (native-inputs
b94a6ca0 273 `(("gettext" ,gettext-minimal)
c4c4cc05 274 ("pkg-config" ,pkg-config)))
71f4b81a 275 (arguments
d4bf49b1
EB		 276 `(#:configure-flags
277 `(,(string-append "--with-vpnc-script="
a6d06e86 278 (assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1 279 "/etc/vpnc/vpnc-script"))))
799dcdc4 280 (synopsis "Client for Cisco VPN")
71f4b81a
AE		 281 (description
282 "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
283supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
284870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
285and probably others.")
286 (license license:lgpl2.1)
8b1d0ff4 287 (home-page "https://www.infradead.org/openconnect/")))
dc77f0d3
DT		 288
289(define-public openvpn
290 (package
291 (name "openvpn")
c5a2b701 292 (version "2.4.9")
dc77f0d3
DT		 293 (source (origin
294 (method url-fetch)
295 (uri (string-append
296 "https://swupdate.openvpn.org/community/releases/openvpn-"
297 version ".tar.xz"))
298 (sha256
299 (base32
c5a2b701 300 "1qpbllwlha7cffsd5dlddb8rl22g9rar5zflkz1wrcllhvfkl7v4"))))
dc77f0d3
DT		 301 (build-system gnu-build-system)
302 (arguments
303 '(#:configure-flags '("--enable-iproute2=yes")))
304 (native-inputs
305 `(("iproute2" ,iproute)))
306 (inputs
dee9a262
EF		 307 `(("lz4" ,lz4)
308 ("lzo" ,lzo)
dc77f0d3
DT		 309 ("openssl" ,openssl)
310 ("linux-pam" ,linux-pam)))
311 (home-page "https://openvpn.net/")
312 (synopsis "Virtual private network daemon")
9599339c
TGR		 313 (description
314 "OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3
DT		 315for creating secure point-to-point or site-to-site connections in routed or
316bridged configurations and remote access facilities. It uses a custom
317security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c 318traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3 319 (license license:gpl2)))
feca8e2b 320
c873980d
RP		 321(define-public protonvpn-cli
322 (package
323 (name "protonvpn-cli")
324 (version "2.2.2")
325 (source
326 (origin
327 ;; PyPI has a ".whl" file but not a proper source release.
328 ;; Thus, fetch code from Git.
329 (method git-fetch)
330 (uri (git-reference
b0e7b699 331 (url "https://github.com/ProtonVPN/linux-cli")
c873980d
RP		 332 (commit (string-append "v" version))))
333 (file-name (git-file-name name version))
334 (sha256
335 (base32
336 "0ixjb02kj4z79whm1izd8mrn2h0rp9cmw4im1qvp93rahqxdd4n8"))))
337 (build-system python-build-system)
338 (arguments '(#:tests? #f)) ; no tests in repo
339 (native-inputs
340 `(("docopt" ,python-docopt)))
341 (inputs
342 `(("pythondialog" ,python-pythondialog)
343 ("requests" ,python-requests)))
344 (propagated-inputs
345 `(("openvpn" ,openvpn)))
346 (synopsis "Command-line client for ProtonVPN")
347 (description
86ac14b2
LC		 348 "This is the official command-line interface for ProtonVPN, a secure
349point-to-point virtual private networking (VPN) service with a gratis tier.
350It can automatically find and connect to the fastest servers or use Tor over
351VPN. The gratis tier offers unlimited bandwidth for up to 10 devices.")
c873980d
RP		 352 (home-page "https://github.com/ProtonVPN/linux-cli")
353 (license license:gpl3+)))
354
feca8e2b
JM		 355(define-public tinc
356 (package
357 (name "tinc")
2b247e51 358 (version "1.0.36")
feca8e2b
JM		 359 (source (origin
360 (method url-fetch)
e81ddeda 361 (uri (string-append "https://tinc-vpn.org/packages/"
657c3ff6 362 "tinc-" version ".tar.gz"))
feca8e2b
JM		 363 (sha256
364 (base32
2b247e51 365 "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0"))))
feca8e2b 366 (build-system gnu-build-system)
7b770eca
SB		 367 (arguments
368 '(#:configure-flags
369 '("--sysconfdir=/etc"
370 "--localstatedir=/var")))
feca8e2b
JM		 371 (inputs `(("zlib" ,zlib)
372 ("lzo" ,lzo)
373 ("openssl" ,openssl)))
e81ddeda 374 (home-page "https://tinc-vpn.org")
feca8e2b
JM		 375 (synopsis "Virtual Private Network (VPN) daemon")
376 (description
377 "Tinc is a VPN that uses tunnelling and encryption to create a secure
378private network between hosts on the internet.")
379 (license license:gpl2+)))
5c863d57
TGR		 380
381(define-public sshuttle
382 (package
383 (name "sshuttle")
627c6531 384 (version "0.78.5")
5c863d57
TGR		 385 (source
386 (origin
387 (method url-fetch)
388 (uri (pypi-uri name version))
389 (sha256
390 (base32
627c6531 391 "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"))))
5c863d57 392 (build-system python-build-system)
c32863e0
TGR		 393 (arguments
394 `(#:phases
395 (modify-phases %standard-phases
396 (add-after 'unpack 'patch-FHS-file-names
397 (lambda _
398 (substitute* "sshuttle/client.py"
399 (("/usr/bin/env") (which "env")))
400 (substitute* "sshuttle/ssh.py"
0e2d3ce2 401 (("/bin/sh") "sh"))
c32863e0 402 #t)))))
5c863d57 403 (native-inputs
3308591f 404 `(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57 405 ;; For tests only.
627c6531 406 ("python-flake8", python-flake8)
5c863d57 407 ("python-mock" ,python-mock)
627c6531 408 ("python-pytest-cov" ,python-pytest-cov)
3308591f 409 ("python-pytest-runner" ,python-pytest-runner)))
5c863d57
TGR		 410 (home-page "https://github.com/sshuttle/sshuttle")
411 (synopsis "VPN that transparently forwards connections over SSH")
412 (description "sshuttle creates an encrypted virtual private network (VPN)
413connection to any remote server to which you have secure shell (SSH) access.
414The only requirement is a suitable version of Python on the server;
415administrative privileges are required only on the client. Unlike most VPNs,
416sshuttle forwards entire sessions, not packets, using kernel transparent
417proxying. This makes it faster and more reliable than SSH's own tunneling and
418port forwarding features. It can forward both TCP and UDP traffic, including
419DNS domain name queries.")
420 (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b
TGR		 421
422(define-public sshoot
423 (package
424 (name "sshoot")
3b4018d6 425 (version "1.2.6")
1ce6f33b
TGR		 426 (source
427 (origin
428 (method url-fetch)
429 (uri (pypi-uri name version))
430 (sha256
431 (base32
3b4018d6 432 "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b 433 (build-system python-build-system)
c0b12a60
MB		 434 (arguments
435 '(#:phases
436 (modify-phases %standard-phases
437 (add-after 'unpack 'patch-paths
438 (lambda _
439 (substitute* "sshoot/tests/test_manager.py"
440 (("/bin/sh") (which "sh")))
441 #t)))))
1ce6f33b
TGR		 442 (inputs
443 `(("python-argcomplete" ,python-argcomplete)
444 ("python-prettytable" ,python-prettytable)
445 ("python-pyyaml" ,python-pyyaml)))
446 ;; For tests only.
447 (native-inputs
448 `(("python-fixtures" ,python-fixtures)
449 ("python-pbr" ,python-pbr)
450 ("python-testtools" ,python-testtools)))
3b4018d6 451 (home-page "https://github.com/albertodonato/sshoot")
1ce6f33b
TGR		 452 (synopsis "sshuttle VPN session manager")
453 (description "sshoot provides a command-line interface to manage multiple
454@command{sshuttle} virtual private networks. It supports flexible profiles
455with configuration options for most of @command{sshuttle}’s features.")
456 (license license:gpl3+)))
7ba2b274
MP		 457
458(define-public badvpn
459 (package
460 (name "badvpn")
461 (version "1.999.130")
462 (source
463 (origin
464 (method git-fetch)
465 (uri (git-reference
b0e7b699 466 (url "https://github.com/ambrop72/badvpn")
7ba2b274
MP		 467 (commit version)))
468 (file-name (git-file-name name version))
469 (sha256
470 (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c"))))
471 (build-system cmake-build-system)
472 (arguments
473 '(#:tests? #f)) ; no tests
474 (inputs
475 `(("nspr" ,nspr)
476 ("nss" ,nss)
477 ("openssl" ,openssl)))
478 (native-inputs
479 `(("pkg-config" ,pkg-config)))
480 (home-page "https://github.com/ambrop72/badvpn")
481 (synopsis "Peer-to-peer virtual private network (VPN)")
482 (description "@code{BadVPN} is a collection of virtual private
483network (VPN) tools. It includes:
484
485@enumerate
486@item NCD programming language.\n
487NCD (Network Configuration Daemon) is a daemon and programming/scripting
488language for configuration of network interfaces and other aspects of the
489operating system.
490@item Tun2socks network-layer proxifier.\n
491The tun2socks program socksifes TCP connections at the network layer. It
492implements a TUN device which accepts all incoming TCP connections (regardless
493of destination IP), and forwards the connections through a SOCKS server.
494@item Peer-to-peer VPN.\n
495The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
496(VPN nodes).
497@end enumerate")
498 ;; This project contains a bundled lwIP. lwIP is also released under the
499 ;; 3-clause BSD license.
500 (license license:bsd-3)))
7a0479bb 501
336d7644 502(define-public wireguard-linux-compat
7a0479bb 503 (package
336d7644 504 (name "wireguard-linux-compat")
d5255a4f 505 (version "1.0.20200623")
7a0479bb
LF		 506 (source (origin
507 (method url-fetch)
336d7644
LF		 508 (uri (string-append "https://git.zx2c4.com/wireguard-linux-compat/"
509 "snapshot/wireguard-linux-compat-" version
510 ".tar.xz"))
7a0479bb
LF		 511 (sha256
512 (base32
d5255a4f 513 "0iclixsqfckaz6kz6a4lhzdary3xhfy1d0pz0pgrwy8m8mr3f28k"))))
3b177a6c
BW		 514 (build-system linux-module-build-system)
515 (outputs '("out"
516 "kernel-patch"))
7a0479bb 517 (arguments
336d7644 518 `(#:tests? #f ; No test suite
3b177a6c 519 #:modules ((guix build linux-module-build-system)
7a0479bb
LF		 520 (guix build utils)
521 (ice-9 popen)
522 (ice-9 textual-ports))
523 #:phases
524 (modify-phases %standard-phases
3b177a6c
BW		 525 (add-before 'build 'change-directory
526 (lambda _
527 (chdir "./src")
528 #t))
529 (add-after 'build 'build-patch
7a0479bb 530 (lambda* (#:key outputs #:allow-other-keys)
3b177a6c 531 (let* ((patch-builder "../kernel-tree-scripts/create-patch.sh")
7a0479bb
LF		 532 (port (open-input-pipe patch-builder))
533 (str (get-string-all port)))
534 (close-pipe port)
336d7644 535 (call-with-output-file "wireguard.patch"
7a0479bb
LF		 536 (lambda (port)
537 (format port "~a" str))))
336d7644 538 #t))
3b177a6c 539 (add-after 'install 'install-patch
336d7644
LF		 540 (lambda* (#:key outputs #:allow-other-keys)
541 (install-file "wireguard.patch"
3b177a6c
BW		 542 (assoc-ref %outputs "kernel-patch"))
543 #t))
544 ;; So that 'install-license-files' works...
545 (add-before 'install-license-files 'reset-cwd
546 (lambda _
547 (chdir "..")
336d7644
LF		 548 #t)))))
549 (home-page "https://git.zx2c4.com/wireguard-linux-compat/")
550 (synopsis "WireGuard kernel module for Linux 3.10 through 5.5")
3b177a6c
BW		 551 (description "This package contains an out-of-tree kernel patch and
552a loadable module adding WireGuard to Linux kernel versions 3.10 through 5.5.
553WireGuard was added to Linux 5.6.")
7a0479bb 554 (license license:gpl2)))
1b17c23e 555
10650b89
TGR		 556(define-public wireguard-tools
557 (package
558 (name "wireguard-tools")
f0117fcd 559 (version "1.0.20200827")
10650b89
TGR		 560 (source
561 (origin
562 (method git-fetch)
563 (uri (git-reference
564 (url "https://git.zx2c4.com/wireguard-tools.git")
565 (commit (string-append "v" version))))
566 (file-name (git-file-name name version))
567 (sha256
f0117fcd 568 (base32 "1h351hn531z6z85sx9ya27xjz1jszgn1pkwibacjj49mds15f7gn"))))
10650b89
TGR		 569 (build-system gnu-build-system)
570 (arguments
19781930 571 `(#:make-flags
598afe95 572 (list ,(string-append "CC=" (cc-for-target))
c1005113 573 "--directory=src"
10650b89
TGR		 574 "WITH_BASHCOMPLETION=yes"
575 ;; Install the ‘simple and dirty’ helper script wg-quick(8).
576 "WITH_WGQUICK=yes"
577 (string-append "PREFIX=" (assoc-ref %outputs "out"))
578 ;; Currently used only to create an empty /etc/wireguard directory.
579 (string-append "SYSCONFDIR=no-thanks"))
19781930
LF		 580 ;; The test suite is meant to be run interactively. It runs Clang's
581 ;; scan-build static analyzer and then starts a web server to display the
582 ;; results.
583 #:tests? #f
10650b89
TGR		 584 #:phases
585 (modify-phases %standard-phases
c1005113 586 ;; No configure script
d084e71c
BW		 587 (delete 'configure)
588 (add-after 'install 'install-contrib-docs
589 (lambda* (#:key outputs #:allow-other-keys)
590 (let ((out (assoc-ref outputs "out")))
591 (copy-recursively "contrib/"
592 (string-append out "/share/doc/wireguard-tools"))
593 #t)))
594 (add-after 'install 'wrap-wg-quick
595 (lambda* (#:key inputs outputs #:allow-other-keys)
596 (let* ((out (assoc-ref outputs "out"))
597 (inputs-sbin (map (lambda (input)
598 (string-append (assoc-ref inputs input) "/sbin"))
599 (list "resolvconf" "iproute" "procps"
600 "iptables")))
601 (coreutils (string-append (assoc-ref inputs "coreutils")
602 "/bin")))
603 (wrap-program (string-append out "/bin/wg-quick")
604 `("PATH" ":" prefix ,(append inputs-sbin
605 (list coreutils))))
606 #t))))))
607 (inputs
608 `(("resolvconf" ,openresolv)
609 ("coreutils" ,coreutils)
610 ("bash" ,bash) ; for scripts using /dev/tcp
611 ("procps" ,procps)
612 ("iproute" ,iproute)
613 ("iptables" ,iptables)))
10650b89
TGR		 614 (home-page "https://www.wireguard.com/")
615 (synopsis "Tools for configuring WireGuard tunnels")
616 (description
617 "This package provides the user-space command-line tools for using and
618configuring WireGuard tunnels.
619
620WireGuard is a simple and fast general-purpose @acronym{VPN, Virtual Private
621Network} that securely encapsulates IP packets over UDP. It aims to be as easy
622to configure and deploy as SSH. VPN connections are made simply by exchanging
623public keys and can roam across IP addresses.")
624 (license
625 (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library
626 license:gpl2)))) ; everything else
627
336d7644
LF		 628(define-public wireguard
629 (deprecated-package "wireguard" wireguard-tools))
630
1b17c23e
 631(define-public xl2tpd
632 (package
633 (name "xl2tpd")
1f3700a4 634 (version "1.3.15")
1b17c23e
 635 (source (origin
636 (method git-fetch)
637 (uri (git-reference
638 (url "https://github.com/xelerance/xl2tpd")
639 (commit (string-append "v" version))))
28341601 640 (file-name (git-file-name name version))
1b17c23e
 641 (sha256
642 (base32
1f3700a4 643 "0ppwza8nwm1av1vldw40gin9wrjrs4l9si50jad414js3k8ycaag"))))
1b17c23e
 644 (build-system gnu-build-system)
645 (arguments
0309e004 646 `(#:make-flags (list (string-append "PREFIX=" %output)
1b17c23e
 647 "CC=gcc")
648 #:phases (modify-phases %standard-phases
8331e235
IK		 649 (delete 'configure) ;no configure script
650 (add-before 'build 'setup-environment
651 (lambda* (#:key inputs #:allow-other-keys)
0919d614
MO		 652 (substitute* "l2tp.h"
653 (("/usr/sbin/pppd")
654 (string-append (assoc-ref inputs "ppp")
655 "/sbin/pppd")))
8331e235
IK		 656 (setenv "KERNELSRC"
657 (assoc-ref inputs "linux-libre-headers"))
658 #t)))
14ccd8f8 659 #:tests? #f)) ; no tests provided
8331e235
IK		 660 (inputs `(("libpcap" ,libpcap)
661 ("linux-libre-headers" ,linux-libre-headers)
662 ("ppp" ,ppp)))
1b17c23e
 663 (home-page "https://www.xelerance.com/software/xl2tpd/")
664 (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)")
665 (description
666 "xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661).
667L2TP allows you to tunnel PPP over UDP.")
668 (license license:gpl2)))
jackhill's copy of GNU Guix: https://guix.gnu.org/