[jackhill/guix/guix.git] / gnu / packages / vpn.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages vpn)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix build-system cmake)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system python)
  #:use-module (gnu packages)
  #:use-module (gnu packages base)
  #:use-module (gnu packages check)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages gnuzilla)
  #:use-module (gnu packages libevent)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages python)
  #:use-module (gnu packages python-xyz)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages xml))

(define-public gvpe
  (package
    (name "gvpe")
    (version "3.1")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gvpe/gvpe-"
                                  version ".tar.gz"))
              (sha256
               (base32
                "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi"))))
    (build-system gnu-build-system)
    (home-page "http://software.schmorp.de/pkg/gvpe.html")
    (native-inputs `(("pkg-config" ,pkg-config)))
    (inputs `(("openssl" ,openssl)
              ("zlib" ,zlib)))
    (synopsis "Secure VPN among multiple nodes over an untrusted network")
    (description
     "The GNU Virtual Private Ethernet creates a virtual network
with multiple nodes using a variety of transport protocols.  It works
by creating encrypted host-to-host tunnels between multiple
endpoints.")
    (license license:gpl3+)))

(define-public vpnc
  (package
   (name "vpnc")
   (version "0.5.3")
   (source (origin
            (method url-fetch)
            (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
                                version ".tar.gz"))
            (sha256 (base32
                     "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
   (build-system gnu-build-system)
   (inputs `(("libgcrypt" ,libgcrypt)
             ("perl" ,perl)
             ("vpnc-scripts" ,vpnc-scripts)))
   (arguments
    `(#:tests? #f ; there is no check target
      #:phases
      (modify-phases %standard-phases
        (add-after 'unpack 'use-store-paths
          (lambda* (#:key inputs outputs #:allow-other-keys)
            (let ((out          (assoc-ref outputs "out"))
                  (vpnc-scripts (assoc-ref inputs  "vpnc-scripts")))
              (substitute* "config.c"
                (("/etc/vpnc/vpnc-script")
                 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
              (substitute* "Makefile"
                (("ETCDIR=.*")
                 (string-append "ETCDIR=" out "/etc/vpnc\n"))
                (("PREFIX=.*")
                 (string-append "PREFIX=" out "\n")))
              #t)))
        (delete 'configure))))          ; no configure script
   (synopsis "Client for Cisco VPN concentrators")
   (description
    "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
It supports IPSec (ESP) with Mode Configuration and Xauth.  It supports only
shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
1DES, MD5, SHA1, DH1/2/5 and IP tunneling.  It runs entirely in userspace.
Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
   (license license:gpl2+) ; some file are bsd-2, see COPYING
   (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))

(define-public vpnc-scripts
  (let ((commit "07c3518dd6b8dc424e9c3650a62bed994a4dcbe1"))
    (package
      (name "vpnc-scripts")
      (version (string-append "20180226." (string-take commit 7)))
      (source (origin
                (method git-fetch)
                (uri
                 (git-reference
                  (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
                  (commit commit)))
                (file-name (git-file-name name version))
                (sha256
                 (base32
                  "02d29nrmnj6kfa889cavqn1pkn9ssb5gyp4lz1v47spwx7abpdi7"))))
      (build-system gnu-build-system)
      (inputs `(("coreutils" ,coreutils)
                ("grep" ,grep)
                ("iproute2" ,iproute)    ; for ‘ip’
                ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
                ("sed" ,sed)
                ("which" ,which)))
      (arguments
       `(#:phases
         (modify-phases %standard-phases
           (add-after 'unpack 'use-relative-paths
             ;; Patch the scripts to work with and use relative paths.
             (lambda* _
               (for-each (lambda (script)
                           (substitute* script
                             (("^PATH=.*") "")
                             (("(/usr|)/s?bin/") "")
                             (("\\[ +-x +([^]]+) +\\]" _ command)
                              (string-append "command -v >/dev/null 2>&1 "
                                             command))))
                         (find-files "." "^vpnc-script"))
               #t))
           (delete 'configure)          ; no configure script
           (replace 'build
             (lambda _
               (invoke "gcc" "-o" "netunshare" "netunshare.c")))
           (replace 'install
             ;; There is no Makefile; manually install the relevant files.
             (lambda* (#:key outputs #:allow-other-keys)
               (let* ((out (assoc-ref outputs "out"))
                      (etc (string-append out "/etc/vpnc")))
                 (for-each (lambda (file)
                             (install-file file etc))
                           (append (find-files "." "^vpnc-script")
                                   (list "netunshare"
                                         "xinetd.netns.conf")))
                 #t)))
           (add-after 'install 'wrap-scripts
             ;; Wrap scripts with paths to their common hard dependencies.
             ;; Optional dependencies will need to be installed by the user.
             (lambda* (#:key inputs outputs #:allow-other-keys)
               (let ((out (assoc-ref outputs "out")))
                 (for-each
                  (lambda (script)
                    (wrap-program script
                      `("PATH" ":" prefix
                        ,(map (lambda (name)
                                (let ((input (assoc-ref inputs name)))
                                  (string-append input "/bin:"
                                                 input "/sbin")))
                              (list "coreutils"
                                    "grep"
                                    "iproute2"
                                    "net-tools"
                                    "sed"
                                    "which")))))
                  (find-files (string-append out "/etc/vpnc/vpnc-script")
                              "^vpnc-script"))
                 #t))))
         #:tests? #f))                  ; no tests
      (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
      (synopsis "Network configuration scripts for Cisco VPN clients")
      (description
       "This set of scripts configures routing and name services when invoked
by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.

The default @command{vpnc-script} automatically configures most common
connections, and provides hooks for performing custom actions at various stages
of the connection or disconnection process.

Alternative scripts are provided for more complicated set-ups, or to serve as an
example for writing your own.  For example, @command{vpnc-script-sshd} contains
the entire VPN in a network namespace accessible only through SSH.")
      (license license:gpl2+))))

(define-public ocproxy
  (package
    (name "ocproxy")
    (version "1.60")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://github.com/cernekee/ocproxy/archive/v"
                    version ".tar.gz"))
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
                "1b4rg3xq5jnrp2l14sw0msan8kqhdxmsd7gpw9lkiwvxy13pcdm7"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("autoconf" ,autoconf)
       ("automake" ,automake)))
    (inputs
     `(("libevent" ,libevent)))
    (arguments
     '(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'autogen
           (lambda _ (invoke "sh" "autogen.sh"))))))
    (home-page "https://github.com/cernekee/ocproxy")
    (synopsis "OpenConnect proxy")
    (description
     "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
on LwIP.  When using ocproxy, OpenConnect only handles network activity that
the user specifically asks to proxy, so the @dfn{VPN} interface no longer
\"hijacks\" all network traffic on the host.")
    (license license:bsd-3)))

(define-public openconnect
  (package
   (name "openconnect")
   (version "8.02")
   (source (origin
            (method url-fetch)
            (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
                                "openconnect-" version ".tar.gz"))
            (sha256 (base32
                     "04p0vzc1791h68hd9803wsyb64zrwm8qpdqx0szhj9pig71g5a0w"))))
   (build-system gnu-build-system)
   (inputs
    `(("libxml2" ,libxml2)
      ("gnutls" ,gnutls)
      ("vpnc-scripts" ,vpnc-scripts)
      ("zlib" ,zlib)))
   (native-inputs
    `(("gettext" ,gettext-minimal)
      ("pkg-config" ,pkg-config)))
   (arguments
    `(#:configure-flags
      `(,(string-append "--with-vpnc-script="
                        (assoc-ref %build-inputs "vpnc-scripts")
                        "/etc/vpnc/vpnc-script"))))
   (synopsis "Client for Cisco VPN")
   (description
    "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
and probably others.")
   (license license:lgpl2.1)
   (home-page "https://www.infradead.org/openconnect/")))

(define-public openvpn
  (package
    (name "openvpn")
    (version "2.4.7")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://swupdate.openvpn.org/community/releases/openvpn-"
                    version ".tar.xz"))
              (sha256
               (base32
                "0j7na936isk9j8nsdrrbw7wmy09inmjqvsb8mw8az7k61xbm6bx4"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags '("--enable-iproute2=yes")))
    (native-inputs
     `(("iproute2" ,iproute)))
    (inputs
     `(("lz4" ,lz4)
       ("lzo" ,lzo)
       ("openssl" ,openssl)
       ("linux-pam" ,linux-pam)))
    (home-page "https://openvpn.net/")
    (synopsis "Virtual private network daemon")
    (description
     "OpenVPN implements virtual private network (@dfn{VPN}) techniques
for creating secure point-to-point or site-to-site connections in routed or
bridged configurations and remote access facilities.  It uses a custom
security protocol that utilizes SSL/TLS for key exchange.  It is capable of
traversing network address translators (@dfn{NAT}s) and firewalls.")
    (license license:gpl2)))

(define-public tinc
  (package
    (name "tinc")
    (version "1.0.35")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://tinc-vpn.org/packages/"
                                  name "-" version ".tar.gz"))
              (sha256
               (base32
                "0pl92sdwrkiwgll78x0ww06hfljd07mkwm62g8x17qn3gha3pj0q"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags
       '("--sysconfdir=/etc"
         "--localstatedir=/var")))
    (inputs `(("zlib" ,zlib)
              ("lzo" ,lzo)
              ("openssl" ,openssl)))
    (home-page "https://tinc-vpn.org")
    (synopsis "Virtual Private Network (VPN) daemon")
    (description
     "Tinc is a VPN that uses tunnelling and encryption to create a secure
private network between hosts on the internet.")
    (license license:gpl2+)))

(define-public sshuttle
  (package
    (name "sshuttle")
    (version "0.78.5")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"))))
    (build-system python-build-system)
    (arguments
     `(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'patch-FHS-file-names
           (lambda _
             (substitute* "sshuttle/client.py"
               (("/usr/bin/env") (which "env")))
             (substitute* "sshuttle/ssh.py"
               (("/bin/sh") "sh"))
             #t)))))
    (native-inputs
     `(("python-setuptools-scm" ,python-setuptools-scm)
       ;; For tests only.
       ("python-flake8", python-flake8)
       ("python-mock" ,python-mock)
       ("python-pytest-cov" ,python-pytest-cov)
       ("python-pytest-runner" ,python-pytest-runner)))
    (home-page "https://github.com/sshuttle/sshuttle")
    (synopsis "VPN that transparently forwards connections over SSH")
    (description "sshuttle creates an encrypted virtual private network (VPN)
connection to any remote server to which you have secure shell (SSH) access.
The only requirement is a suitable version of Python on the server;
administrative privileges are required only on the client.  Unlike most VPNs,
sshuttle forwards entire sessions, not packets, using kernel transparent
proxying.  This makes it faster and more reliable than SSH's own tunneling and
port forwarding features.  It can forward both TCP and UDP traffic, including
DNS domain name queries.")
    (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’

(define-public sshoot
  (package
    (name "sshoot")
    (version "1.2.6")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
    (build-system python-build-system)
    (arguments
     '(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'patch-paths
           (lambda _
             (substitute* "sshoot/tests/test_manager.py"
               (("/bin/sh") (which "sh")))
             #t)))))
    (inputs
     `(("python-argcomplete" ,python-argcomplete)
       ("python-prettytable" ,python-prettytable)
       ("python-pyyaml" ,python-pyyaml)))
    ;; For tests only.
    (native-inputs
     `(("python-fixtures" ,python-fixtures)
       ("python-pbr" ,python-pbr)
       ("python-testtools" ,python-testtools)))
    (home-page "https://github.com/albertodonato/sshoot")
    (synopsis "sshuttle VPN session manager")
    (description "sshoot provides a command-line interface to manage multiple
@command{sshuttle} virtual private networks.  It supports flexible profiles
with configuration options for most of @command{sshuttle}’s features.")
    (license license:gpl3+)))

(define-public badvpn
  (package
    (name "badvpn")
    (version "1.999.130")
    (source
     (origin
       (method git-fetch)
       (uri (git-reference
             (url "https://github.com/ambrop72/badvpn.git")
             (commit version)))
       (file-name (git-file-name name version))
       (sha256
        (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c"))))
    (build-system cmake-build-system)
    (arguments
     '(#:tests? #f))                    ; no tests
    (inputs
     `(("nspr" ,nspr)
       ("nss" ,nss)
       ("openssl" ,openssl)))
    (native-inputs
     `(("pkg-config" ,pkg-config)))
    (home-page "https://github.com/ambrop72/badvpn")
    (synopsis "Peer-to-peer virtual private network (VPN)")
    (description "@code{BadVPN} is a collection of virtual private
network (VPN) tools.  It includes:

@enumerate
@item NCD programming language.\n
NCD (Network Configuration Daemon) is a daemon and programming/scripting
language for configuration of network interfaces and other aspects of the
operating system.
@item Tun2socks network-layer proxifier.\n
The tun2socks program socksifes TCP connections at the network layer.  It
implements a TUN device which accepts all incoming TCP connections (regardless
of destination IP), and forwards the connections through a SOCKS server.
@item Peer-to-peer VPN.\n
The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
(VPN nodes).
@end enumerate")
    ;; This project contains a bundled lwIP. lwIP is also released under the
    ;; 3-clause BSD license.
    (license license:bsd-3)))
Commit	Line	Data
49f24f41 AE	1	;;; GNU Guix --- Functional package management for GNU
49f24f41 AE	2	;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
a9d4a9ad	3	;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
d4bf49b1	4	;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b	5	;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
8d2de491	6	;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
9e5709f0	7	;;; Copyright © 2016, 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8	8	;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
01224157	9	;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
7ba2b274	10	;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
49f24f41 AE	11	;;;
	12	;;; This file is part of GNU Guix.
	13	;;;
	14	;;; GNU Guix is free software; you can redistribute it and/or modify it
	15	;;; under the terms of the GNU General Public License as published by
	16	;;; the Free Software Foundation; either version 3 of the License, or (at
	17	;;; your option) any later version.
	18	;;;
	19	;;; GNU Guix is distributed in the hope that it will be useful, but
	20	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	21	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	;;; GNU General Public License for more details.
	23	;;;
	24	;;; You should have received a copy of the GNU General Public License
	25	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	26
	27	(define-module (gnu packages vpn)
b5b73a82	28	#:use-module ((guix licenses) #:prefix license:)
49f24f41 AE	29	#:use-module (guix packages)
49f24f41 AE	30	#:use-module (guix download)
06d91fd9	31	#:use-module (guix git-download)
7ba2b274	32	#:use-module (guix build-system cmake)
49f24f41	33	#:use-module (guix build-system gnu)
5c863d57	34	#:use-module (guix build-system python)
49f24f41	35	#:use-module (gnu packages)
06d91fd9	36	#:use-module (gnu packages base)
ac257f12	37	#:use-module (gnu packages check)
01224157	38	#:use-module (gnu packages autotools)
71f4b81a	39	#:use-module (gnu packages compression)
1dba6407	40	#:use-module (gnu packages gettext)
49f24f41	41	#:use-module (gnu packages gnupg)
7ba2b274	42	#:use-module (gnu packages gnuzilla)
01224157	43	#:use-module (gnu packages libevent)
dc77f0d3	44	#:use-module (gnu packages linux)
71f4b81a AE	45	#:use-module (gnu packages perl)
71f4b81a AE	46	#:use-module (gnu packages pkg-config)
5c863d57	47	#:use-module (gnu packages python)
44d10b1f	48	#:use-module (gnu packages python-xyz)
a7fd7b68	49	#:use-module (gnu packages tls)
71f4b81a	50	#:use-module (gnu packages xml))
49f24f41	51
7af8a9b7 LC	52	(define-public gvpe
	53	(package
	54	(name "gvpe")
574d877e	55	(version "3.1")
7af8a9b7 LC	56	(source (origin
	57	(method url-fetch)
	58	(uri (string-append "mirror://gnu/gvpe/gvpe-"
	59	version ".tar.gz"))
	60	(sha256
	61	(base32
574d877e	62	"1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi"))))
7af8a9b7 LC	63	(build-system gnu-build-system)
7af8a9b7 LC	64	(home-page "http://software.schmorp.de/pkg/gvpe.html")
574d877e	65	(native-inputs `(("pkg-config" ,pkg-config)))
7af8a9b7 LC	66	(inputs `(("openssl" ,openssl)
	67	("zlib" ,zlib)))
	68	(synopsis "Secure VPN among multiple nodes over an untrusted network")
	69	(description
	70	"The GNU Virtual Private Ethernet creates a virtual network
	71	with multiple nodes using a variety of transport protocols. It works
	72	by creating encrypted host-to-host tunnels between multiple
	73	endpoints.")
	74	(license license:gpl3+)))
	75
49f24f41 AE	76	(define-public vpnc
	77	(package
	78	(name "vpnc")
	79	(version "0.5.3")
	80	(source (origin
	81	(method url-fetch)
594360f5	82	(uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41 AE	83	version ".tar.gz"))
49f24f41 AE	84	(sha256 (base32
101e67ac	85	"1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41 AE	86	(build-system gnu-build-system)
49f24f41 AE	87	(inputs `(("libgcrypt" ,libgcrypt)
42c97811	88	("perl" ,perl)
101e67ac	89	("vpnc-scripts" ,vpnc-scripts)))
49f24f41 AE	90	(arguments
49f24f41 AE	91	`(#:tests? #f ; there is no check target
49f24f41	92	#:phases
42c97811	93	(modify-phases %standard-phases
101e67ac	94	(add-after 'unpack 'use-store-paths
42c97811	95	(lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac TGR	96	(let ((out (assoc-ref outputs "out"))
	97	(vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
	98	(substitute* "config.c"
	99	(("/etc/vpnc/vpnc-script")
	100	(string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
	101	(substitute* "Makefile"
	102	(("ETCDIR=.*")
	103	(string-append "ETCDIR=" out "/etc/vpnc\n"))
	104	(("PREFIX=.*")
	105	(string-append "PREFIX=" out "\n")))
	106	#t)))
	107	(delete 'configure)))) ; no configure script
799dcdc4	108	(synopsis "Client for Cisco VPN concentrators")
49f24f41 AE	109	(description
49f24f41 AE	110	"vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423	111	It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41	112	shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423	113	1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41 AE	114	Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
	115	(license license:gpl2+) ; some file are bsd-2, see COPYING
	116	(home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a	117
06d91fd9	118	(define-public vpnc-scripts
1a135896	119	(let ((commit "07c3518dd6b8dc424e9c3650a62bed994a4dcbe1"))
06d91fd9 TGR	120	(package
06d91fd9 TGR	121	(name "vpnc-scripts")
1a135896	122	(version (string-append "20180226." (string-take commit 7)))
06d91fd9 TGR	123	(source (origin
	124	(method git-fetch)
	125	(uri
	126	(git-reference
	127	(url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
	128	(commit commit)))
728ee9d6	129	(file-name (git-file-name name version))
06d91fd9 TGR	130	(sha256
06d91fd9 TGR	131	(base32
1a135896	132	"02d29nrmnj6kfa889cavqn1pkn9ssb5gyp4lz1v47spwx7abpdi7"))))
06d91fd9 TGR	133	(build-system gnu-build-system)
	134	(inputs `(("coreutils" ,coreutils)
	135	("grep" ,grep)
	136	("iproute2" ,iproute) ; for ‘ip’
	137	("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
	138	("sed" ,sed)
	139	("which" ,which)))
	140	(arguments
	141	`(#:phases
	142	(modify-phases %standard-phases
	143	(add-after 'unpack 'use-relative-paths
	144	;; Patch the scripts to work with and use relative paths.
	145	(lambda* _
	146	(for-each (lambda (script)
	147	(substitute* script
	148	(("^PATH=.*") "")
	149	(("(/usr\|)/s?bin/") "")
	150	(("\\[ +-x +([^]]+) +\\]" _ command)
	151	(string-append "command -v >/dev/null 2>&1 "
	152	command))))
	153	(find-files "." "^vpnc-script"))
	154	#t))
	155	(delete 'configure) ; no configure script
	156	(replace 'build
	157	(lambda _
863501b7	158	(invoke "gcc" "-o" "netunshare" "netunshare.c")))
06d91fd9 TGR	159	(replace 'install
	160	;; There is no Makefile; manually install the relevant files.
	161	(lambda* (#:key outputs #:allow-other-keys)
	162	(let* ((out (assoc-ref outputs "out"))
	163	(etc (string-append out "/etc/vpnc")))
	164	(for-each (lambda (file)
	165	(install-file file etc))
	166	(append (find-files "." "^vpnc-script")
	167	(list "netunshare"
	168	"xinetd.netns.conf")))
	169	#t)))
	170	(add-after 'install 'wrap-scripts
	171	;; Wrap scripts with paths to their common hard dependencies.
	172	;; Optional dependencies will need to be installed by the user.
	173	(lambda* (#:key inputs outputs #:allow-other-keys)
	174	(let ((out (assoc-ref outputs "out")))
	175	(for-each
	176	(lambda (script)
	177	(wrap-program script
	178	`("PATH" ":" prefix
	179	,(map (lambda (name)
	180	(let ((input (assoc-ref inputs name)))
	181	(string-append input "/bin:"
	182	input "/sbin")))
	183	(list "coreutils"
	184	"grep"
	185	"iproute2"
	186	"net-tools"
	187	"sed"
	188	"which")))))
	189	(find-files (string-append out "/etc/vpnc/vpnc-script")
863501b7 TGR	190	"^vpnc-script"))
863501b7 TGR	191	#t))))
06d91fd9 TGR	192	#:tests? #f)) ; no tests
	193	(home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
	194	(synopsis "Network configuration scripts for Cisco VPN clients")
	195	(description
	196	"This set of scripts configures routing and name services when invoked
	197	by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
	198
	199	The default @command{vpnc-script} automatically configures most common
	200	connections, and provides hooks for performing custom actions at various stages
	201	of the connection or disconnection process.
	202
	203	Alternative scripts are provided for more complicated set-ups, or to serve as an
	204	example for writing your own. For example, @command{vpnc-script-sshd} contains
	205	the entire VPN in a network namespace accessible only through SSH.")
	206	(license license:gpl2+))))
71f4b81a	207
01224157 PL	208	(define-public ocproxy
	209	(package
	210	(name "ocproxy")
	211	(version "1.60")
	212	(source (origin
	213	(method url-fetch)
	214	(uri (string-append
	215	"https://github.com/cernekee/ocproxy/archive/v"
	216	version ".tar.gz"))
	217	(file-name (string-append name "-" version ".tar.gz"))
	218	(sha256
	219	(base32
	220	"1b4rg3xq5jnrp2l14sw0msan8kqhdxmsd7gpw9lkiwvxy13pcdm7"))))
	221	(build-system gnu-build-system)
	222	(native-inputs
	223	`(("autoconf" ,autoconf)
	224	("automake" ,automake)))
	225	(inputs
	226	`(("libevent" ,libevent)))
	227	(arguments
	228	'(#:phases
	229	(modify-phases %standard-phases
	230	(add-after 'unpack 'autogen
	231	(lambda _ (invoke "sh" "autogen.sh"))))))
	232	(home-page "https://github.com/cernekee/ocproxy")
	233	(synopsis "OpenConnect proxy")
	234	(description
	235	"User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
	236	on LwIP. When using ocproxy, OpenConnect only handles network activity that
	237	the user specifically asks to proxy, so the @dfn{VPN} interface no longer
	238	\"hijacks\" all network traffic on the host.")
	239	(license license:bsd-3)))
	240
71f4b81a AE	241	(define-public openconnect
	242	(package
	243	(name "openconnect")
9e5709f0	244	(version "8.02")
71f4b81a AE	245	(source (origin
71f4b81a AE	246	(method url-fetch)
d4bf49b1 EB	247	(uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
d4bf49b1 EB	248	"openconnect-" version ".tar.gz"))
71f4b81a	249	(sha256 (base32
9e5709f0	250	"04p0vzc1791h68hd9803wsyb64zrwm8qpdqx0szhj9pig71g5a0w"))))
71f4b81a AE	251	(build-system gnu-build-system)
71f4b81a AE	252	(inputs
c4c4cc05	253	`(("libxml2" ,libxml2)
060e365a	254	("gnutls" ,gnutls)
a6d06e86	255	("vpnc-scripts" ,vpnc-scripts)
71f4b81a	256	("zlib" ,zlib)))
c4c4cc05	257	(native-inputs
b94a6ca0	258	`(("gettext" ,gettext-minimal)
c4c4cc05	259	("pkg-config" ,pkg-config)))
71f4b81a	260	(arguments
d4bf49b1 EB	261	`(#:configure-flags
d4bf49b1 EB	262	`(,(string-append "--with-vpnc-script="
a6d06e86	263	(assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1	264	"/etc/vpnc/vpnc-script"))))
799dcdc4	265	(synopsis "Client for Cisco VPN")
71f4b81a AE	266	(description
	267	"OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
	268	supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
	269	870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
	270	and probably others.")
	271	(license license:lgpl2.1)
8b1d0ff4	272	(home-page "https://www.infradead.org/openconnect/")))
dc77f0d3 DT	273
	274	(define-public openvpn
	275	(package
	276	(name "openvpn")
971c8f13	277	(version "2.4.7")
dc77f0d3 DT	278	(source (origin
	279	(method url-fetch)
	280	(uri (string-append
	281	"https://swupdate.openvpn.org/community/releases/openvpn-"
	282	version ".tar.xz"))
	283	(sha256
	284	(base32
971c8f13	285	"0j7na936isk9j8nsdrrbw7wmy09inmjqvsb8mw8az7k61xbm6bx4"))))
dc77f0d3 DT	286	(build-system gnu-build-system)
	287	(arguments
	288	'(#:configure-flags '("--enable-iproute2=yes")))
	289	(native-inputs
	290	`(("iproute2" ,iproute)))
	291	(inputs
dee9a262 EF	292	`(("lz4" ,lz4)
dee9a262 EF	293	("lzo" ,lzo)
dc77f0d3 DT	294	("openssl" ,openssl)
	295	("linux-pam" ,linux-pam)))
	296	(home-page "https://openvpn.net/")
	297	(synopsis "Virtual private network daemon")
9599339c TGR	298	(description
9599339c TGR	299	"OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3 DT	300	for creating secure point-to-point or site-to-site connections in routed or
	301	bridged configurations and remote access facilities. It uses a custom
	302	security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c	303	traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3	304	(license license:gpl2)))
feca8e2b JM	305
	306	(define-public tinc
	307	(package
	308	(name "tinc")
d0d3ed6d	309	(version "1.0.35")
feca8e2b JM	310	(source (origin
feca8e2b JM	311	(method url-fetch)
e81ddeda	312	(uri (string-append "https://tinc-vpn.org/packages/"
feca8e2b JM	313	name "-" version ".tar.gz"))
	314	(sha256
	315	(base32
d0d3ed6d	316	"0pl92sdwrkiwgll78x0ww06hfljd07mkwm62g8x17qn3gha3pj0q"))))
feca8e2b	317	(build-system gnu-build-system)
7b770eca SB	318	(arguments
	319	'(#:configure-flags
	320	'("--sysconfdir=/etc"
	321	"--localstatedir=/var")))
feca8e2b JM	322	(inputs `(("zlib" ,zlib)
	323	("lzo" ,lzo)
	324	("openssl" ,openssl)))
e81ddeda	325	(home-page "https://tinc-vpn.org")
feca8e2b JM	326	(synopsis "Virtual Private Network (VPN) daemon")
	327	(description
	328	"Tinc is a VPN that uses tunnelling and encryption to create a secure
	329	private network between hosts on the internet.")
	330	(license license:gpl2+)))
5c863d57 TGR	331
	332	(define-public sshuttle
	333	(package
	334	(name "sshuttle")
627c6531	335	(version "0.78.5")
5c863d57 TGR	336	(source
	337	(origin
	338	(method url-fetch)
	339	(uri (pypi-uri name version))
	340	(sha256
	341	(base32
627c6531	342	"0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"))))
5c863d57	343	(build-system python-build-system)
c32863e0 TGR	344	(arguments
	345	`(#:phases
	346	(modify-phases %standard-phases
	347	(add-after 'unpack 'patch-FHS-file-names
	348	(lambda _
	349	(substitute* "sshuttle/client.py"
	350	(("/usr/bin/env") (which "env")))
	351	(substitute* "sshuttle/ssh.py"
0e2d3ce2	352	(("/bin/sh") "sh"))
c32863e0	353	#t)))))
5c863d57	354	(native-inputs
3308591f	355	`(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57	356	;; For tests only.
627c6531	357	("python-flake8", python-flake8)
5c863d57	358	("python-mock" ,python-mock)
627c6531	359	("python-pytest-cov" ,python-pytest-cov)
3308591f	360	("python-pytest-runner" ,python-pytest-runner)))
5c863d57 TGR	361	(home-page "https://github.com/sshuttle/sshuttle")
	362	(synopsis "VPN that transparently forwards connections over SSH")
	363	(description "sshuttle creates an encrypted virtual private network (VPN)
	364	connection to any remote server to which you have secure shell (SSH) access.
	365	The only requirement is a suitable version of Python on the server;
	366	administrative privileges are required only on the client. Unlike most VPNs,
	367	sshuttle forwards entire sessions, not packets, using kernel transparent
	368	proxying. This makes it faster and more reliable than SSH's own tunneling and
	369	port forwarding features. It can forward both TCP and UDP traffic, including
	370	DNS domain name queries.")
	371	(license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b TGR	372
	373	(define-public sshoot
	374	(package
	375	(name "sshoot")
3b4018d6	376	(version "1.2.6")
1ce6f33b TGR	377	(source
	378	(origin
	379	(method url-fetch)
	380	(uri (pypi-uri name version))
	381	(sha256
	382	(base32
3b4018d6	383	"1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b	384	(build-system python-build-system)
c0b12a60 MB	385	(arguments
	386	'(#:phases
	387	(modify-phases %standard-phases
	388	(add-after 'unpack 'patch-paths
	389	(lambda _
	390	(substitute* "sshoot/tests/test_manager.py"
	391	(("/bin/sh") (which "sh")))
	392	#t)))))
1ce6f33b TGR	393	(inputs
	394	`(("python-argcomplete" ,python-argcomplete)
	395	("python-prettytable" ,python-prettytable)
	396	("python-pyyaml" ,python-pyyaml)))
	397	;; For tests only.
	398	(native-inputs
	399	`(("python-fixtures" ,python-fixtures)
	400	("python-pbr" ,python-pbr)
	401	("python-testtools" ,python-testtools)))
3b4018d6	402	(home-page "https://github.com/albertodonato/sshoot")
1ce6f33b TGR	403	(synopsis "sshuttle VPN session manager")
	404	(description "sshoot provides a command-line interface to manage multiple
	405	@command{sshuttle} virtual private networks. It supports flexible profiles
	406	with configuration options for most of @command{sshuttle}’s features.")
	407	(license license:gpl3+)))
7ba2b274 MP	408
	409	(define-public badvpn
	410	(package
	411	(name "badvpn")
	412	(version "1.999.130")
	413	(source
	414	(origin
	415	(method git-fetch)
	416	(uri (git-reference
	417	(url "https://github.com/ambrop72/badvpn.git")
	418	(commit version)))
	419	(file-name (git-file-name name version))
	420	(sha256
	421	(base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c"))))
	422	(build-system cmake-build-system)
	423	(arguments
	424	'(#:tests? #f)) ; no tests
	425	(inputs
	426	`(("nspr" ,nspr)
	427	("nss" ,nss)
	428	("openssl" ,openssl)))
	429	(native-inputs
	430	`(("pkg-config" ,pkg-config)))
	431	(home-page "https://github.com/ambrop72/badvpn")
	432	(synopsis "Peer-to-peer virtual private network (VPN)")
	433	(description "@code{BadVPN} is a collection of virtual private
	434	network (VPN) tools. It includes:
	435
	436	@enumerate
	437	@item NCD programming language.\n
	438	NCD (Network Configuration Daemon) is a daemon and programming/scripting
	439	language for configuration of network interfaces and other aspects of the
	440	operating system.
	441	@item Tun2socks network-layer proxifier.\n
	442	The tun2socks program socksifes TCP connections at the network layer. It
	443	implements a TUN device which accepts all incoming TCP connections (regardless
	444	of destination IP), and forwards the connections through a SOCKS server.
	445	@item Peer-to-peer VPN.\n
	446	The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
	447	(VPN nodes).
	448	@end enumerate")
	449	;; This project contains a bundled lwIP. lwIP is also released under the
	450	;; 3-clause BSD license.
	451	(license license:bsd-3)))