HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: icecat: Update to 78.10.0-guix0-preview1 [security fixes].
[jackhill/guix/guix.git] / gnu / packages / vpn.scm
CommitLineData
49f24f41
AE		 1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
b6bee63b 3;;; Copyright © 2013, 2016, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
d4bf49b1 4;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b 5;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
80005d03 6;;; Copyright © 2016, 2017, 2019, 2021 Efraim Flashner <efraim@flashner.co.il>
c3e6fcde 7;;; Copyright © 2016–2021 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8 8;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
fc4338b8 9;;; Copyright © 2018, 2020 Pierre Langlois <pierre.langlois@gmx.com>
7ba2b274 10;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
c1005113 11;;; Copyright © 2019, 2020 Leo Famulari <leo@famulari.name>
9fd6ad3e 12;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
b47e083b 13;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
3b177a6c 14;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
c873980d 15;;; Copyright © 2020 Ryan Prior <rprior@protonmail.com>
8331e235 16;;; Copyright © 2020 Ivan Kozlov <kanichos@yandex.ru>
18918ebe 17;;; Copyright © 2020 David Dashyan <mail@davie.li>
49f24f41
AE		 18;;;
19;;; This file is part of GNU Guix.
20;;;
21;;; GNU Guix is free software; you can redistribute it and/or modify it
22;;; under the terms of the GNU General Public License as published by
23;;; the Free Software Foundation; either version 3 of the License, or (at
24;;; your option) any later version.
25;;;
26;;; GNU Guix is distributed in the hope that it will be useful, but
27;;; WITHOUT ANY WARRANTY; without even the implied warranty of
28;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29;;; GNU General Public License for more details.
30;;;
31;;; You should have received a copy of the GNU General Public License
32;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
33
34(define-module (gnu packages vpn)
b5b73a82 35 #:use-module ((guix licenses) #:prefix license:)
49f24f41
AE		 36 #:use-module (guix packages)
37 #:use-module (guix download)
06d91fd9 38 #:use-module (guix git-download)
7ba2b274 39 #:use-module (guix build-system cmake)
49f24f41 40 #:use-module (guix build-system gnu)
3b177a6c 41 #:use-module (guix build-system linux-module)
5c863d57 42 #:use-module (guix build-system python)
598afe95 43 #:use-module (guix utils)
49f24f41 44 #:use-module (gnu packages)
1b17c23e 45 #:use-module (gnu packages admin)
06d91fd9 46 #:use-module (gnu packages base)
d084e71c 47 #:use-module (gnu packages bash)
ac257f12 48 #:use-module (gnu packages check)
d084e71c 49 #:use-module (gnu packages dns)
01224157 50 #:use-module (gnu packages autotools)
71f4b81a 51 #:use-module (gnu packages compression)
80005d03 52 #:use-module (gnu packages freedesktop)
1dba6407 53 #:use-module (gnu packages gettext)
49f24f41 54 #:use-module (gnu packages gnupg)
b47e083b 55 #:use-module (gnu packages guile)
01224157 56 #:use-module (gnu packages libevent)
dc77f0d3 57 #:use-module (gnu packages linux)
90a69913 58 #:use-module (gnu packages ncurses)
aff0cce9 59 #:use-module (gnu packages nss)
71f4b81a
AE		 60 #:use-module (gnu packages perl)
61 #:use-module (gnu packages pkg-config)
5c863d57 62 #:use-module (gnu packages python)
80005d03
EF		 63 #:use-module (gnu packages python-build)
64 #:use-module (gnu packages python-crypto)
44d10b1f 65 #:use-module (gnu packages python-xyz)
c873980d 66 #:use-module (gnu packages python-web)
80005d03 67 #:use-module (gnu packages qt)
8331e235 68 #:use-module (gnu packages samba)
a7fd7b68 69 #:use-module (gnu packages tls)
71f4b81a 70 #:use-module (gnu packages xml))
49f24f41 71
7af8a9b7
LC		 72(define-public gvpe
73 (package
74 (name "gvpe")
574d877e 75 (version "3.1")
7af8a9b7
LC		 76 (source (origin
77 (method url-fetch)
78 (uri (string-append "mirror://gnu/gvpe/gvpe-"
79 version ".tar.gz"))
80 (sha256
81 (base32
574d877e 82 "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi"))))
7af8a9b7
LC		 83 (build-system gnu-build-system)
84 (home-page "http://software.schmorp.de/pkg/gvpe.html")
574d877e 85 (native-inputs `(("pkg-config" ,pkg-config)))
7af8a9b7
LC		 86 (inputs `(("openssl" ,openssl)
87 ("zlib" ,zlib)))
88 (synopsis "Secure VPN among multiple nodes over an untrusted network")
89 (description
90 "The GNU Virtual Private Ethernet creates a virtual network
91with multiple nodes using a variety of transport protocols. It works
92by creating encrypted host-to-host tunnels between multiple
93endpoints.")
94 (license license:gpl3+)))
95
49f24f41
AE		 96(define-public vpnc
97 (package
98 (name "vpnc")
99 (version "0.5.3")
100 (source (origin
101 (method url-fetch)
594360f5 102 (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41
AE		 103 version ".tar.gz"))
104 (sha256 (base32
101e67ac 105 "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41
AE		 106 (build-system gnu-build-system)
107 (inputs `(("libgcrypt" ,libgcrypt)
42c97811 108 ("perl" ,perl)
101e67ac 109 ("vpnc-scripts" ,vpnc-scripts)))
49f24f41
AE		 110 (arguments
111 `(#:tests? #f ; there is no check target
49f24f41 112 #:phases
42c97811 113 (modify-phases %standard-phases
101e67ac 114 (add-after 'unpack 'use-store-paths
42c97811 115 (lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac
TGR		 116 (let ((out (assoc-ref outputs "out"))
117 (vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
118 (substitute* "config.c"
119 (("/etc/vpnc/vpnc-script")
120 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
121 (substitute* "Makefile"
122 (("ETCDIR=.*")
123 (string-append "ETCDIR=" out "/etc/vpnc\n"))
124 (("PREFIX=.*")
125 (string-append "PREFIX=" out "\n")))
126 #t)))
127 (delete 'configure)))) ; no configure script
799dcdc4 128 (synopsis "Client for Cisco VPN concentrators")
49f24f41
AE		 129 (description
130 "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423 131It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41 132shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423 1331DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41
AE		 134Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
135 (license license:gpl2+) ; some file are bsd-2, see COPYING
d61043c7 136 (home-page "https://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a 137
06d91fd9 138(define-public vpnc-scripts
fc4338b8 139 (let ((commit "3885f8bbc4ae03fd6da0ada6de12f7223a59595c"))
06d91fd9
TGR		 140 (package
141 (name "vpnc-scripts")
fc4338b8 142 (version (string-append "20200925." (string-take commit 7)))
06d91fd9
TGR		 143 (source (origin
144 (method git-fetch)
145 (uri
146 (git-reference
147 (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
148 (commit commit)))
728ee9d6 149 (file-name (git-file-name name version))
06d91fd9
TGR		 150 (sha256
151 (base32
fc4338b8 152 "1pmi4n58q81pmn9arvfixhvv6vkkf3rpwac3hwnwyl882q5q0ccx"))))
06d91fd9 153 (build-system gnu-build-system)
b6bee63b 154 (inputs `(("guile" ,guile-3.0) ; for the wrapper scripts
b47e083b 155 ("coreutils" ,coreutils)
06d91fd9
TGR		 156 ("grep" ,grep)
157 ("iproute2" ,iproute) ; for ‘ip’
158 ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
159 ("sed" ,sed)
160 ("which" ,which)))
161 (arguments
162 `(#:phases
163 (modify-phases %standard-phases
164 (add-after 'unpack 'use-relative-paths
165 ;; Patch the scripts to work with and use relative paths.
166 (lambda* _
167 (for-each (lambda (script)
168 (substitute* script
169 (("^PATH=.*") "")
92594b2e 170 (("/usr/s?bin/") "")
06d91fd9
TGR		 171 (("\\[ +-x +([^]]+) +\\]" _ command)
172 (string-append "command -v >/dev/null 2>&1 "
173 command))))
174 (find-files "." "^vpnc-script"))
175 #t))
176 (delete 'configure) ; no configure script
177 (replace 'build
178 (lambda _
863501b7 179 (invoke "gcc" "-o" "netunshare" "netunshare.c")))
06d91fd9
TGR		 180 (replace 'install
181 ;; There is no Makefile; manually install the relevant files.
182 (lambda* (#:key outputs #:allow-other-keys)
183 (let* ((out (assoc-ref outputs "out"))
184 (etc (string-append out "/etc/vpnc")))
185 (for-each (lambda (file)
186 (install-file file etc))
187 (append (find-files "." "^vpnc-script")
188 (list "netunshare"
189 "xinetd.netns.conf")))
190 #t)))
191 (add-after 'install 'wrap-scripts
192 ;; Wrap scripts with paths to their common hard dependencies.
193 ;; Optional dependencies will need to be installed by the user.
194 (lambda* (#:key inputs outputs #:allow-other-keys)
195 (let ((out (assoc-ref outputs "out")))
196 (for-each
197 (lambda (script)
b47e083b 198 (wrap-script (string-append out "/etc/vpnc/" script)
06d91fd9
TGR		 199 `("PATH" ":" prefix
200 ,(map (lambda (name)
201 (let ((input (assoc-ref inputs name)))
202 (string-append input "/bin:"
203 input "/sbin")))
204 (list "coreutils"
205 "grep"
206 "iproute2"
207 "net-tools"
208 "sed"
209 "which")))))
b47e083b
RW		 210 (list "vpnc-script-ptrtd"
211 "vpnc-script-sshd"
212 "vpnc-script"))
863501b7 213 #t))))
06d91fd9
TGR		 214 #:tests? #f)) ; no tests
215 (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
216 (synopsis "Network configuration scripts for Cisco VPN clients")
217 (description
218 "This set of scripts configures routing and name services when invoked
219by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
220
221The default @command{vpnc-script} automatically configures most common
222connections, and provides hooks for performing custom actions at various stages
223of the connection or disconnection process.
224
225Alternative scripts are provided for more complicated set-ups, or to serve as an
226example for writing your own. For example, @command{vpnc-script-sshd} contains
227the entire VPN in a network namespace accessible only through SSH.")
228 (license license:gpl2+))))
71f4b81a 229
01224157
PL		 230(define-public ocproxy
231 (package
232 (name "ocproxy")
233 (version "1.60")
234 (source (origin
98ebc8fd
EF		 235 (method git-fetch)
236 (uri (git-reference
b0e7b699 237 (url "https://github.com/cernekee/ocproxy")
98ebc8fd
EF		 238 (commit (string-append "v" version))))
239 (file-name (git-file-name name version))
01224157
PL		 240 (sha256
241 (base32
98ebc8fd 242 "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx"))))
01224157
PL		 243 (build-system gnu-build-system)
244 (native-inputs
245 `(("autoconf" ,autoconf)
246 ("automake" ,automake)))
247 (inputs
248 `(("libevent" ,libevent)))
01224157
PL		 249 (home-page "https://github.com/cernekee/ocproxy")
250 (synopsis "OpenConnect proxy")
251 (description
252 "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
253on LwIP. When using ocproxy, OpenConnect only handles network activity that
254the user specifically asks to proxy, so the @dfn{VPN} interface no longer
255\"hijacks\" all network traffic on the host.")
256 (license license:bsd-3)))
257
71f4b81a
AE		 258(define-public openconnect
259 (package
260 (name "openconnect")
57b13d1c 261 (version "8.10")
71f4b81a
AE		 262 (source (origin
263 (method url-fetch)
d4bf49b1
EB		 264 (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
265 "openconnect-" version ".tar.gz"))
c383c36e 266 (sha256
57b13d1c 267 (base32 "1cdsx4nsrwawbsisfkldfc9i4qn60g03vxb13nzppr2br9p4rrih"))))
71f4b81a 268 (build-system gnu-build-system)
0d7f282b 269 (propagated-inputs
c4c4cc05 270 `(("libxml2" ,libxml2)
51a365c1 271 ("gnutls" ,gnutls)
71f4b81a 272 ("zlib" ,zlib)))
0d7f282b 273 (inputs
1d7f3c00
TGR		 274 `(("lz4" ,lz4)
275 ("vpnc-scripts" ,vpnc-scripts)))
c4c4cc05 276 (native-inputs
b94a6ca0 277 `(("gettext" ,gettext-minimal)
c4c4cc05 278 ("pkg-config" ,pkg-config)))
71f4b81a 279 (arguments
d4bf49b1
EB		 280 `(#:configure-flags
281 `(,(string-append "--with-vpnc-script="
a6d06e86 282 (assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1 283 "/etc/vpnc/vpnc-script"))))
799dcdc4 284 (synopsis "Client for Cisco VPN")
71f4b81a
AE		 285 (description
286 "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
287supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
288870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
289and probably others.")
290 (license license:lgpl2.1)
8b1d0ff4 291 (home-page "https://www.infradead.org/openconnect/")))
dc77f0d3 292
80005d03
EF		 293(define-public openconnect-sso
294 (package
295 (name "openconnect-sso")
516a101d 296 (version "0.7.2")
80005d03
EF		 297 (source
298 (origin
299 (method url-fetch)
300 (uri (pypi-uri "openconnect-sso" version))
301 (sha256
302 (base32
516a101d 303 "0nb40zfpp38mz6389y0qvrr4mmak53swpg7578cldnhnk0g15qni"))))
80005d03
EF		 304 (build-system python-build-system)
305 (arguments
306 `(#:tests? #f ; Tests not included, building from git requires poetry.
307 #:phases
308 (modify-phases %standard-phases
80005d03
EF		 309 (add-after 'unpack 'patch-openconnect
310 (lambda _
311 (substitute* "openconnect_sso/app.py"
312 (("\"openconnect\"")
313 (string-append "\"" (which "openconnect") "\"")))
314 #t))
315 (replace 'check
316 (lambda* (#:key tests? #:allow-other-keys)
317 (when tests?
318 (invoke "pytest" "-v"))
319 #t))
320 (add-after 'install 'wrap-qt-process-path
321 (lambda* (#:key inputs outputs #:allow-other-keys)
322 (let* ((out (assoc-ref outputs "out"))
323 (bin (string-append out "/bin/openconnect-sso"))
324 (qt-process-path (string-append
325 (assoc-ref inputs "qtwebengine")
326 "/lib/qt5/libexec/QtWebEngineProcess")))
327 (wrap-program bin
328 `("QTWEBENGINEPROCESS_PATH" = (,qt-process-path)))
329 #t))))))
330 (inputs
331 `(("openconnect" ,openconnect)
332 ("python-attrs" ,python-attrs)
333 ("python-colorama" ,python-colorama)
334 ("python-keyring" ,python-keyring)
335 ("python-lxml" ,python-lxml)
336 ("python-prompt-toolkit" ,python-prompt-toolkit)
337 ("python-requests" ,python-requests)
338 ("python-pyqt" ,python-pyqt)
339 ("python-pyqtwebengine" ,python-pyqtwebengine)
340 ("python-pysocks" ,python-pysocks)
341 ("python-pyxdg" ,python-pyxdg)
342 ("python-structlog" ,python-structlog)
343 ("python-toml" ,python-toml)
344 ("qtwebengine" ,qtwebengine)))
345 (native-inputs
346 `(("python-pytest" ,python-pytest)
347 ("python-setuptools-scm" ,python-setuptools-scm)))
348 (home-page "https://github.com/vlaci/openconnect-sso")
349 (synopsis "OpenConnect wrapper script supporting Azure AD (SAMLv2)")
350 (description
351 "This package provides a wrapper script for OpenConnect supporting Azure AD
352(SAMLv2) authentication to Cisco SSL-VPNs.")
353 (license license:gpl3)))
354
18918ebe
DD		 355(define-public openfortivpn
356 (package
357 (name "openfortivpn")
358 (version "1.15.0")
359 (source (origin
360 (method git-fetch)
361 (uri (git-reference
362 (url "https://github.com/adrienverge/openfortivpn")
363 (commit (string-append "v" version))))
364 (file-name (git-file-name name version))
365 (sha256
366 (base32
367 "1qsfgpxg553s8rc9cyrc4k96z0pislxsdxb9wyhp8fdprkak2mw2"))))
368 (build-system gnu-build-system)
369 (native-inputs
370 `(("autoconf" ,autoconf)
371 ("autotools" ,automake)
372 ("pkg-config" ,pkg-config)))
373 (inputs
374 `(("openssl" ,openssl)
375 ("ppp" ,ppp)))
376 (home-page "https://github.com/adrienverge/openfortivpn")
377 (synopsis "Client for PPP+SSL VPN tunnel services")
378 (description "Openfortivpn is a client for PPP+SSL VPN tunnel services. It
379spawns a pppd process and operates the communication between the gateway and
380this process. It is compatible with Fortinet VPNs.")
381 (license license:gpl3+)))
382
dc77f0d3
DT		 383(define-public openvpn
384 (package
385 (name "openvpn")
ee8e4ba7 386 (version "2.5.1")
dc77f0d3
DT		 387 (source (origin
388 (method url-fetch)
389 (uri (string-append
390 "https://swupdate.openvpn.org/community/releases/openvpn-"
391 version ".tar.xz"))
392 (sha256
393 (base32
ee8e4ba7 394 "157ikzap2bbkzx34hkh33bpk2i14xjx1x3pkadhmzh1pr24h94s0"))))
dc77f0d3
DT		 395 (build-system gnu-build-system)
396 (arguments
397 '(#:configure-flags '("--enable-iproute2=yes")))
398 (native-inputs
399 `(("iproute2" ,iproute)))
400 (inputs
dee9a262
EF		 401 `(("lz4" ,lz4)
402 ("lzo" ,lzo)
dc77f0d3
DT		 403 ("openssl" ,openssl)
404 ("linux-pam" ,linux-pam)))
405 (home-page "https://openvpn.net/")
406 (synopsis "Virtual private network daemon")
9599339c
TGR		 407 (description
408 "OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3
DT		 409for creating secure point-to-point or site-to-site connections in routed or
410bridged configurations and remote access facilities. It uses a custom
411security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c 412traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3 413 (license license:gpl2)))
feca8e2b 414
c873980d
RP		 415(define-public protonvpn-cli
416 (package
417 (name "protonvpn-cli")
04d50f0a 418 (version "2.2.6")
c873980d
RP		 419 (source
420 (origin
421 ;; PyPI has a ".whl" file but not a proper source release.
422 ;; Thus, fetch code from Git.
423 (method git-fetch)
424 (uri (git-reference
b0e7b699 425 (url "https://github.com/ProtonVPN/linux-cli")
c873980d
RP		 426 (commit (string-append "v" version))))
427 (file-name (git-file-name name version))
428 (sha256
04d50f0a 429 (base32 "0y7v9ikrmy5dbjlpbpacp08gy838i8z54m8m4ps7ldk1j6kyia3n"))))
c873980d 430 (build-system python-build-system)
bcfa8b4a
RP		 431 (arguments
432 '(#:tests? #f ; no tests in repo
433 #:phases
434 (modify-phases %standard-phases
435 (add-after 'wrap 'wrap-wrapper
436 ;; Wrap entrypoint with paths to its hard dependencies.
437 (lambda* (#:key inputs outputs #:allow-other-keys)
438 (let ((entrypoint (string-append (assoc-ref outputs "out")
439 "/bin/.protonvpn-real")))
440 (wrap-program entrypoint
441 `("PATH" ":" prefix
442 ,(map (lambda (name)
443 (let ((input (assoc-ref inputs name)))
444 (string-append input "/bin:"
445 input "/sbin")))
446 (list "dialog"
447 "iproute2"
448 "iptables"
449 "ncurses"
450 "openvpn"
451 "procps"
452 "which")))))
453 #t)))))
c873980d 454 (native-inputs
f39b7612 455 `(("python-docopt" ,python-docopt)))
c873980d 456 (inputs
bcfa8b4a
RP		 457 `(("dialog" ,dialog)
458 ("iproute2" ,iproute)
459 ("iptables" ,iptables)
460 ("ncurses" ,ncurses)
461 ("openvpn" ,openvpn)
462 ("procps" ,procps)
463 ("python-jinja2" ,python-jinja2)
36045fa6 464 ("python-pythondialog" ,python-pythondialog)
bcfa8b4a
RP		 465 ("python-requests" ,python-requests)
466 ("which" ,which)))
c873980d
RP		 467 (synopsis "Command-line client for ProtonVPN")
468 (description
86ac14b2
LC		 469 "This is the official command-line interface for ProtonVPN, a secure
470point-to-point virtual private networking (VPN) service with a gratis tier.
471It can automatically find and connect to the fastest servers or use Tor over
472VPN. The gratis tier offers unlimited bandwidth for up to 10 devices.")
c873980d
RP		 473 (home-page "https://github.com/ProtonVPN/linux-cli")
474 (license license:gpl3+)))
475
feca8e2b
JM		 476(define-public tinc
477 (package
478 (name "tinc")
2b247e51 479 (version "1.0.36")
feca8e2b
JM		 480 (source (origin
481 (method url-fetch)
e81ddeda 482 (uri (string-append "https://tinc-vpn.org/packages/"
657c3ff6 483 "tinc-" version ".tar.gz"))
feca8e2b
JM		 484 (sha256
485 (base32
2b247e51 486 "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0"))))
feca8e2b 487 (build-system gnu-build-system)
7b770eca
SB		 488 (arguments
489 '(#:configure-flags
490 '("--sysconfdir=/etc"
491 "--localstatedir=/var")))
feca8e2b
JM		 492 (inputs `(("zlib" ,zlib)
493 ("lzo" ,lzo)
494 ("openssl" ,openssl)))
e81ddeda 495 (home-page "https://tinc-vpn.org")
feca8e2b
JM		 496 (synopsis "Virtual Private Network (VPN) daemon")
497 (description
498 "Tinc is a VPN that uses tunnelling and encryption to create a secure
499private network between hosts on the internet.")
500 (license license:gpl2+)))
5c863d57
TGR		 501
502(define-public sshuttle
503 (package
504 (name "sshuttle")
627c6531 505 (version "0.78.5")
5c863d57
TGR		 506 (source
507 (origin
508 (method url-fetch)
509 (uri (pypi-uri name version))
510 (sha256
511 (base32
627c6531 512 "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"))))
5c863d57 513 (build-system python-build-system)
c32863e0
TGR		 514 (arguments
515 `(#:phases
516 (modify-phases %standard-phases
517 (add-after 'unpack 'patch-FHS-file-names
518 (lambda _
519 (substitute* "sshuttle/client.py"
520 (("/usr/bin/env") (which "env")))
521 (substitute* "sshuttle/ssh.py"
0e2d3ce2 522 (("/bin/sh") "sh"))
c32863e0 523 #t)))))
5c863d57 524 (native-inputs
3308591f 525 `(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57 526 ;; For tests only.
1628d57b 527 ("python-flake8" ,python-flake8)
5c863d57 528 ("python-mock" ,python-mock)
627c6531 529 ("python-pytest-cov" ,python-pytest-cov)
3308591f 530 ("python-pytest-runner" ,python-pytest-runner)))
5c863d57
TGR		 531 (home-page "https://github.com/sshuttle/sshuttle")
532 (synopsis "VPN that transparently forwards connections over SSH")
533 (description "sshuttle creates an encrypted virtual private network (VPN)
534connection to any remote server to which you have secure shell (SSH) access.
535The only requirement is a suitable version of Python on the server;
536administrative privileges are required only on the client. Unlike most VPNs,
537sshuttle forwards entire sessions, not packets, using kernel transparent
538proxying. This makes it faster and more reliable than SSH's own tunneling and
539port forwarding features. It can forward both TCP and UDP traffic, including
540DNS domain name queries.")
541 (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b
TGR		 542
543(define-public sshoot
544 (package
545 (name "sshoot")
3b4018d6 546 (version "1.2.6")
1ce6f33b
TGR		 547 (source
548 (origin
549 (method url-fetch)
550 (uri (pypi-uri name version))
551 (sha256
552 (base32
3b4018d6 553 "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b 554 (build-system python-build-system)
c0b12a60
MB		 555 (arguments
556 '(#:phases
557 (modify-phases %standard-phases
558 (add-after 'unpack 'patch-paths
559 (lambda _
560 (substitute* "sshoot/tests/test_manager.py"
561 (("/bin/sh") (which "sh")))
562 #t)))))
1ce6f33b
TGR		 563 (inputs
564 `(("python-argcomplete" ,python-argcomplete)
565 ("python-prettytable" ,python-prettytable)
566 ("python-pyyaml" ,python-pyyaml)))
567 ;; For tests only.
568 (native-inputs
569 `(("python-fixtures" ,python-fixtures)
570 ("python-pbr" ,python-pbr)
571 ("python-testtools" ,python-testtools)))
3b4018d6 572 (home-page "https://github.com/albertodonato/sshoot")
1ce6f33b
TGR		 573 (synopsis "sshuttle VPN session manager")
574 (description "sshoot provides a command-line interface to manage multiple
575@command{sshuttle} virtual private networks. It supports flexible profiles
576with configuration options for most of @command{sshuttle}’s features.")
577 (license license:gpl3+)))
7ba2b274
MP		 578
579(define-public badvpn
580 (package
581 (name "badvpn")
582 (version "1.999.130")
583 (source
584 (origin
585 (method git-fetch)
586 (uri (git-reference
b0e7b699 587 (url "https://github.com/ambrop72/badvpn")
7ba2b274
MP		 588 (commit version)))
589 (file-name (git-file-name name version))
590 (sha256
591 (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c"))))
592 (build-system cmake-build-system)
593 (arguments
594 '(#:tests? #f)) ; no tests
595 (inputs
596 `(("nspr" ,nspr)
597 ("nss" ,nss)
598 ("openssl" ,openssl)))
599 (native-inputs
600 `(("pkg-config" ,pkg-config)))
601 (home-page "https://github.com/ambrop72/badvpn")
602 (synopsis "Peer-to-peer virtual private network (VPN)")
603 (description "@code{BadVPN} is a collection of virtual private
604network (VPN) tools. It includes:
605
606@enumerate
607@item NCD programming language.\n
608NCD (Network Configuration Daemon) is a daemon and programming/scripting
609language for configuration of network interfaces and other aspects of the
610operating system.
611@item Tun2socks network-layer proxifier.\n
612The tun2socks program socksifes TCP connections at the network layer. It
613implements a TUN device which accepts all incoming TCP connections (regardless
614of destination IP), and forwards the connections through a SOCKS server.
615@item Peer-to-peer VPN.\n
616The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
617(VPN nodes).
618@end enumerate")
619 ;; This project contains a bundled lwIP. lwIP is also released under the
620 ;; 3-clause BSD license.
621 (license license:bsd-3)))
7a0479bb 622
336d7644 623(define-public wireguard-linux-compat
7a0479bb 624 (package
336d7644 625 (name "wireguard-linux-compat")
c3e6fcde 626 (version "1.0.20201221")
7a0479bb
LF		 627 (source (origin
628 (method url-fetch)
336d7644
LF		 629 (uri (string-append "https://git.zx2c4.com/wireguard-linux-compat/"
630 "snapshot/wireguard-linux-compat-" version
631 ".tar.xz"))
7a0479bb
LF		 632 (sha256
633 (base32
c3e6fcde 634 "0ci13in0fqq32n5qamch4qhjgbdq86ygrgmfhc9szsh2nsl8jlkf"))))
3b177a6c
BW		 635 (build-system linux-module-build-system)
636 (outputs '("out"
637 "kernel-patch"))
7a0479bb 638 (arguments
76ad9547
TGR		 639 `(#:linux ,linux-libre-5.4 ; mustn't have WG built-in
640 #:tests? #f ; no test suite
3b177a6c 641 #:modules ((guix build linux-module-build-system)
7a0479bb
LF		 642 (guix build utils)
643 (ice-9 popen)
644 (ice-9 textual-ports))
645 #:phases
646 (modify-phases %standard-phases
3b177a6c
BW		 647 (add-before 'build 'change-directory
648 (lambda _
649 (chdir "./src")
650 #t))
651 (add-after 'build 'build-patch
7a0479bb 652 (lambda* (#:key outputs #:allow-other-keys)
3b177a6c 653 (let* ((patch-builder "../kernel-tree-scripts/create-patch.sh")
7a0479bb
LF		 654 (port (open-input-pipe patch-builder))
655 (str (get-string-all port)))
656 (close-pipe port)
336d7644 657 (call-with-output-file "wireguard.patch"
7a0479bb
LF		 658 (lambda (port)
659 (format port "~a" str))))
76ad9547 660 #t))
3b177a6c 661 (add-after 'install 'install-patch
336d7644
LF		 662 (lambda* (#:key outputs #:allow-other-keys)
663 (install-file "wireguard.patch"
3b177a6c
BW		 664 (assoc-ref %outputs "kernel-patch"))
665 #t))
666 ;; So that 'install-license-files' works...
667 (add-before 'install-license-files 'reset-cwd
668 (lambda _
669 (chdir "..")
336d7644
LF		 670 #t)))))
671 (home-page "https://git.zx2c4.com/wireguard-linux-compat/")
672 (synopsis "WireGuard kernel module for Linux 3.10 through 5.5")
3b177a6c
BW		 673 (description "This package contains an out-of-tree kernel patch and
674a loadable module adding WireGuard to Linux kernel versions 3.10 through 5.5.
675WireGuard was added to Linux 5.6.")
7a0479bb 676 (license license:gpl2)))
1b17c23e 677
10650b89
TGR		 678(define-public wireguard-tools
679 (package
680 (name "wireguard-tools")
d9429a1a 681 (version "1.0.20210315")
10650b89
TGR		 682 (source
683 (origin
684 (method git-fetch)
685 (uri (git-reference
686 (url "https://git.zx2c4.com/wireguard-tools.git")
687 (commit (string-append "v" version))))
688 (file-name (git-file-name name version))
689 (sha256
d9429a1a 690 (base32 "1an5gm2dv111n3fylbrnyynxmi2d3iwf2b46zq08hc54kzazxcml"))))
10650b89
TGR		 691 (build-system gnu-build-system)
692 (arguments
19781930 693 `(#:make-flags
598afe95 694 (list ,(string-append "CC=" (cc-for-target))
c1005113 695 "--directory=src"
10650b89
TGR		 696 "WITH_BASHCOMPLETION=yes"
697 ;; Install the ‘simple and dirty’ helper script wg-quick(8).
698 "WITH_WGQUICK=yes"
699 (string-append "PREFIX=" (assoc-ref %outputs "out"))
700 ;; Currently used only to create an empty /etc/wireguard directory.
701 (string-append "SYSCONFDIR=no-thanks"))
19781930
LF		 702 ;; The test suite is meant to be run interactively. It runs Clang's
703 ;; scan-build static analyzer and then starts a web server to display the
704 ;; results.
705 #:tests? #f
10650b89
TGR		 706 #:phases
707 (modify-phases %standard-phases
c1005113 708 ;; No configure script
d084e71c
BW		 709 (delete 'configure)
710 (add-after 'install 'install-contrib-docs
711 (lambda* (#:key outputs #:allow-other-keys)
712 (let ((out (assoc-ref outputs "out")))
713 (copy-recursively "contrib/"
714 (string-append out "/share/doc/wireguard-tools"))
715 #t)))
716 (add-after 'install 'wrap-wg-quick
717 (lambda* (#:key inputs outputs #:allow-other-keys)
718 (let* ((out (assoc-ref outputs "out"))
719 (inputs-sbin (map (lambda (input)
720 (string-append (assoc-ref inputs input) "/sbin"))
721 (list "resolvconf" "iproute" "procps"
722 "iptables")))
723 (coreutils (string-append (assoc-ref inputs "coreutils")
724 "/bin")))
725 (wrap-program (string-append out "/bin/wg-quick")
726 `("PATH" ":" prefix ,(append inputs-sbin
727 (list coreutils))))
728 #t))))))
729 (inputs
730 `(("resolvconf" ,openresolv)
731 ("coreutils" ,coreutils)
732 ("bash" ,bash) ; for scripts using /dev/tcp
733 ("procps" ,procps)
734 ("iproute" ,iproute)
735 ("iptables" ,iptables)))
10650b89
TGR		 736 (home-page "https://www.wireguard.com/")
737 (synopsis "Tools for configuring WireGuard tunnels")
738 (description
739 "This package provides the user-space command-line tools for using and
740configuring WireGuard tunnels.
741
742WireGuard is a simple and fast general-purpose @acronym{VPN, Virtual Private
743Network} that securely encapsulates IP packets over UDP. It aims to be as easy
744to configure and deploy as SSH. VPN connections are made simply by exchanging
745public keys and can roam across IP addresses.")
746 (license
747 (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library
748 license:gpl2)))) ; everything else
749
336d7644
LF		 750(define-public wireguard
751 (deprecated-package "wireguard" wireguard-tools))
752
1b17c23e
 753(define-public xl2tpd
754 (package
755 (name "xl2tpd")
c3469513 756 (version "1.3.16")
1b17c23e
 757 (source (origin
758 (method git-fetch)
759 (uri (git-reference
760 (url "https://github.com/xelerance/xl2tpd")
761 (commit (string-append "v" version))))
28341601 762 (file-name (git-file-name name version))
1b17c23e
 763 (sha256
764 (base32
c3469513 765 "0is5ccrvijz0pfm45pfrlbb9y8231yz3c4zqs8mkgakl9rxajy6l"))))
1b17c23e
 766 (build-system gnu-build-system)
767 (arguments
0309e004 768 `(#:make-flags (list (string-append "PREFIX=" %output)
1b17c23e
 769 "CC=gcc")
770 #:phases (modify-phases %standard-phases
8331e235
IK		 771 (delete 'configure) ;no configure script
772 (add-before 'build 'setup-environment
773 (lambda* (#:key inputs #:allow-other-keys)
0919d614
MO		 774 (substitute* "l2tp.h"
775 (("/usr/sbin/pppd")
776 (string-append (assoc-ref inputs "ppp")
777 "/sbin/pppd")))
8331e235
IK		 778 (setenv "KERNELSRC"
779 (assoc-ref inputs "linux-libre-headers"))
780 #t)))
14ccd8f8 781 #:tests? #f)) ; no tests provided
8331e235
IK		 782 (inputs `(("libpcap" ,libpcap)
783 ("linux-libre-headers" ,linux-libre-headers)
784 ("ppp" ,ppp)))
1b17c23e
 785 (home-page "https://www.xelerance.com/software/xl2tpd/")
786 (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)")
787 (description
788 "xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661).
789L2TP allows you to tunnel PPP over UDP.")
790 (license license:gpl2)))
jackhill's copy of GNU Guix: https://guix.gnu.org/