HCoop / jackhill / guix / guix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
gnu: r-survival: Update to 3.2-3.
[jackhill/guix/guix.git] / gnu / packages / vpn.scm
CommitLineData
49f24f41
AE		 1;;; GNU Guix --- Functional package management for GNU
2;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
b6bee63b 3;;; Copyright © 2013, 2016, 2018, 2019, 2020 Ludovic Courtès <ludo@gnu.org>
d4bf49b1 4;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b 5;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
0d7f282b 6;;; Copyright © 2016, 2017, 2019 Efraim Flashner <efraim@flashner.co.il>
e4aa83be 7;;; Copyright © 2016, 2017, 2018, 2019, 2020 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8 8;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
01224157 9;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
7ba2b274 10;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
c1005113 11;;; Copyright © 2019, 2020 Leo Famulari <leo@famulari.name>
9fd6ad3e 12;;; Copyright © 2019 Rutger Helling <rhelling@mykolab.com>
b47e083b 13;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
3b177a6c 14;;; Copyright © 2020 Brice Waegeneire <brice@waegenei.re>
c873980d 15;;; Copyright © 2020 Ryan Prior <rprior@protonmail.com>
49f24f41
AE		 16;;;
17;;; This file is part of GNU Guix.
18;;;
19;;; GNU Guix is free software; you can redistribute it and/or modify it
20;;; under the terms of the GNU General Public License as published by
21;;; the Free Software Foundation; either version 3 of the License, or (at
22;;; your option) any later version.
23;;;
24;;; GNU Guix is distributed in the hope that it will be useful, but
25;;; WITHOUT ANY WARRANTY; without even the implied warranty of
26;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27;;; GNU General Public License for more details.
28;;;
29;;; You should have received a copy of the GNU General Public License
30;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
31
32(define-module (gnu packages vpn)
b5b73a82 33 #:use-module ((guix licenses) #:prefix license:)
49f24f41
AE		 34 #:use-module (guix packages)
35 #:use-module (guix download)
06d91fd9 36 #:use-module (guix git-download)
7ba2b274 37 #:use-module (guix build-system cmake)
49f24f41 38 #:use-module (guix build-system gnu)
3b177a6c 39 #:use-module (guix build-system linux-module)
5c863d57 40 #:use-module (guix build-system python)
49f24f41 41 #:use-module (gnu packages)
1b17c23e 42 #:use-module (gnu packages admin)
06d91fd9 43 #:use-module (gnu packages base)
d084e71c 44 #:use-module (gnu packages bash)
ac257f12 45 #:use-module (gnu packages check)
d084e71c 46 #:use-module (gnu packages dns)
01224157 47 #:use-module (gnu packages autotools)
71f4b81a 48 #:use-module (gnu packages compression)
1dba6407 49 #:use-module (gnu packages gettext)
49f24f41 50 #:use-module (gnu packages gnupg)
b47e083b 51 #:use-module (gnu packages guile)
01224157 52 #:use-module (gnu packages libevent)
dc77f0d3 53 #:use-module (gnu packages linux)
aff0cce9 54 #:use-module (gnu packages nss)
71f4b81a
AE		 55 #:use-module (gnu packages perl)
56 #:use-module (gnu packages pkg-config)
5c863d57 57 #:use-module (gnu packages python)
44d10b1f 58 #:use-module (gnu packages python-xyz)
c873980d 59 #:use-module (gnu packages python-web)
a7fd7b68 60 #:use-module (gnu packages tls)
71f4b81a 61 #:use-module (gnu packages xml))
49f24f41 62
7af8a9b7
LC		 63(define-public gvpe
64 (package
65 (name "gvpe")
574d877e 66 (version "3.1")
7af8a9b7
LC		 67 (source (origin
68 (method url-fetch)
69 (uri (string-append "mirror://gnu/gvpe/gvpe-"
70 version ".tar.gz"))
71 (sha256
72 (base32
574d877e 73 "1cz8n75ksl0l908zc5l3rnfm1hv7130s2w8710799fr5sxrdbszi"))))
7af8a9b7
LC		 74 (build-system gnu-build-system)
75 (home-page "http://software.schmorp.de/pkg/gvpe.html")
574d877e 76 (native-inputs `(("pkg-config" ,pkg-config)))
7af8a9b7
LC		 77 (inputs `(("openssl" ,openssl)
78 ("zlib" ,zlib)))
79 (synopsis "Secure VPN among multiple nodes over an untrusted network")
80 (description
81 "The GNU Virtual Private Ethernet creates a virtual network
82with multiple nodes using a variety of transport protocols. It works
83by creating encrypted host-to-host tunnels between multiple
84endpoints.")
85 (license license:gpl3+)))
86
49f24f41
AE		 87(define-public vpnc
88 (package
89 (name "vpnc")
90 (version "0.5.3")
91 (source (origin
92 (method url-fetch)
594360f5 93 (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41
AE		 94 version ".tar.gz"))
95 (sha256 (base32
101e67ac 96 "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41
AE		 97 (build-system gnu-build-system)
98 (inputs `(("libgcrypt" ,libgcrypt)
42c97811 99 ("perl" ,perl)
101e67ac 100 ("vpnc-scripts" ,vpnc-scripts)))
49f24f41
AE		 101 (arguments
102 `(#:tests? #f ; there is no check target
49f24f41 103 #:phases
42c97811 104 (modify-phases %standard-phases
101e67ac 105 (add-after 'unpack 'use-store-paths
42c97811 106 (lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac
TGR		 107 (let ((out (assoc-ref outputs "out"))
108 (vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
109 (substitute* "config.c"
110 (("/etc/vpnc/vpnc-script")
111 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
112 (substitute* "Makefile"
113 (("ETCDIR=.*")
114 (string-append "ETCDIR=" out "/etc/vpnc\n"))
115 (("PREFIX=.*")
116 (string-append "PREFIX=" out "\n")))
117 #t)))
118 (delete 'configure)))) ; no configure script
799dcdc4 119 (synopsis "Client for Cisco VPN concentrators")
49f24f41
AE		 120 (description
121 "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423 122It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41 123shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423 1241DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41
AE		 125Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
126 (license license:gpl2+) ; some file are bsd-2, see COPYING
d61043c7 127 (home-page "https://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a 128
06d91fd9 129(define-public vpnc-scripts
e3eaac98 130 (let ((commit "1000e0f6dd7d6bff163169a46359211c1fc3a6d2"))
06d91fd9
TGR		 131 (package
132 (name "vpnc-scripts")
e3eaac98 133 (version (string-append "20190116." (string-take commit 7)))
06d91fd9
TGR		 134 (source (origin
135 (method git-fetch)
136 (uri
137 (git-reference
138 (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
139 (commit commit)))
728ee9d6 140 (file-name (git-file-name name version))
06d91fd9
TGR		 141 (sha256
142 (base32
e3eaac98 143 "1g41yarz2bl0f73kbjqnywr485ghanbp7nmspklfb0n07yp0z6ak"))))
06d91fd9 144 (build-system gnu-build-system)
b6bee63b 145 (inputs `(("guile" ,guile-3.0) ; for the wrapper scripts
b47e083b 146 ("coreutils" ,coreutils)
06d91fd9
TGR		 147 ("grep" ,grep)
148 ("iproute2" ,iproute) ; for ‘ip’
149 ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
150 ("sed" ,sed)
151 ("which" ,which)))
152 (arguments
153 `(#:phases
154 (modify-phases %standard-phases
155 (add-after 'unpack 'use-relative-paths
156 ;; Patch the scripts to work with and use relative paths.
157 (lambda* _
158 (for-each (lambda (script)
159 (substitute* script
160 (("^PATH=.*") "")
92594b2e 161 (("/usr/s?bin/") "")
06d91fd9
TGR		 162 (("\\[ +-x +([^]]+) +\\]" _ command)
163 (string-append "command -v >/dev/null 2>&1 "
164 command))))
165 (find-files "." "^vpnc-script"))
166 #t))
167 (delete 'configure) ; no configure script
168 (replace 'build
169 (lambda _
863501b7 170 (invoke "gcc" "-o" "netunshare" "netunshare.c")))
06d91fd9
TGR		 171 (replace 'install
172 ;; There is no Makefile; manually install the relevant files.
173 (lambda* (#:key outputs #:allow-other-keys)
174 (let* ((out (assoc-ref outputs "out"))
175 (etc (string-append out "/etc/vpnc")))
176 (for-each (lambda (file)
177 (install-file file etc))
178 (append (find-files "." "^vpnc-script")
179 (list "netunshare"
180 "xinetd.netns.conf")))
181 #t)))
182 (add-after 'install 'wrap-scripts
183 ;; Wrap scripts with paths to their common hard dependencies.
184 ;; Optional dependencies will need to be installed by the user.
185 (lambda* (#:key inputs outputs #:allow-other-keys)
186 (let ((out (assoc-ref outputs "out")))
187 (for-each
188 (lambda (script)
b47e083b 189 (wrap-script (string-append out "/etc/vpnc/" script)
06d91fd9
TGR		 190 `("PATH" ":" prefix
191 ,(map (lambda (name)
192 (let ((input (assoc-ref inputs name)))
193 (string-append input "/bin:"
194 input "/sbin")))
195 (list "coreutils"
196 "grep"
197 "iproute2"
198 "net-tools"
199 "sed"
200 "which")))))
b47e083b
RW		 201 (list "vpnc-script-ptrtd"
202 "vpnc-script-sshd"
203 "vpnc-script"))
863501b7 204 #t))))
06d91fd9
TGR		 205 #:tests? #f)) ; no tests
206 (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
207 (synopsis "Network configuration scripts for Cisco VPN clients")
208 (description
209 "This set of scripts configures routing and name services when invoked
210by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
211
212The default @command{vpnc-script} automatically configures most common
213connections, and provides hooks for performing custom actions at various stages
214of the connection or disconnection process.
215
216Alternative scripts are provided for more complicated set-ups, or to serve as an
217example for writing your own. For example, @command{vpnc-script-sshd} contains
218the entire VPN in a network namespace accessible only through SSH.")
219 (license license:gpl2+))))
71f4b81a 220
01224157
PL		 221(define-public ocproxy
222 (package
223 (name "ocproxy")
224 (version "1.60")
225 (source (origin
98ebc8fd
EF		 226 (method git-fetch)
227 (uri (git-reference
228 (url "https://github.com/cernekee/ocproxy.git")
229 (commit (string-append "v" version))))
230 (file-name (git-file-name name version))
01224157
PL		 231 (sha256
232 (base32
98ebc8fd 233 "03323nnhb4y9nzwva04mq7xg03dvdrgp689g89f69jqc261skcqx"))))
01224157
PL		 234 (build-system gnu-build-system)
235 (native-inputs
236 `(("autoconf" ,autoconf)
237 ("automake" ,automake)))
238 (inputs
239 `(("libevent" ,libevent)))
01224157
PL		 240 (home-page "https://github.com/cernekee/ocproxy")
241 (synopsis "OpenConnect proxy")
242 (description
243 "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
244on LwIP. When using ocproxy, OpenConnect only handles network activity that
245the user specifically asks to proxy, so the @dfn{VPN} interface no longer
246\"hijacks\" all network traffic on the host.")
247 (license license:bsd-3)))
248
71f4b81a
AE		 249(define-public openconnect
250 (package
251 (name "openconnect")
57b13d1c 252 (version "8.10")
71f4b81a
AE		 253 (source (origin
254 (method url-fetch)
d4bf49b1
EB		 255 (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
256 "openconnect-" version ".tar.gz"))
c383c36e 257 (sha256
57b13d1c 258 (base32 "1cdsx4nsrwawbsisfkldfc9i4qn60g03vxb13nzppr2br9p4rrih"))))
71f4b81a 259 (build-system gnu-build-system)
0d7f282b 260 (propagated-inputs
c4c4cc05 261 `(("libxml2" ,libxml2)
5c5bd76f
TGR		 262 ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’
263 ;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>.
8951b949 264 ("gnutls" ,gnutls-3.6.14)
71f4b81a 265 ("zlib" ,zlib)))
0d7f282b 266 (inputs
1d7f3c00
TGR		 267 `(("lz4" ,lz4)
268 ("vpnc-scripts" ,vpnc-scripts)))
c4c4cc05 269 (native-inputs
b94a6ca0 270 `(("gettext" ,gettext-minimal)
c4c4cc05 271 ("pkg-config" ,pkg-config)))
71f4b81a 272 (arguments
d4bf49b1
EB		 273 `(#:configure-flags
274 `(,(string-append "--with-vpnc-script="
a6d06e86 275 (assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1 276 "/etc/vpnc/vpnc-script"))))
799dcdc4 277 (synopsis "Client for Cisco VPN")
71f4b81a
AE		 278 (description
279 "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
280supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
281870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
282and probably others.")
283 (license license:lgpl2.1)
8b1d0ff4 284 (home-page "https://www.infradead.org/openconnect/")))
dc77f0d3
DT		 285
286(define-public openvpn
287 (package
288 (name "openvpn")
c5a2b701 289 (version "2.4.9")
dc77f0d3
DT		 290 (source (origin
291 (method url-fetch)
292 (uri (string-append
293 "https://swupdate.openvpn.org/community/releases/openvpn-"
294 version ".tar.xz"))
295 (sha256
296 (base32
c5a2b701 297 "1qpbllwlha7cffsd5dlddb8rl22g9rar5zflkz1wrcllhvfkl7v4"))))
dc77f0d3
DT		 298 (build-system gnu-build-system)
299 (arguments
300 '(#:configure-flags '("--enable-iproute2=yes")))
301 (native-inputs
302 `(("iproute2" ,iproute)))
303 (inputs
dee9a262
EF		 304 `(("lz4" ,lz4)
305 ("lzo" ,lzo)
dc77f0d3
DT		 306 ("openssl" ,openssl)
307 ("linux-pam" ,linux-pam)))
308 (home-page "https://openvpn.net/")
309 (synopsis "Virtual private network daemon")
9599339c
TGR		 310 (description
311 "OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3
DT		 312for creating secure point-to-point or site-to-site connections in routed or
313bridged configurations and remote access facilities. It uses a custom
314security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c 315traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3 316 (license license:gpl2)))
feca8e2b 317
c873980d
RP		 318(define-public protonvpn-cli
319 (package
320 (name "protonvpn-cli")
321 (version "2.2.2")
322 (source
323 (origin
324 ;; PyPI has a ".whl" file but not a proper source release.
325 ;; Thus, fetch code from Git.
326 (method git-fetch)
327 (uri (git-reference
328 (url "https://github.com/ProtonVPN/linux-cli.git")
329 (commit (string-append "v" version))))
330 (file-name (git-file-name name version))
331 (sha256
332 (base32
333 "0ixjb02kj4z79whm1izd8mrn2h0rp9cmw4im1qvp93rahqxdd4n8"))))
334 (build-system python-build-system)
335 (arguments '(#:tests? #f)) ; no tests in repo
336 (native-inputs
337 `(("docopt" ,python-docopt)))
338 (inputs
339 `(("pythondialog" ,python-pythondialog)
340 ("requests" ,python-requests)))
341 (propagated-inputs
342 `(("openvpn" ,openvpn)))
343 (synopsis "Command-line client for ProtonVPN")
344 (description
86ac14b2
LC		 345 "This is the official command-line interface for ProtonVPN, a secure
346point-to-point virtual private networking (VPN) service with a gratis tier.
347It can automatically find and connect to the fastest servers or use Tor over
348VPN. The gratis tier offers unlimited bandwidth for up to 10 devices.")
c873980d
RP		 349 (home-page "https://github.com/ProtonVPN/linux-cli")
350 (license license:gpl3+)))
351
feca8e2b
JM		 352(define-public tinc
353 (package
354 (name "tinc")
2b247e51 355 (version "1.0.36")
feca8e2b
JM		 356 (source (origin
357 (method url-fetch)
e81ddeda 358 (uri (string-append "https://tinc-vpn.org/packages/"
657c3ff6 359 "tinc-" version ".tar.gz"))
feca8e2b
JM		 360 (sha256
361 (base32
2b247e51 362 "021i2sl2mjscbm8g59d7vs74iw3gf0m48wg7w3zhwj6czarkpxs0"))))
feca8e2b 363 (build-system gnu-build-system)
7b770eca
SB		 364 (arguments
365 '(#:configure-flags
366 '("--sysconfdir=/etc"
367 "--localstatedir=/var")))
feca8e2b
JM		 368 (inputs `(("zlib" ,zlib)
369 ("lzo" ,lzo)
370 ("openssl" ,openssl)))
e81ddeda 371 (home-page "https://tinc-vpn.org")
feca8e2b
JM		 372 (synopsis "Virtual Private Network (VPN) daemon")
373 (description
374 "Tinc is a VPN that uses tunnelling and encryption to create a secure
375private network between hosts on the internet.")
376 (license license:gpl2+)))
5c863d57
TGR		 377
378(define-public sshuttle
379 (package
380 (name "sshuttle")
627c6531 381 (version "0.78.5")
5c863d57
TGR		 382 (source
383 (origin
384 (method url-fetch)
385 (uri (pypi-uri name version))
386 (sha256
387 (base32
627c6531 388 "0vp13xwrhx4m6zgsyzvai84lkq9mzkaw47j58dk0ll95kaymk2x8"))))
5c863d57 389 (build-system python-build-system)
c32863e0
TGR		 390 (arguments
391 `(#:phases
392 (modify-phases %standard-phases
393 (add-after 'unpack 'patch-FHS-file-names
394 (lambda _
395 (substitute* "sshuttle/client.py"
396 (("/usr/bin/env") (which "env")))
397 (substitute* "sshuttle/ssh.py"
0e2d3ce2 398 (("/bin/sh") "sh"))
c32863e0 399 #t)))))
5c863d57 400 (native-inputs
3308591f 401 `(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57 402 ;; For tests only.
627c6531 403 ("python-flake8", python-flake8)
5c863d57 404 ("python-mock" ,python-mock)
627c6531 405 ("python-pytest-cov" ,python-pytest-cov)
3308591f 406 ("python-pytest-runner" ,python-pytest-runner)))
5c863d57
TGR		 407 (home-page "https://github.com/sshuttle/sshuttle")
408 (synopsis "VPN that transparently forwards connections over SSH")
409 (description "sshuttle creates an encrypted virtual private network (VPN)
410connection to any remote server to which you have secure shell (SSH) access.
411The only requirement is a suitable version of Python on the server;
412administrative privileges are required only on the client. Unlike most VPNs,
413sshuttle forwards entire sessions, not packets, using kernel transparent
414proxying. This makes it faster and more reliable than SSH's own tunneling and
415port forwarding features. It can forward both TCP and UDP traffic, including
416DNS domain name queries.")
417 (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b
TGR		 418
419(define-public sshoot
420 (package
421 (name "sshoot")
3b4018d6 422 (version "1.2.6")
1ce6f33b
TGR		 423 (source
424 (origin
425 (method url-fetch)
426 (uri (pypi-uri name version))
427 (sha256
428 (base32
3b4018d6 429 "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b 430 (build-system python-build-system)
c0b12a60
MB		 431 (arguments
432 '(#:phases
433 (modify-phases %standard-phases
434 (add-after 'unpack 'patch-paths
435 (lambda _
436 (substitute* "sshoot/tests/test_manager.py"
437 (("/bin/sh") (which "sh")))
438 #t)))))
1ce6f33b
TGR		 439 (inputs
440 `(("python-argcomplete" ,python-argcomplete)
441 ("python-prettytable" ,python-prettytable)
442 ("python-pyyaml" ,python-pyyaml)))
443 ;; For tests only.
444 (native-inputs
445 `(("python-fixtures" ,python-fixtures)
446 ("python-pbr" ,python-pbr)
447 ("python-testtools" ,python-testtools)))
3b4018d6 448 (home-page "https://github.com/albertodonato/sshoot")
1ce6f33b
TGR		 449 (synopsis "sshuttle VPN session manager")
450 (description "sshoot provides a command-line interface to manage multiple
451@command{sshuttle} virtual private networks. It supports flexible profiles
452with configuration options for most of @command{sshuttle}’s features.")
453 (license license:gpl3+)))
7ba2b274
MP		 454
455(define-public badvpn
456 (package
457 (name "badvpn")
458 (version "1.999.130")
459 (source
460 (origin
461 (method git-fetch)
462 (uri (git-reference
463 (url "https://github.com/ambrop72/badvpn.git")
464 (commit version)))
465 (file-name (git-file-name name version))
466 (sha256
467 (base32 "0rm67xhi7bh3yph1vh07imv5y1pwyldvw3wa5bz471g8mnkc7d3c"))))
468 (build-system cmake-build-system)
469 (arguments
470 '(#:tests? #f)) ; no tests
471 (inputs
472 `(("nspr" ,nspr)
473 ("nss" ,nss)
474 ("openssl" ,openssl)))
475 (native-inputs
476 `(("pkg-config" ,pkg-config)))
477 (home-page "https://github.com/ambrop72/badvpn")
478 (synopsis "Peer-to-peer virtual private network (VPN)")
479 (description "@code{BadVPN} is a collection of virtual private
480network (VPN) tools. It includes:
481
482@enumerate
483@item NCD programming language.\n
484NCD (Network Configuration Daemon) is a daemon and programming/scripting
485language for configuration of network interfaces and other aspects of the
486operating system.
487@item Tun2socks network-layer proxifier.\n
488The tun2socks program socksifes TCP connections at the network layer. It
489implements a TUN device which accepts all incoming TCP connections (regardless
490of destination IP), and forwards the connections through a SOCKS server.
491@item Peer-to-peer VPN.\n
492The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
493(VPN nodes).
494@end enumerate")
495 ;; This project contains a bundled lwIP. lwIP is also released under the
496 ;; 3-clause BSD license.
497 (license license:bsd-3)))
7a0479bb 498
336d7644 499(define-public wireguard-linux-compat
7a0479bb 500 (package
336d7644 501 (name "wireguard-linux-compat")
ce4b77cc 502 (version "1.0.20200520")
7a0479bb
LF		 503 (source (origin
504 (method url-fetch)
336d7644
LF		 505 (uri (string-append "https://git.zx2c4.com/wireguard-linux-compat/"
506 "snapshot/wireguard-linux-compat-" version
507 ".tar.xz"))
7a0479bb
LF		 508 (sha256
509 (base32
ce4b77cc 510 "1hvpbfpdd3v2k27ypa1y1j422irx7hxpz87f50s28jvkxx5sxrqn"))))
3b177a6c
BW		 511 (build-system linux-module-build-system)
512 (outputs '("out"
513 "kernel-patch"))
7a0479bb 514 (arguments
336d7644 515 `(#:tests? #f ; No test suite
3b177a6c 516 #:modules ((guix build linux-module-build-system)
7a0479bb
LF		 517 (guix build utils)
518 (ice-9 popen)
519 (ice-9 textual-ports))
520 #:phases
521 (modify-phases %standard-phases
3b177a6c
BW		 522 (add-before 'build 'change-directory
523 (lambda _
524 (chdir "./src")
525 #t))
526 (add-after 'build 'build-patch
7a0479bb 527 (lambda* (#:key outputs #:allow-other-keys)
3b177a6c 528 (let* ((patch-builder "../kernel-tree-scripts/create-patch.sh")
7a0479bb
LF		 529 (port (open-input-pipe patch-builder))
530 (str (get-string-all port)))
531 (close-pipe port)
336d7644 532 (call-with-output-file "wireguard.patch"
7a0479bb
LF		 533 (lambda (port)
534 (format port "~a" str))))
336d7644 535 #t))
3b177a6c 536 (add-after 'install 'install-patch
336d7644
LF		 537 (lambda* (#:key outputs #:allow-other-keys)
538 (install-file "wireguard.patch"
3b177a6c
BW		 539 (assoc-ref %outputs "kernel-patch"))
540 #t))
541 ;; So that 'install-license-files' works...
542 (add-before 'install-license-files 'reset-cwd
543 (lambda _
544 (chdir "..")
336d7644
LF		 545 #t)))))
546 (home-page "https://git.zx2c4.com/wireguard-linux-compat/")
547 (synopsis "WireGuard kernel module for Linux 3.10 through 5.5")
3b177a6c
BW		 548 (description "This package contains an out-of-tree kernel patch and
549a loadable module adding WireGuard to Linux kernel versions 3.10 through 5.5.
550WireGuard was added to Linux 5.6.")
7a0479bb 551 (license license:gpl2)))
1b17c23e 552
10650b89
TGR		 553(define-public wireguard-tools
554 (package
555 (name "wireguard-tools")
eeaeac23 556 (version "1.0.20200513")
10650b89
TGR		 557 (source
558 (origin
559 (method git-fetch)
560 (uri (git-reference
561 (url "https://git.zx2c4.com/wireguard-tools.git")
562 (commit (string-append "v" version))))
563 (file-name (git-file-name name version))
564 (sha256
eeaeac23 565 (base32 "1yk8hng0qw2rf76hnawjbdpjssmah88bd5fk20h1c0j1yazlx0a9"))))
10650b89
TGR		 566 (build-system gnu-build-system)
567 (arguments
19781930 568 `(#:make-flags
10650b89 569 (list "CC=gcc"
c1005113 570 "--directory=src"
10650b89
TGR		 571 "WITH_BASHCOMPLETION=yes"
572 ;; Install the ‘simple and dirty’ helper script wg-quick(8).
573 "WITH_WGQUICK=yes"
574 (string-append "PREFIX=" (assoc-ref %outputs "out"))
575 ;; Currently used only to create an empty /etc/wireguard directory.
576 (string-append "SYSCONFDIR=no-thanks"))
19781930
LF		 577 ;; The test suite is meant to be run interactively. It runs Clang's
578 ;; scan-build static analyzer and then starts a web server to display the
579 ;; results.
580 #:tests? #f
10650b89
TGR		 581 #:phases
582 (modify-phases %standard-phases
c1005113 583 ;; No configure script
d084e71c
BW		 584 (delete 'configure)
585 (add-after 'install 'install-contrib-docs
586 (lambda* (#:key outputs #:allow-other-keys)
587 (let ((out (assoc-ref outputs "out")))
588 (copy-recursively "contrib/"
589 (string-append out "/share/doc/wireguard-tools"))
590 #t)))
591 (add-after 'install 'wrap-wg-quick
592 (lambda* (#:key inputs outputs #:allow-other-keys)
593 (let* ((out (assoc-ref outputs "out"))
594 (inputs-sbin (map (lambda (input)
595 (string-append (assoc-ref inputs input) "/sbin"))
596 (list "resolvconf" "iproute" "procps"
597 "iptables")))
598 (coreutils (string-append (assoc-ref inputs "coreutils")
599 "/bin")))
600 (wrap-program (string-append out "/bin/wg-quick")
601 `("PATH" ":" prefix ,(append inputs-sbin
602 (list coreutils))))
603 #t))))))
604 (inputs
605 `(("resolvconf" ,openresolv)
606 ("coreutils" ,coreutils)
607 ("bash" ,bash) ; for scripts using /dev/tcp
608 ("procps" ,procps)
609 ("iproute" ,iproute)
610 ("iptables" ,iptables)))
10650b89
TGR		 611 (home-page "https://www.wireguard.com/")
612 (synopsis "Tools for configuring WireGuard tunnels")
613 (description
614 "This package provides the user-space command-line tools for using and
615configuring WireGuard tunnels.
616
617WireGuard is a simple and fast general-purpose @acronym{VPN, Virtual Private
618Network} that securely encapsulates IP packets over UDP. It aims to be as easy
619to configure and deploy as SSH. VPN connections are made simply by exchanging
620public keys and can roam across IP addresses.")
621 (license
622 (list license:lgpl2.1+ ; src/netlink.h & contrib/embeddable-wg-library
623 license:gpl2)))) ; everything else
624
336d7644
LF		 625(define-public wireguard
626 (deprecated-package "wireguard" wireguard-tools))
627
1b17c23e
 628(define-public xl2tpd
629 (package
630 (name "xl2tpd")
1f3700a4 631 (version "1.3.15")
1b17c23e
 632 (source (origin
633 (method git-fetch)
634 (uri (git-reference
635 (url "https://github.com/xelerance/xl2tpd")
636 (commit (string-append "v" version))))
28341601 637 (file-name (git-file-name name version))
1b17c23e
 638 (sha256
639 (base32
1f3700a4 640 "0ppwza8nwm1av1vldw40gin9wrjrs4l9si50jad414js3k8ycaag"))))
1b17c23e
 641 (build-system gnu-build-system)
642 (arguments
0309e004 643 `(#:make-flags (list (string-append "PREFIX=" %output)
1b17c23e
 644 "CC=gcc")
645 #:phases (modify-phases %standard-phases
14ccd8f8
TGR		 646 (delete 'configure)) ; no configure script
647 #:tests? #f)) ; no tests provided
1b17c23e
 648 (inputs `(("libpcap" ,libpcap)))
649 (home-page "https://www.xelerance.com/software/xl2tpd/")
650 (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)")
651 (description
652 "xl2tpd is an implementation of the Layer 2 Tunnelling Protocol (RFC 2661).
653L2TP allows you to tunnel PPP over UDP.")
654 (license license:gpl2)))
jackhill's copy of GNU Guix: https://guix.gnu.org/