Commit | Line | Data |
---|---|---|
49f24f41 AE |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> | |
a9d4a9ad | 3 | ;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org> |
d4bf49b1 | 4 | ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> |
feca8e2b | 5 | ;;; Copyright © 2015 Jeff Mickey <j@codemac.net> |
8d2de491 | 6 | ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> |
383ad03e | 7 | ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> |
fa3346b8 | 8 | ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu> |
01224157 | 9 | ;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com> |
49f24f41 AE |
10 | ;;; |
11 | ;;; This file is part of GNU Guix. | |
12 | ;;; | |
13 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
14 | ;;; under the terms of the GNU General Public License as published by | |
15 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
16 | ;;; your option) any later version. | |
17 | ;;; | |
18 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
19 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | ;;; GNU General Public License for more details. | |
22 | ;;; | |
23 | ;;; You should have received a copy of the GNU General Public License | |
24 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
25 | ||
26 | (define-module (gnu packages vpn) | |
b5b73a82 | 27 | #:use-module ((guix licenses) #:prefix license:) |
49f24f41 AE |
28 | #:use-module (guix packages) |
29 | #:use-module (guix download) | |
06d91fd9 | 30 | #:use-module (guix git-download) |
49f24f41 | 31 | #:use-module (guix build-system gnu) |
5c863d57 | 32 | #:use-module (guix build-system python) |
49f24f41 | 33 | #:use-module (gnu packages) |
06d91fd9 | 34 | #:use-module (gnu packages base) |
ac257f12 | 35 | #:use-module (gnu packages check) |
01224157 | 36 | #:use-module (gnu packages autotools) |
71f4b81a | 37 | #:use-module (gnu packages compression) |
1dba6407 | 38 | #:use-module (gnu packages gettext) |
49f24f41 | 39 | #:use-module (gnu packages gnupg) |
01224157 | 40 | #:use-module (gnu packages libevent) |
dc77f0d3 | 41 | #:use-module (gnu packages linux) |
71f4b81a AE |
42 | #:use-module (gnu packages perl) |
43 | #:use-module (gnu packages pkg-config) | |
5c863d57 | 44 | #:use-module (gnu packages python) |
a7fd7b68 | 45 | #:use-module (gnu packages tls) |
71f4b81a | 46 | #:use-module (gnu packages xml)) |
49f24f41 | 47 | |
7af8a9b7 LC |
48 | (define-public gvpe |
49 | (package | |
50 | (name "gvpe") | |
3ded2761 | 51 | (version "3.0") |
7af8a9b7 LC |
52 | (source (origin |
53 | (method url-fetch) | |
54 | (uri (string-append "mirror://gnu/gvpe/gvpe-" | |
55 | version ".tar.gz")) | |
56 | (sha256 | |
57 | (base32 | |
a9d4a9ad LC |
58 | "1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf")) |
59 | (modules '((guix build utils))) | |
60 | (snippet | |
61 | '(begin | |
62 | ;; Remove the outdated bundled copy of glibc's getopt, which | |
63 | ;; provides a 'getopt' declaration that conflicts with that | |
64 | ;; of glibc 2.26. | |
65 | (substitute* "lib/Makefile.in" | |
66 | (("getopt1?\\.(c|h|\\$\\(OBJEXT\\))") "")) | |
67 | (for-each delete-file | |
6cbee49d MW |
68 | '("lib/getopt.h" "lib/getopt.c")) |
69 | #t)))) | |
7af8a9b7 LC |
70 | (build-system gnu-build-system) |
71 | (home-page "http://software.schmorp.de/pkg/gvpe.html") | |
72 | (inputs `(("openssl" ,openssl) | |
73 | ("zlib" ,zlib))) | |
74 | (synopsis "Secure VPN among multiple nodes over an untrusted network") | |
75 | (description | |
76 | "The GNU Virtual Private Ethernet creates a virtual network | |
77 | with multiple nodes using a variety of transport protocols. It works | |
78 | by creating encrypted host-to-host tunnels between multiple | |
79 | endpoints.") | |
80 | (license license:gpl3+))) | |
81 | ||
49f24f41 AE |
82 | (define-public vpnc |
83 | (package | |
84 | (name "vpnc") | |
85 | (version "0.5.3") | |
86 | (source (origin | |
87 | (method url-fetch) | |
594360f5 | 88 | (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-" |
49f24f41 AE |
89 | version ".tar.gz")) |
90 | (sha256 (base32 | |
101e67ac | 91 | "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6")))) |
49f24f41 AE |
92 | (build-system gnu-build-system) |
93 | (inputs `(("libgcrypt" ,libgcrypt) | |
42c97811 | 94 | ("perl" ,perl) |
101e67ac | 95 | ("vpnc-scripts" ,vpnc-scripts))) |
49f24f41 AE |
96 | (arguments |
97 | `(#:tests? #f ; there is no check target | |
49f24f41 | 98 | #:phases |
42c97811 | 99 | (modify-phases %standard-phases |
101e67ac | 100 | (add-after 'unpack 'use-store-paths |
42c97811 | 101 | (lambda* (#:key inputs outputs #:allow-other-keys) |
101e67ac TGR |
102 | (let ((out (assoc-ref outputs "out")) |
103 | (vpnc-scripts (assoc-ref inputs "vpnc-scripts"))) | |
104 | (substitute* "config.c" | |
105 | (("/etc/vpnc/vpnc-script") | |
106 | (string-append vpnc-scripts "/etc/vpnc/vpnc-script"))) | |
107 | (substitute* "Makefile" | |
108 | (("ETCDIR=.*") | |
109 | (string-append "ETCDIR=" out "/etc/vpnc\n")) | |
110 | (("PREFIX=.*") | |
111 | (string-append "PREFIX=" out "\n"))) | |
112 | #t))) | |
113 | (delete 'configure)))) ; no configure script | |
799dcdc4 | 114 | (synopsis "Client for Cisco VPN concentrators") |
49f24f41 AE |
115 | (description |
116 | "vpnc is a VPN client compatible with Cisco's EasyVPN equipment. | |
35b9e423 | 117 | It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only |
49f24f41 | 118 | shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES, |
35b9e423 | 119 | 1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace. |
49f24f41 AE |
120 | Only \"Universal TUN/TAP device driver support\" is needed in the kernel.") |
121 | (license license:gpl2+) ; some file are bsd-2, see COPYING | |
122 | (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/"))) | |
71f4b81a | 123 | |
06d91fd9 | 124 | (define-public vpnc-scripts |
1a135896 | 125 | (let ((commit "07c3518dd6b8dc424e9c3650a62bed994a4dcbe1")) |
06d91fd9 TGR |
126 | (package |
127 | (name "vpnc-scripts") | |
1a135896 | 128 | (version (string-append "20180226." (string-take commit 7))) |
06d91fd9 TGR |
129 | (source (origin |
130 | (method git-fetch) | |
131 | (uri | |
132 | (git-reference | |
133 | (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
134 | (commit commit))) | |
728ee9d6 | 135 | (file-name (git-file-name name version)) |
06d91fd9 TGR |
136 | (sha256 |
137 | (base32 | |
1a135896 | 138 | "02d29nrmnj6kfa889cavqn1pkn9ssb5gyp4lz1v47spwx7abpdi7")))) |
06d91fd9 TGR |
139 | (build-system gnu-build-system) |
140 | (inputs `(("coreutils" ,coreutils) | |
141 | ("grep" ,grep) | |
142 | ("iproute2" ,iproute) ; for ‘ip’ | |
143 | ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’ | |
144 | ("sed" ,sed) | |
145 | ("which" ,which))) | |
146 | (arguments | |
147 | `(#:phases | |
148 | (modify-phases %standard-phases | |
149 | (add-after 'unpack 'use-relative-paths | |
150 | ;; Patch the scripts to work with and use relative paths. | |
151 | (lambda* _ | |
152 | (for-each (lambda (script) | |
153 | (substitute* script | |
154 | (("^PATH=.*") "") | |
155 | (("(/usr|)/s?bin/") "") | |
156 | (("\\[ +-x +([^]]+) +\\]" _ command) | |
157 | (string-append "command -v >/dev/null 2>&1 " | |
158 | command)))) | |
159 | (find-files "." "^vpnc-script")) | |
160 | #t)) | |
161 | (delete 'configure) ; no configure script | |
162 | (replace 'build | |
163 | (lambda _ | |
863501b7 | 164 | (invoke "gcc" "-o" "netunshare" "netunshare.c"))) |
06d91fd9 TGR |
165 | (replace 'install |
166 | ;; There is no Makefile; manually install the relevant files. | |
167 | (lambda* (#:key outputs #:allow-other-keys) | |
168 | (let* ((out (assoc-ref outputs "out")) | |
169 | (etc (string-append out "/etc/vpnc"))) | |
170 | (for-each (lambda (file) | |
171 | (install-file file etc)) | |
172 | (append (find-files "." "^vpnc-script") | |
173 | (list "netunshare" | |
174 | "xinetd.netns.conf"))) | |
175 | #t))) | |
176 | (add-after 'install 'wrap-scripts | |
177 | ;; Wrap scripts with paths to their common hard dependencies. | |
178 | ;; Optional dependencies will need to be installed by the user. | |
179 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
180 | (let ((out (assoc-ref outputs "out"))) | |
181 | (for-each | |
182 | (lambda (script) | |
183 | (wrap-program script | |
184 | `("PATH" ":" prefix | |
185 | ,(map (lambda (name) | |
186 | (let ((input (assoc-ref inputs name))) | |
187 | (string-append input "/bin:" | |
188 | input "/sbin"))) | |
189 | (list "coreutils" | |
190 | "grep" | |
191 | "iproute2" | |
192 | "net-tools" | |
193 | "sed" | |
194 | "which"))))) | |
195 | (find-files (string-append out "/etc/vpnc/vpnc-script") | |
863501b7 TGR |
196 | "^vpnc-script")) |
197 | #t)))) | |
06d91fd9 TGR |
198 | #:tests? #f)) ; no tests |
199 | (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
200 | (synopsis "Network configuration scripts for Cisco VPN clients") | |
201 | (description | |
202 | "This set of scripts configures routing and name services when invoked | |
203 | by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients. | |
204 | ||
205 | The default @command{vpnc-script} automatically configures most common | |
206 | connections, and provides hooks for performing custom actions at various stages | |
207 | of the connection or disconnection process. | |
208 | ||
209 | Alternative scripts are provided for more complicated set-ups, or to serve as an | |
210 | example for writing your own. For example, @command{vpnc-script-sshd} contains | |
211 | the entire VPN in a network namespace accessible only through SSH.") | |
212 | (license license:gpl2+)))) | |
71f4b81a | 213 | |
01224157 PL |
214 | (define-public ocproxy |
215 | (package | |
216 | (name "ocproxy") | |
217 | (version "1.60") | |
218 | (source (origin | |
219 | (method url-fetch) | |
220 | (uri (string-append | |
221 | "https://github.com/cernekee/ocproxy/archive/v" | |
222 | version ".tar.gz")) | |
223 | (file-name (string-append name "-" version ".tar.gz")) | |
224 | (sha256 | |
225 | (base32 | |
226 | "1b4rg3xq5jnrp2l14sw0msan8kqhdxmsd7gpw9lkiwvxy13pcdm7")))) | |
227 | (build-system gnu-build-system) | |
228 | (native-inputs | |
229 | `(("autoconf" ,autoconf) | |
230 | ("automake" ,automake))) | |
231 | (inputs | |
232 | `(("libevent" ,libevent))) | |
233 | (arguments | |
234 | '(#:phases | |
235 | (modify-phases %standard-phases | |
236 | (add-after 'unpack 'autogen | |
237 | (lambda _ (invoke "sh" "autogen.sh")))))) | |
238 | (home-page "https://github.com/cernekee/ocproxy") | |
239 | (synopsis "OpenConnect proxy") | |
240 | (description | |
241 | "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based | |
242 | on LwIP. When using ocproxy, OpenConnect only handles network activity that | |
243 | the user specifically asks to proxy, so the @dfn{VPN} interface no longer | |
244 | \"hijacks\" all network traffic on the host.") | |
245 | (license license:bsd-3))) | |
246 | ||
71f4b81a AE |
247 | (define-public openconnect |
248 | (package | |
249 | (name "openconnect") | |
426aecfd | 250 | (version "7.08") |
71f4b81a AE |
251 | (source (origin |
252 | (method url-fetch) | |
d4bf49b1 EB |
253 | (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/" |
254 | "openconnect-" version ".tar.gz")) | |
71f4b81a | 255 | (sha256 (base32 |
426aecfd | 256 | "00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w")))) |
71f4b81a AE |
257 | (build-system gnu-build-system) |
258 | (inputs | |
c4c4cc05 | 259 | `(("libxml2" ,libxml2) |
060e365a | 260 | ("gnutls" ,gnutls) |
a6d06e86 | 261 | ("vpnc-scripts" ,vpnc-scripts) |
71f4b81a | 262 | ("zlib" ,zlib))) |
c4c4cc05 | 263 | (native-inputs |
b94a6ca0 | 264 | `(("gettext" ,gettext-minimal) |
c4c4cc05 | 265 | ("pkg-config" ,pkg-config))) |
71f4b81a | 266 | (arguments |
d4bf49b1 EB |
267 | `(#:configure-flags |
268 | `(,(string-append "--with-vpnc-script=" | |
a6d06e86 | 269 | (assoc-ref %build-inputs "vpnc-scripts") |
d4bf49b1 | 270 | "/etc/vpnc/vpnc-script")))) |
799dcdc4 | 271 | (synopsis "Client for Cisco VPN") |
71f4b81a AE |
272 | (description |
273 | "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is | |
274 | supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500, | |
275 | 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers, | |
276 | and probably others.") | |
277 | (license license:lgpl2.1) | |
278 | (home-page "http://www.infradead.org/openconnect/"))) | |
dc77f0d3 DT |
279 | |
280 | (define-public openvpn | |
281 | (package | |
282 | (name "openvpn") | |
a3cbd75b | 283 | (version "2.4.6") |
dc77f0d3 DT |
284 | (source (origin |
285 | (method url-fetch) | |
286 | (uri (string-append | |
287 | "https://swupdate.openvpn.org/community/releases/openvpn-" | |
288 | version ".tar.xz")) | |
289 | (sha256 | |
290 | (base32 | |
a3cbd75b | 291 | "09lck4wmkas3iyrzaspin9gn3wiclqb1m9sf8diy7j8wakx38r2g")))) |
dc77f0d3 DT |
292 | (build-system gnu-build-system) |
293 | (arguments | |
294 | '(#:configure-flags '("--enable-iproute2=yes"))) | |
295 | (native-inputs | |
296 | `(("iproute2" ,iproute))) | |
297 | (inputs | |
dee9a262 EF |
298 | `(("lz4" ,lz4) |
299 | ("lzo" ,lzo) | |
dc77f0d3 DT |
300 | ("openssl" ,openssl) |
301 | ("linux-pam" ,linux-pam))) | |
302 | (home-page "https://openvpn.net/") | |
303 | (synopsis "Virtual private network daemon") | |
9599339c TGR |
304 | (description |
305 | "OpenVPN implements virtual private network (@dfn{VPN}) techniques | |
dc77f0d3 DT |
306 | for creating secure point-to-point or site-to-site connections in routed or |
307 | bridged configurations and remote access facilities. It uses a custom | |
308 | security protocol that utilizes SSL/TLS for key exchange. It is capable of | |
9599339c | 309 | traversing network address translators (@dfn{NAT}s) and firewalls.") |
dc77f0d3 | 310 | (license license:gpl2))) |
feca8e2b JM |
311 | |
312 | (define-public tinc | |
313 | (package | |
314 | (name "tinc") | |
383ad03e | 315 | (version "1.0.33") |
feca8e2b JM |
316 | (source (origin |
317 | (method url-fetch) | |
318 | (uri (string-append "http://tinc-vpn.org/packages/" | |
319 | name "-" version ".tar.gz")) | |
320 | (sha256 | |
321 | (base32 | |
383ad03e | 322 | "1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz")))) |
feca8e2b | 323 | (build-system gnu-build-system) |
7b770eca SB |
324 | (arguments |
325 | '(#:configure-flags | |
326 | '("--sysconfdir=/etc" | |
327 | "--localstatedir=/var"))) | |
feca8e2b JM |
328 | (inputs `(("zlib" ,zlib) |
329 | ("lzo" ,lzo) | |
330 | ("openssl" ,openssl))) | |
331 | (home-page "http://tinc-vpn.org") | |
332 | (synopsis "Virtual Private Network (VPN) daemon") | |
333 | (description | |
334 | "Tinc is a VPN that uses tunnelling and encryption to create a secure | |
335 | private network between hosts on the internet.") | |
336 | (license license:gpl2+))) | |
5c863d57 TGR |
337 | |
338 | (define-public sshuttle | |
339 | (package | |
340 | (name "sshuttle") | |
dc944249 | 341 | (version "0.78.4") |
5c863d57 TGR |
342 | (source |
343 | (origin | |
344 | (method url-fetch) | |
345 | (uri (pypi-uri name version)) | |
346 | (sha256 | |
347 | (base32 | |
dc944249 | 348 | "0pqk43kd7crqhg6qgnl8kapncwgw1xgaf02zarzypcw64kvdih9h")))) |
5c863d57 TGR |
349 | (build-system python-build-system) |
350 | (native-inputs | |
3308591f | 351 | `(("python-setuptools-scm" ,python-setuptools-scm) |
5c863d57 TGR |
352 | ;; For tests only. |
353 | ("python-mock" ,python-mock) | |
3308591f TGR |
354 | ("python-pytest" ,python-pytest) |
355 | ("python-pytest-runner" ,python-pytest-runner))) | |
5c863d57 TGR |
356 | (home-page "https://github.com/sshuttle/sshuttle") |
357 | (synopsis "VPN that transparently forwards connections over SSH") | |
358 | (description "sshuttle creates an encrypted virtual private network (VPN) | |
359 | connection to any remote server to which you have secure shell (SSH) access. | |
360 | The only requirement is a suitable version of Python on the server; | |
361 | administrative privileges are required only on the client. Unlike most VPNs, | |
362 | sshuttle forwards entire sessions, not packets, using kernel transparent | |
363 | proxying. This makes it faster and more reliable than SSH's own tunneling and | |
364 | port forwarding features. It can forward both TCP and UDP traffic, including | |
365 | DNS domain name queries.") | |
366 | (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’ | |
1ce6f33b TGR |
367 | |
368 | (define-public sshoot | |
369 | (package | |
370 | (name "sshoot") | |
3b4018d6 | 371 | (version "1.2.6") |
1ce6f33b TGR |
372 | (source |
373 | (origin | |
374 | (method url-fetch) | |
375 | (uri (pypi-uri name version)) | |
376 | (sha256 | |
377 | (base32 | |
3b4018d6 | 378 | "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0")))) |
1ce6f33b | 379 | (build-system python-build-system) |
c0b12a60 MB |
380 | (arguments |
381 | '(#:phases | |
382 | (modify-phases %standard-phases | |
383 | (add-after 'unpack 'patch-paths | |
384 | (lambda _ | |
385 | (substitute* "sshoot/tests/test_manager.py" | |
386 | (("/bin/sh") (which "sh"))) | |
387 | #t))))) | |
1ce6f33b TGR |
388 | (inputs |
389 | `(("python-argcomplete" ,python-argcomplete) | |
390 | ("python-prettytable" ,python-prettytable) | |
391 | ("python-pyyaml" ,python-pyyaml))) | |
392 | ;; For tests only. | |
393 | (native-inputs | |
394 | `(("python-fixtures" ,python-fixtures) | |
395 | ("python-pbr" ,python-pbr) | |
396 | ("python-testtools" ,python-testtools))) | |
3b4018d6 | 397 | (home-page "https://github.com/albertodonato/sshoot") |
1ce6f33b TGR |
398 | (synopsis "sshuttle VPN session manager") |
399 | (description "sshoot provides a command-line interface to manage multiple | |
400 | @command{sshuttle} virtual private networks. It supports flexible profiles | |
401 | with configuration options for most of @command{sshuttle}’s features.") | |
402 | (license license:gpl3+))) |