[jackhill/guix/guix.git] / gnu / packages / vpn.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages vpn)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system python)
  #:use-module (gnu packages)
  #:use-module (gnu packages base)
  #:use-module (gnu packages check)
  #:use-module (gnu packages autotools)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages libevent)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages python)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages xml))

(define-public gvpe
  (package
    (name "gvpe")
    (version "3.0")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gvpe/gvpe-"
                                  version ".tar.gz"))
              (sha256
               (base32
                "1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf"))
              (modules '((guix build utils)))
              (snippet
               '(begin
                  ;; Remove the outdated bundled copy of glibc's getopt, which
                  ;; provides a 'getopt' declaration that conflicts with that
                  ;; of glibc 2.26.
                  (substitute* "lib/Makefile.in"
                    (("getopt1?\\.(c|h|\\$\\(OBJEXT\\))") ""))
                  (for-each delete-file
                            '("lib/getopt.h" "lib/getopt.c"))
                  #t))))
    (build-system gnu-build-system)
    (home-page "http://software.schmorp.de/pkg/gvpe.html")
    (inputs `(("openssl" ,openssl)
              ("zlib" ,zlib)))
    (synopsis "Secure VPN among multiple nodes over an untrusted network")
    (description
     "The GNU Virtual Private Ethernet creates a virtual network
with multiple nodes using a variety of transport protocols.  It works
by creating encrypted host-to-host tunnels between multiple
endpoints.")
    (license license:gpl3+)))

(define-public vpnc
  (package
   (name "vpnc")
   (version "0.5.3")
   (source (origin
            (method url-fetch)
            (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
                                version ".tar.gz"))
            (sha256 (base32
                     "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
   (build-system gnu-build-system)
   (inputs `(("libgcrypt" ,libgcrypt)
             ("perl" ,perl)
             ("vpnc-scripts" ,vpnc-scripts)))
   (arguments
    `(#:tests? #f ; there is no check target
      #:phases
      (modify-phases %standard-phases
        (add-after 'unpack 'use-store-paths
          (lambda* (#:key inputs outputs #:allow-other-keys)
            (let ((out          (assoc-ref outputs "out"))
                  (vpnc-scripts (assoc-ref inputs  "vpnc-scripts")))
              (substitute* "config.c"
                (("/etc/vpnc/vpnc-script")
                 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
              (substitute* "Makefile"
                (("ETCDIR=.*")
                 (string-append "ETCDIR=" out "/etc/vpnc\n"))
                (("PREFIX=.*")
                 (string-append "PREFIX=" out "\n")))
              #t)))
        (delete 'configure))))          ; no configure script
   (synopsis "Client for Cisco VPN concentrators")
   (description
    "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
It supports IPSec (ESP) with Mode Configuration and Xauth.  It supports only
shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
1DES, MD5, SHA1, DH1/2/5 and IP tunneling.  It runs entirely in userspace.
Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
   (license license:gpl2+) ; some file are bsd-2, see COPYING
   (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))

(define-public vpnc-scripts
  (let ((commit "07c3518dd6b8dc424e9c3650a62bed994a4dcbe1"))
    (package
      (name "vpnc-scripts")
      (version (string-append "20180226." (string-take commit 7)))
      (source (origin
                (method git-fetch)
                (uri
                 (git-reference
                  (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
                  (commit commit)))
                (file-name (git-file-name name version))
                (sha256
                 (base32
                  "02d29nrmnj6kfa889cavqn1pkn9ssb5gyp4lz1v47spwx7abpdi7"))))
      (build-system gnu-build-system)
      (inputs `(("coreutils" ,coreutils)
                ("grep" ,grep)
                ("iproute2" ,iproute)    ; for ‘ip’
                ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
                ("sed" ,sed)
                ("which" ,which)))
      (arguments
       `(#:phases
         (modify-phases %standard-phases
           (add-after 'unpack 'use-relative-paths
             ;; Patch the scripts to work with and use relative paths.
             (lambda* _
               (for-each (lambda (script)
                           (substitute* script
                             (("^PATH=.*") "")
                             (("(/usr|)/s?bin/") "")
                             (("\\[ +-x +([^]]+) +\\]" _ command)
                              (string-append "command -v >/dev/null 2>&1 "
                                             command))))
                         (find-files "." "^vpnc-script"))
               #t))
           (delete 'configure)          ; no configure script
           (replace 'build
             (lambda _
               (invoke "gcc" "-o" "netunshare" "netunshare.c")))
           (replace 'install
             ;; There is no Makefile; manually install the relevant files.
             (lambda* (#:key outputs #:allow-other-keys)
               (let* ((out (assoc-ref outputs "out"))
                      (etc (string-append out "/etc/vpnc")))
                 (for-each (lambda (file)
                             (install-file file etc))
                           (append (find-files "." "^vpnc-script")
                                   (list "netunshare"
                                         "xinetd.netns.conf")))
                 #t)))
           (add-after 'install 'wrap-scripts
             ;; Wrap scripts with paths to their common hard dependencies.
             ;; Optional dependencies will need to be installed by the user.
             (lambda* (#:key inputs outputs #:allow-other-keys)
               (let ((out (assoc-ref outputs "out")))
                 (for-each
                  (lambda (script)
                    (wrap-program script
                      `("PATH" ":" prefix
                        ,(map (lambda (name)
                                (let ((input (assoc-ref inputs name)))
                                  (string-append input "/bin:"
                                                 input "/sbin")))
                              (list "coreutils"
                                    "grep"
                                    "iproute2"
                                    "net-tools"
                                    "sed"
                                    "which")))))
                  (find-files (string-append out "/etc/vpnc/vpnc-script")
                              "^vpnc-script"))
                 #t))))
         #:tests? #f))                  ; no tests
      (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
      (synopsis "Network configuration scripts for Cisco VPN clients")
      (description
       "This set of scripts configures routing and name services when invoked
by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.

The default @command{vpnc-script} automatically configures most common
connections, and provides hooks for performing custom actions at various stages
of the connection or disconnection process.

Alternative scripts are provided for more complicated set-ups, or to serve as an
example for writing your own.  For example, @command{vpnc-script-sshd} contains
the entire VPN in a network namespace accessible only through SSH.")
      (license license:gpl2+))))

(define-public ocproxy
  (package
    (name "ocproxy")
    (version "1.60")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://github.com/cernekee/ocproxy/archive/v"
                    version ".tar.gz"))
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
                "1b4rg3xq5jnrp2l14sw0msan8kqhdxmsd7gpw9lkiwvxy13pcdm7"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("autoconf" ,autoconf)
       ("automake" ,automake)))
    (inputs
     `(("libevent" ,libevent)))
    (arguments
     '(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'autogen
           (lambda _ (invoke "sh" "autogen.sh"))))))
    (home-page "https://github.com/cernekee/ocproxy")
    (synopsis "OpenConnect proxy")
    (description
     "User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
on LwIP.  When using ocproxy, OpenConnect only handles network activity that
the user specifically asks to proxy, so the @dfn{VPN} interface no longer
\"hijacks\" all network traffic on the host.")
    (license license:bsd-3)))

(define-public openconnect
  (package
   (name "openconnect")
   (version "7.08")
   (source (origin
            (method url-fetch)
            (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
                                "openconnect-" version ".tar.gz"))
            (sha256 (base32
                     "00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w"))))
   (build-system gnu-build-system)
   (inputs
    `(("libxml2" ,libxml2)
      ("gnutls" ,gnutls)
      ("vpnc-scripts" ,vpnc-scripts)
      ("zlib" ,zlib)))
   (native-inputs
    `(("gettext" ,gettext-minimal)
      ("pkg-config" ,pkg-config)))
   (arguments
    `(#:configure-flags
      `(,(string-append "--with-vpnc-script="
                        (assoc-ref %build-inputs "vpnc-scripts")
                        "/etc/vpnc/vpnc-script"))))
   (synopsis "Client for Cisco VPN")
   (description
    "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
and probably others.")
   (license license:lgpl2.1)
   (home-page "http://www.infradead.org/openconnect/")))

(define-public openvpn
  (package
    (name "openvpn")
    (version "2.4.6")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://swupdate.openvpn.org/community/releases/openvpn-"
                    version ".tar.xz"))
              (sha256
               (base32
                "09lck4wmkas3iyrzaspin9gn3wiclqb1m9sf8diy7j8wakx38r2g"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags '("--enable-iproute2=yes")))
    (native-inputs
     `(("iproute2" ,iproute)))
    (inputs
     `(("lz4" ,lz4)
       ("lzo" ,lzo)
       ("openssl" ,openssl)
       ("linux-pam" ,linux-pam)))
    (home-page "https://openvpn.net/")
    (synopsis "Virtual private network daemon")
    (description
     "OpenVPN implements virtual private network (@dfn{VPN}) techniques
for creating secure point-to-point or site-to-site connections in routed or
bridged configurations and remote access facilities.  It uses a custom
security protocol that utilizes SSL/TLS for key exchange.  It is capable of
traversing network address translators (@dfn{NAT}s) and firewalls.")
    (license license:gpl2)))

(define-public tinc
  (package
    (name "tinc")
    (version "1.0.33")
    (source (origin
              (method url-fetch)
              (uri (string-append "http://tinc-vpn.org/packages/"
                                  name "-" version ".tar.gz"))
              (sha256
               (base32
                "1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags
       '("--sysconfdir=/etc"
         "--localstatedir=/var")))
    (inputs `(("zlib" ,zlib)
              ("lzo" ,lzo)
              ("openssl" ,openssl)))
    (home-page "http://tinc-vpn.org")
    (synopsis "Virtual Private Network (VPN) daemon")
    (description
     "Tinc is a VPN that uses tunnelling and encryption to create a secure
private network between hosts on the internet.")
    (license license:gpl2+)))

(define-public sshuttle
  (package
    (name "sshuttle")
    (version "0.78.4")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "0pqk43kd7crqhg6qgnl8kapncwgw1xgaf02zarzypcw64kvdih9h"))))
    (build-system python-build-system)
    (native-inputs
     `(("python-setuptools-scm" ,python-setuptools-scm)
       ;; For tests only.
       ("python-mock" ,python-mock)
       ("python-pytest" ,python-pytest)
       ("python-pytest-runner" ,python-pytest-runner)))
    (home-page "https://github.com/sshuttle/sshuttle")
    (synopsis "VPN that transparently forwards connections over SSH")
    (description "sshuttle creates an encrypted virtual private network (VPN)
connection to any remote server to which you have secure shell (SSH) access.
The only requirement is a suitable version of Python on the server;
administrative privileges are required only on the client.  Unlike most VPNs,
sshuttle forwards entire sessions, not packets, using kernel transparent
proxying.  This makes it faster and more reliable than SSH's own tunneling and
port forwarding features.  It can forward both TCP and UDP traffic, including
DNS domain name queries.")
    (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’

(define-public sshoot
  (package
    (name "sshoot")
    (version "1.2.6")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
    (build-system python-build-system)
    (arguments
     '(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'patch-paths
           (lambda _
             (substitute* "sshoot/tests/test_manager.py"
               (("/bin/sh") (which "sh")))
             #t)))))
    (inputs
     `(("python-argcomplete" ,python-argcomplete)
       ("python-prettytable" ,python-prettytable)
       ("python-pyyaml" ,python-pyyaml)))
    ;; For tests only.
    (native-inputs
     `(("python-fixtures" ,python-fixtures)
       ("python-pbr" ,python-pbr)
       ("python-testtools" ,python-testtools)))
    (home-page "https://github.com/albertodonato/sshoot")
    (synopsis "sshuttle VPN session manager")
    (description "sshoot provides a command-line interface to manage multiple
@command{sshuttle} virtual private networks.  It supports flexible profiles
with configuration options for most of @command{sshuttle}’s features.")
    (license license:gpl3+)))
Commit	Line	Data
49f24f41 AE	1	;;; GNU Guix --- Functional package management for GNU
49f24f41 AE	2	;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
a9d4a9ad	3	;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
d4bf49b1	4	;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b	5	;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
8d2de491	6	;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
383ad03e	7	;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8	8	;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
01224157	9	;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
49f24f41 AE	10	;;;
	11	;;; This file is part of GNU Guix.
	12	;;;
	13	;;; GNU Guix is free software; you can redistribute it and/or modify it
	14	;;; under the terms of the GNU General Public License as published by
	15	;;; the Free Software Foundation; either version 3 of the License, or (at
	16	;;; your option) any later version.
	17	;;;
	18	;;; GNU Guix is distributed in the hope that it will be useful, but
	19	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	20	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	21	;;; GNU General Public License for more details.
	22	;;;
	23	;;; You should have received a copy of the GNU General Public License
	24	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	25
	26	(define-module (gnu packages vpn)
b5b73a82	27	#:use-module ((guix licenses) #:prefix license:)
49f24f41 AE	28	#:use-module (guix packages)
49f24f41 AE	29	#:use-module (guix download)
06d91fd9	30	#:use-module (guix git-download)
49f24f41	31	#:use-module (guix build-system gnu)
5c863d57	32	#:use-module (guix build-system python)
49f24f41	33	#:use-module (gnu packages)
06d91fd9	34	#:use-module (gnu packages base)
ac257f12	35	#:use-module (gnu packages check)
01224157	36	#:use-module (gnu packages autotools)
71f4b81a	37	#:use-module (gnu packages compression)
1dba6407	38	#:use-module (gnu packages gettext)
49f24f41	39	#:use-module (gnu packages gnupg)
01224157	40	#:use-module (gnu packages libevent)
dc77f0d3	41	#:use-module (gnu packages linux)
71f4b81a AE	42	#:use-module (gnu packages perl)
71f4b81a AE	43	#:use-module (gnu packages pkg-config)
5c863d57	44	#:use-module (gnu packages python)
a7fd7b68	45	#:use-module (gnu packages tls)
71f4b81a	46	#:use-module (gnu packages xml))
49f24f41	47
7af8a9b7 LC	48	(define-public gvpe
	49	(package
	50	(name "gvpe")
3ded2761	51	(version "3.0")
7af8a9b7 LC	52	(source (origin
	53	(method url-fetch)
	54	(uri (string-append "mirror://gnu/gvpe/gvpe-"
	55	version ".tar.gz"))
	56	(sha256
	57	(base32
a9d4a9ad LC	58	"1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf"))
	59	(modules '((guix build utils)))
	60	(snippet
	61	'(begin
	62	;; Remove the outdated bundled copy of glibc's getopt, which
	63	;; provides a 'getopt' declaration that conflicts with that
	64	;; of glibc 2.26.
	65	(substitute* "lib/Makefile.in"
	66	(("getopt1?\\.(c\|h\|\\$\\(OBJEXT\\))") ""))
	67	(for-each delete-file
6cbee49d MW	68	'("lib/getopt.h" "lib/getopt.c"))
6cbee49d MW	69	#t))))
7af8a9b7 LC	70	(build-system gnu-build-system)
	71	(home-page "http://software.schmorp.de/pkg/gvpe.html")
	72	(inputs `(("openssl" ,openssl)
	73	("zlib" ,zlib)))
	74	(synopsis "Secure VPN among multiple nodes over an untrusted network")
	75	(description
	76	"The GNU Virtual Private Ethernet creates a virtual network
	77	with multiple nodes using a variety of transport protocols. It works
	78	by creating encrypted host-to-host tunnels between multiple
	79	endpoints.")
	80	(license license:gpl3+)))
	81
49f24f41 AE	82	(define-public vpnc
	83	(package
	84	(name "vpnc")
	85	(version "0.5.3")
	86	(source (origin
	87	(method url-fetch)
594360f5	88	(uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41 AE	89	version ".tar.gz"))
49f24f41 AE	90	(sha256 (base32
101e67ac	91	"1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41 AE	92	(build-system gnu-build-system)
49f24f41 AE	93	(inputs `(("libgcrypt" ,libgcrypt)
42c97811	94	("perl" ,perl)
101e67ac	95	("vpnc-scripts" ,vpnc-scripts)))
49f24f41 AE	96	(arguments
49f24f41 AE	97	`(#:tests? #f ; there is no check target
49f24f41	98	#:phases
42c97811	99	(modify-phases %standard-phases
101e67ac	100	(add-after 'unpack 'use-store-paths
42c97811	101	(lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac TGR	102	(let ((out (assoc-ref outputs "out"))
	103	(vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
	104	(substitute* "config.c"
	105	(("/etc/vpnc/vpnc-script")
	106	(string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
	107	(substitute* "Makefile"
	108	(("ETCDIR=.*")
	109	(string-append "ETCDIR=" out "/etc/vpnc\n"))
	110	(("PREFIX=.*")
	111	(string-append "PREFIX=" out "\n")))
	112	#t)))
	113	(delete 'configure)))) ; no configure script
799dcdc4	114	(synopsis "Client for Cisco VPN concentrators")
49f24f41 AE	115	(description
49f24f41 AE	116	"vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423	117	It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41	118	shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423	119	1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41 AE	120	Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
	121	(license license:gpl2+) ; some file are bsd-2, see COPYING
	122	(home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a	123
06d91fd9	124	(define-public vpnc-scripts
1a135896	125	(let ((commit "07c3518dd6b8dc424e9c3650a62bed994a4dcbe1"))
06d91fd9 TGR	126	(package
06d91fd9 TGR	127	(name "vpnc-scripts")
1a135896	128	(version (string-append "20180226." (string-take commit 7)))
06d91fd9 TGR	129	(source (origin
	130	(method git-fetch)
	131	(uri
	132	(git-reference
	133	(url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
	134	(commit commit)))
728ee9d6	135	(file-name (git-file-name name version))
06d91fd9 TGR	136	(sha256
06d91fd9 TGR	137	(base32
1a135896	138	"02d29nrmnj6kfa889cavqn1pkn9ssb5gyp4lz1v47spwx7abpdi7"))))
06d91fd9 TGR	139	(build-system gnu-build-system)
	140	(inputs `(("coreutils" ,coreutils)
	141	("grep" ,grep)
	142	("iproute2" ,iproute) ; for ‘ip’
	143	("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
	144	("sed" ,sed)
	145	("which" ,which)))
	146	(arguments
	147	`(#:phases
	148	(modify-phases %standard-phases
	149	(add-after 'unpack 'use-relative-paths
	150	;; Patch the scripts to work with and use relative paths.
	151	(lambda* _
	152	(for-each (lambda (script)
	153	(substitute* script
	154	(("^PATH=.*") "")
	155	(("(/usr\|)/s?bin/") "")
	156	(("\\[ +-x +([^]]+) +\\]" _ command)
	157	(string-append "command -v >/dev/null 2>&1 "
	158	command))))
	159	(find-files "." "^vpnc-script"))
	160	#t))
	161	(delete 'configure) ; no configure script
	162	(replace 'build
	163	(lambda _
863501b7	164	(invoke "gcc" "-o" "netunshare" "netunshare.c")))
06d91fd9 TGR	165	(replace 'install
	166	;; There is no Makefile; manually install the relevant files.
	167	(lambda* (#:key outputs #:allow-other-keys)
	168	(let* ((out (assoc-ref outputs "out"))
	169	(etc (string-append out "/etc/vpnc")))
	170	(for-each (lambda (file)
	171	(install-file file etc))
	172	(append (find-files "." "^vpnc-script")
	173	(list "netunshare"
	174	"xinetd.netns.conf")))
	175	#t)))
	176	(add-after 'install 'wrap-scripts
	177	;; Wrap scripts with paths to their common hard dependencies.
	178	;; Optional dependencies will need to be installed by the user.
	179	(lambda* (#:key inputs outputs #:allow-other-keys)
	180	(let ((out (assoc-ref outputs "out")))
	181	(for-each
	182	(lambda (script)
	183	(wrap-program script
	184	`("PATH" ":" prefix
	185	,(map (lambda (name)
	186	(let ((input (assoc-ref inputs name)))
	187	(string-append input "/bin:"
	188	input "/sbin")))
	189	(list "coreutils"
	190	"grep"
	191	"iproute2"
	192	"net-tools"
	193	"sed"
	194	"which")))))
	195	(find-files (string-append out "/etc/vpnc/vpnc-script")
863501b7 TGR	196	"^vpnc-script"))
863501b7 TGR	197	#t))))
06d91fd9 TGR	198	#:tests? #f)) ; no tests
	199	(home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
	200	(synopsis "Network configuration scripts for Cisco VPN clients")
	201	(description
	202	"This set of scripts configures routing and name services when invoked
	203	by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
	204
	205	The default @command{vpnc-script} automatically configures most common
	206	connections, and provides hooks for performing custom actions at various stages
	207	of the connection or disconnection process.
	208
	209	Alternative scripts are provided for more complicated set-ups, or to serve as an
	210	example for writing your own. For example, @command{vpnc-script-sshd} contains
	211	the entire VPN in a network namespace accessible only through SSH.")
	212	(license license:gpl2+))))
71f4b81a	213
01224157 PL	214	(define-public ocproxy
	215	(package
	216	(name "ocproxy")
	217	(version "1.60")
	218	(source (origin
	219	(method url-fetch)
	220	(uri (string-append
	221	"https://github.com/cernekee/ocproxy/archive/v"
	222	version ".tar.gz"))
	223	(file-name (string-append name "-" version ".tar.gz"))
	224	(sha256
	225	(base32
	226	"1b4rg3xq5jnrp2l14sw0msan8kqhdxmsd7gpw9lkiwvxy13pcdm7"))))
	227	(build-system gnu-build-system)
	228	(native-inputs
	229	`(("autoconf" ,autoconf)
	230	("automake" ,automake)))
	231	(inputs
	232	`(("libevent" ,libevent)))
	233	(arguments
	234	'(#:phases
	235	(modify-phases %standard-phases
	236	(add-after 'unpack 'autogen
	237	(lambda _ (invoke "sh" "autogen.sh"))))))
	238	(home-page "https://github.com/cernekee/ocproxy")
	239	(synopsis "OpenConnect proxy")
	240	(description
	241	"User-level @dfn{SOCKS} and port forwarding proxy for OpenConnect based
	242	on LwIP. When using ocproxy, OpenConnect only handles network activity that
	243	the user specifically asks to proxy, so the @dfn{VPN} interface no longer
	244	\"hijacks\" all network traffic on the host.")
	245	(license license:bsd-3)))
	246
71f4b81a AE	247	(define-public openconnect
	248	(package
	249	(name "openconnect")
426aecfd	250	(version "7.08")
71f4b81a AE	251	(source (origin
71f4b81a AE	252	(method url-fetch)
d4bf49b1 EB	253	(uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
d4bf49b1 EB	254	"openconnect-" version ".tar.gz"))
71f4b81a	255	(sha256 (base32
426aecfd	256	"00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w"))))
71f4b81a AE	257	(build-system gnu-build-system)
71f4b81a AE	258	(inputs
c4c4cc05	259	`(("libxml2" ,libxml2)
060e365a	260	("gnutls" ,gnutls)
a6d06e86	261	("vpnc-scripts" ,vpnc-scripts)
71f4b81a	262	("zlib" ,zlib)))
c4c4cc05	263	(native-inputs
b94a6ca0	264	`(("gettext" ,gettext-minimal)
c4c4cc05	265	("pkg-config" ,pkg-config)))
71f4b81a	266	(arguments
d4bf49b1 EB	267	`(#:configure-flags
d4bf49b1 EB	268	`(,(string-append "--with-vpnc-script="
a6d06e86	269	(assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1	270	"/etc/vpnc/vpnc-script"))))
799dcdc4	271	(synopsis "Client for Cisco VPN")
71f4b81a AE	272	(description
	273	"OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
	274	supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
	275	870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
	276	and probably others.")
	277	(license license:lgpl2.1)
	278	(home-page "http://www.infradead.org/openconnect/")))
dc77f0d3 DT	279
	280	(define-public openvpn
	281	(package
	282	(name "openvpn")
a3cbd75b	283	(version "2.4.6")
dc77f0d3 DT	284	(source (origin
	285	(method url-fetch)
	286	(uri (string-append
	287	"https://swupdate.openvpn.org/community/releases/openvpn-"
	288	version ".tar.xz"))
	289	(sha256
	290	(base32
a3cbd75b	291	"09lck4wmkas3iyrzaspin9gn3wiclqb1m9sf8diy7j8wakx38r2g"))))
dc77f0d3 DT	292	(build-system gnu-build-system)
	293	(arguments
	294	'(#:configure-flags '("--enable-iproute2=yes")))
	295	(native-inputs
	296	`(("iproute2" ,iproute)))
	297	(inputs
dee9a262 EF	298	`(("lz4" ,lz4)
dee9a262 EF	299	("lzo" ,lzo)
dc77f0d3 DT	300	("openssl" ,openssl)
	301	("linux-pam" ,linux-pam)))
	302	(home-page "https://openvpn.net/")
	303	(synopsis "Virtual private network daemon")
9599339c TGR	304	(description
9599339c TGR	305	"OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3 DT	306	for creating secure point-to-point or site-to-site connections in routed or
	307	bridged configurations and remote access facilities. It uses a custom
	308	security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c	309	traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3	310	(license license:gpl2)))
feca8e2b JM	311
	312	(define-public tinc
	313	(package
	314	(name "tinc")
383ad03e	315	(version "1.0.33")
feca8e2b JM	316	(source (origin
	317	(method url-fetch)
	318	(uri (string-append "http://tinc-vpn.org/packages/"
	319	name "-" version ".tar.gz"))
	320	(sha256
	321	(base32
383ad03e	322	"1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz"))))
feca8e2b	323	(build-system gnu-build-system)
7b770eca SB	324	(arguments
	325	'(#:configure-flags
	326	'("--sysconfdir=/etc"
	327	"--localstatedir=/var")))
feca8e2b JM	328	(inputs `(("zlib" ,zlib)
	329	("lzo" ,lzo)
	330	("openssl" ,openssl)))
	331	(home-page "http://tinc-vpn.org")
	332	(synopsis "Virtual Private Network (VPN) daemon")
	333	(description
	334	"Tinc is a VPN that uses tunnelling and encryption to create a secure
	335	private network between hosts on the internet.")
	336	(license license:gpl2+)))
5c863d57 TGR	337
	338	(define-public sshuttle
	339	(package
	340	(name "sshuttle")
dc944249	341	(version "0.78.4")
5c863d57 TGR	342	(source
	343	(origin
	344	(method url-fetch)
	345	(uri (pypi-uri name version))
	346	(sha256
	347	(base32
dc944249	348	"0pqk43kd7crqhg6qgnl8kapncwgw1xgaf02zarzypcw64kvdih9h"))))
5c863d57 TGR	349	(build-system python-build-system)
5c863d57 TGR	350	(native-inputs
3308591f	351	`(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57 TGR	352	;; For tests only.
5c863d57 TGR	353	("python-mock" ,python-mock)
3308591f TGR	354	("python-pytest" ,python-pytest)
3308591f TGR	355	("python-pytest-runner" ,python-pytest-runner)))
5c863d57 TGR	356	(home-page "https://github.com/sshuttle/sshuttle")
	357	(synopsis "VPN that transparently forwards connections over SSH")
	358	(description "sshuttle creates an encrypted virtual private network (VPN)
	359	connection to any remote server to which you have secure shell (SSH) access.
	360	The only requirement is a suitable version of Python on the server;
	361	administrative privileges are required only on the client. Unlike most VPNs,
	362	sshuttle forwards entire sessions, not packets, using kernel transparent
	363	proxying. This makes it faster and more reliable than SSH's own tunneling and
	364	port forwarding features. It can forward both TCP and UDP traffic, including
	365	DNS domain name queries.")
	366	(license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b TGR	367
	368	(define-public sshoot
	369	(package
	370	(name "sshoot")
3b4018d6	371	(version "1.2.6")
1ce6f33b TGR	372	(source
	373	(origin
	374	(method url-fetch)
	375	(uri (pypi-uri name version))
	376	(sha256
	377	(base32
3b4018d6	378	"1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b	379	(build-system python-build-system)
c0b12a60 MB	380	(arguments
	381	'(#:phases
	382	(modify-phases %standard-phases
	383	(add-after 'unpack 'patch-paths
	384	(lambda _
	385	(substitute* "sshoot/tests/test_manager.py"
	386	(("/bin/sh") (which "sh")))
	387	#t)))))
1ce6f33b TGR	388	(inputs
	389	`(("python-argcomplete" ,python-argcomplete)
	390	("python-prettytable" ,python-prettytable)
	391	("python-pyyaml" ,python-pyyaml)))
	392	;; For tests only.
	393	(native-inputs
	394	`(("python-fixtures" ,python-fixtures)
	395	("python-pbr" ,python-pbr)
	396	("python-testtools" ,python-testtools)))
3b4018d6	397	(home-page "https://github.com/albertodonato/sshoot")
1ce6f33b TGR	398	(synopsis "sshuttle VPN session manager")
	399	(description "sshoot provides a command-line interface to manage multiple
	400	@command{sshuttle} virtual private networks. It supports flexible profiles
	401	with configuration options for most of @command{sshuttle}’s features.")
	402	(license license:gpl3+)))