[jackhill/guix/guix.git] / gnu / packages / vpn.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu packages vpn)
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (guix build-system gnu)
  #:use-module (guix build-system python)
  #:use-module (gnu packages)
  #:use-module (gnu packages base)
  #:use-module (gnu packages check)
  #:use-module (gnu packages compression)
  #:use-module (gnu packages gettext)
  #:use-module (gnu packages gnupg)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages python)
  #:use-module (gnu packages tls)
  #:use-module (gnu packages xml))

(define-public gvpe
  (package
    (name "gvpe")
    (version "3.0")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gvpe/gvpe-"
                                  version ".tar.gz"))
              (sha256
               (base32
                "1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf"))
              (modules '((guix build utils)))
              (snippet
               '(begin
                  ;; Remove the outdated bundled copy of glibc's getopt, which
                  ;; provides a 'getopt' declaration that conflicts with that
                  ;; of glibc 2.26.
                  (substitute* "lib/Makefile.in"
                    (("getopt1?\\.(c|h|\\$\\(OBJEXT\\))") ""))
                  (for-each delete-file
                            '("lib/getopt.h" "lib/getopt.c"))
                  #t))))
    (build-system gnu-build-system)
    (home-page "http://software.schmorp.de/pkg/gvpe.html")
    (inputs `(("openssl" ,openssl)
              ("zlib" ,zlib)))
    (synopsis "Secure VPN among multiple nodes over an untrusted network")
    (description
     "The GNU Virtual Private Ethernet creates a virtual network
with multiple nodes using a variety of transport protocols.  It works
by creating encrypted host-to-host tunnels between multiple
endpoints.")
    (license license:gpl3+)))

(define-public vpnc
  (package
   (name "vpnc")
   (version "0.5.3")
   (source (origin
            (method url-fetch)
            (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
                                version ".tar.gz"))
            (sha256 (base32
                     "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
   (build-system gnu-build-system)
   (inputs `(("libgcrypt" ,libgcrypt)
             ("perl" ,perl)
             ("vpnc-scripts" ,vpnc-scripts)))
   (arguments
    `(#:tests? #f ; there is no check target
      #:phases
      (modify-phases %standard-phases
        (add-after 'unpack 'use-store-paths
          (lambda* (#:key inputs outputs #:allow-other-keys)
            (let ((out          (assoc-ref outputs "out"))
                  (vpnc-scripts (assoc-ref inputs  "vpnc-scripts")))
              (substitute* "config.c"
                (("/etc/vpnc/vpnc-script")
                 (string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
              (substitute* "Makefile"
                (("ETCDIR=.*")
                 (string-append "ETCDIR=" out "/etc/vpnc\n"))
                (("PREFIX=.*")
                 (string-append "PREFIX=" out "\n")))
              #t)))
        (delete 'configure))))          ; no configure script
   (synopsis "Client for Cisco VPN concentrators")
   (description
    "vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
It supports IPSec (ESP) with Mode Configuration and Xauth.  It supports only
shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
1DES, MD5, SHA1, DH1/2/5 and IP tunneling.  It runs entirely in userspace.
Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
   (license license:gpl2+) ; some file are bsd-2, see COPYING
   (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))

(define-public vpnc-scripts
  (let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3"))
    (package
      (name "vpnc-scripts")
      (version (string-append "20161214." (string-take commit 7)))
      (source (origin
                (method git-fetch)
                (uri
                 (git-reference
                  (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
                  (commit commit)))
                (file-name (git-file-name name version))
                (sha256
                 (base32
                  "0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h"))))
      (build-system gnu-build-system)
      (inputs `(("coreutils" ,coreutils)
                ("grep" ,grep)
                ("iproute2" ,iproute)    ; for ‘ip’
                ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
                ("sed" ,sed)
                ("which" ,which)))
      (arguments
       `(#:phases
         (modify-phases %standard-phases
           (add-after 'unpack 'use-relative-paths
             ;; Patch the scripts to work with and use relative paths.
             (lambda* _
               (for-each (lambda (script)
                           (substitute* script
                             (("^PATH=.*") "")
                             (("(/usr|)/s?bin/") "")
                             (("\\[ +-x +([^]]+) +\\]" _ command)
                              (string-append "command -v >/dev/null 2>&1 "
                                             command))))
                         (find-files "." "^vpnc-script"))
               #t))
           (delete 'configure)          ; no configure script
           (replace 'build
             (lambda _
               (zero? (system* "gcc" "-o" "netunshare" "netunshare.c"))))
           (replace 'install
             ;; There is no Makefile; manually install the relevant files.
             (lambda* (#:key outputs #:allow-other-keys)
               (let* ((out (assoc-ref outputs "out"))
                      (etc (string-append out "/etc/vpnc")))
                 (for-each (lambda (file)
                             (install-file file etc))
                           (append (find-files "." "^vpnc-script")
                                   (list "netunshare"
                                         "xinetd.netns.conf")))
                 #t)))
           (add-after 'install 'wrap-scripts
             ;; Wrap scripts with paths to their common hard dependencies.
             ;; Optional dependencies will need to be installed by the user.
             (lambda* (#:key inputs outputs #:allow-other-keys)
               (let ((out (assoc-ref outputs "out")))
                 (for-each
                  (lambda (script)
                    (wrap-program script
                      `("PATH" ":" prefix
                        ,(map (lambda (name)
                                (let ((input (assoc-ref inputs name)))
                                  (string-append input "/bin:"
                                                 input "/sbin")))
                              (list "coreutils"
                                    "grep"
                                    "iproute2"
                                    "net-tools"
                                    "sed"
                                    "which")))))
                  (find-files (string-append out "/etc/vpnc/vpnc-script")
                              "^vpnc-script"))))))
         #:tests? #f))                  ; no tests
      (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
      (synopsis "Network configuration scripts for Cisco VPN clients")
      (description
       "This set of scripts configures routing and name services when invoked
by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.

The default @command{vpnc-script} automatically configures most common
connections, and provides hooks for performing custom actions at various stages
of the connection or disconnection process.

Alternative scripts are provided for more complicated set-ups, or to serve as an
example for writing your own.  For example, @command{vpnc-script-sshd} contains
the entire VPN in a network namespace accessible only through SSH.")
      (license license:gpl2+))))

(define-public openconnect
  (package
   (name "openconnect")
   (version "7.08")
   (source (origin
            (method url-fetch)
            (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
                                "openconnect-" version ".tar.gz"))
            (sha256 (base32
                     "00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w"))))
   (build-system gnu-build-system)
   (inputs
    `(("libxml2" ,libxml2)
      ("gnutls" ,gnutls)
      ("vpnc-scripts" ,vpnc-scripts)
      ("zlib" ,zlib)))
   (native-inputs
    `(("gettext" ,gettext-minimal)
      ("pkg-config" ,pkg-config)))
   (arguments
    `(#:configure-flags
      `(,(string-append "--with-vpnc-script="
                        (assoc-ref %build-inputs "vpnc-scripts")
                        "/etc/vpnc/vpnc-script"))))
   (synopsis "Client for Cisco VPN")
   (description
    "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
and probably others.")
   (license license:lgpl2.1)
   (home-page "http://www.infradead.org/openconnect/")))

(define-public openvpn
  (package
    (name "openvpn")
    (version "2.4.5")
    (source (origin
              (method url-fetch)
              (uri (string-append
                    "https://swupdate.openvpn.org/community/releases/openvpn-"
                    version ".tar.xz"))
              (sha256
               (base32
                "17njq59hsraqyxrbhkrxr7dvx0p066s3pn8w1mi0yd9jldis7h23"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags '("--enable-iproute2=yes")))
    (native-inputs
     `(("iproute2" ,iproute)))
    (inputs
     `(("lz4" ,lz4)
       ("lzo" ,lzo)
       ("openssl" ,openssl)
       ("linux-pam" ,linux-pam)))
    (home-page "https://openvpn.net/")
    (synopsis "Virtual private network daemon")
    (description
     "OpenVPN implements virtual private network (@dfn{VPN}) techniques
for creating secure point-to-point or site-to-site connections in routed or
bridged configurations and remote access facilities.  It uses a custom
security protocol that utilizes SSL/TLS for key exchange.  It is capable of
traversing network address translators (@dfn{NAT}s) and firewalls.")
    (license license:gpl2)))

(define-public tinc
  (package
    (name "tinc")
    (version "1.0.33")
    (source (origin
              (method url-fetch)
              (uri (string-append "http://tinc-vpn.org/packages/"
                                  name "-" version ".tar.gz"))
              (sha256
               (base32
                "1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags
       '("--sysconfdir=/etc"
         "--localstatedir=/var")))
    (inputs `(("zlib" ,zlib)
              ("lzo" ,lzo)
              ("openssl" ,openssl)))
    (home-page "http://tinc-vpn.org")
    (synopsis "Virtual Private Network (VPN) daemon")
    (description
     "Tinc is a VPN that uses tunnelling and encryption to create a secure
private network between hosts on the internet.")
    (license license:gpl2+)))

(define-public sshuttle
  (package
    (name "sshuttle")
    (version "0.78.3")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "12xyq5h77b57cnkljdk8qyjxzys512b73019s20x6ck5brj1m8wa"))))
    (build-system python-build-system)
    (native-inputs
     `(("python-setuptools-scm" ,python-setuptools-scm)
       ;; For tests only.
       ("python-mock" ,python-mock)
       ("python-pytest" ,python-pytest)
       ("python-pytest-runner" ,python-pytest-runner)))
    (home-page "https://github.com/sshuttle/sshuttle")
    (synopsis "VPN that transparently forwards connections over SSH")
    (description "sshuttle creates an encrypted virtual private network (VPN)
connection to any remote server to which you have secure shell (SSH) access.
The only requirement is a suitable version of Python on the server;
administrative privileges are required only on the client.  Unlike most VPNs,
sshuttle forwards entire sessions, not packets, using kernel transparent
proxying.  This makes it faster and more reliable than SSH's own tunneling and
port forwarding features.  It can forward both TCP and UDP traffic, including
DNS domain name queries.")
    (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’

(define-public sshoot
  (package
    (name "sshoot")
    (version "1.2.6")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri name version))
       (sha256
        (base32
         "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
    (build-system python-build-system)
    (arguments
     '(#:phases
       (modify-phases %standard-phases
         (add-after 'unpack 'patch-paths
           (lambda _
             (substitute* "sshoot/tests/test_manager.py"
               (("/bin/sh") (which "sh")))
             #t)))))
    (inputs
     `(("python-argcomplete" ,python-argcomplete)
       ("python-prettytable" ,python-prettytable)
       ("python-pyyaml" ,python-pyyaml)))
    ;; For tests only.
    (native-inputs
     `(("python-fixtures" ,python-fixtures)
       ("python-pbr" ,python-pbr)
       ("python-testtools" ,python-testtools)))
    (home-page "https://github.com/albertodonato/sshoot")
    (synopsis "sshuttle VPN session manager")
    (description "sshoot provides a command-line interface to manage multiple
@command{sshuttle} virtual private networks.  It supports flexible profiles
with configuration options for most of @command{sshuttle}’s features.")
    (license license:gpl3+)))
Commit	Line	Data
49f24f41 AE	1	;;; GNU Guix --- Functional package management for GNU
49f24f41 AE	2	;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
a9d4a9ad	3	;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org>
d4bf49b1	4	;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
feca8e2b	5	;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
8d2de491	6	;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
383ad03e	7	;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
fa3346b8	8	;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
49f24f41 AE	9	;;;
	10	;;; This file is part of GNU Guix.
	11	;;;
	12	;;; GNU Guix is free software; you can redistribute it and/or modify it
	13	;;; under the terms of the GNU General Public License as published by
	14	;;; the Free Software Foundation; either version 3 of the License, or (at
	15	;;; your option) any later version.
	16	;;;
	17	;;; GNU Guix is distributed in the hope that it will be useful, but
	18	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	19	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	20	;;; GNU General Public License for more details.
	21	;;;
	22	;;; You should have received a copy of the GNU General Public License
	23	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	24
	25	(define-module (gnu packages vpn)
b5b73a82	26	#:use-module ((guix licenses) #:prefix license:)
49f24f41 AE	27	#:use-module (guix packages)
49f24f41 AE	28	#:use-module (guix download)
06d91fd9	29	#:use-module (guix git-download)
49f24f41	30	#:use-module (guix build-system gnu)
5c863d57	31	#:use-module (guix build-system python)
49f24f41	32	#:use-module (gnu packages)
06d91fd9	33	#:use-module (gnu packages base)
ac257f12	34	#:use-module (gnu packages check)
71f4b81a	35	#:use-module (gnu packages compression)
1dba6407	36	#:use-module (gnu packages gettext)
49f24f41	37	#:use-module (gnu packages gnupg)
dc77f0d3	38	#:use-module (gnu packages linux)
71f4b81a AE	39	#:use-module (gnu packages perl)
71f4b81a AE	40	#:use-module (gnu packages pkg-config)
5c863d57	41	#:use-module (gnu packages python)
a7fd7b68	42	#:use-module (gnu packages tls)
71f4b81a	43	#:use-module (gnu packages xml))
49f24f41	44
7af8a9b7 LC	45	(define-public gvpe
	46	(package
	47	(name "gvpe")
3ded2761	48	(version "3.0")
7af8a9b7 LC	49	(source (origin
	50	(method url-fetch)
	51	(uri (string-append "mirror://gnu/gvpe/gvpe-"
	52	version ".tar.gz"))
	53	(sha256
	54	(base32
a9d4a9ad LC	55	"1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf"))
	56	(modules '((guix build utils)))
	57	(snippet
	58	'(begin
	59	;; Remove the outdated bundled copy of glibc's getopt, which
	60	;; provides a 'getopt' declaration that conflicts with that
	61	;; of glibc 2.26.
	62	(substitute* "lib/Makefile.in"
	63	(("getopt1?\\.(c\|h\|\\$\\(OBJEXT\\))") ""))
	64	(for-each delete-file
6cbee49d MW	65	'("lib/getopt.h" "lib/getopt.c"))
6cbee49d MW	66	#t))))
7af8a9b7 LC	67	(build-system gnu-build-system)
	68	(home-page "http://software.schmorp.de/pkg/gvpe.html")
	69	(inputs `(("openssl" ,openssl)
	70	("zlib" ,zlib)))
	71	(synopsis "Secure VPN among multiple nodes over an untrusted network")
	72	(description
	73	"The GNU Virtual Private Ethernet creates a virtual network
	74	with multiple nodes using a variety of transport protocols. It works
	75	by creating encrypted host-to-host tunnels between multiple
	76	endpoints.")
	77	(license license:gpl3+)))
	78
49f24f41 AE	79	(define-public vpnc
	80	(package
	81	(name "vpnc")
	82	(version "0.5.3")
	83	(source (origin
	84	(method url-fetch)
594360f5	85	(uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-"
49f24f41 AE	86	version ".tar.gz"))
49f24f41 AE	87	(sha256 (base32
101e67ac	88	"1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6"))))
49f24f41 AE	89	(build-system gnu-build-system)
49f24f41 AE	90	(inputs `(("libgcrypt" ,libgcrypt)
42c97811	91	("perl" ,perl)
101e67ac	92	("vpnc-scripts" ,vpnc-scripts)))
49f24f41 AE	93	(arguments
49f24f41 AE	94	`(#:tests? #f ; there is no check target
49f24f41	95	#:phases
42c97811	96	(modify-phases %standard-phases
101e67ac	97	(add-after 'unpack 'use-store-paths
42c97811	98	(lambda* (#:key inputs outputs #:allow-other-keys)
101e67ac TGR	99	(let ((out (assoc-ref outputs "out"))
	100	(vpnc-scripts (assoc-ref inputs "vpnc-scripts")))
	101	(substitute* "config.c"
	102	(("/etc/vpnc/vpnc-script")
	103	(string-append vpnc-scripts "/etc/vpnc/vpnc-script")))
	104	(substitute* "Makefile"
	105	(("ETCDIR=.*")
	106	(string-append "ETCDIR=" out "/etc/vpnc\n"))
	107	(("PREFIX=.*")
	108	(string-append "PREFIX=" out "\n")))
	109	#t)))
	110	(delete 'configure)))) ; no configure script
799dcdc4	111	(synopsis "Client for Cisco VPN concentrators")
49f24f41 AE	112	(description
49f24f41 AE	113	"vpnc is a VPN client compatible with Cisco's EasyVPN equipment.
35b9e423	114	It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only
49f24f41	115	shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES,
35b9e423	116	1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace.
49f24f41 AE	117	Only \"Universal TUN/TAP device driver support\" is needed in the kernel.")
	118	(license license:gpl2+) ; some file are bsd-2, see COPYING
	119	(home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/")))
71f4b81a	120
06d91fd9 TGR	121	(define-public vpnc-scripts
	122	(let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3"))
	123	(package
	124	(name "vpnc-scripts")
	125	(version (string-append "20161214." (string-take commit 7)))
	126	(source (origin
	127	(method git-fetch)
	128	(uri
	129	(git-reference
	130	(url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git")
	131	(commit commit)))
728ee9d6	132	(file-name (git-file-name name version))
06d91fd9 TGR	133	(sha256
	134	(base32
	135	"0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h"))))
	136	(build-system gnu-build-system)
	137	(inputs `(("coreutils" ,coreutils)
	138	("grep" ,grep)
	139	("iproute2" ,iproute) ; for ‘ip’
	140	("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’
	141	("sed" ,sed)
	142	("which" ,which)))
	143	(arguments
	144	`(#:phases
	145	(modify-phases %standard-phases
	146	(add-after 'unpack 'use-relative-paths
	147	;; Patch the scripts to work with and use relative paths.
	148	(lambda* _
	149	(for-each (lambda (script)
	150	(substitute* script
	151	(("^PATH=.*") "")
	152	(("(/usr\|)/s?bin/") "")
	153	(("\\[ +-x +([^]]+) +\\]" _ command)
	154	(string-append "command -v >/dev/null 2>&1 "
	155	command))))
	156	(find-files "." "^vpnc-script"))
	157	#t))
	158	(delete 'configure) ; no configure script
	159	(replace 'build
	160	(lambda _
	161	(zero? (system* "gcc" "-o" "netunshare" "netunshare.c"))))
	162	(replace 'install
	163	;; There is no Makefile; manually install the relevant files.
	164	(lambda* (#:key outputs #:allow-other-keys)
	165	(let* ((out (assoc-ref outputs "out"))
	166	(etc (string-append out "/etc/vpnc")))
	167	(for-each (lambda (file)
	168	(install-file file etc))
	169	(append (find-files "." "^vpnc-script")
	170	(list "netunshare"
	171	"xinetd.netns.conf")))
	172	#t)))
	173	(add-after 'install 'wrap-scripts
	174	;; Wrap scripts with paths to their common hard dependencies.
	175	;; Optional dependencies will need to be installed by the user.
	176	(lambda* (#:key inputs outputs #:allow-other-keys)
	177	(let ((out (assoc-ref outputs "out")))
	178	(for-each
	179	(lambda (script)
	180	(wrap-program script
	181	`("PATH" ":" prefix
	182	,(map (lambda (name)
	183	(let ((input (assoc-ref inputs name)))
	184	(string-append input "/bin:"
	185	input "/sbin")))
	186	(list "coreutils"
	187	"grep"
	188	"iproute2"
	189	"net-tools"
	190	"sed"
	191	"which")))))
	192	(find-files (string-append out "/etc/vpnc/vpnc-script")
	193	"^vpnc-script"))))))
	194	#:tests? #f)) ; no tests
	195	(home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git")
	196	(synopsis "Network configuration scripts for Cisco VPN clients")
197	(description
198	"This set of scripts configures routing and name services when invoked
199	by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients.
200
201	The default @command{vpnc-script} automatically configures most common
202	connections, and provides hooks for performing custom actions at various stages
203	of the connection or disconnection process.
204
205	Alternative scripts are provided for more complicated set-ups, or to serve as an
206	example for writing your own. For example, @command{vpnc-script-sshd} contains
207	the entire VPN in a network namespace accessible only through SSH.")
208	(license license:gpl2+))))
71f4b81a AE	209
	210	(define-public openconnect
	211	(package
	212	(name "openconnect")
426aecfd	213	(version "7.08")
71f4b81a AE	214	(source (origin
71f4b81a AE	215	(method url-fetch)
d4bf49b1 EB	216	(uri (string-append "ftp://ftp.infradead.org/pub/openconnect/"
d4bf49b1 EB	217	"openconnect-" version ".tar.gz"))
71f4b81a	218	(sha256 (base32
426aecfd	219	"00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w"))))
71f4b81a AE	220	(build-system gnu-build-system)
71f4b81a AE	221	(inputs
c4c4cc05	222	`(("libxml2" ,libxml2)
060e365a	223	("gnutls" ,gnutls)
a6d06e86	224	("vpnc-scripts" ,vpnc-scripts)
71f4b81a	225	("zlib" ,zlib)))
c4c4cc05	226	(native-inputs
b94a6ca0	227	`(("gettext" ,gettext-minimal)
c4c4cc05	228	("pkg-config" ,pkg-config)))
71f4b81a	229	(arguments
d4bf49b1 EB	230	`(#:configure-flags
d4bf49b1 EB	231	`(,(string-append "--with-vpnc-script="
a6d06e86	232	(assoc-ref %build-inputs "vpnc-scripts")
d4bf49b1	233	"/etc/vpnc/vpnc-script"))))
799dcdc4	234	(synopsis "Client for Cisco VPN")
71f4b81a AE	235	(description
	236	"OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
	237	supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500,
	238	870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
	239	and probably others.")
	240	(license license:lgpl2.1)
	241	(home-page "http://www.infradead.org/openconnect/")))
dc77f0d3 DT	242
	243	(define-public openvpn
	244	(package
	245	(name "openvpn")
0d34993a	246	(version "2.4.5")
dc77f0d3 DT	247	(source (origin
	248	(method url-fetch)
	249	(uri (string-append
	250	"https://swupdate.openvpn.org/community/releases/openvpn-"
	251	version ".tar.xz"))
	252	(sha256
	253	(base32
0d34993a	254	"17njq59hsraqyxrbhkrxr7dvx0p066s3pn8w1mi0yd9jldis7h23"))))
dc77f0d3 DT	255	(build-system gnu-build-system)
	256	(arguments
	257	'(#:configure-flags '("--enable-iproute2=yes")))
	258	(native-inputs
	259	`(("iproute2" ,iproute)))
	260	(inputs
dee9a262 EF	261	`(("lz4" ,lz4)
dee9a262 EF	262	("lzo" ,lzo)
dc77f0d3 DT	263	("openssl" ,openssl)
	264	("linux-pam" ,linux-pam)))
	265	(home-page "https://openvpn.net/")
	266	(synopsis "Virtual private network daemon")
9599339c TGR	267	(description
9599339c TGR	268	"OpenVPN implements virtual private network (@dfn{VPN}) techniques
dc77f0d3 DT	269	for creating secure point-to-point or site-to-site connections in routed or
	270	bridged configurations and remote access facilities. It uses a custom
	271	security protocol that utilizes SSL/TLS for key exchange. It is capable of
9599339c	272	traversing network address translators (@dfn{NAT}s) and firewalls.")
dc77f0d3	273	(license license:gpl2)))
feca8e2b JM	274
	275	(define-public tinc
	276	(package
	277	(name "tinc")
383ad03e	278	(version "1.0.33")
feca8e2b JM	279	(source (origin
	280	(method url-fetch)
	281	(uri (string-append "http://tinc-vpn.org/packages/"
	282	name "-" version ".tar.gz"))
	283	(sha256
	284	(base32
383ad03e	285	"1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz"))))
feca8e2b	286	(build-system gnu-build-system)
7b770eca SB	287	(arguments
	288	'(#:configure-flags
	289	'("--sysconfdir=/etc"
	290	"--localstatedir=/var")))
feca8e2b JM	291	(inputs `(("zlib" ,zlib)
	292	("lzo" ,lzo)
	293	("openssl" ,openssl)))
	294	(home-page "http://tinc-vpn.org")
	295	(synopsis "Virtual Private Network (VPN) daemon")
	296	(description
	297	"Tinc is a VPN that uses tunnelling and encryption to create a secure
	298	private network between hosts on the internet.")
	299	(license license:gpl2+)))
5c863d57 TGR	300
	301	(define-public sshuttle
	302	(package
	303	(name "sshuttle")
447f7582	304	(version "0.78.3")
5c863d57 TGR	305	(source
	306	(origin
	307	(method url-fetch)
	308	(uri (pypi-uri name version))
	309	(sha256
	310	(base32
447f7582	311	"12xyq5h77b57cnkljdk8qyjxzys512b73019s20x6ck5brj1m8wa"))))
5c863d57 TGR	312	(build-system python-build-system)
5c863d57 TGR	313	(native-inputs
3308591f	314	`(("python-setuptools-scm" ,python-setuptools-scm)
5c863d57 TGR	315	;; For tests only.
5c863d57 TGR	316	("python-mock" ,python-mock)
3308591f TGR	317	("python-pytest" ,python-pytest)
3308591f TGR	318	("python-pytest-runner" ,python-pytest-runner)))
5c863d57 TGR	319	(home-page "https://github.com/sshuttle/sshuttle")
	320	(synopsis "VPN that transparently forwards connections over SSH")
	321	(description "sshuttle creates an encrypted virtual private network (VPN)
	322	connection to any remote server to which you have secure shell (SSH) access.
	323	The only requirement is a suitable version of Python on the server;
	324	administrative privileges are required only on the client. Unlike most VPNs,
	325	sshuttle forwards entire sessions, not packets, using kernel transparent
	326	proxying. This makes it faster and more reliable than SSH's own tunneling and
	327	port forwarding features. It can forward both TCP and UDP traffic, including
	328	DNS domain name queries.")
	329	(license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’
1ce6f33b TGR	330
	331	(define-public sshoot
	332	(package
	333	(name "sshoot")
3b4018d6	334	(version "1.2.6")
1ce6f33b TGR	335	(source
	336	(origin
	337	(method url-fetch)
	338	(uri (pypi-uri name version))
	339	(sha256
	340	(base32
3b4018d6	341	"1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0"))))
1ce6f33b	342	(build-system python-build-system)
c0b12a60 MB	343	(arguments
	344	'(#:phases
	345	(modify-phases %standard-phases
	346	(add-after 'unpack 'patch-paths
	347	(lambda _
	348	(substitute* "sshoot/tests/test_manager.py"
	349	(("/bin/sh") (which "sh")))
	350	#t)))))
1ce6f33b TGR	351	(inputs
	352	`(("python-argcomplete" ,python-argcomplete)
	353	("python-prettytable" ,python-prettytable)
	354	("python-pyyaml" ,python-pyyaml)))
	355	;; For tests only.
	356	(native-inputs
	357	`(("python-fixtures" ,python-fixtures)
	358	("python-pbr" ,python-pbr)
	359	("python-testtools" ,python-testtools)))
3b4018d6	360	(home-page "https://github.com/albertodonato/sshoot")
1ce6f33b TGR	361	(synopsis "sshuttle VPN session manager")
	362	(description "sshoot provides a command-line interface to manage multiple
	363	@command{sshuttle} virtual private networks. It supports flexible profiles
	364	with configuration options for most of @command{sshuttle}’s features.")
	365	(license license:gpl3+)))