Commit | Line | Data |
---|---|---|
49f24f41 AE |
1 | ;;; GNU Guix --- Functional package management for GNU |
2 | ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr> | |
a9d4a9ad | 3 | ;;; Copyright © 2013, 2016, 2018 Ludovic Courtès <ludo@gnu.org> |
d4bf49b1 | 4 | ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org> |
feca8e2b | 5 | ;;; Copyright © 2015 Jeff Mickey <j@codemac.net> |
8d2de491 | 6 | ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> |
383ad03e | 7 | ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr> |
fa3346b8 | 8 | ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu> |
49f24f41 AE |
9 | ;;; |
10 | ;;; This file is part of GNU Guix. | |
11 | ;;; | |
12 | ;;; GNU Guix is free software; you can redistribute it and/or modify it | |
13 | ;;; under the terms of the GNU General Public License as published by | |
14 | ;;; the Free Software Foundation; either version 3 of the License, or (at | |
15 | ;;; your option) any later version. | |
16 | ;;; | |
17 | ;;; GNU Guix is distributed in the hope that it will be useful, but | |
18 | ;;; WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
20 | ;;; GNU General Public License for more details. | |
21 | ;;; | |
22 | ;;; You should have received a copy of the GNU General Public License | |
23 | ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. | |
24 | ||
25 | (define-module (gnu packages vpn) | |
b5b73a82 | 26 | #:use-module ((guix licenses) #:prefix license:) |
49f24f41 AE |
27 | #:use-module (guix packages) |
28 | #:use-module (guix download) | |
06d91fd9 | 29 | #:use-module (guix git-download) |
49f24f41 | 30 | #:use-module (guix build-system gnu) |
5c863d57 | 31 | #:use-module (guix build-system python) |
49f24f41 | 32 | #:use-module (gnu packages) |
06d91fd9 | 33 | #:use-module (gnu packages base) |
ac257f12 | 34 | #:use-module (gnu packages check) |
71f4b81a | 35 | #:use-module (gnu packages compression) |
1dba6407 | 36 | #:use-module (gnu packages gettext) |
49f24f41 | 37 | #:use-module (gnu packages gnupg) |
dc77f0d3 | 38 | #:use-module (gnu packages linux) |
71f4b81a AE |
39 | #:use-module (gnu packages perl) |
40 | #:use-module (gnu packages pkg-config) | |
5c863d57 | 41 | #:use-module (gnu packages python) |
a7fd7b68 | 42 | #:use-module (gnu packages tls) |
71f4b81a | 43 | #:use-module (gnu packages xml)) |
49f24f41 | 44 | |
7af8a9b7 LC |
45 | (define-public gvpe |
46 | (package | |
47 | (name "gvpe") | |
3ded2761 | 48 | (version "3.0") |
7af8a9b7 LC |
49 | (source (origin |
50 | (method url-fetch) | |
51 | (uri (string-append "mirror://gnu/gvpe/gvpe-" | |
52 | version ".tar.gz")) | |
53 | (sha256 | |
54 | (base32 | |
a9d4a9ad LC |
55 | "1v61mj25iyd91z0ir7cmradkkcm1ffbk52c96v293ibsvjs2s2hf")) |
56 | (modules '((guix build utils))) | |
57 | (snippet | |
58 | '(begin | |
59 | ;; Remove the outdated bundled copy of glibc's getopt, which | |
60 | ;; provides a 'getopt' declaration that conflicts with that | |
61 | ;; of glibc 2.26. | |
62 | (substitute* "lib/Makefile.in" | |
63 | (("getopt1?\\.(c|h|\\$\\(OBJEXT\\))") "")) | |
64 | (for-each delete-file | |
6cbee49d MW |
65 | '("lib/getopt.h" "lib/getopt.c")) |
66 | #t)))) | |
7af8a9b7 LC |
67 | (build-system gnu-build-system) |
68 | (home-page "http://software.schmorp.de/pkg/gvpe.html") | |
69 | (inputs `(("openssl" ,openssl) | |
70 | ("zlib" ,zlib))) | |
71 | (synopsis "Secure VPN among multiple nodes over an untrusted network") | |
72 | (description | |
73 | "The GNU Virtual Private Ethernet creates a virtual network | |
74 | with multiple nodes using a variety of transport protocols. It works | |
75 | by creating encrypted host-to-host tunnels between multiple | |
76 | endpoints.") | |
77 | (license license:gpl3+))) | |
78 | ||
49f24f41 AE |
79 | (define-public vpnc |
80 | (package | |
81 | (name "vpnc") | |
82 | (version "0.5.3") | |
83 | (source (origin | |
84 | (method url-fetch) | |
594360f5 | 85 | (uri (string-append "https://www.unix-ag.uni-kl.de/~massar/vpnc/vpnc-" |
49f24f41 AE |
86 | version ".tar.gz")) |
87 | (sha256 (base32 | |
101e67ac | 88 | "1128860lis89g1s21hqxvap2nq426c9j4bvgghncc1zj0ays7kj6")))) |
49f24f41 AE |
89 | (build-system gnu-build-system) |
90 | (inputs `(("libgcrypt" ,libgcrypt) | |
42c97811 | 91 | ("perl" ,perl) |
101e67ac | 92 | ("vpnc-scripts" ,vpnc-scripts))) |
49f24f41 AE |
93 | (arguments |
94 | `(#:tests? #f ; there is no check target | |
49f24f41 | 95 | #:phases |
42c97811 | 96 | (modify-phases %standard-phases |
101e67ac | 97 | (add-after 'unpack 'use-store-paths |
42c97811 | 98 | (lambda* (#:key inputs outputs #:allow-other-keys) |
101e67ac TGR |
99 | (let ((out (assoc-ref outputs "out")) |
100 | (vpnc-scripts (assoc-ref inputs "vpnc-scripts"))) | |
101 | (substitute* "config.c" | |
102 | (("/etc/vpnc/vpnc-script") | |
103 | (string-append vpnc-scripts "/etc/vpnc/vpnc-script"))) | |
104 | (substitute* "Makefile" | |
105 | (("ETCDIR=.*") | |
106 | (string-append "ETCDIR=" out "/etc/vpnc\n")) | |
107 | (("PREFIX=.*") | |
108 | (string-append "PREFIX=" out "\n"))) | |
109 | #t))) | |
110 | (delete 'configure)))) ; no configure script | |
799dcdc4 | 111 | (synopsis "Client for Cisco VPN concentrators") |
49f24f41 AE |
112 | (description |
113 | "vpnc is a VPN client compatible with Cisco's EasyVPN equipment. | |
35b9e423 | 114 | It supports IPSec (ESP) with Mode Configuration and Xauth. It supports only |
49f24f41 | 115 | shared-secret IPSec authentication with Xauth, AES (256, 192, 128), 3DES, |
35b9e423 | 116 | 1DES, MD5, SHA1, DH1/2/5 and IP tunneling. It runs entirely in userspace. |
49f24f41 AE |
117 | Only \"Universal TUN/TAP device driver support\" is needed in the kernel.") |
118 | (license license:gpl2+) ; some file are bsd-2, see COPYING | |
119 | (home-page "http://www.unix-ag.uni-kl.de/~massar/vpnc/"))) | |
71f4b81a | 120 | |
06d91fd9 TGR |
121 | (define-public vpnc-scripts |
122 | (let ((commit "6f87b0fe7b20d802a0747cc310217920047d58d3")) | |
123 | (package | |
124 | (name "vpnc-scripts") | |
125 | (version (string-append "20161214." (string-take commit 7))) | |
126 | (source (origin | |
127 | (method git-fetch) | |
128 | (uri | |
129 | (git-reference | |
130 | (url "git://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
131 | (commit commit))) | |
728ee9d6 | 132 | (file-name (git-file-name name version)) |
06d91fd9 TGR |
133 | (sha256 |
134 | (base32 | |
135 | "0pa36w4wlyyvfb66cayhans99wsr2j5si2fvfr7ldfm512ajwn8h")))) | |
136 | (build-system gnu-build-system) | |
137 | (inputs `(("coreutils" ,coreutils) | |
138 | ("grep" ,grep) | |
139 | ("iproute2" ,iproute) ; for ‘ip’ | |
140 | ("net-tools" ,net-tools) ; for ‘ifconfig’, ‘route’ | |
141 | ("sed" ,sed) | |
142 | ("which" ,which))) | |
143 | (arguments | |
144 | `(#:phases | |
145 | (modify-phases %standard-phases | |
146 | (add-after 'unpack 'use-relative-paths | |
147 | ;; Patch the scripts to work with and use relative paths. | |
148 | (lambda* _ | |
149 | (for-each (lambda (script) | |
150 | (substitute* script | |
151 | (("^PATH=.*") "") | |
152 | (("(/usr|)/s?bin/") "") | |
153 | (("\\[ +-x +([^]]+) +\\]" _ command) | |
154 | (string-append "command -v >/dev/null 2>&1 " | |
155 | command)))) | |
156 | (find-files "." "^vpnc-script")) | |
157 | #t)) | |
158 | (delete 'configure) ; no configure script | |
159 | (replace 'build | |
160 | (lambda _ | |
161 | (zero? (system* "gcc" "-o" "netunshare" "netunshare.c")))) | |
162 | (replace 'install | |
163 | ;; There is no Makefile; manually install the relevant files. | |
164 | (lambda* (#:key outputs #:allow-other-keys) | |
165 | (let* ((out (assoc-ref outputs "out")) | |
166 | (etc (string-append out "/etc/vpnc"))) | |
167 | (for-each (lambda (file) | |
168 | (install-file file etc)) | |
169 | (append (find-files "." "^vpnc-script") | |
170 | (list "netunshare" | |
171 | "xinetd.netns.conf"))) | |
172 | #t))) | |
173 | (add-after 'install 'wrap-scripts | |
174 | ;; Wrap scripts with paths to their common hard dependencies. | |
175 | ;; Optional dependencies will need to be installed by the user. | |
176 | (lambda* (#:key inputs outputs #:allow-other-keys) | |
177 | (let ((out (assoc-ref outputs "out"))) | |
178 | (for-each | |
179 | (lambda (script) | |
180 | (wrap-program script | |
181 | `("PATH" ":" prefix | |
182 | ,(map (lambda (name) | |
183 | (let ((input (assoc-ref inputs name))) | |
184 | (string-append input "/bin:" | |
185 | input "/sbin"))) | |
186 | (list "coreutils" | |
187 | "grep" | |
188 | "iproute2" | |
189 | "net-tools" | |
190 | "sed" | |
191 | "which"))))) | |
192 | (find-files (string-append out "/etc/vpnc/vpnc-script") | |
193 | "^vpnc-script")))))) | |
194 | #:tests? #f)) ; no tests | |
195 | (home-page "http://git.infradead.org/users/dwmw2/vpnc-scripts.git") | |
196 | (synopsis "Network configuration scripts for Cisco VPN clients") | |
197 | (description | |
198 | "This set of scripts configures routing and name services when invoked | |
199 | by the VPNC or OpenConnect Cisco @dfn{Virtual Private Network} (VPN) clients. | |
200 | ||
201 | The default @command{vpnc-script} automatically configures most common | |
202 | connections, and provides hooks for performing custom actions at various stages | |
203 | of the connection or disconnection process. | |
204 | ||
205 | Alternative scripts are provided for more complicated set-ups, or to serve as an | |
206 | example for writing your own. For example, @command{vpnc-script-sshd} contains | |
207 | the entire VPN in a network namespace accessible only through SSH.") | |
208 | (license license:gpl2+)))) | |
71f4b81a AE |
209 | |
210 | (define-public openconnect | |
211 | (package | |
212 | (name "openconnect") | |
426aecfd | 213 | (version "7.08") |
71f4b81a AE |
214 | (source (origin |
215 | (method url-fetch) | |
d4bf49b1 EB |
216 | (uri (string-append "ftp://ftp.infradead.org/pub/openconnect/" |
217 | "openconnect-" version ".tar.gz")) | |
71f4b81a | 218 | (sha256 (base32 |
426aecfd | 219 | "00wacb79l2c45f94gxs63b9z25wlciarasvjrb8jb8566wgyqi0w")))) |
71f4b81a AE |
220 | (build-system gnu-build-system) |
221 | (inputs | |
c4c4cc05 | 222 | `(("libxml2" ,libxml2) |
060e365a | 223 | ("gnutls" ,gnutls) |
a6d06e86 | 224 | ("vpnc-scripts" ,vpnc-scripts) |
71f4b81a | 225 | ("zlib" ,zlib))) |
c4c4cc05 | 226 | (native-inputs |
b94a6ca0 | 227 | `(("gettext" ,gettext-minimal) |
c4c4cc05 | 228 | ("pkg-config" ,pkg-config))) |
71f4b81a | 229 | (arguments |
d4bf49b1 EB |
230 | `(#:configure-flags |
231 | `(,(string-append "--with-vpnc-script=" | |
a6d06e86 | 232 | (assoc-ref %build-inputs "vpnc-scripts") |
d4bf49b1 | 233 | "/etc/vpnc/vpnc-script")))) |
799dcdc4 | 234 | (synopsis "Client for Cisco VPN") |
71f4b81a AE |
235 | (description |
236 | "OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is | |
237 | supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco SR500, | |
238 | 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers, | |
239 | and probably others.") | |
240 | (license license:lgpl2.1) | |
241 | (home-page "http://www.infradead.org/openconnect/"))) | |
dc77f0d3 DT |
242 | |
243 | (define-public openvpn | |
244 | (package | |
245 | (name "openvpn") | |
0d34993a | 246 | (version "2.4.5") |
dc77f0d3 DT |
247 | (source (origin |
248 | (method url-fetch) | |
249 | (uri (string-append | |
250 | "https://swupdate.openvpn.org/community/releases/openvpn-" | |
251 | version ".tar.xz")) | |
252 | (sha256 | |
253 | (base32 | |
0d34993a | 254 | "17njq59hsraqyxrbhkrxr7dvx0p066s3pn8w1mi0yd9jldis7h23")))) |
dc77f0d3 DT |
255 | (build-system gnu-build-system) |
256 | (arguments | |
257 | '(#:configure-flags '("--enable-iproute2=yes"))) | |
258 | (native-inputs | |
259 | `(("iproute2" ,iproute))) | |
260 | (inputs | |
dee9a262 EF |
261 | `(("lz4" ,lz4) |
262 | ("lzo" ,lzo) | |
dc77f0d3 DT |
263 | ("openssl" ,openssl) |
264 | ("linux-pam" ,linux-pam))) | |
265 | (home-page "https://openvpn.net/") | |
266 | (synopsis "Virtual private network daemon") | |
9599339c TGR |
267 | (description |
268 | "OpenVPN implements virtual private network (@dfn{VPN}) techniques | |
dc77f0d3 DT |
269 | for creating secure point-to-point or site-to-site connections in routed or |
270 | bridged configurations and remote access facilities. It uses a custom | |
271 | security protocol that utilizes SSL/TLS for key exchange. It is capable of | |
9599339c | 272 | traversing network address translators (@dfn{NAT}s) and firewalls.") |
dc77f0d3 | 273 | (license license:gpl2))) |
feca8e2b JM |
274 | |
275 | (define-public tinc | |
276 | (package | |
277 | (name "tinc") | |
383ad03e | 278 | (version "1.0.33") |
feca8e2b JM |
279 | (source (origin |
280 | (method url-fetch) | |
281 | (uri (string-append "http://tinc-vpn.org/packages/" | |
282 | name "-" version ".tar.gz")) | |
283 | (sha256 | |
284 | (base32 | |
383ad03e | 285 | "1x0hpfz13vn4pl6dcpnls6xq3rfcbdsg90awcfn53ijb8k35svvz")))) |
feca8e2b | 286 | (build-system gnu-build-system) |
7b770eca SB |
287 | (arguments |
288 | '(#:configure-flags | |
289 | '("--sysconfdir=/etc" | |
290 | "--localstatedir=/var"))) | |
feca8e2b JM |
291 | (inputs `(("zlib" ,zlib) |
292 | ("lzo" ,lzo) | |
293 | ("openssl" ,openssl))) | |
294 | (home-page "http://tinc-vpn.org") | |
295 | (synopsis "Virtual Private Network (VPN) daemon") | |
296 | (description | |
297 | "Tinc is a VPN that uses tunnelling and encryption to create a secure | |
298 | private network between hosts on the internet.") | |
299 | (license license:gpl2+))) | |
5c863d57 TGR |
300 | |
301 | (define-public sshuttle | |
302 | (package | |
303 | (name "sshuttle") | |
447f7582 | 304 | (version "0.78.3") |
5c863d57 TGR |
305 | (source |
306 | (origin | |
307 | (method url-fetch) | |
308 | (uri (pypi-uri name version)) | |
309 | (sha256 | |
310 | (base32 | |
447f7582 | 311 | "12xyq5h77b57cnkljdk8qyjxzys512b73019s20x6ck5brj1m8wa")))) |
5c863d57 TGR |
312 | (build-system python-build-system) |
313 | (native-inputs | |
3308591f | 314 | `(("python-setuptools-scm" ,python-setuptools-scm) |
5c863d57 TGR |
315 | ;; For tests only. |
316 | ("python-mock" ,python-mock) | |
3308591f TGR |
317 | ("python-pytest" ,python-pytest) |
318 | ("python-pytest-runner" ,python-pytest-runner))) | |
5c863d57 TGR |
319 | (home-page "https://github.com/sshuttle/sshuttle") |
320 | (synopsis "VPN that transparently forwards connections over SSH") | |
321 | (description "sshuttle creates an encrypted virtual private network (VPN) | |
322 | connection to any remote server to which you have secure shell (SSH) access. | |
323 | The only requirement is a suitable version of Python on the server; | |
324 | administrative privileges are required only on the client. Unlike most VPNs, | |
325 | sshuttle forwards entire sessions, not packets, using kernel transparent | |
326 | proxying. This makes it faster and more reliable than SSH's own tunneling and | |
327 | port forwarding features. It can forward both TCP and UDP traffic, including | |
328 | DNS domain name queries.") | |
329 | (license license:lgpl2.0))) ; incorrectly identified as GPL in ‘setup.py’ | |
1ce6f33b TGR |
330 | |
331 | (define-public sshoot | |
332 | (package | |
333 | (name "sshoot") | |
3b4018d6 | 334 | (version "1.2.6") |
1ce6f33b TGR |
335 | (source |
336 | (origin | |
337 | (method url-fetch) | |
338 | (uri (pypi-uri name version)) | |
339 | (sha256 | |
340 | (base32 | |
3b4018d6 | 341 | "1ccgh0hjyxrwkgy3hnxz3hgbjbs0lmfs25d5l5jam0xbpcpj63h0")))) |
1ce6f33b | 342 | (build-system python-build-system) |
c0b12a60 MB |
343 | (arguments |
344 | '(#:phases | |
345 | (modify-phases %standard-phases | |
346 | (add-after 'unpack 'patch-paths | |
347 | (lambda _ | |
348 | (substitute* "sshoot/tests/test_manager.py" | |
349 | (("/bin/sh") (which "sh"))) | |
350 | #t))))) | |
1ce6f33b TGR |
351 | (inputs |
352 | `(("python-argcomplete" ,python-argcomplete) | |
353 | ("python-prettytable" ,python-prettytable) | |
354 | ("python-pyyaml" ,python-pyyaml))) | |
355 | ;; For tests only. | |
356 | (native-inputs | |
357 | `(("python-fixtures" ,python-fixtures) | |
358 | ("python-pbr" ,python-pbr) | |
359 | ("python-testtools" ,python-testtools))) | |
3b4018d6 | 360 | (home-page "https://github.com/albertodonato/sshoot") |
1ce6f33b TGR |
361 | (synopsis "sshuttle VPN session manager") |
362 | (description "sshoot provides a command-line interface to manage multiple | |
363 | @command{sshuttle} virtual private networks. It supports flexible profiles | |
364 | with configuration options for most of @command{sshuttle}’s features.") | |
365 | (license license:gpl3+))) |