-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Commit openvpn 2.2.1 with ipv6 support.
Signed-off-by: Vladimir Smirnov <civil.over@gmail.com>
- Loading branch information
Showing
12 changed files
with
1,478 additions
and
0 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
AUX 65openvpn 45 RMD160 580e7f52f0c5ba91d3bc91f1155afc43fb153a96 SHA1 0d58cc3a3093e8df4b6e423934e93691722739b3 SHA256 d5758e39fdc75dcbb5a788b1afa743c3c1f08c63c535aa32c300b965474d765c | ||
AUX down.sh 943 RMD160 db43a525c9eb2ccb538e938e0b7f4359af22e4de SHA1 261acc68a24108526345a7d117bba15dbcebaa6e SHA256 39debebcd8c899f20e6d355cbc8eaab46e28b83a9f6c33a94c065688a4f3d2c7 | ||
AUX openvpn-2.1.conf 892 RMD160 687a747ed2f801b051438d02da8fcd44c6954484 SHA1 e65db7d972483c9391ef92d2931d9db7b69e4329 SHA256 330149a83684ddabe413d134d4c8efad4c88b18c2ab67165014deff5f7fffad2 | ||
AUX openvpn-2.1.init 4186 RMD160 e71c8cb5abee5d1b7c6485fc910f35822330a853 SHA1 a25b319834208d7ac65b090f85ee500f5e752cdc SHA256 d1b1f8a00935d77521bceb62535350444df3470fa45f4d33c3934051a1bb595b | ||
AUX openvpn-2.1_rc13-peercred.patch 251 RMD160 26123eedc9b685fb01de93c1141588f8008562f5 SHA1 8132510ebbd891ec55ef36d0cb8a86cb64a0145f SHA256 e7c2025ec49d3a5c2d95d80ee3c26ed9ccd0587d1664860b3a1eceb2bb7c778f | ||
AUX openvpn-2.2.1-pkcs11.patch 1080 RMD160 1ed385f7137e75a085ae59a98ea32c7430347b66 SHA1 c09bb78d9b2312f198fb7ce2363d07179976a932 SHA256 20247a5f5962ca1f6c09209ff07d7dfbc34899ad420b2f658cc5071e46ec1942 | ||
AUX openvpn.init 1486 RMD160 7005230b0dc3ea400aa22c9a01c2aa034d8baace SHA1 1670c08a2bec65c2e3529aec8d377bad6cb2e0e5 SHA256 c4b9e0899fa5ee0b90c5100da7711dc7a6a5658f10042b0feda9e7efb90a11cf | ||
AUX up.sh 2594 RMD160 17576f73e6de08828aeda2a8776b4a36331fa855 SHA1 4eb4d1e857053f86ea886dec8e8e6f45174df774 SHA256 848da0929c37b2112769232fbbdf61961b6107c6726d4b74d1ceb034b39ad5dd | ||
DIST openvpn-2.2.1-ipv6-20110825-1.patch.gz 34877 RMD160 dbefda0f86a39046d8ad333d80b740d6aa5c0999 SHA1 6522312cb78adef12d1c0ffff56f7e48bff22456 SHA256 431f463c5230477b7c99b6be586843f2a1b64251b0a341c59bdb19db6268c7aa | ||
DIST openvpn-2.2.1.tar.gz 911472 RMD160 115ff6ac548014d38da9e21bbb91103bcbb0cd09 SHA1 d5a8e9c635aa330eae8e66e1ccbe2b98e4c3047b SHA256 a860858cc92d4573399bb2ff17ac62d9b4b8939e6af0b8cc69150ba39d6e94e0 | ||
EBUILD openvpn-2.2.1.ebuild 5297 RMD160 5b391272210fb9f149671715537e566101d57633 SHA1 1b51aa2d40c080b2d21ce86c18391727f0ddb5ed SHA256 675c0f8c7fb7608ebd59205ce3078664c5caa6694c8303689e99d8e3e0ceec24 | ||
MISC ChangeLog 31866 RMD160 483e2a7e215d13361f2e1fa0fa3be19fe3b083d4 SHA1 704e915e263fea454454b2cf55524fba7c328842 SHA256 322465f769690d3e78c1faa278c44b24bcdff1589d38d7e37bc5778542558ba2 | ||
MISC metadata.xml 808 RMD160 40e1ada3063edc2ae986c33b1ad78d150bcb4523 SHA1 5a8edc3cf4a935ebc255b71327c4e5cc8362f0ed SHA256 06fb4ae72a9389520966db3f497088b9d23de0ef0b1e74d5c2066980bef221a1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
CONFIG_PROTECT="/usr/share/openvpn/easy-rsa" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
#!/bin/sh | ||
# Copyright (c) 2006-2007 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
# Contributed by Roy Marples (uberlord@gentoo.org) | ||
|
||
# If we have a service specific script, run this now | ||
if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then | ||
/etc/openvpn/"${SVCNAME}"-down.sh "$@" | ||
fi | ||
|
||
# Restore resolv.conf to how it was | ||
if [ "${PEER_DNS}" != "no" ]; then | ||
if [ -x /sbin/resolvconf ] ; then | ||
/sbin/resolvconf -d "${dev}" | ||
elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then | ||
# Important that we copy instead of move incase resolv.conf is | ||
# a symlink and not an actual file | ||
cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf | ||
rm -f /etc/resolv.conf-"${dev}".sv | ||
fi | ||
fi | ||
|
||
if [ -n "${SVCNAME}" ]; then | ||
# Re-enter the init script to start any dependant services | ||
if /etc/init.d/"${SVCNAME}" --quiet status ; then | ||
export IN_BACKGROUND=true | ||
/etc/init.d/"${SVCNAME}" --quiet stop | ||
fi | ||
fi | ||
|
||
exit 0 | ||
|
||
# vim: ts=4 : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
# OpenVPN automatically creates an /etc/resolv.conf (or sends it to | ||
# resolvconf) if given DNS information by the OpenVPN server. | ||
# Set PEER_DNS="no" to stop this. | ||
PEER_DNS="yes" | ||
|
||
# OpenVPN can run in many modes. Most people will want the init script | ||
# to automatically detect the mode and try and apply a good default | ||
# configuration and setup scripts. However, there are cases where the | ||
# OpenVPN configuration looks like a client, but it's really a peer or | ||
# something else. DETECT_CLIENT controls this behaviour. | ||
DETECT_CLIENT="yes" | ||
|
||
# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn | ||
# init script (ie, it first becomes "inactive" and the script then starts the | ||
# script again to make it "started") then you can state this below. | ||
# In other words, unless you understand service dependencies and are a | ||
# competent shell scripter, don't set this. | ||
RE_ENTER="no" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,133 @@ | ||
#!/sbin/runscript | ||
# Copyright 1999-2007 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
VPNDIR=${VPNDIR:-/etc/openvpn} | ||
VPN=${SVCNAME#*.} | ||
if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then | ||
VPNPID="/var/run/openvpn.${VPN}.pid" | ||
else | ||
VPNPID="/var/run/openvpn.pid" | ||
fi | ||
VPNCONF="${VPNDIR}/${VPN}.conf" | ||
|
||
depend() { | ||
need localmount net | ||
use dns | ||
after bootmisc | ||
} | ||
|
||
checkconfig() { | ||
# Linux has good dynamic tun/tap creation | ||
if [ $(uname -s) = "Linux" ] ; then | ||
if [ ! -e /dev/net/tun ]; then | ||
if ! modprobe tun ; then | ||
eerror "TUN/TAP support is not available" \ | ||
"in this kernel" | ||
return 1 | ||
fi | ||
fi | ||
if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then | ||
ebegin "Detected broken /dev/net/tun symlink, fixing..." | ||
rm -f /dev/net/tun | ||
ln -s /dev/misc/net/tun /dev/net/tun | ||
eend $? | ||
fi | ||
return 0 | ||
fi | ||
|
||
# Other OS's don't, so we rely on a pre-configured interface | ||
# per vpn instance | ||
local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}") | ||
if [ -z ${ifname} ] ; then | ||
eerror "You need to specify the interface that this openvpn" \ | ||
"instance should use" \ | ||
"by using the dev option in ${VPNCONF}" | ||
return 1 | ||
fi | ||
|
||
if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then | ||
# Try and create it | ||
echo > /dev/"${ifname}" >/dev/null | ||
fi | ||
if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then | ||
eerror "${VPNCONF} requires interface ${ifname}" \ | ||
"but that does not exist" | ||
return 1 | ||
fi | ||
} | ||
|
||
start() { | ||
# If we are re-called by the openvpn gentoo-up.sh script | ||
# then we don't actually want to start openvpn | ||
[ "${IN_BACKGROUND}" = "true" ] && return 0 | ||
|
||
ebegin "Starting ${SVCNAME}" | ||
|
||
checkconfig || return 1 | ||
|
||
local args="" reenter=${RE_ENTER:-no} | ||
# If the config file does not specify the cd option, we do | ||
# But if we specify it, we override the config option which we do not want | ||
if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then | ||
args="${args} --cd ${VPNDIR}" | ||
fi | ||
|
||
# We mark the service as inactive and then start it. | ||
# When we get an authenticated packet from the peer then we run our script | ||
# which configures our DNS if any and marks us as up. | ||
if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ | ||
grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then | ||
reenter="yes" | ||
args="${args} --up-delay --up-restart" | ||
args="${args} --script-security 2" | ||
args="${args} --up /etc/openvpn/up.sh" | ||
args="${args} --down-pre --down /etc/openvpn/down.sh" | ||
|
||
# Warn about setting scripts as we override them | ||
if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then | ||
ewarn "WARNING: You have defined your own up/down scripts" | ||
ewarn "As you're running as a client, we now force Gentoo specific" | ||
ewarn "scripts to be run for up and down events." | ||
ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh" | ||
ewarn "where you can put your own code." | ||
fi | ||
|
||
# Warn about the inability to change ip/route/dns information when | ||
# dropping privs | ||
if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then | ||
ewarn "WARNING: You are dropping root privileges!" | ||
ewarn "As such openvpn may not be able to change ip, routing" | ||
ewarn "or DNS configuration." | ||
fi | ||
else | ||
# So we're a server. Run as openvpn unless otherwise specified | ||
grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" | ||
grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" | ||
fi | ||
|
||
# Ensure that our scripts get the PEER_DNS variable | ||
[ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" | ||
|
||
[ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" | ||
start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ | ||
-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ | ||
--setenv SVCNAME "${SVCNAME}" ${args} | ||
eend $? "Check your logs to see why startup failed" | ||
} | ||
|
||
stop() { | ||
# If we are re-called by the openvpn gentoo-down.sh script | ||
# then we don't actually want to stop openvpn | ||
if [ "${IN_BACKGROUND}" = "true" ] ; then | ||
mark_service_inactive "${SVCNAME}" | ||
return 0 | ||
fi | ||
|
||
ebegin "Stopping ${SVCNAME}" | ||
start-stop-daemon --stop --quiet \ | ||
--exec /usr/sbin/openvpn --pidfile "${VPNPID}" | ||
eend $? | ||
} | ||
|
||
# vim: set ts=4 : |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
--- socket.c~ 2008-11-02 01:39:00.406009999 +0100 | ||
+++ socket.c 2008-11-02 01:39:00.406009999 +0100 | ||
@@ -22,6 +22,7 @@ | ||
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | ||
*/ | ||
|
||
+#define _GNU_SOURCE | ||
#include "syshead.h" | ||
|
||
#include "socket.h" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
--- openvpn-2.1_rc20~/easy-rsa/2.0/openssl-0.9.8.cnf~ 2011-10-10 15:10:33.027120093 +0400 | ||
+++ openvpn-2.1_rc20~/easy-rsa/2.0/openssl-0.9.8.cnf 2011-10-10 15:11:07.447120924 +0400 | ||
@@ -283,8 +283,8 @@ | ||
#pkcs11 = pkcs11_section | ||
|
||
[ pkcs11_section ] | ||
-engine_id = pkcs11 | ||
-dynamic_path = /usr/lib/engines/engine_pkcs11.so | ||
-MODULE_PATH = $ENV::PKCS11_MODULE_PATH | ||
-PIN = $ENV::PKCS11_PIN | ||
-init = 0 | ||
+#engine_id = pkcs11 | ||
+#dynamic_path = /usr/lib/engines/engine_pkcs11.so | ||
+#MODULE_PATH = $ENV::PKCS11_MODULE_PATH | ||
+#PIN = $ENV::PKCS11_PIN | ||
+#init = 0 | ||
--- openvpn-2.1_rc20~/easy-rsa/2.0/openssl-1.0.0.cnf~ 2011-10-10 15:10:36.257120163 +0400 | ||
+++ openvpn-2.1_rc20~/easy-rsa/2.0/openssl-1.0.0.cnf 2011-10-10 15:11:20.296121202 +0400 | ||
@@ -278,8 +278,8 @@ | ||
#pkcs11 = pkcs11_section | ||
|
||
[ pkcs11_section ] | ||
-engine_id = pkcs11 | ||
-dynamic_path = /usr/lib/engines/engine_pkcs11.so | ||
-MODULE_PATH = $ENV::PKCS11_MODULE_PATH | ||
-PIN = $ENV::PKCS11_PIN | ||
-init = 0 | ||
+#engine_id = pkcs11 | ||
+#dynamic_path = /usr/lib/engines/engine_pkcs11.so | ||
+#MODULE_PATH = $ENV::PKCS11_MODULE_PATH | ||
+#PIN = $ENV::PKCS11_PIN | ||
+#init = 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
#!/sbin/runscript | ||
# Copyright 1999-2007 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
VPNDIR="/etc/openvpn" | ||
VPN="${SVCNAME#*.}" | ||
if [ -n "${VPN}" ] && [ "${SVCNAME}" != "openvpn" ]; then | ||
VPNPID="/var/run/openvpn.${VPN}.pid" | ||
else | ||
VPNPID="/var/run/openvpn.pid" | ||
fi | ||
VPNCONF="${VPNDIR}/${VPN}.conf" | ||
|
||
depend() { | ||
need localmount net | ||
before netmount | ||
after bootmisc | ||
} | ||
|
||
checktundevice() { | ||
if [ ! -e /dev/net/tun ]; then | ||
if ! modprobe tun ; then | ||
eerror "TUN/TAP support is not available in this kernel" | ||
return 1 | ||
fi | ||
fi | ||
if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then | ||
ebegin "Detected broken /dev/net/tun symlink, fixing..." | ||
rm -f /dev/net/tun | ||
ln -s /dev/misc/net/tun /dev/net/tun | ||
eend $? | ||
fi | ||
} | ||
|
||
start() { | ||
ebegin "Starting ${SVCNAME}" | ||
|
||
checktundevice || return 1 | ||
|
||
if [ ! -e "${VPNCONF}" ]; then | ||
eend 1 "${VPNCONF} does not exist" | ||
return 1 | ||
fi | ||
|
||
local args="" | ||
# If the config file does not specify the cd option, we do | ||
# But if we specify it, we override the config option which we do not want | ||
if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then | ||
args="${args} --cd ${VPNDIR}" | ||
fi | ||
|
||
start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ | ||
-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon ${args} | ||
eend $? "Check your logs to see why startup failed" | ||
} | ||
|
||
stop() { | ||
ebegin "Stopping ${SVCNAME}" | ||
start-stop-daemon --stop --exec /usr/sbin/openvpn --pidfile "${VPNPID}" | ||
eend $? | ||
} | ||
|
||
# vim: ts=4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
#!/bin/sh | ||
# Copyright (c) 2006-2007 Gentoo Foundation | ||
# Distributed under the terms of the GNU General Public License v2 | ||
# Contributed by Roy Marples (uberlord@gentoo.org) | ||
|
||
# Setup our resolv.conf | ||
# Vitally important that we use the domain entry in resolv.conf so we | ||
# can setup the nameservers are for the domain ONLY in resolvconf if | ||
# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc. | ||
# nscd/libc users will get the VPN nameservers before their other ones | ||
# and will use the first one that responds - maybe the LAN ones? | ||
# non resolvconf users just the the VPN resolv.conf | ||
|
||
# FIXME:- if we have >1 domain, then we have to use search :/ | ||
# We need to add a flag to resolvconf to say | ||
# "these nameservers should only be used for the listed search domains | ||
# if other global nameservers are present on other interfaces" | ||
# This however, will break compatibility with Debians resolvconf | ||
# A possible workaround would be to just list multiple domain lines | ||
# and try and let resolvconf handle it | ||
|
||
if [ "${PEER_DNS}" != "no" ]; then | ||
NS= | ||
DOMAIN= | ||
SEARCH= | ||
i=1 | ||
while true ; do | ||
eval opt=\$foreign_option_${i} | ||
[ -z "${opt}" ] && break | ||
if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then | ||
if [ -z "${DOMAIN}" ] ; then | ||
DOMAIN="${opt#dhcp-option DOMAIN *}" | ||
else | ||
SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}" | ||
fi | ||
elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then | ||
NS="${NS}nameserver ${opt#dhcp-option DNS *}\n" | ||
fi | ||
i=$((${i} + 1)) | ||
done | ||
|
||
if [ -n "${NS}" ] ; then | ||
DNS="# Generated by openvpn for interface ${dev}\n" | ||
if [ -n "${SEARCH}" ] ; then | ||
DNS="${DNS}search ${DOMAIN} ${SEARCH}\n" | ||
elif [ -n "${DOMAIN}" ]; then | ||
DNS="${DNS}domain ${DOMAIN}\n" | ||
fi | ||
DNS="${DNS}${NS}" | ||
if [ -x /sbin/resolvconf ] ; then | ||
printf "${DNS}" | /sbin/resolvconf -a "${dev}" | ||
else | ||
# Preserve the existing resolv.conf | ||
if [ -e /etc/resolv.conf ] ; then | ||
cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv | ||
fi | ||
printf "${DNS}" > /etc/resolv.conf | ||
chmod 644 /etc/resolv.conf | ||
fi | ||
fi | ||
fi | ||
|
||
# Below section is Gentoo specific | ||
# Quick summary - our init scripts are re-entrant and set the SVCNAME env var | ||
# as we could have >1 openvpn service | ||
|
||
if [ -n "${SVCNAME}" ]; then | ||
# If we have a service specific script, run this now | ||
if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then | ||
/etc/openvpn/"${SVCNAME}"-up.sh "$@" | ||
fi | ||
|
||
# Re-enter the init script to start any dependant services | ||
if ! /etc/init.d/"${SVCNAME}" --quiet status ; then | ||
export IN_BACKGROUND=true | ||
/etc/init.d/${SVCNAME} --quiet start | ||
fi | ||
fi | ||
|
||
exit 0 | ||
|
||
# vim: ts=4 : |
Oops, something went wrong.