cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Security update to version 2.0.1, fixing four denial of service bugs,

Browse Source 
CAN-2005-2531, CAN-2005-2532, CAN-2005-2533, CAN-2005-2534
- Drop old init script and add a modern rcNG script in its place,
  requested by Matthias Grimm and Dirk Gouders (although the script below is
  one I, Matthias Andree, wrote). It can automatically load tun/tap drivers.
- move pkg-message to files/pkg-message.in, revise it, list it in SUB_FILES
  to expand ${PREFIX}.
- print pkg-message after installation from port
- switch to official "make check" as smoke-test, rather than wiring our own.
- prefer LZO2 in most situations, as OpenVPN will pick up LZO2 rather than
  LZO1 if both are installed.

PR:		ports/85109
Submitted by:	maintainer
Approved by:	portmgr (krion)
This commit is contained in:
Renato Botelho 2005-08-19 18:48:34 +00:00
parent c8adfc87db
commit 0f64e52705
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=140936
21 changed files with 471 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
security/openvpn-devel/Makefile
View File

@ -1,21 +1,18 @@
# New ports collection makefile for: openvpn
# Date created: 2002-06-23
# Whom: Matthias Andree <matthias.andree@web.de>
# Whom: Matthias Andree <matthias.andree@gmx.de>
#
# $FreeBSD$
#
PORTNAME= openvpn
DISTVERSION= 2.0
PORTREVISION= 3
DISTVERSION= 2.0.1
CATEGORIES= security
MASTER_SITES= http://openvpn.net/release/
MAINTAINER= matthias.andree@gmx.de
COMMENT= Secure IP/Ethernet tunnel daemon
LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo
GNU_CONFIGURE= yes
USE_OPENSSL= yes
CONFIGURE_TARGET= --build=${ARCH}-portbld-freebsd${OSREL}
@ -26,25 +23,31 @@ MAN8= openvpn.8
OPTIONS= PW_SAVE "Interactive passwords may be read from a file" off
USE_RC_SUBR= openvpn.sh
SUB_FILES= pkg-message
.include <bsd.port.pre.mk>
# NOTE: there is no way to explicitly specify the LZO version to OpenVPN,
# if LZO2 and LZO1 are installed, OpenVPN will pick LZO2.
# So depend on LZO1 only if it's already there and LZO2 isn't.
# PACKAGE_BUILDING will also force LZO2.
.if exists(${LOCALBASE}/lib/liblzo2.so.2) || !exists(${LOCALBASE}/lib/liblzo.so.1) || defined(PACKAGE_BUILDING)
LIB_DEPENDS= lzo2.2:${PORTSDIR}/archivers/lzo2
.else
LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo
.endif
.if defined(WITH_PW_SAVE)
CONFIGURE_ARGS+= --enable-password-save
.endif
# self-tests here
post-build:
( set -e ; cd ${WRKSRC} && \
./openvpn --genkey --secret key && \
./openvpn --test-crypto --secret key && ${RM} key )
( set -e ; cd ${WRKSRC} && { \
./openvpn --config sample-config-files/loopback-server & \
./openvpn --config sample-config-files/loopback-client ; \
wait ; })
cd ${WRKSRC} && ${MAKE} check
post-install:
${INSTALL_SCRIPT} ${FILESDIR}/openvpn.sh.sample \
${PREFIX}/etc/rc.d/openvpn.sh.sample
.if !defined(NOPORTDOCS)
${MKDIR} ${DOCSDIR}
.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \
@ -56,5 +59,6 @@ post-install:
| ${GREP} -v easy-rsa/Windows \
| ${CPIO} -pdmu ${DOCSDIR} )
.endif
@${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>

4
security/openvpn-devel/distinfo
View File

@ -1,2 +1,2 @@
MD5 (openvpn-2.0.tar.gz) = 7401faebc6baee9add32608709c54eec
SIZE (openvpn-2.0.tar.gz) = 639201
MD5 (openvpn-2.0.1.tar.gz) = fad7a08c0d68371c2c0e6428bcb98fa5
SIZE (openvpn-2.0.1.tar.gz) = 662428

99
security/openvpn-devel/files/openvpn.sh.in Normal file
View File

@ -0,0 +1,99 @@
#!/bin/sh
#
# openvpn.sh - load tun/tap driver and start OpenVPN daemon
#
# (C) Copyright 2005 by Matthias Andree
# based on suggestions by Matthias Grimm and Dirk Gouders
#
# Made in Northrhine-Westphalia, Germany
#
# $FreeBSD$
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
# Street, Fifth Floor, Boston, MA 02110-1301, USA.
# PROVIDE: openvpn
# REQUIRE: DAEMON
# BEFORE:
# KEYWORD: FreeBSD shutdown
# -----------------------------------------------------------------------------
#
# Add the following lines to /etc/rc.conf to enable openvpn at boot-up time:
#
# openvpn_enable="YES" # YES or NO
# openvpn_if="tun" # driver(s) to load, set to "tun", "tap" or "tun tap"
#
# # optional:
# openvpn_flags="" # openvpn command line flags
# openvpn_config="%%PREFIX%%/etc/openvpn/openvpn.conf" # --config file
# openvpn_dir="%%PREFIX%%/etc/openvpn" # --cd directory
#
# You also need to set openvpn_configfile and openvpn_dir, if the configuration
# file and directory where keys and certificates reside differ from the above
# settings.
#
# Note that we deliberately refrain from unloading drivers.
#
# For further documentation, please see openvpn(8).
#
. %%RC_SUBR%%
name=openvpn
rcvar=`set_rcvar`
prefix="%%PREFIX%%"
openvpn_precmd()
{
for i in $openvpn_if ; do
if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 ; then
if ! kldload if_${i} ; then
warn "Could not load $i module."
return 1
fi
fi
done
return 0
}
stop_postcmd()
{
rm -f "$pidfile" || warn "Could not remove $pidfile."
}
# support SIGHUP to reparse configuration file
extra_commands="reload"
# pidfile
pidfile="/var/run/${name}.pid"
# command and arguments
command="%%PREFIX%%/sbin/${name}"
# run this first
start_precmd="openvpn_precmd"
# and this last
stop_postcmd="stop_postcmd"
load_rc_config ${name}
: ${openvpn_enable="NO"}
: ${openvpn_flags=""}
: ${openvpn_if=""}
: ${openvpn_configfile="${prefix}/etc/openvpn/openvpn.conf"}
: ${openvpn_dir="${prefix}/etc/openvpn"}
required_files="${openvpn_configfile}"
command_args="--cd ${openvpn_dir} --daemon --config ${openvpn_configfile} --writepid ${pidfile}"
run_rc_command "$1"

19
security/openvpn-devel/files/openvpn.sh.sample
View File

@ -1,19 +0,0 @@
#! /bin/sh
# (C) 2002 by Matthias Andree
# This file may be redistributed according to the terms of the GNU General
# Public License, version 2 (two).
# To use this script, rename it to openvpn.sh and make sure it is
# executable for the owner.
# This file rouses a security warning at port install time. However, this
# file itself does not start network services, but it loads a kernel driver.
# The security of this file therefore depends on the security of kldload and
# the if_tap driver.
case x$1 in
xstart) echo -n ' if_tap' ; exec kldload if_tap ;;
xstop) echo -n ' if_tap' ; exec kldunload if_tap ;;
*) echo >&2 "Usage: $0 {start|stop}"
esac

18
security/openvpn-devel/files/pkg-message.in Normal file
View File

@ -0,0 +1,18 @@
### ------------------------------------------------------------------------
### The OpenVPN port, since v2.0.1, uses rcNG to start OpenVPN.
### Edit /etc/rc.conf to start OpenVPN automatically at system startup.
### See %%PREFIX%%/etc/rc.d/openvpn.sh for details.
### ------------------------------------------------------------------------
### To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, you may need to
### edit the 1.X configuration file by adding these lines:
### tun-mtu 1500
### tun-mtu-extra 32
### mssfix 1450
### key-method 2 <- this key-method line only for TLS setups
### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
### WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194!
### OpenVPN 1.6 and older used 5000 rather than 1194 as their default
### port, so add the proper port options to your configuration file!
### ------------------------------------------------------------------------
### For further compatibility, see <http://openvpn.net/relnotes.html>
### ------------------------------------------------------------------------

20
security/openvpn-devel/pkg-message
View File

@ -1,20 +0,0 @@
### ---------------------------------------------------------------------- ###
### To use the tap driver, you may need to do: kldload if_tap ###
### See ${PREFIX}/etc/rc.d/openvpn.sh.sample for how to do this ###
### automatically at system boot-up time. ###
### ---------------------------------------------------------------------- ###
### To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, you may need to ###
### edit the 1.X configuration file by adding these lines: ###
### ###
### tun-mtu 1500 ###
### tun-mtu-extra 32 ###
### mssfix 1450 ###
### ###
### key-method 2 <- this key-method line only for TLS setups ###
### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ###
### WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194! ###
### OpenVPN 1.6 and older used 5000 rather than 1194 as their default ###
### port, so add the proper port options to your configuration file! ###
### ---------------------------------------------------------------------- ###
### For further compatibility, see <http://openvpn.net/relnotes.html> ###
### ---------------------------------------------------------------------- ###

21
security/openvpn-devel/pkg-plist
View File

@ -1,5 +1,4 @@
sbin/openvpn
etc/rc.d/openvpn.sh.sample
%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
%%PORTDOCS%%%%DOCSDIR%%/COPYING
%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL
@ -26,6 +25,25 @@ etc/rc.d/openvpn.sh.sample
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/revoke-full
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/sign-req
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/vars
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-inter
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pass
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pkcs12
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-server
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req-pass
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl.cnf
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/scripts
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars
%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README
%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf
%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh
@ -49,5 +67,6 @@ etc/rc.d/openvpn.sh.sample
%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn
%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts
%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files
%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0
%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa
%%PORTDOCS%%@dirrm %%DOCSDIR%%

32
security/openvpn/Makefile
View File

@ -1,21 +1,18 @@
# New ports collection makefile for: openvpn
# Date created: 2002-06-23
# Whom: Matthias Andree <matthias.andree@web.de>
# Whom: Matthias Andree <matthias.andree@gmx.de>
#
# $FreeBSD$
#
PORTNAME= openvpn
DISTVERSION= 2.0
PORTREVISION= 3
DISTVERSION= 2.0.1
CATEGORIES= security
MASTER_SITES= http://openvpn.net/release/
MAINTAINER= matthias.andree@gmx.de
COMMENT= Secure IP/Ethernet tunnel daemon
LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo
GNU_CONFIGURE= yes
USE_OPENSSL= yes
CONFIGURE_TARGET= --build=${ARCH}-portbld-freebsd${OSREL}
@ -26,25 +23,31 @@ MAN8= openvpn.8
OPTIONS= PW_SAVE "Interactive passwords may be read from a file" off
USE_RC_SUBR= openvpn.sh
SUB_FILES= pkg-message
.include <bsd.port.pre.mk>
# NOTE: there is no way to explicitly specify the LZO version to OpenVPN,
# if LZO2 and LZO1 are installed, OpenVPN will pick LZO2.
# So depend on LZO1 only if it's already there and LZO2 isn't.
# PACKAGE_BUILDING will also force LZO2.
.if exists(${LOCALBASE}/lib/liblzo2.so.2) || !exists(${LOCALBASE}/lib/liblzo.so.1) || defined(PACKAGE_BUILDING)
LIB_DEPENDS= lzo2.2:${PORTSDIR}/archivers/lzo2
.else
LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo
.endif
.if defined(WITH_PW_SAVE)
CONFIGURE_ARGS+= --enable-password-save
.endif
# self-tests here
post-build:
( set -e ; cd ${WRKSRC} && \
./openvpn --genkey --secret key && \
./openvpn --test-crypto --secret key && ${RM} key )
( set -e ; cd ${WRKSRC} && { \
./openvpn --config sample-config-files/loopback-server & \
./openvpn --config sample-config-files/loopback-client ; \
wait ; })
cd ${WRKSRC} && ${MAKE} check
post-install:
${INSTALL_SCRIPT} ${FILESDIR}/openvpn.sh.sample \
${PREFIX}/etc/rc.d/openvpn.sh.sample
.if !defined(NOPORTDOCS)
${MKDIR} ${DOCSDIR}
.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \
@ -56,5 +59,6 @@ post-install:
| ${GREP} -v easy-rsa/Windows \
| ${CPIO} -pdmu ${DOCSDIR} )
.endif
@${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>

4
security/openvpn/distinfo
View File

@ -1,2 +1,2 @@
MD5 (openvpn-2.0.tar.gz) = 7401faebc6baee9add32608709c54eec
SIZE (openvpn-2.0.tar.gz) = 639201
MD5 (openvpn-2.0.1.tar.gz) = fad7a08c0d68371c2c0e6428bcb98fa5
SIZE (openvpn-2.0.1.tar.gz) = 662428

99
security/openvpn/files/openvpn.sh.in Normal file
View File

@ -0,0 +1,99 @@
#!/bin/sh
#
# openvpn.sh - load tun/tap driver and start OpenVPN daemon
#
# (C) Copyright 2005 by Matthias Andree
# based on suggestions by Matthias Grimm and Dirk Gouders
#
# Made in Northrhine-Westphalia, Germany
#
# $FreeBSD$
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
# Street, Fifth Floor, Boston, MA 02110-1301, USA.
# PROVIDE: openvpn
# REQUIRE: DAEMON
# BEFORE:
# KEYWORD: FreeBSD shutdown
# -----------------------------------------------------------------------------
#
# Add the following lines to /etc/rc.conf to enable openvpn at boot-up time:
#
# openvpn_enable="YES" # YES or NO
# openvpn_if="tun" # driver(s) to load, set to "tun", "tap" or "tun tap"
#
# # optional:
# openvpn_flags="" # openvpn command line flags
# openvpn_config="%%PREFIX%%/etc/openvpn/openvpn.conf" # --config file
# openvpn_dir="%%PREFIX%%/etc/openvpn" # --cd directory
#
# You also need to set openvpn_configfile and openvpn_dir, if the configuration
# file and directory where keys and certificates reside differ from the above
# settings.
#
# Note that we deliberately refrain from unloading drivers.
#
# For further documentation, please see openvpn(8).
#
. %%RC_SUBR%%
name=openvpn
rcvar=`set_rcvar`
prefix="%%PREFIX%%"
openvpn_precmd()
{
for i in $openvpn_if ; do
if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 ; then
if ! kldload if_${i} ; then
warn "Could not load $i module."
return 1
fi
fi
done
return 0
}
stop_postcmd()
{
rm -f "$pidfile" || warn "Could not remove $pidfile."
}
# support SIGHUP to reparse configuration file
extra_commands="reload"
# pidfile
pidfile="/var/run/${name}.pid"
# command and arguments
command="%%PREFIX%%/sbin/${name}"
# run this first
start_precmd="openvpn_precmd"
# and this last
stop_postcmd="stop_postcmd"
load_rc_config ${name}
: ${openvpn_enable="NO"}
: ${openvpn_flags=""}
: ${openvpn_if=""}
: ${openvpn_configfile="${prefix}/etc/openvpn/openvpn.conf"}
: ${openvpn_dir="${prefix}/etc/openvpn"}
required_files="${openvpn_configfile}"
command_args="--cd ${openvpn_dir} --daemon --config ${openvpn_configfile} --writepid ${pidfile}"
run_rc_command "$1"

19
security/openvpn/files/openvpn.sh.sample
View File

@ -1,19 +0,0 @@
#! /bin/sh
# (C) 2002 by Matthias Andree
# This file may be redistributed according to the terms of the GNU General
# Public License, version 2 (two).
# To use this script, rename it to openvpn.sh and make sure it is
# executable for the owner.
# This file rouses a security warning at port install time. However, this
# file itself does not start network services, but it loads a kernel driver.
# The security of this file therefore depends on the security of kldload and
# the if_tap driver.
case x$1 in
xstart) echo -n ' if_tap' ; exec kldload if_tap ;;
xstop) echo -n ' if_tap' ; exec kldunload if_tap ;;
*) echo >&2 "Usage: $0 {start|stop}"
esac

18
security/openvpn/files/pkg-message.in Normal file
View File

@ -0,0 +1,18 @@
### ------------------------------------------------------------------------
### The OpenVPN port, since v2.0.1, uses rcNG to start OpenVPN.
### Edit /etc/rc.conf to start OpenVPN automatically at system startup.
### See %%PREFIX%%/etc/rc.d/openvpn.sh for details.
### ------------------------------------------------------------------------
### To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, you may need to
### edit the 1.X configuration file by adding these lines:
### tun-mtu 1500
### tun-mtu-extra 32
### mssfix 1450
### key-method 2 <- this key-method line only for TLS setups
### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
### WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194!
### OpenVPN 1.6 and older used 5000 rather than 1194 as their default
### port, so add the proper port options to your configuration file!
### ------------------------------------------------------------------------
### For further compatibility, see <http://openvpn.net/relnotes.html>
### ------------------------------------------------------------------------

20
security/openvpn/pkg-message
View File

@ -1,20 +0,0 @@
### ---------------------------------------------------------------------- ###
### To use the tap driver, you may need to do: kldload if_tap ###
### See ${PREFIX}/etc/rc.d/openvpn.sh.sample for how to do this ###
### automatically at system boot-up time. ###
### ---------------------------------------------------------------------- ###
### To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, you may need to ###
### edit the 1.X configuration file by adding these lines: ###
### ###
### tun-mtu 1500 ###
### tun-mtu-extra 32 ###
### mssfix 1450 ###
### ###
### key-method 2 <- this key-method line only for TLS setups ###
### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ###
### WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194! ###
### OpenVPN 1.6 and older used 5000 rather than 1194 as their default ###
### port, so add the proper port options to your configuration file! ###
### ---------------------------------------------------------------------- ###
### For further compatibility, see <http://openvpn.net/relnotes.html> ###
### ---------------------------------------------------------------------- ###

21
security/openvpn/pkg-plist
View File

@ -1,5 +1,4 @@
sbin/openvpn
etc/rc.d/openvpn.sh.sample
%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
%%PORTDOCS%%%%DOCSDIR%%/COPYING
%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL
@ -26,6 +25,25 @@ etc/rc.d/openvpn.sh.sample
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/revoke-full
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/sign-req
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/vars
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-inter
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pass
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pkcs12
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-server
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req-pass
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl.cnf
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/scripts
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars
%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README
%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf
%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh
@ -49,5 +67,6 @@ etc/rc.d/openvpn.sh.sample
%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn
%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts
%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files
%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0
%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa
%%PORTDOCS%%@dirrm %%DOCSDIR%%

32
security/openvpn20/Makefile
View File

@ -1,21 +1,18 @@
# New ports collection makefile for: openvpn
# Date created: 2002-06-23
# Whom: Matthias Andree <matthias.andree@web.de>
# Whom: Matthias Andree <matthias.andree@gmx.de>
#
# $FreeBSD$
#
PORTNAME= openvpn
DISTVERSION= 2.0
PORTREVISION= 3
DISTVERSION= 2.0.1
CATEGORIES= security
MASTER_SITES= http://openvpn.net/release/
MAINTAINER= matthias.andree@gmx.de
COMMENT= Secure IP/Ethernet tunnel daemon
LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo
GNU_CONFIGURE= yes
USE_OPENSSL= yes
CONFIGURE_TARGET= --build=${ARCH}-portbld-freebsd${OSREL}
@ -26,25 +23,31 @@ MAN8= openvpn.8
OPTIONS= PW_SAVE "Interactive passwords may be read from a file" off
USE_RC_SUBR= openvpn.sh
SUB_FILES= pkg-message
.include <bsd.port.pre.mk>
# NOTE: there is no way to explicitly specify the LZO version to OpenVPN,
# if LZO2 and LZO1 are installed, OpenVPN will pick LZO2.
# So depend on LZO1 only if it's already there and LZO2 isn't.
# PACKAGE_BUILDING will also force LZO2.
.if exists(${LOCALBASE}/lib/liblzo2.so.2) || !exists(${LOCALBASE}/lib/liblzo.so.1) || defined(PACKAGE_BUILDING)
LIB_DEPENDS= lzo2.2:${PORTSDIR}/archivers/lzo2
.else
LIB_DEPENDS= lzo.1:${PORTSDIR}/archivers/lzo
.endif
.if defined(WITH_PW_SAVE)
CONFIGURE_ARGS+= --enable-password-save
.endif
# self-tests here
post-build:
( set -e ; cd ${WRKSRC} && \
./openvpn --genkey --secret key && \
./openvpn --test-crypto --secret key && ${RM} key )
( set -e ; cd ${WRKSRC} && { \
./openvpn --config sample-config-files/loopback-server & \
./openvpn --config sample-config-files/loopback-client ; \
wait ; })
cd ${WRKSRC} && ${MAKE} check
post-install:
${INSTALL_SCRIPT} ${FILESDIR}/openvpn.sh.sample \
${PREFIX}/etc/rc.d/openvpn.sh.sample
.if !defined(NOPORTDOCS)
${MKDIR} ${DOCSDIR}
.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \
@ -56,5 +59,6 @@ post-install:
| ${GREP} -v easy-rsa/Windows \
| ${CPIO} -pdmu ${DOCSDIR} )
.endif
@${CAT} ${PKGMESSAGE}
.include <bsd.port.post.mk>

4
security/openvpn20/distinfo
View File

@ -1,2 +1,2 @@
MD5 (openvpn-2.0.tar.gz) = 7401faebc6baee9add32608709c54eec
SIZE (openvpn-2.0.tar.gz) = 639201
MD5 (openvpn-2.0.1.tar.gz) = fad7a08c0d68371c2c0e6428bcb98fa5
SIZE (openvpn-2.0.1.tar.gz) = 662428

99
security/openvpn20/files/openvpn.sh.in Normal file
View File

@ -0,0 +1,99 @@
#!/bin/sh
#
# openvpn.sh - load tun/tap driver and start OpenVPN daemon
#
# (C) Copyright 2005 by Matthias Andree
# based on suggestions by Matthias Grimm and Dirk Gouders
#
# Made in Northrhine-Westphalia, Germany
#
# $FreeBSD$
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along with
# this program; if not, write to the Free Software Foundation, Inc., 51 Franklin
# Street, Fifth Floor, Boston, MA 02110-1301, USA.
# PROVIDE: openvpn
# REQUIRE: DAEMON
# BEFORE:
# KEYWORD: FreeBSD shutdown
# -----------------------------------------------------------------------------
#
# Add the following lines to /etc/rc.conf to enable openvpn at boot-up time:
#
# openvpn_enable="YES" # YES or NO
# openvpn_if="tun" # driver(s) to load, set to "tun", "tap" or "tun tap"
#
# # optional:
# openvpn_flags="" # openvpn command line flags
# openvpn_config="%%PREFIX%%/etc/openvpn/openvpn.conf" # --config file
# openvpn_dir="%%PREFIX%%/etc/openvpn" # --cd directory
#
# You also need to set openvpn_configfile and openvpn_dir, if the configuration
# file and directory where keys and certificates reside differ from the above
# settings.
#
# Note that we deliberately refrain from unloading drivers.
#
# For further documentation, please see openvpn(8).
#
. %%RC_SUBR%%
name=openvpn
rcvar=`set_rcvar`
prefix="%%PREFIX%%"
openvpn_precmd()
{
for i in $openvpn_if ; do
if ! sysctl debug.if_${i}_debug >/dev/null 2>&1 ; then
if ! kldload if_${i} ; then
warn "Could not load $i module."
return 1
fi
fi
done
return 0
}
stop_postcmd()
{
rm -f "$pidfile" || warn "Could not remove $pidfile."
}
# support SIGHUP to reparse configuration file
extra_commands="reload"
# pidfile
pidfile="/var/run/${name}.pid"
# command and arguments
command="%%PREFIX%%/sbin/${name}"
# run this first
start_precmd="openvpn_precmd"
# and this last
stop_postcmd="stop_postcmd"
load_rc_config ${name}
: ${openvpn_enable="NO"}
: ${openvpn_flags=""}
: ${openvpn_if=""}
: ${openvpn_configfile="${prefix}/etc/openvpn/openvpn.conf"}
: ${openvpn_dir="${prefix}/etc/openvpn"}
required_files="${openvpn_configfile}"
command_args="--cd ${openvpn_dir} --daemon --config ${openvpn_configfile} --writepid ${pidfile}"
run_rc_command "$1"

19
security/openvpn20/files/openvpn.sh.sample
View File

@ -1,19 +0,0 @@
#! /bin/sh
# (C) 2002 by Matthias Andree
# This file may be redistributed according to the terms of the GNU General
# Public License, version 2 (two).
# To use this script, rename it to openvpn.sh and make sure it is
# executable for the owner.
# This file rouses a security warning at port install time. However, this
# file itself does not start network services, but it loads a kernel driver.
# The security of this file therefore depends on the security of kldload and
# the if_tap driver.
case x$1 in
xstart) echo -n ' if_tap' ; exec kldload if_tap ;;
xstop) echo -n ' if_tap' ; exec kldunload if_tap ;;
*) echo >&2 "Usage: $0 {start|stop}"
esac

18
security/openvpn20/files/pkg-message.in Normal file
View File

@ -0,0 +1,18 @@
### ------------------------------------------------------------------------
### The OpenVPN port, since v2.0.1, uses rcNG to start OpenVPN.
### Edit /etc/rc.conf to start OpenVPN automatically at system startup.
### See %%PREFIX%%/etc/rc.d/openvpn.sh for details.
### ------------------------------------------------------------------------
### To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, you may need to
### edit the 1.X configuration file by adding these lines:
### tun-mtu 1500
### tun-mtu-extra 32
### mssfix 1450
### key-method 2 <- this key-method line only for TLS setups
### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
### WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194!
### OpenVPN 1.6 and older used 5000 rather than 1194 as their default
### port, so add the proper port options to your configuration file!
### ------------------------------------------------------------------------
### For further compatibility, see <http://openvpn.net/relnotes.html>
### ------------------------------------------------------------------------

20
security/openvpn20/pkg-message
View File

@ -1,20 +0,0 @@
### ---------------------------------------------------------------------- ###
### To use the tap driver, you may need to do: kldload if_tap ###
### See ${PREFIX}/etc/rc.d/openvpn.sh.sample for how to do this ###
### automatically at system boot-up time. ###
### ---------------------------------------------------------------------- ###
### To get OpenVPN 2.0 to talk with the 1.5/1.6 versions, you may need to ###
### edit the 1.X configuration file by adding these lines: ###
### ###
### tun-mtu 1500 ###
### tun-mtu-extra 32 ###
### mssfix 1450 ###
### ###
### key-method 2 <- this key-method line only for TLS setups ###
### - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ###
### WARNING: THE DEFAULT PORT HAS CHANGED AND IS NOW 1194! ###
### OpenVPN 1.6 and older used 5000 rather than 1194 as their default ###
### port, so add the proper port options to your configuration file! ###
### ---------------------------------------------------------------------- ###
### For further compatibility, see <http://openvpn.net/relnotes.html> ###
### ---------------------------------------------------------------------- ###

21
security/openvpn20/pkg-plist
View File

@ -1,5 +1,4 @@
sbin/openvpn
etc/rc.d/openvpn.sh.sample
%%PORTDOCS%%%%DOCSDIR%%/AUTHORS
%%PORTDOCS%%%%DOCSDIR%%/COPYING
%%PORTDOCS%%%%DOCSDIR%%/COPYRIGHT.GPL
@ -26,6 +25,25 @@ etc/rc.d/openvpn.sh.sample
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/revoke-full
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/sign-req
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/vars
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/README
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-ca
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-dh
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-inter
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pass
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-pkcs12
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-key-server
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/build-req-pass
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/clean-all
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/inherit-inter
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/list-crl
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/openssl.cnf
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/pkitool
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/revoke-full
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/scripts
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/sign-req
%%PORTDOCS%%%%DOCSDIR%%/easy-rsa/2.0/vars
%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/README
%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/client.conf
%%PORTDOCS%%%%DOCSDIR%%/sample-config-files/firewall.sh
@ -49,5 +67,6 @@ etc/rc.d/openvpn.sh.sample
%%PORTDOCS%%%%DOCSDIR%%/sample-scripts/verify-cn
%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-scripts
%%PORTDOCS%%@dirrm %%DOCSDIR%%/sample-config-files
%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa/2.0
%%PORTDOCS%%@dirrm %%DOCSDIR%%/easy-rsa
%%PORTDOCS%%@dirrm %%DOCSDIR%%