cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Send net/pptp to the attic. It requires an MPPE-capable ppp client

Browse Source 
which we don't have in base anymore. No objections from ports@
This commit is contained in:
stsp 2014-10-08 16:44:58 +00:00
parent 44e5fb60b5
commit 9e98b20e96
13 changed files with 0 additions and 594 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
net/pptp/Makefile
View File

@ -1,34 +0,0 @@
# $OpenBSD: Makefile,v 1.29 2013/11/07 07:09:00 ajacoutot Exp $
COMMENT= PPTP client package for Microsoft VPN servers
DISTNAME= pptp-1.7.2
REVISION= 4
CATEGORIES= net
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=pptpclient/}
HOMEPAGE= http://pptpclient.sf.net
MAINTAINER= Stefan Sperling <stsp@openbsd.org>
# GPL
PERMIT_PACKAGE_CDROM= Yes
WANTLIB= c util
NO_TEST= Yes
MAKE_ENV+= PPPD=/usr/sbin/ppp
CFLAGS+= -DUSER_PPP
post-patch:
@cd ${WRKSRC}; sed -e s,PREFIX,${PREFIX}, < \
${FILESDIR}/pptp_8 > pptp.8
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/pptp ${PREFIX}/sbin
${INSTALL_MAN} ${WRKSRC}/pptp.8 ${PREFIX}/man/man8
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/pptp
${INSTALL_DATA} ${WRKSRC}/PROTOCOL-SECURITY ${PREFIX}/share/doc/pptp/
.include <bsd.port.mk>

5
net/pptp/distinfo
View File

@ -1,5 +0,0 @@
MD5 (pptp-1.7.2.tar.gz) = TD0ZKGo3RZpjLHEoySqYVw==
RMD160 (pptp-1.7.2.tar.gz) = //R+8sNUawbGnCfbAb7r7X5s2ks=
SHA1 (pptp-1.7.2.tar.gz) = EAfrHU0hYp+rOQkD6LOU1hV7SYM=
SHA256 (pptp-1.7.2.tar.gz) = 6YrgBl0qOfoxMWVP8oy3Bw6Zb2aO1tDn2aRFuNN2lLw=
SIZE (pptp-1.7.2.tar.gz) = 81113

345
net/pptp/files/pptp_8
View File

@ -1,345 +0,0 @@
.\" $OpenBSD: pptp_8,v 1.9 2010/04/24 12:09:43 schwarze Exp $
.\" Manual page for pptp-1.1.0
.\" Information gleaned from USING file in the distribution
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
.\" IP indented paragraph
.\" TP hanging label
.Dd April 9, 2000
.Dt pptp 8
.Os
.Sh NAME
.Nm pptp
.Nd Point-to-Point Tunneling Protocol daemon
.Sh SYNOPSIS
.Nm
.Ar hostname
.Op Fl -version
.Op Fl -phone Ar number
.Op Fl -nolaunchpppd
.Op Fl -quirks Ar quirk
.Op Fl -debug
.Op Fl -sync
.Op Fl -timeout Ar secs
.Op Fl -nobuffer
.Op Fl -idle-wait Ar time
.Op Fl -max-echo-wait Ar time
.Op Fl -logstring Ar name
.Op Fl -localbind Ar addr
.Op Fl -loglevel Ar level
.Op Ar ppp options
.Sh DESCRIPTION
.Nm
manages
a virtual private network (VPN) connection using Microsoft
PPTP protocols using IP GRE tunneling protocols.
.Nm
uses
.Xr ppp 8
on a pseudo-tty
to negotiate the connection with MS-CHAP authentication.
.Pp
Because
.Nm
uses GRE, the net.inet.gre.allow sysctl needs to be enabled.
.Nm
will automatically try to enable this sysctl on startup.
.Pp
The
.Ar hostname
parameter specifies which host should be contacted as the PPTP server.
.Pp
.Op Ar ppp options
are passed on to
.Xr ppp 8
and typically include a remote username or a file containing options.
.Pp
.Nm
must be run as root.
.Pp
.Nm
accepts the following options:
.Bl -tag -width Ds
.It Fl -version
Display version number and exit.
.It Fl -phone Ar number
Pass
.Ar number
to remote host as phone number.
.It Fl -nolaunchpppd
Do not launch a ppp daemon, for use as a ppp daemon pty.
.It Fl -quirks Ar quirk
Some ADSL providers and some ADSL hardware are buggy or not conforming
to the RFC, and require special handling.
To this end,
.Nm
supports a 'quirks' mechanism.
Currently, only '--quirks BEZEQ_ISRAEL' is defined, for connecting to
Bezeq (the Israeli phone company) ADSL service.
Only some of the equipment used by Bezeq needs this option, but even
the equipment that does not need it works fine with it.
.It Fl -debug
Run in foreground (for debugging with gdb).
.It Fl -sync
Enable Synchronous HDLC.
.Xr ppp 8
must use it, too.
.It Fl -timeout Ar secs
Time to wait for reordered packets (0.01 to 10 secs).
.It Fl -nobuffer
Disable packet buffering and reordering completely
.It Fl -idle-wait Ar secs
Time to wait before sending echo request.
.It Fl -max-echo-wait Ar secs
Time to wait before giving up on lack of reply.
This option
seems to be unimplemented, because the flag can be set but is
never evaluated (look at pptp_ctrl.c) \(em dead, unused code?
.It Fl -logstring Ar name
Use
.Ar name
instead of
.Dq anon
in syslog messages.
.It Fl -localbind Ar addr
Bind to specified IP address instead of wildcard.
.It Fl -loglevel Ar level
Sets the debugging level (0=low, 1=default, 2=high).
.El
.Sh EXAMPLES
.Ss PPTP on a stand-alone VPN client
This example assumes that you want to use
.Nm
to connect
to a VPN and use the VPN connection as your default route.
Let us assume that the PPTP server is called pptp.example.net.
.Pp
First, edit
.Pa /etc/ppp/ppp.conf
and add an entry for the VPN connection.
See
.Xr ppp 8
for details on the format of this file.
.Bd -literal
vpn:
set device "!/usr/local/sbin/pptp --nolaunchpppd pptp.example.net"
set authname User
set authkey MySecret
set mppe 128 stateless
.Ed
.Pp
Next, you need to configure routing in
.Pa /etc/ppp/ppp.linkup :
.Bd -literal
vpn:
add! default HISADDR
.Ed
.Pp
If pptp.example.net does not reside on the local network,
we have to add a host route pointing to pptp.example.net in order to
avoid a chicken-and-egg problem once the default route is set to
the VPN tunnel.
Assuming the standard default route is 192.168.1.1:
.Pp
.Pa /etc/ppp/ppp.linkup :
.Bd -literal
vpn:
add pptp.example.net 192.168.1.1
add! default HISADDR
.Ed
.Pp
If your default route is not fixed, for example if you connect
to the VPN from many different networks while on the road,
use a script to figure out the current default route and add the
host route to the VPN gateway.
For example:
.Pp
.Pa /etc/ppp/vpn-default-route.sh :
.Bd -literal
#!/bin/sh
gw=`netstat -rn -f inet | grep ^default | awk '{print $2};'`
/sbin/route add -host pptp.example.net ${gw}
.Ed
.Pp
Call the script from
.Pa /etc/ppp/ppp.linkup :
.Bd -literal
vpn:
! sh /etc/ppp/vpn-default-route.sh
add default HISADDR
.Ed
.Pp
Make sure the changes to the routing table are reversed in
.Pa /etc/ppp/ppp.linkdown :
.Bd -literal
vpn:
delete pptp.example.net
.Ed
.Pp
Restoring the previous default route in
.Pa /etc/ppp/ppp.linkdown
is left as an exercise for the reader.
On a laptop it is usually
enough to issue a DHCP request to restore the routing table
after the VPN connection is terminated.
.Pp
Connect by running:
.Dl ppp -ddial vpn
.Pp
To terminate the connection, kill the ppp process.
It creates a PID file in
.Pa /var/run/tunX.pid ,
where X is the number of the tun device used.
.Ss PPTP on a router
This example assumes that you want to configure a router running
OpenBSD to provide PPTP VPN access to a remote network for all hosts
on your internal network.
.Pp
Let us assume that the VPN server is called pptp.example.net,
and that the default route of our OpenBSD box is 192.168.1.1.
The remote network shall be 10.42.0.0/16; we want all traffic to
this network to go through the VPN tunnel.
.Pp
First, edit
.Pa /etc/ppp/ppp.conf
and add an entry for the VPN connection.
See
.Xr ppp 8
for details on the format of this file.
.Bd -literal
default:
set log Phase Chat LCP IPCP CCP tun command
vpn:
set device "!/usr/local/sbin/pptp --nolaunchpppd pptp.example.net"
set authname User
set authkey MySecret
set mppe 128 stateless
.Ed
.Pp
Next, you need to configure routing in
.Pa /etc/ppp/ppp.linkup .
We also load
.Xr pf 4
anchors for the vpn interface here.
More on that later.
.Pp
.Pa /etc/ppp/ppp.linkup :
.Bd -literal
vpn:
add 10.42.0.0/16 HISADDR
! sh -c "/sbin/pfctl -a vpn -f /etc/pf.conf.vpn"
.Ed
.Pp
If pptp.example.net resides inside 10.42.0.0/16, we have to add a host
route pointing to pptp.example.net in order to avoid a chicken-and-egg
problem once packets to 10.42.0.0/16 are routed through the tunnel.
.Pp
.Pa /etc/ppp/ppp.linkup :
.Bd -literal
vpn:
add pptp.example.net 192.168.1.1
add 10.42.0.0/16 HISADDR
! sh -c "/sbin/pfctl -a vpn -f /etc/pf.conf.vpn"
.Ed
.Pp
If your default route is not fixed, for example if your ISP does not
always assign the same gateway to you, use a script to figure out
the current default route and add the host route to the VPN gateway.
For example:
.Pp
.Pa /etc/ppp/vpn-default-route.sh :
.Bd -literal
#!/bin/sh
gw=`netstat -rn -f inet | grep ^default | awk '{print $2};'`
/sbin/route add -host pptp.example.net ${gw}
.Ed
.Pp
Call the script from
.Pa /etc/ppp/ppp.linkup :
.Bd -literal
vpn:
! sh /etc/ppp/vpn-default-route.sh
add 10.42.0.0/16 HISADDR
! sh -c "/sbin/pfctl -a vpn -f /etc/pf.conf.vpn"
.Ed
.Pp
Make sure the changes to the routing table are
reversed when the VPN connection drops:
.Pp
.Pa /etc/ppp/ppp.linkdown:
.Bd -literal
vpn:
! sh -c "/sbin/pfctl -a vpn -F all"
delete 10.42.0.0/16
delete pptp.example.net
.Ed
.Pp
To make
.Xr pf 4
aware of the vpn anchors, put the following line into the file
.Pa /etc/pf.conf :
.Bd -literal
anchor vpn
.Ed
.Pp
See
.Xr pf.conf 5
for details on the format of this file.
.Pp
Now define vpn anchor rules in
.Pa /etc/pf.conf.vpn ,
for example:
.Bd -literal
int_if=xl0
vpn_if=tun0
# NAT packets from our internal network to the VPN interface address
match out on $vpn_if from $int_if:network to any nat-to ($vpn_if)
block drop on $vpn_if
pass out on $vpn_if
# Allow ping from remote, and explicitly make sure our replies are
# routed back through the tunnel.
pass in on $vpn_if reply-to ($vpn_if pptp.example.net) \e
inet proto icmp icmp-type echoreq keep state
# Same for ssh.
pass in on $vpn_if reply-to ($vpn_if pptp.example.net) proto tcp \e
from any to ($vpn_if) port ssh flags S/SA keep state
.Ed
.Pp
Connect by running:
.Dl ppp -unit0 -ddial vpn
.Pp
The -unit0 option makes sure ppp configures tun0 as the VPN
connection end point, and not some other tun device.
The packet filter rules configured above assume tun0 as the
VPN connection end point.
.Pp
To terminate the connection, kill the ppp process.
It creates a PID file in
.Pa /var/run/tunX.pid ,
where X is the number of the tun device used.
.Sh FILES
.Pa /var/run/pptp/<ip-address>
is created as a socket.
It is used for communicating with an existing
PPTP call manager for a given remote server host.
.Sh CAVEATS
The PPTP protocol is insecure.
.Sh SEE ALSO
.Xr gre 4 ,
.Xr pf 4 ,
.Xr pf.conf 5 ,
.Xr ppp 8 ,
.Pa PREFIX/share/doc/pptp/PROTOCOL-SECURITY .
.Sh HISTORY
This man page appeared first in
.Nx Ns 's pptp package.
.Sh AUTHORS
.An Stefan Sperling Aq stsp@openbsd.org ,
.An C. Scott Ananian Aq cananian@alumni.princeton.edu ,
.An John Kohl Aq jtk@NetBSD.org
(patches and original man page).

40
net/pptp/patches/patch-Makefile
View File

@ -1,40 +0,0 @@
$OpenBSD: patch-Makefile,v 1.8 2010/07/14 11:04:15 sthen Exp $
--- Makefile.orig Wed May 14 08:33:55 2008
+++ Makefile Tue Jul 13 23:52:52 2010
@@ -4,19 +4,19 @@ RELEASE=
#################################################################
# CHANGE THIS LINE to point to the location of your pppd binary.
-PPPD = /usr/sbin/pppd
+PPPD?= /usr/sbin/pppd
#################################################################
BINDIR=$(DESTDIR)/usr/sbin
MANDIR=$(DESTDIR)/usr/share/man/man8
PPPDIR=$(DESTDIR)/etc/ppp
-CC = gcc
+CC? = gcc
RM = rm -f
OPTIMIZE= -O0
DEBUG = -g
INCLUDE =
-CFLAGS = -Wall $(OPTIMIZE) $(DEBUG) $(INCLUDE)
+CFLAGS? = -Wall $(OPTIMIZE) $(DEBUG) $(INCLUDE)
LIBS = -lutil
# Solaris 10
# LIBS = -lnsl -lsocket -lresolv
@@ -29,11 +29,11 @@ PPTP_BIN = pptp
PPTP_OBJS = pptp.o pptp_gre.o ppp_fcs.o \
pptp_ctrl.o dirutil.o vector.o \
inststr.o util.o version.o test.o \
- pptp_quirks.o orckit_quirks.o pqueue.o pptp_callmgr.o routing.o \
+ pptp_quirks.o orckit_quirks.o pqueue.o pptp_callmgr.o \
pptp_compat.o
PPTP_DEPS = pptp_callmgr.h pptp_gre.h ppp_fcs.h util.h test.h \
- pptp_quirks.h orckit_quirks.h config.h pqueue.h routing.h
+ pptp_quirks.h orckit_quirks.h config.h pqueue.h
all: config.h $(PPTP_BIN) pptpsetup.8

23
net/pptp/patches/patch-inststr_c
View File

@ -1,23 +0,0 @@
$OpenBSD: patch-inststr_c,v 1.3 2009/03/08 21:57:24 stsp Exp $
--- inststr.c.orig Wed May 14 07:33:55 2008
+++ inststr.c Thu Mar 5 23:07:12 2009
@@ -20,7 +20,7 @@ inststr(int argc, char **argv, char **environ, char *s
for (ptr = argv[0]; *ptr; *(ptr++) = '\0');
- strcpy(argv[0], src);
+ strlcpy(argv[0], src, sizeof(argv[0]));
} else
{
/* Stolen from the source to perl 4.036 (assigning to $0) */
@@ -31,8 +31,9 @@ inststr(int argc, char **argv, char **environ, char *s
/* than lower numbered elements. */
char *ptr, *ptr2;
int count;
+ int aligned;
UL mask = ~(UL)(PTRSIZE == 4 ? 3 : PTRSIZE == 8 ? 7 : PTRSIZE == 16 ? 15 : 0);
- int aligned = (mask < ~(UL)0) && (((UL)(argv[0]) & mask) == (UL)(argv[0]));
+ aligned = (mask < ~(UL)0) && (((UL)(argv[0]) & mask) == (UL)(argv[0]));
ptr = argv[0] + strlen(argv[0]);
if (argv[argc - 1] >= argv[1]) {
/* argv pointers in ascending memory order */

33
net/pptp/patches/patch-pptp_c
View File

@ -1,33 +0,0 @@
$OpenBSD: patch-pptp_c,v 1.1 2009/03/08 21:57:24 stsp Exp $
--- pptp.c.orig Thu Mar 5 22:54:51 2009
+++ pptp.c Thu Mar 5 22:56:53 2009
@@ -193,6 +193,7 @@ int main(int argc, char **argv, char **envp)
* '\0' */
char * volatile phonenr = NULL;
volatile int launchpppd = 1, debug = 0;
+ char *tty_name;
while(1){
/* structure with all recognised options for pptp */
@@ -391,7 +392,7 @@ int main(int argc, char **argv, char **envp)
file2fd("/dev/null", "wb", STDERR_FILENO);
}
- char *tty_name = ttyname(tty_fd);
+ tty_name = ttyname(tty_fd);
snprintf(buf, sizeof(buf), "pptp: GRE-to-PPP gateway on %s",
tty_name ? tty_name : "(null)");
#ifdef PR_SET_NAME
@@ -494,9 +495,11 @@ void launch_callmgr(struct in_addr inetaddr, char *pho
{
char *my_argv[3] = { argv[0], inet_ntoa(inetaddr), phonenr };
char buf[128];
- snprintf(buf, sizeof(buf), "pptp: call manager for %s", my_argv[1]);
#ifdef PR_SET_NAME
int rc;
+#endif
+ snprintf(buf, sizeof(buf), "pptp: call manager for %s", my_argv[1]);
+#ifdef PR_SET_NAME
rc = prctl(PR_SET_NAME, "pptpcm", 0, 0, 0);
if (rc != 0) perror("prctl");
#else

20
net/pptp/patches/patch-pptp_callmgr_c
View File

@ -1,20 +0,0 @@
$OpenBSD: patch-pptp_callmgr_c,v 1.2 2010/07/14 11:04:15 sthen Exp $
--- pptp_callmgr.c.orig Wed May 14 08:33:55 2008
+++ pptp_callmgr.c Tue Jul 13 23:52:46 2010
@@ -25,7 +25,6 @@
#include "dirutil.h"
#include "vector.h"
#include "util.h"
-#include "routing.h"
extern struct in_addr localbind; /* from pptp.c */
@@ -120,8 +119,6 @@ int callmgr_main(int argc, char **argv, char **envp)
phonenr = argc == 3 ? argv[2] : NULL;
if (inet_aton(argv[1], &inetaddr) == 0)
fatal("Invalid IP address: %s", argv[1]);
- routing_init(inet_ntoa(inetaddr));
- routing_start();
/* Step 1: Open sockets. */
if ((inet_sock = open_inetsock(inetaddr)) < 0)
fatal("Could not open control connection to %s", argv[1]);

11
net/pptp/patches/patch-pptp_compat_c
View File

@ -1,11 +0,0 @@
$OpenBSD: patch-pptp_compat_c,v 1.1 2008/11/11 16:23:26 naddy Exp $
--- pptp_compat.c.orig Sat Sep 20 17:47:33 2008
+++ pptp_compat.c Sat Sep 20 17:47:36 2008
@@ -7,7 +7,6 @@
#include <fcntl.h>
#include <sys/types.h>
#include <unistd.h>
-#include <stropts.h>
#include <stdlib.h>
#include <strings.h>
#include "pptp_compat.h"

51
net/pptp/patches/patch-pptp_gre_c
View File

@ -1,51 +0,0 @@
$OpenBSD: patch-pptp_gre_c,v 1.3 2012/06/25 14:06:26 naddy Exp $
--- pptp_gre.c.orig Wed May 14 00:33:55 2008
+++ pptp_gre.c Mon Jun 25 07:49:13 2012
@@ -11,6 +11,9 @@
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/time.h>
+#include <sys/param.h>
+#include <sys/sysctl.h>
+#include <netinet/ip_gre.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
@@ -78,12 +81,36 @@ uint64_t time_now_usecs()
return (tv.tv_sec * 1000000) + tv.tv_usec;
}
+static int set_gre_sysctl(int value)
+{
+ int mib[4];
+
+ /* "net.inet.gre.allow" */
+ mib[0] = CTL_NET;
+ mib[1] = PF_INET;
+ mib[2] = IPPROTO_GRE;
+ mib[3] = GRECTL_ALLOW;
+
+ if (sysctl(mib, 4, NULL, 0, &value, sizeof(value)) == -1)
+ return 0;
+ return 1;
+}
+
/*** Open IP protocol socket **************************************************/
int pptp_gre_bind(struct in_addr inetaddr)
{
struct sockaddr_in src_addr, loc_addr;
extern struct in_addr localbind;
- int s = socket(AF_INET, SOCK_RAW, PPTP_PROTO);
+ int s;
+
+ /* On OpenBSD, we need to enable GRE via sysctl before
+ * it can be used. */
+ if (! set_gre_sysctl(1)) {
+ warn("Could not enable net.inet.gre.allow sysctl");
+ return -1;
+ }
+
+ s = socket(AF_INET, SOCK_RAW, PPTP_PROTO);
if (s < 0) { warn("socket: %s", strerror(errno)); return -1; }
if (localbind.s_addr != INADDR_NONE) {
bzero(&loc_addr, sizeof(loc_addr));

12
net/pptp/patches/patch-util_c
View File

@ -1,12 +0,0 @@
$OpenBSD: patch-util_c,v 1.3 2007/10/23 22:13:38 naddy Exp $
--- util.c.orig Tue Sep 18 07:22:28 2007
+++ util.c Tue Sep 18 07:22:35 2007
@@ -45,7 +45,7 @@ static void close_log(void)
void _log(const char *func, const char *file, int line, const char *format, ...)
{
MAKE_STRING("log");
- syslog(LOG_NOTICE, "%s", string);
+ syslog(LOG_INFO, "%s", string);
}
/*** print a warning to syslog ************************************************/

4
net/pptp/pkg/DESCR
View File

@ -1,4 +0,0 @@
PPTP Client is a client for the proprietary Microsoft Point-to-Point
Tunneling Protocol. It connects to PPTP-based Virtual Private Networks
as used by some universities, companies and cable and ADSL internet
service providers.

6
net/pptp/pkg/PLIST
View File

@ -1,6 +0,0 @@
@comment $OpenBSD: PLIST,v 1.9 2013/11/07 07:09:00 ajacoutot Exp $
@man man/man8/pptp.8
@bin sbin/pptp
share/doc/pkg-readmes/${FULLPKGNAME}
share/doc/pptp/
share/doc/pptp/PROTOCOL-SECURITY

10
net/pptp/pkg/README
View File

@ -1,10 +0,0 @@
$OpenBSD: README,v 1.1 2013/11/07 07:09:00 ajacoutot Exp $
+-----------------------------------------------------------------------
| Running ${FULLPKGNAME} on OpenBSD
+-----------------------------------------------------------------------
PPTP IS NOT SECURE, for more information see:
${TRUEPREFIX}/share/doc/pptp/PROTOCOL-SECURITY
http://www.schneier.com/pptp.html
http://www.counterpane.com/pptp.html