import ports/net/tinc, from Rafael Sadowski with tweaks from jca and myself

OK jca tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. Because the tunnel appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This tunnelling allows VPN sites to share information with each other over the Internet without exposing any information to others. A single tinc daemon can accept more than one connection at a time, thus making it possible to create larger virtual networks, because some limitations are circumvented. Instead of most other VPN implementations, tinc encapsulates each network packet in its own UDP packet, instead of encapsulating all into one TCP or even PPP over TCP stream. This results in lower latencies, less overhead, and in general better responsiveness and throughput.
2015-11-03 20:07:47 +00:00 · 2015-11-03 20:07:47 +00:00 · cba269f89d
commit cba269f89d
parent 16a3c77f39
7 changed files with 147 additions and 0 deletions
--- a/net/tinc/Makefile
+++ b/net/tinc/Makefile
@ -0,0 +1,34 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2015/11/03 20:07:47 sthen Exp $
+
+COMMENT =		Virtual Private Network (VPN) daemon
+DISTNAME =		tinc-1.0.26
+CATEGORIES =		net security
+
+HOMEPAGE =		http://www.tinc-vpn.org/
+
+MAINTAINER =		Rafael Sadowski <rafael@sizeofvoid.org>
+
+# GPLv2+
+PERMIT_PACKAGE_CDROM =	Yes
+
+WANTLIB += c crypto lzo2 z
+
+MASTER_SITES =		http://www.tinc-vpn.org/packages/
+
+LIB_DEPENDS +=		archivers/lzo2
+
+CONFIGURE_STYLE = 	gnu
+
+CONFIGURE_ENV =		CPPFLAGS="-I${LOCALBASE}/include" \
+			LDFLAGS="-L${LOCALBASE}/lib"
+
+post-extract:
+	cd ${WRKSRC}/doc && tar xzf sample-config.tar.gz
+
+post-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/examples/tinc
+	cp -r ${WRKSRC}/doc/sample-config/* ${PREFIX}/share/examples/tinc/
+	chown -R ${SHAREOWN}:${SHAREGRP} ${PREFIX}/share/examples/tinc/
+	chmod -R u=rwX,go=rX ${PREFIX}/share/examples/tinc/*
+
+.include <bsd.port.mk>
--- a/net/tinc/distinfo
+++ b/net/tinc/distinfo
@ -0,0 +1,2 @@
+SHA256 (tinc-1.0.26.tar.gz) = K0MZ3bO9KGfnJTKiM/ZApYwvTYPxCIGDrlRLJoZGuiE=
+SIZE (tinc-1.0.26.tar.gz) = 473681
--- a/net/tinc/patches/patch-doc_sample-config_tinc_conf
+++ b/net/tinc/patches/patch-doc_sample-config_tinc_conf
@ -0,0 +1,15 @@
+$OpenBSD: patch-doc_sample-config_tinc_conf,v 1.1.1.1 2015/11/03 20:07:47 sthen Exp $
+--- doc/sample-config/tinc.conf.orig	Mon Nov  2 21:58:56 2015
+++ doc/sample-config/tinc.conf	Mon Nov  2 21:59:17 2015
+@@ -16,7 +16,7 @@ Name = alpha
+ ConnectTo = beta
+ 
+ # The tap device tinc will use.
+-# Default is /dev/tap0 for ethertap or FreeBSD,
+-# /dev/tun0 for Solaris and OpenBSD,
+-# and /dev/net/tun for Linux tun/tap device.
+-Device = /dev/net/tun
+# /dev/tap0 for ethertap, FreeBSD or OpenBSD
+# /dev/tun0 for Solaris
+# /dev/net/tun for Linux tun/tap
+Device = /dev/tap0
--- a/net/tinc/patches/patch-doc_tinc_texi
+++ b/net/tinc/patches/patch-doc_tinc_texi
@ -0,0 +1,35 @@
+$OpenBSD: patch-doc_tinc_texi,v 1.1.1.1 2015/11/03 20:07:47 sthen Exp $
+--- doc/tinc.texi.orig	Mon Nov  2 21:03:47 2015
+++ doc/tinc.texi	Mon Nov  2 21:05:57 2015
+@@ -268,12 +268,7 @@ The tap driver can be loaded with @code{kldload if_tap
+ @node       Configuration of OpenBSD kernels
+ @subsection Configuration of OpenBSD kernels
+ 
+-For OpenBSD version 2.9 and higher,
+-the tun driver is included in the default kernel configuration.
+-There is also a kernel patch from @uref{http://diehard.n-r-g.com/stuff/openbsd/}
+-which adds a tap device to OpenBSD which should work with tinc,
+-but with recent versions of OpenBSD,
+-a tun device can act as a tap device by setting the link0 option with ifconfig.
+The tun and tap drivers are included in the default kernel configuration.
+ 
+ 
+ @c ==================================================================
+@@ -2054,7 +2049,7 @@ In switch or hub modes ARP does work so the sender alr
+ In those modes every interface should have a unique MAC address, so make sure they are not the same.
+ Because switch and hub modes rely on MAC addresses to function correctly,
+ these modes cannot be used on the following operating systems which don't have a `tap' style virtual network device:
+-OpenBSD, NetBSD, Darwin and Solaris.
+NetBSD, Darwin and Solaris.
+ 
+ 
+ @c ==================================================================
+@@ -2481,8 +2476,6 @@ For IPv6 addresses:
+ On some platforms, when running tinc in switch mode, the VPN interface must be set to tap mode with an ifconfig command:
+ 
+ @multitable {Darwin (Mac OS X)} {ifconfig route add -bla network address netmask netmask prefixlength interface}
+-@item OpenBSD
+-@tab @code{ifconfig} @var{interface} @code{link0}
+ @end multitable
+ 
+ On Linux, it is possible to create a persistent tun/tap interface which will
--- a/net/tinc/pkg/DESCR
+++ b/net/tinc/pkg/DESCR
@ -0,0 +1,16 @@
+tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and
+encryption to create a secure private network between hosts on the Internet.
+
+Because the tunnel appears to the IP level network code as a normal network
+device, there is no need to adapt any existing software.  This tunnelling
+allows VPN sites to share information with each other over the Internet
+without exposing any information to others.
+
+A single tinc daemon can accept more than one connection at a time, thus
+making it possible to create larger virtual networks, because some
+limitations are circumvented.
+
+Instead of most other VPN implementations, tinc encapsulates each network
+packet in its own UDP packet, instead of encapsulating all into one TCP or
+even PPP over TCP stream. This results in lower latencies, less overhead,
+and in general better responsiveness and throughput.
--- a/net/tinc/pkg/PLIST
+++ b/net/tinc/pkg/PLIST
@ -0,0 +1,35 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2015/11/03 20:07:47 sthen Exp $
+@newgroup _tinc:759
+@newuser _tinc:759:_tinc:daemon:tinc user:/var/empty:/sbin/nologin
+@info info/tinc.info
+@man man/man5/tinc.conf.5
+@man man/man8/tincd.8
+@bin sbin/tincd
+share/examples/tinc/
+share/examples/tinc/hosts/
+@owner root
+@group _tinc
+@mode 750
+@sample ${SYSCONFDIR}/tinc/
+@sample ${SYSCONFDIR}/tinc/example/
+@sample ${SYSCONFDIR}/tinc/example/hosts/
+@mode 600
+share/examples/tinc/hosts/alpha
+@sample ${SYSCONFDIR}/tinc/example/hosts/alpha
+share/examples/tinc/hosts/beta
+@sample ${SYSCONFDIR}/tinc/example/hosts/beta
+share/examples/tinc/rsa_key.priv
+@sample ${SYSCONFDIR}/tinc/example/rsa_key.priv
+@owner root
+@group _tinc
+@mode 750
+share/examples/tinc/tinc-down
+@sample ${SYSCONFDIR}/tinc/example/tinc-down
+share/examples/tinc/tinc-up
+@sample ${SYSCONFDIR}/tinc/example/tinc-up
+share/examples/tinc/tinc.conf
+@sample ${SYSCONFDIR}/tinc/example/tinc.conf
+@owner
+@group
+@mode
+@rcscript ${RCDIR}/tincd
--- a/net/tinc/pkg/tincd.rc
+++ b/net/tinc/pkg/tincd.rc
@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# $OpenBSD: tincd.rc,v 1.1.1.1 2015/11/03 20:07:47 sthen Exp $
+
+daemon="${TRUEPREFIX}/sbin/tincd"
+daemon_flags="-U _tinc --chroot --net=example"
+
+. /etc/rc.d/rc.subr
+
+rc_cmd $1