Update of /cvsroot/leaf/src/bering-uclibc4/source/openvpn
In directory sfp-cvsdas-2.v30.ch3.sourceforge.com:/tmp/cvs-serv29406
Added Files:
buildtool.cfg buildtool.mk openvpn-2.1.3.tar.gz
openvpn.default openvpn.ifdown openvpn.ifup openvpn.init
Log Message:
new upstream version 2.1.3
--- NEW FILE: openvpn.ifup ---
#!/bin/sh
OPENVPN=/etc/init.d/openvpn
if [ ! -x $OPENVPN ]; then
exit 0
fi
if [ -n "$IF_OPENVPN" ]; then
$OPENVPN start $IF_OPENVPN
fi
--- NEW FILE: openvpn.ifdown ---
#!/bin/sh
OPENVPN=/etc/init.d/openvpn
if [ ! -x $OPENVPN ]; then
exit 0
fi
if [ -n "$IF_OPENVPN" ]; then
$OPENVPN stop $IF_OPENVPN
fi
--- NEW FILE: openvpn.default ---
# This is the configuration file for /etc/init.d/openvpn
#
# Start only these VPNs automatically via init script.
# Allowed values are "all", "none" or space separated list of
# names of the VPNs. If empty, "all" is assumed.
#
#AUTOSTART="all"
#AUTOSTART="none"
#AUTOSTART="client server"
#
# Refresh interval (in seconds) of default status files
# located in /var/run/openvpn.$NAME.status
# Defaults to 10, 0 disables status file generation
#
#STATUSREFRESH=10
#STATUSREFRESH=0
--- NEW FILE: buildtool.mk ---
include $(MASTERMAKEFILE)
# setup for openvpn 2.0
# based on the setup for 1.6 with enhancements for 2.0
# and changes by Charles Duffy
OPENVPN_DIR:=openvpn-2.1.3
OPENVPN_TARGET_DIR:=$(BT_BUILD_DIR)/openvpn
$(OPENVPN_DIR)/.source:
zcat $(OPENVPN_SOURCE) | tar -xvf -
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/2.0/clean-all
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/2.0/list-crl
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/2.0/revoke-full
perl -i -p -e 's,#!/bin/bash,#!/bin/sh,'
$(OPENVPN_DIR)/easy-rsa/2.0/vars
perl -i -p -e 's,^export D=.*$$,export D=/etc/openvpn,'
$(OPENVPN_DIR)/easy-rsa/2.0/vars
perl -i -p -e 's,^export KEY_CONFIG.*$$,export
KEY_CONFIG=/etc/easyrsa/openssl.cnf,' $(OPENVPN_DIR)/easy-rsa/2.0/vars
perl -i -p -e 's,group nobody,group nogroup,'
$(OPENVPN_DIR)/sample-config-files/server.conf
perl -i -p -e 's,group nobody,group nogroup,'
$(OPENVPN_DIR)/sample-config-files/client.conf
perl -i -p -e 's,status openvpn-status.log,status
/var/log/openvpn-status.log,' $(OPENVPN_DIR)/sample-config-files/server.conf
perl -i -p -e 's,ifconfig-pool-persist ipp.txt,ifconfig-pool-persist
/var/lib/openvpn-ipp.txt,' $(OPENVPN_DIR)/sample-config-files/server.conf
touch $(OPENVPN_DIR)/.source
$(OPENVPN_DIR)/.build: $(OPENVPN_DIR)/.source
mkdir -p $(OPENVPN_TARGET_DIR)/etc/openvpn
mkdir -p $(OPENVPN_TARGET_DIR)/etc/init.d
mkdir -p $(OPENVPN_TARGET_DIR)/etc/default
mkdir -p $(OPENVPN_TARGET_DIR)/etc/network/if-up.d
mkdir -p $(OPENVPN_TARGET_DIR)/etc/network/if-down.d
mkdir -p $(OPENVPN_TARGET_DIR)/usr/sbin
# Build a version without lzo support
(cd $(OPENVPN_DIR); \
rm -rf config.cache; \
CFLAGS="$(BT_COPT_FLAGS)" \
CC=$(TARGET_CC) \
LD=$(TARGET_LD) \
./configure \
--with-ssl-headers=$(BT_STAGING_DIR)/usr/include \
--with-ssl-lib=$(BT_STAGING_DIR)/usr/lib \
--disable-dependency-tracking \
--enable-ssl \
--enable-iproute2 \
--with-iproute-path=/sbin/ip \
--includedir=$(BT_STAGING_DIR)/include \
--disable-lzo \
--disable-pthread \
--prefix=/usr \
--disable-socks \
--disable-http \
--disable-debug \
--enable-small \
--libdir=$(BT_STAGING_DIR)/lib );
make CC=$(TARGET_CC) -C $(OPENVPN_DIR)
$(BT_STRIP) $(BT_STRIP_BINOPS) $(OPENVPN_DIR)/openvpn
make DESTDIR=$(OPENVPN_TARGET_DIR) -C $(OPENVPN_DIR) install
cp $(OPENVPN_DIR)/sample-config-files/server.conf
$(OPENVPN_TARGET_DIR)/etc/openvpn/
cp $(OPENVPN_DIR)/sample-config-files/client.conf
$(OPENVPN_TARGET_DIR)/etc/openvpn/
cp openvpn.init $(OPENVPN_TARGET_DIR)/etc/init.d/openvpn
cp openvpn.default $(OPENVPN_TARGET_DIR)/etc/default/openvpn
cp openvpn.ifup
$(OPENVPN_TARGET_DIR)/etc/network/if-up.d/openvpn
cp openvpn.ifdown
$(OPENVPN_TARGET_DIR)/etc/network/if-down.d/openvpn
rm $(OPENVPN_DIR)/openvpn
# make sure lzo is disabled in the sample config
perl -i -p -e 's,^comp-lzo,;comp-lzo,'
$(OPENVPN_TARGET_DIR)/etc/openvpn/server.conf
perl -i -p -e 's,^comp-lzo,;comp-lzo,'
$(OPENVPN_TARGET_DIR)/etc/openvpn/client.conf
cp $(OPENVPN_DIR)/easy-rsa/2.0/clean-all
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/2.0/openssl.cnf
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/2.0/list-crl
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/2.0/inherit-inter
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/2.0/pkitool
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/2.0/sign-req
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/2.0/revoke-full
$(OPENVPN_TARGET_DIR)/usr/sbin/
cp $(OPENVPN_DIR)/easy-rsa/2.0/vars
$(OPENVPN_TARGET_DIR)/usr/sbin/
# clean up for the next round
make CC=$(TARGET_CC) -C $(OPENVPN_DIR) clean
# Build a version with lzo support
(cd $(OPENVPN_DIR); \
rm -rf config.cache; \
CFLAGS="$(BT_COPT_FLAGS)" \
CC=$(TARGET_CC) \
LD=$(TARGET_LD) \
./configure \
--with-ssl-headers=$(BT_STAGING_DIR)/usr/include \
--with-ssl-lib=$(BT_STAGING_DIR)/usr/lib \
--disable-dependency-tracking \
--enable-ssl \
--enable-iproute2 \
--with-iproute-path=/sbin/ip \
--with-lzo-headers=$(BT_STAGING_DIR)/usr/include \
--with-lzo-lib=$(BT_STAGING_DIR)/usr/lib \
--includedir=$(BT_STAGING_DIR)/include \
--disable-pthread \
--prefix=/usr \
--disable-socks \
--disable-http \
--disable-debug \
--enable-small \
--libdir=$(BT_STAGING_DIR)/lib );
make CC=$(TARGET_CC) -C $(OPENVPN_DIR)
$(BT_STRIP) $(BT_STRIP_BINOPTS) $(OPENVPN_DIR)/openvpn
cp $(OPENVPN_DIR)/sample-config-files/server.conf
$(OPENVPN_TARGET_DIR)/etc/openvpn/server.lzo.conf
cp $(OPENVPN_DIR)/sample-config-files/client.conf
$(OPENVPN_TARGET_DIR)/etc/openvpn/client.lzo.conf
mv $(OPENVPN_DIR)/openvpn
$(OPENVPN_TARGET_DIR)/usr/sbin/openvpn_lzo
cp -a $(OPENVPN_TARGET_DIR)/* $(BT_STAGING_DIR)
touch $(OPENVPN_DIR)/.build
source: $(OPENVPN_DIR)/.source
build: $(OPENVPN_DIR)/.build
clean:
-rm $(OPENVPN_DIR)/.build
make -C $(OPENVPN_DIR) clean
rm -rf $(OPENVPN_TARGET_DIR)
srcclean:
rm -rf $(OPENVPN_DIR)
rm -rf $(BT_STAGING_DIR)/etc/openvpn
rm -f $(BT_STAGING_DIR)/etc/init.d/openvpn
rm -f $(BT_STAGING_DIR)/etc/default/openvpn
rm -f $(BT_STAGING_DIR)/etc/network/if-up.d/openvpn
rm -f $(BT_STAGING_DIR)/etc/network/if-down.d/openvpn
rm -f $(BT_STAGING_DIR)/usr/sbin/openvpn
rm -f $(BT_STAGING_DIR)/usr/sbin/openvpn_lzo
--- NEW FILE: openvpn-2.1.3.tar.gz ---
(This appears to be a binary file; contents omitted.)
--- NEW FILE: buildtool.cfg ---
<File buildtool.mk>
Server = cvs4-sourceforge
directory = openvpn
revision = HEAD
</File>
<File openvpn-2.1.3.tar.gz>
Server = cvs4-sourceforge
envname = OPENVPN_SOURCE
directory = openvpn
revision = HEAD
</File>
<File openvpn.init>
Server = cvs4-sourceforge
directory = openvpn
revision = HEAD
</File>
<File openvpn.default>
Server = cvs4-sourceforge
directory = openvpn
revision = HEAD
</File>
<File openvpn.ifup>
Server = cvs4-sourceforge
directory = openvpn
revision = HEAD
</File>
<File openvpn.ifdown>
Server = cvs4-sourceforge
directory = openvpn
revision = HEAD
</File>
<Package>
<openvpn>
Version = 2.1.3
Revision = 1
Help <<EOF
Robust and highly flexible tunneling application
that uses all of the encryption, authentication, and
certification features
of the OpenSSL library to securely tunnel IP networks
over a single UDP port.
This version supports iproute2, so there is no need for
the route or ifconfig
binaries. Simply specify the "ifconfig" and "route"
options as described in
the OpenVPN docs, and the correct iproute2 commands
will be generated.
See: http://www.openvpn.net
Requires: libcrpto.lrp libssl.lrp
LEAF package by __PACKAGER__, __BUILDDATE__
EOF
<Permissions>
Files = 644
Directories = 755
</Permissions>
<Owner>
Files = root:root
Directories = root:root
</Owner>
<Contents>
<File>
Filename = etc/openvpn
Type = local
</File>
<File>
Filename = etc/openvpn/server.conf
Source = etc/openvpn/server.conf
Type = binary
</File>
<File>
Filename = etc/openvpn/client.conf
Source = etc/openvpn/client.conf
Type = binary
</File>
<File>
Filename = etc/default/openvpn
Source = etc/default/openvpn
Type = binary
Type = conf
Type = local
Description = openvpn daemon configuration
</File>
<File>
Filename = etc/openvpn/*.conf
Type = conf
</File>
<File>
Filename = usr/sbin/openvpn
Source = usr/sbin/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/init.d/openvpn
Source = etc/init.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/network/if-up.d/openvpn
Source = etc/network/if-up.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/network/if-down.d/openvpn
Source = etc/network/if-down.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/lib/openvpn
Type = directory
</File>
</Contents>
</openvpn>
<openvpnz>
Version = 2.1.3
Revision = 1
Help <<EOF
Robust and highly flexible tunneling application
that uses all of the encryption, authentication, and
certification features
of the OpenSSL library to securely tunnel IP networks
over a single UDP port.
It uses the Marcus Franz Xaver Johannes Oberhumer's LZO
library for
compression.
This version supports iproute2, so there is no need for
the route or ifconfig
binaries. Simply specify the "ifconfig" and "route"
options as described in
the OpenVPN docs, and the correct iproute2 commands
will be generated.
See: http://www.openvpn.net
Requires: libcrpto.lrp libssl.lrp liblzo.lrp
LEAF package by __PACKAGER__, __BUILDDATE__
EOF
<Permissions>
Files = 644
Directories = 755
</Permissions>
<Owner>
Files = root:root
Directories = root:root
</Owner>
<Contents>
<File>
Filename = etc/openvpn
Type = local
</File>
<File>
Filename = etc/openvpn/server.conf
Source = etc/openvpn/server.lzo.conf
Type = binary
</File>
<File>
Filename = etc/openvpn/client.conf
Source = etc/openvpn/client.lzo.conf
Type = binary
</File>
<File>
Filename = etc/default/openvpn
Source = etc/default/openvpn
Type = binary
Type = conf
Type = local
Description = openvpn daemon configuration
</File>
<File>
Filename = etc/openvpn/*.conf
Type = conf
</File>
<File>
Filename = usr/sbin/openvpn
Source = usr/sbin/openvpn_lzo
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/init.d/openvpn
Source = etc/init.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/network/if-up.d/openvpn
Source = etc/network/if-up.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/network/if-down.d/openvpn
Source = etc/network/if-down.d/openvpn
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/lib/openvpn
Type = directory
</File>
</Contents>
</openvpnz>
<easyrsa>
Version = 2.1.3
Revision = 1
Help <<EOF
This is a small RSA key management package, based on
the openssl command line
tool, that can be found in the easy-rsa subdirectory
See: http://www.openvpn.net
Requires: openssl.lrp
LEAF package by __PACKAGER__, __BUILDDATE__
INSTALL
1. Edit /etc/easyrsa/vars.
2. Set KEY_CONFIG to point to the openssl.cnf
file included in this distribution.
3. Set KEY_DIR to point to a directory which will
contain all keys, certificates, etc. This
directory need not exist, and if it does,
it will be deleted with rm -rf, so BE
CAREFUL how you set KEY_DIR.
4. (Optional) Edit other fields in vars
per your site data. You may want to
increase KEY_SIZE to 2048 if you are
paranoid and don't mind slower key
processing, but certainly 1024 is
fine for testing purposes. KEY_SIZE
must be compatible across both peers
participating in a secure SSL/TLS
connection.
5 . vars
6. ./clean-all
7. As you create certificates, keys, and
certificate signing requests, understand that
only .key files should be kept confidential.
.crt and .csr files can be sent over insecure
channels such as plaintext email.
IMPORTANT
To avoid a possible Man-in-the-Middle attack where an
authorized client tries to connect to another client by
impersonating the server, make sure to enforce some kind
of server certificate verification by clients. There are
currently four different ways of accomplishing this,
listed in the order of preference:
(1) Build your server certificates with the
using the --server option to pkitool.
This will designate the certificate as a
server-only certificate by setting
nsCertType=server.
Now add the following line to your
client configuration:
ns-cert-type server
This will block clients from connecting to any
server which lacks the nsCertType=server designation
in its certificate, even if the certificate has been
signed by the CA which is cited in the OpenVPN
configuration file (--ca directive).
(2) Use the --tls-remote directive on the client to
accept/reject the server connection based on the
common name of the server certificate.
(3) Use a --tls-verify script or plugin to accept/reject
the server connection based on a custom test of the
server certificate's embedded X509 subject details.
(4) Sign server certificates with one CA and client
certificates with a different CA. The client config
"ca" directive should reference the server-signing CA
while the server config "ca" directive should
reference the client-signing CA.
NOTES
Show certificate fields:
openssl x509 -in cert.crt -text
PKITOOL documentation
Typical usage for initial PKI setup. Build myserver,
client1, and client2 cert/keys.
Protect client2 key with a password. Build DH parms.
Generated files in ./keys :
[edit vars with your site-specific info]
source ./vars
./clean-all
./build-dh -> takes a long time, consider
backgrounding
./pkitool --initca
./pkitool --server myserver
./pkitool client1
./pkitool --pass client2
Typical usage for adding client cert to existing PKI:
source ./vars
./pkitool client-new
EOF
<Permissions>
Files = 644
Directories = 755
</Permissions>
<Owner>
Files = root:root
Directories = root:root
</Owner>
<Contents>
<File>
Filename = usr/sbin/clean-all
Source = usr/sbin/clean-all
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/list-crl
Source = usr/sbin/list-crl
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/revoke-full
Source = usr/sbin/revoke-full
Type = binary
Permissions = 755
</File>
<File>
Filename = etc/easyrsa/vars
Source = usr/sbin/vars
Type = binary
Type = local
Type = conf
Permissions = 644
</File>
<File>
Filename = etc/easyrsa/openssl.cnf
Source = usr/sbin/openssl.cnf
Type = binary
Type = local
Type = conf
Permissions = 644
</File>
<File>
Filename = usr/sbin/inherit-inter
Source = usr/sbin/inherit-inter
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/pkitool
Source = usr/sbin/pkitool
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/build-dh
Source = usr/sbin/build-dh
Type = binary
Permissions = 755
</File>
<File>
Filename = usr/sbin/sign-req
Source = usr/sbin/sign-req
Type = binary
Permissions = 755
</File>
</Contents>
</easyrsa>
</Package>
--- NEW FILE: openvpn.init ---
#!/bin/sh -e
#
# Original version by Robert Leslie
# <[email protected]>, edited by iwj and cs
# Modified for openvpn by Alberto Gonzalez Iniesta <[email protected]>
# Modified for restarting / starting / stopping single tunnels by Richard
Mueller <[email protected]>
RCDLINKS="0,K20 1,K20 2,S20 3,S20 4,S20 5,S20 6,K20"
DAEMON=/usr/sbin/openvpn
DESC="virtual private network daemon"
CONFIG_DIR=/etc/openvpn
test -x $DAEMON || exit 0
test -d $CONFIG_DIR || exit 0
# Source defaults file; edit that file to configure this script.
AUTOSTART="all"
STATUSREFRESH=10
if test -e /etc/default/openvpn ; then
. /etc/default/openvpn
fi
start_vpn () {
if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then
# daemon already given in config file
DAEMONARG=
else
# need to daemonize
DAEMONARG="--daemon ovpn-$NAME"
fi
if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then
# status file already given in config file
STATUSARG=""
elif test $STATUSREFRESH -eq 0 ; then
# default status file disabled in /etc/default/openvpn
STATUSARG=""
else
# prepare default status file
STATUSARG="--status /var/run/openvpn.$NAME.status $STATUSREFRESH"
fi
echo -n " $NAME"
STATUS="OK"
$DAEMON --writepid /var/run/openvpn.$NAME.pid \
$DAEMONARG $STATUSARG --cd $CONFIG_DIR \
--config $CONFIG_DIR/$NAME.conf < /dev/null || STATUS="FAILED"
echo -n "($STATUS)"
}
stop_vpn () {
kill `cat $PIDFILE` || true
rm $PIDFILE
rm -f /var/run/openvpn.$NAME.status 2> /dev/null
}
case "$1" in
start)
echo -n "Starting $DESC:"
# autostart VPNs
if test -z "$2" ; then
# check if automatic startup is disabled by AUTOSTART=none
if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then
echo " Autostart disabled."
exit 0
fi
if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then
# all VPNs shall be started automatically
for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do
NAME=${CONFIG%%.conf}
start_vpn
done
else
# start only specified VPNs
for NAME in $AUTOSTART ; do
if test -e $CONFIG_DIR/$NAME.conf ; then
start_vpn
else
echo -n " (failure: No such VPN: $NAME)"
fi
done
fi
#start VPNs from command line
else
while shift ; do
[ -z "$1" ] && break
if test -e $CONFIG_DIR/$1.conf ; then
NAME=$1
start_vpn
else
echo -n " (failure: No such VPN: $1)"
fi
done
fi
echo "."
;;
stop)
echo -n "Stopping $DESC:"
if test -z "$2" ; then
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
echo -n " $NAME"
done
else
while shift ; do
[ -z "$1" ] && break
if test -e /var/run/openvpn.$1.pid ; then
PIDFILE=`ls /var/run/openvpn.$1.pid 2> /dev/null`
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
echo -n " $NAME"
else
echo -n " (failure: No such VPN is running: $1)"
fi
done
fi
echo "."
;;
# We only 'reload' for running VPNs. New ones will only start with 'start' or
'restart'.
reload|force-reload)
echo -n "Reloading $DESC:"
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
# If openvpn if running under a different user than root we'll need to restart
if egrep '^( |\t)*user' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then
stop_vpn
sleep 1
start_vpn
echo -n "(restarted)"
else
kill -HUP `cat $PIDFILE` || true
echo -n " $NAME"
fi
done
echo "."
;;
restart)
shift
$0 stop $...@}
sleep 1
$0 start $...@}
;;
cond-restart)
echo -n "Restarting $DESC:"
for PIDFILE in `ls /var/run/openvpn.*.pid 2> /dev/null`; do
NAME=`echo $PIDFILE | cut -c18-`
NAME=${NAME%%.pid}
stop_vpn
sleep 1
start_vpn
done
echo "."
;;
*)
echo "Usage: $0 {start|stop|reload|restart|force-reload|cond-restart}" >&2
exit 1
;;
esac
exit 0
------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
leaf-cvs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/leaf-cvs-commits
