diff --git a/.cvsignore b/.cvsignore index e69de29..675f0cb 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +openvpn-2.0.tar.gz diff --git a/openvpn-2.0.tar.gz.asc b/openvpn-2.0.tar.gz.asc new file mode 100644 index 0000000..8bf241e --- /dev/null +++ b/openvpn-2.0.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (GNU/Linux) + +iD8DBQBCYzC5HQtJlh+/UfMRAhLVAKD01W0j/4q2p/RbJrwsZUKyae5lEQCfd1DI +vYwmuiZEgjmXj6ARaBV7JY8= +=zC1M +-----END PGP SIGNATURE----- diff --git a/openvpn-init.patch b/openvpn-init.patch new file mode 100644 index 0000000..c9f9299 --- /dev/null +++ b/openvpn-init.patch @@ -0,0 +1,21 @@ +--- sample-scripts/openvpn.init.orig 2004-12-16 11:52:16.351973000 -0600 ++++ sample-scripts/openvpn.init 2004-12-16 12:26:42.782827808 -0600 +@@ -3,12 +3,13 @@ + # openvpn This shell script takes care of starting and stopping + # openvpn on RedHat or other chkconfig-based system. + # +-# chkconfig: 345 24 76 ++# chkconfig: - 24 76 + # +-# description: OpenVPN is a robust and highly flexible tunneling application that +-# uses all of the encryption, authentication, and certification features +-# of the OpenSSL library to securely tunnel IP networks over a single +-# UDP port. ++# description: OpenVPN is a robust and highly flexible tunneling \ ++# application that uses all of the encryption, \ ++# authentication, and certification features of the OpenSSL \ ++# library to securely tunnel IP networks over a single UDP \ ++# port. + # + + # Contributed to the OpenVPN project by diff --git a/openvpn.spec b/openvpn.spec new file mode 100644 index 0000000..bebc46f --- /dev/null +++ b/openvpn.spec @@ -0,0 +1,215 @@ +%define plugins down-root auth-pam + +Name: openvpn +Version: 2.0 +Release: 1%{?dist} +Summary: A full-featured SSL VPN solution +URL: http://openvpn.net/ +#Source0: http://dl.sourceforge.net/sourceforge/openvpn/%{name}-%{version}.tar.gz +Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz +Source1: http://openvpn.net/signatures/%{name}-%{version}.tar.gz.asc +# Sample 2.0 config files +Source2: roadwarrior-server.conf +Source3: roadwarrior-client.conf +# Don't start openvpn by default. +Patch0: openvpn-init.patch +License: GPL +Group: Applications/Internet +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) +BuildRequires: lzo-devel +BuildRequires: openssl-devel +BuildRequires: pam-devel +# This won't work with udev +#Requires: /dev/net/tun +# This will work with RH9+ dev or udev +Requires: dev >= 0:3.3.2-5 +Requires(pre): /usr/sbin/useradd +Requires(post): /sbin/chkconfig +Requires(preun): /sbin/chkconfig, /sbin/service +Requires(postun): /sbin/service + +# Filter out the perl(Authen::PAM) dependency. +# No perl dependency is really needed at all. +%define __perl_requires sh -c 'cat > /dev/null' + +%description +OpenVPN is a robust and highly flexible tunneling application that uses all +of the encryption, authentication, and certification features of the +OpenSSL library to securely tunnel IP networks over a single UDP or TCP +port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library +for compression. + +%prep +%setup -q -n %{name}-%{version}%{?prever:_%{prever}} +%patch0 -p0 + +%build +# --enable-pthread Enable pthread support (Experimental for OpenVPN 2.0) +# --enable-password-save Allow --askpass and --auth-user-pass passwords to be +# read from a file +# --enable-iproute2 Enable support for iproute2 +%configure --enable-pthread --enable-password-save --enable-iproute2 +%{__make} + +# Build plugins +for plugin in %{plugins} ; do + %{__make} -C plugin/$plugin +done + +%check || : +# Test Crypto: +./openvpn --genkey --secret key +./openvpn --test-crypto --secret key + +# Test SSL/TLS negotiations (runs for 2 minutes): +./openvpn --config sample-config-files/loopback-client & +./openvpn --config sample-config-files/loopback-server +wait + +%install +rm -rf $RPM_BUILD_ROOT + +install -D -m 0755 %{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 +install -D -m 0755 %{name} $RPM_BUILD_ROOT%{_sbindir}/%{name} +install -D -m 0755 sample-scripts/%{name}.init \ + $RPM_BUILD_ROOT%{_initrddir}/%{name} +install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} + +mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name} +cp -pR contrib easy-rsa sample-{config-file,key,script}s \ + $RPM_BUILD_ROOT%{_datadir}/%{name} +cp %{SOURCE2} %{SOURCE3} $RPM_BUILD_ROOT%{_datadir}/%{name}/sample-config-files/ + +mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}/plugin/lib +for plugin in %{plugins} ; do + install -m 0755 plugin/$plugin/openvpn-$plugin.so \ + $RPM_BUILD_ROOT%{_datadir}/%{name}/plugin/lib/openvpn-$plugin.so + cp plugin/$plugin/README plugin/$plugin.txt +done + +%clean +rm -rf $RPM_BUILD_ROOT + +%pre +if ! id openvpn > /dev/null 2>&1 ; then + /usr/sbin/useradd -r -s /sbin/nologin -c OpenVPN -d /etc/openvpn openvpn +fi + +%post +/sbin/chkconfig --add %{name} + +%preun +if [ "$1" = 0 ]; then + /sbin/service %{name} stop + /sbin/chkconfig --del %{name} +fi + +%postun +if [ "$1" -ge 1 ]; then + /sbin/service %{name} condrestart >/dev/null 2>&1 +fi + +%files +%defattr(-,root,root,0755) +%doc AUTHORS COPYING COPYRIGHT.GPL INSTALL PORTS README +# Add NEWS when it isn't zero-length. +%doc plugin/*.txt +%{_mandir}/man8/%{name}.8* +%{_sbindir}/%{name} +%{_datadir}/%{name}/ +%config %{_initrddir}/%{name} +%config %dir %{_sysconfdir}/%{name}/ + +%changelog +* Sat Jun 25 2005 Steven Pritchard 2.0-1 +- Update to 2.0 final +- Drop Epoch: 0 and rebuild for Fedora Extras + +* Wed Feb 16 2005 Steven Pritchard 0:2.0-0.fdr.0.14.rc13 +- Fix/add paths to useradd + +* Mon Feb 14 2005 Steven Pritchard 0:2.0-0.fdr.0.13.rc13 +- Update to 2.0_rc13 +- More spec cleanup (suggestions from Matthias Saou) + +* Tue Feb 08 2005 Steven Pritchard 0:2.0-0.fdr.0.12.rc12 +- Update to 2.0_rc12 +- Small spec cleanups +- Drop perl auto-requirements entirely + +* Mon Dec 20 2004 Steven Pritchard 0:2.0-0.fdr.0.11.rc6 +- Add down-root and auth-pam plugins +- Add --enable-password-save and --enable-iproute2 +- Add crypto and loopback tests (somewhat time-consuming) + +* Thu Dec 16 2004 Steven Pritchard 0:2.0-0.fdr.0.10.rc5 +- Update to 2.0_rc5 +- Change the port to 1194 in the roadwarrior-*.conf samples +- Change openvpn-init.patch to reformat the description in the init script +- Modify the Summary and description (OpenVPN isn't UDP-only) + +* Tue Dec 14 2004 Steven Pritchard 0:2.0-0.fdr.0.9.rc1 +- Remove the perl(Authen::PAM) dependency + +* Thu Dec 09 2004 Steven Pritchard 0:2.0-0.fdr.0.8.rc1 +- Update to 2.0_rc1 + +* Tue Nov 16 2004 Steven Pritchard 0:2.0-0.fdr.0.7.beta17 +- Update to 2.0_beta17 +- Require dev instead of /dev/net/tun (for udev compatibility) +- Change openvpn-init.patch to match upstream (starts even earlier now) + +* Wed Aug 04 2004 Steven Pritchard 0:2.0-0.fdr.0.6.beta10 +- Remove unnecessary BuildRequires: kernel-headers + +* Tue Aug 03 2004 Steven Pritchard 0:2.0-0.fdr.0.5.beta10 +- Update to 2.0_beta10 +- Minor fix to configuration example +- Change the init script to start a little earlier and stop much later + (after netfs) by default +- Remove a lot of unnecessary macro use (install/mkdir/cp) +- Don't create /dev/net/tun, use Requires instead + +* Sat Jul 17 2004 Steven Pritchard 0:2.0-0.fdr.0.4.beta7 +- Update to 2.0_beta7 +- Include gpg signature in source rpm +- Include 2.0-style configuration examples +- Minor spec cleanup + +* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.3.test23 +- Add openvpn-init.patch to leave the init script disabled by default + +* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.2.test23 +- Fix URL and Source0 +- Add an openvpn user + +* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.1.test23 +- Update to 2.0_test23 +- BuildRequires lzo-devel, kernel-headers, openssl-devel +- Lots of spec cleanup + +* Sun Feb 23 2003 Matthias Andree 1.3.2.14-1 +- Have the version number filled in by autoconf. + +* Wed Jul 10 2002 James Yonan 1.3.1-1 +- Fixed %preun to only remove service on final uninstall + +* Mon Jun 17 2002 bishop clark (LC957) 1.2.2-1 +- Added condrestart to openvpn.spec & openvpn.init. + +* Wed May 22 2002 James Yonan 1.2.0-1 +- Added mknod for Linux 2.4. + +* Wed May 15 2002 Doug Keller 1.1.1.16-2 +- Added init scripts +- Added conf file support + +* Mon May 13 2002 bishop clark (LC957) 1.1.1.14-1 +- Added new directories for config examples and such + +* Sun May 12 2002 bishop clark (LC957) 1.1.1.13-1 +- Updated buildroot directive and cleanup command +- added easy-rsa utilities + +* Mon Mar 25 2002 bishop clark (LC957) 1.0-1 +- Initial build. diff --git a/roadwarrior-client.conf b/roadwarrior-client.conf new file mode 100644 index 0000000..dd12fdb --- /dev/null +++ b/roadwarrior-client.conf @@ -0,0 +1,38 @@ +######################################### +# Sample client-side OpenVPN config file +# for connecting to multi-client server. +# +# Adapted from http://openvpn.sourceforge.net/20notes.html +# +# The server can be pinged at 10.8.0.1. +# +# This configuration can be used by multiple +# clients, however each client should have +# its own cert and key files. +# +# tun-style tunnel + +port 1194 +dev tun +remote [my server hostname or IP address] + +# TLS parms + +tls-client +ca sample-keys/tmp-ca.crt +cert sample-keys/client.crt +key sample-keys/client.key + +# This parm is required for connecting +# to a multi-client server. It tells +# the client to accept options which +# the server pushes to us. +pull + +# Scripts can be used to do various +# things (change nameservers, for +# example. +#up scripts/ifup-post +#down scripts/ifdown-post + +verb 4 diff --git a/roadwarrior-server.conf b/roadwarrior-server.conf new file mode 100644 index 0000000..0cbaea6 --- /dev/null +++ b/roadwarrior-server.conf @@ -0,0 +1,61 @@ +######################################## +# Sample OpenVPN config file for +# 2.0-style multi-client udp server +# +# Adapted from http://openvpn.sourceforge.net/20notes.html +# +# tun-style tunnel + +port 1194 +dev tun + +# Use "local" to set the source address on multi-homed hosts +#local [IP address] + +# TLS parms +tls-server +ca sample-keys/tmp-ca.crt +cert sample-keys/server.crt +key sample-keys/server.key +dh sample-keys/dh1024.pem + +# Tell OpenVPN to be a multi-client udp server +mode server + +# The server's virtual endpoints +ifconfig 10.8.0.1 10.8.0.2 + +# Pool of /30 subnets to be allocated to clients. +# When a client connects, an --ifconfig command +# will be automatically generated and pushed back to +# the client. +ifconfig-pool 10.8.0.4 10.8.0.255 + +# Push route to client to bind it to our local +# virtual endpoint. +push "route 10.8.0.1 255.255.255.255" + +# Push any routes the client needs to get in +# to the local network. +push "route 192.168.0.0 255.255.255.0" + +# Client should attempt reconnection on link +# failure. +ping 10 +ping-restart 120 +push "ping 10" +push "ping-restart 60" + +# Delete client instances after some period +# of inactivity. +inactive 600 + +# Route the --ifconfig pool range into the +# OpenVPN server. +route 10.8.0.0 255.255.255.0 + +# The server doesn't need privileges +user openvpn +group openvpn + +verb 4 diff --git a/sources b/sources index e69de29..1e0b22f 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +7401faebc6baee9add32608709c54eec openvpn-2.0.tar.gz