kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
pkgsrc/net/openvpn/Makefile

86 lines
2.5 KiB
Makefile
Raw Normal View History

Changes 2.2.2: * Only warn about non-tackled IPv6 packets once * add missing break between "case IPv4" and "case IPv6" * bump tap driver version from 9.8 to 9.9 * log error message and exit for "win32, tun mode, tap driver version 9.8" * Backported pkcs11-related parts of 7a8d707237bb18 to 2.2 branch
2012-01-19 14:26:55 +01:00
# $NetBSD: Makefile,v 1.44 2012/01/19 13:26:55 adam Exp $
Initial commit of openvpn-1.5.0: A robust and highly configurable VPN
2004-02-10 13:39:17 +01:00
Changes 2.2.2: * Only warn about non-tackled IPv6 packets once * add missing break between "case IPv4" and "case IPv6" * bump tap driver version from 9.8 to 9.9 * log error message and exit for "win32, tun mode, tap driver version 9.8" * Backported pkcs11-related parts of 7a8d707237bb18 to 2.2 branch
2012-01-19 14:26:55 +01:00
DISTNAME= openvpn-2.2.2
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
CATEGORIES= net
Changes 2.1.4: * Fix problem with special case route targets ('remote_host') The init_route() function will leave &netlist untouched for get_special_addr() routes ("remote_host" being one of them). netlist is on stack, contains random garbage, and netlist.len will not be 0 - thus, random stack data is copied from netlist.data[] until the route_list is full.
2010-11-30 09:50:17 +01:00
MASTER_SITES= http://swupdate.openvpn.net/community/releases/
Initial commit of openvpn-1.5.0: A robust and highly configurable VPN
2004-02-10 13:39:17 +01:00
Point MAINTAINER to pkgsrc-users@NetBSD.org in the case where no developer is officially maintaining the package. The rationale for changing this from "tech-pkg" to "pkgsrc-users" is that it implies that any user can try to maintain the package (by submitting patches to the mailing list). Since the folks most likely to care about the package are the folks that want to use it or are already using it, this would leverage the energy of users who aren't developers.
2006-03-04 22:28:51 +01:00
MAINTAINER= pkgsrc-users@NetBSD.org
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
HOMEPAGE= http://openvpn.net/
COMMENT= Easy-to-use SSL VPN daemon
Use standard location for LICENSE line (in MAINTAINER/HOMEPAGE/COMMENT block). Uncomment some commented out LICENSE lines while here.
2009-05-19 10:59:00 +02:00
LICENSE= gnu-gpl-v2
Initial commit of openvpn-1.5.0: A robust and highly configurable VPN
2004-02-10 13:39:17 +01:00
+ Add full DESTDIR support. + Replace unnecessary /bin/bash in easy-rsa scripts with /bin/sh. Bump the PKGREVISION to 1.
2008-02-20 05:24:17 +01:00
PKG_DESTDIR_SUPPORT= user-destdir
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
USE_LIBTOOL= yes
Changes 2.2.0: * Several man-page updates * Several buildsystem fixes * Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier * Change the default --tmp-dir path to a more suitable path * Improve the mysprintf() issue in openvpnserv.c * Fixed bug in port-share that could cause port share process to crash * Fix the --client-cert-not-required feature
2011-04-28 09:27:24 +02:00
USE_TOOLS+= grep:run
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --disable-debug
CONFIGURE_ARGS+= --disable-dependency-tracking
CONFIGURE_ARGS+= --enable-password-save
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
USE_OLD_DES_API= yes
TEST_TARGET= check
Initial commit of openvpn-1.5.0: A robust and highly configurable VPN
2004-02-10 13:39:17 +01:00
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
PKG_SYSCONFSUBDIR= openvpn
DATADIR= ${PREFIX}/share/${PKGBASE}
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
Update net/openvpn to 2.1rc4. Changes from version 2.1rc2 include: * Fixed 64-bit portability bug in time_string function (Thomas Habets). * Clean up configure on FreeBSD for recent autotool versions that require that all .h files have to be compiled. Also, FreeBSD install does not support GNU long options which the Makefile in easy-rsa/2.0 uses (not checked the others as we don't install those on Gentoo) (Roy Marples).
2007-06-21 23:44:42 +02:00
EASYRSADIR= ${DATADIR}/easy-rsa
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
RCD_SCRIPTS= openvpn
Initial commit of openvpn-1.5.0: A robust and highly configurable VPN
2004-02-10 13:39:17 +01:00
Changes 2.2.0: * Several man-page updates * Several buildsystem fixes * Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier * Change the default --tmp-dir path to a more suitable path * Improve the mysprintf() issue in openvpnserv.c * Fixed bug in port-share that could cause port share process to crash * Fix the --client-cert-not-required feature
2011-04-28 09:27:24 +02:00
INSTALLATION_DIRS= ${DATADIR}/easy-rsa
INSTALLATION_DIRS+= ${EGDIR}/config
INSTALLATION_DIRS+= ${EGDIR}/keys
INSTALLATION_DIRS+= ${EGDIR}/scripts
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
+ Add full DESTDIR support. + Replace unnecessary /bin/bash in easy-rsa scripts with /bin/sh. Bump the PKGREVISION to 1.
2008-02-20 05:24:17 +01:00
REPLACE_SH= easy-rsa/2.0/*
Update net/openvpn to 2.1rc4. Changes from version 2.1rc2 include: * Fixed 64-bit portability bug in time_string function (Thomas Habets). * Clean up configure on FreeBSD for recent autotool versions that require that all .h files have to be compiled. Also, FreeBSD install does not support GNU long options which the Makefile in easy-rsa/2.0 uses (not checked the others as we don't install those on Gentoo) (Roy Marples).
2007-06-21 23:44:42 +02:00
SUBST_CLASSES+= pkitool
SUBST_STAGE.pkitool= post-build
SUBST_MESSAGE.pkitool= Fixing up default paths to grep & openssl in pkitool.
SUBST_FILES.pkitool= easy-rsa/2.0/pkitool
add an option to openvpn to enable using certificates on USB sticks or cards (etc) that are using the PKCS11 protocol
2009-09-21 14:33:31 +02:00
SUBST_SED.pkitool= -e "s|\\(GREP\\)=.*|\\1=\""${GREP:Q}"\"|"
Changes 2.1.3: * Fixed potential local privilege escalation vulnerability in Windows service. * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds.
2010-09-05 22:33:48 +02:00
SUBST_SED.pkitool+= -e "s|\\(OPENSSL\\)=.*|\\1=\""${SSLBASE:Q}/bin/openssl"\"|"
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
rc.d script improvements: - openvpn_chrootdir variable was introduced for running openvpn in chroot - openvpn_flags variable was introduced for extra flag passed to openvpn ++pkgrevision
2011-08-03 10:33:32 +02:00
.include "../../mk/bsd.prefs.mk"
OPENVPN_USER?= openvpn
OPENVPN_GROUP?= openvpn
PKG_GROUPS= ${OPENVPN_GROUP}
PKG_USERS= ${OPENVPN_USER}:${OPENVPN_GROUP}
PKG_GECOS.${OPENVPN_USER}= OpenVPN\ server\ user
Add a pam option for the PAM plugin
2009-10-30 20:06:06 +01:00
post-install: post-install-pam
Changes 2.1.3: * Fixed potential local privilege escalation vulnerability in Windows service. * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds.
2010-09-05 22:33:48 +02:00
set -e; cd ${WRKSRC}/easy-rsa/2.0; for file in [a-zR]*; do \
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
case $$file in \
Changes 2.2.1: * Don't define ENABLE_PUSH_PEER_INFO if SSL is not available * Fix compiling issues with pkcs11 when --disable-management is configured * Remove support for Linux 2.2 configuration fallback * Fix compile issues when using --enable-small and --disable-ssl/--disable-crypto * Fix 2.2.0 build failure when management interface disabled * Added info about --show-proxy-settings * Documented --x509-username-field option * Updated "easy-rsa" for OpenSSL 1.0.0 * Fixes to easy-rsa/2.0 * Made domake-win builds to use easy-rsa/2.0/openssl-1.0.0.cnf * Fix a build-ca issue on Windows * Fix issues with some older GCC compilers
2011-07-08 12:15:31 +02:00
*.orig|tmp) ;; \
Update net/openvpn to 2.1rc4. Changes from version 2.1rc2 include: * Fixed 64-bit portability bug in time_string function (Thomas Habets). * Clean up configure on FreeBSD for recent autotool versions that require that all .h files have to be compiled. Also, FreeBSD install does not support GNU long options which the Makefile in easy-rsa/2.0 uses (not checked the others as we don't install those on Gentoo) (Roy Marples).
2007-06-21 23:44:42 +02:00
[A-Z]*|*.cnf|vars) \
Changes 2.1.3: * Fixed potential local privilege escalation vulnerability in Windows service. * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds.
2010-09-05 22:33:48 +02:00
${INSTALL_DATA} $$file ${DESTDIR}${EASYRSADIR} ;; \
*) ${INSTALL_SCRIPT} $$file ${DESTDIR}${EASYRSADIR} ;; \
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
esac; \
done
Changes 2.1.3: * Fixed potential local privilege escalation vulnerability in Windows service. * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds.
2010-09-05 22:33:48 +02:00
set -e; cd ${WRKSRC}/sample-config-files; for file in *; do \
${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/config; \
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
done
Changes 2.1.3: * Fixed potential local privilege escalation vulnerability in Windows service. * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds.
2010-09-05 22:33:48 +02:00
set -e; cd ${WRKSRC}/sample-scripts; for file in *; do \
${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/scripts; \
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
done
Changes 2.1.3: * Fixed potential local privilege escalation vulnerability in Windows service. * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds.
2010-09-05 22:33:48 +02:00
set -e; cd ${WRKSRC}/sample-keys; for file in *; do \
${INSTALL_DATA} $$file ${DESTDIR}${EGDIR}/keys; \
Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN.
2005-08-17 21:55:57 +02:00
done
add an option to openvpn to enable using certificates on USB sticks or cards (etc) that are using the PKCS11 protocol
2009-09-21 14:33:31 +02:00
.include "options.mk"
Changes 2.2.0: * Several man-page updates * Several buildsystem fixes * Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier * Change the default --tmp-dir path to a more suitable path * Improve the mysprintf() issue in openvpnserv.c * Fixed bug in port-share that could cause port share process to crash * Fix the --client-cert-not-required feature
2011-04-28 09:27:24 +02:00
# OpenVPN 2.x has a shared module "plugin" architecture that allows
# inserting callbacks into the server for various tasks.
DL_AUTO_VARS= yes
.include "../../mk/dlopen.buildlink3.mk"
.include "../../mk/bsd.prefs.mk"
.if ${OPSYS} == "SunOS"
.include "../../net/solaris-tap/buildlink3.mk"
.endif
.include "../../archivers/lzo/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
.include "../../mk/pthread.buildlink3.mk"
Initial commit of openvpn-1.5.0: A robust and highly configurable VPN
2004-02-10 13:39:17 +01:00
.include "../../mk/bsd.pkg.mk"
Reference in a new issue Copy permalink