pkgsrc/net/openvpn/options.mk

28 lines
651 B
Makefile
Raw Normal View History

Upgrade OpenVPN to 2.3.0 Bump openvpn-acct-wtmpx to add its licence and to take into account the new location of plugin directory Significant changes since 2.2.x: * Full IPv6 support * SSL layer modularised, enabling easier implementation for other SSL libraries * PolarSSL support as a drop-in replacement for OpenSSL * New plug-in API providing direct certificate access, improved logging API and easier to extend in the future * Added 'dev_type' environment variable to scripts and plug-ins - which is set to 'TUN' or 'TAP' * New feature: --management-external-key - to provide access to the encryption keys via the management interface * New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins * New feature: --client-nat support * New feature: --mark which can mark encrypted packets from the tunnel, suitable for more advanced routing and firewalling * New feature: --management-query-proxy - manage proxy settings via the management interface (supercedes --http-proxy-fallback) * New feature: --stale-routes-check, which cleans up the internal routing table * New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name * Improved client-kill management interface command * Improved UTF-8 support - and added --compat-names to provide backwards compatibility with older scripts/plug-ins * Improved auth-pam with COMMONNAME support, passing the certificate's common name in the PAM conversation * More options can now be used inside <connection> blocks * Completely new build system, enabling easier cross-compilation and Windows builds * Much of the code has been better documented * Many documentation updates * Plenty of bug fixes and other code clean-ups
2013-02-10 06:55:07 +01:00
# $NetBSD: options.mk,v 1.6 2013/02/10 05:55:07 manu Exp $
Changes 2.1.3: * Fixed potential local privilege escalation vulnerability in Windows service. * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: >PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING'] * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: 1. Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth 2. man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds.
2010-09-05 22:33:48 +02:00
PKG_OPTIONS_VAR= PKG_OPTIONS.openvpn
PKG_SUPPORTED_OPTIONS= pkcs11 pam
PKG_SUGGESTED_OPTIONS=
.include "../../mk/bsd.options.mk"
# include support for certificates on a stick (or card)
.if !empty(PKG_OPTIONS:Mpkcs11)
.include "../../security/pkcs11-helper/buildlink3.mk"
Upgrade OpenVPN to 2.3.0 Bump openvpn-acct-wtmpx to add its licence and to take into account the new location of plugin directory Significant changes since 2.2.x: * Full IPv6 support * SSL layer modularised, enabling easier implementation for other SSL libraries * PolarSSL support as a drop-in replacement for OpenSSL * New plug-in API providing direct certificate access, improved logging API and easier to extend in the future * Added 'dev_type' environment variable to scripts and plug-ins - which is set to 'TUN' or 'TAP' * New feature: --management-external-key - to provide access to the encryption keys via the management interface * New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins * New feature: --client-nat support * New feature: --mark which can mark encrypted packets from the tunnel, suitable for more advanced routing and firewalling * New feature: --management-query-proxy - manage proxy settings via the management interface (supercedes --http-proxy-fallback) * New feature: --stale-routes-check, which cleans up the internal routing table * New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name * Improved client-kill management interface command * Improved UTF-8 support - and added --compat-names to provide backwards compatibility with older scripts/plug-ins * Improved auth-pam with COMMONNAME support, passing the certificate's common name in the PAM conversation * More options can now be used inside <connection> blocks * Completely new build system, enabling easier cross-compilation and Windows builds * Much of the code has been better documented * Many documentation updates * Plenty of bug fixes and other code clean-ups
2013-02-10 06:55:07 +01:00
CONFIGURE_ARGS+= --enable-pkcs11
.endif
2009-10-30 20:06:06 +01:00
PLIST_VARS+= pam
2009-10-30 20:06:06 +01:00
.if !empty(PKG_OPTIONS:Mpam)
PLIST.pam= yes
USE_TOOLS+= gmake
Upgrade OpenVPN to 2.3.0 Bump openvpn-acct-wtmpx to add its licence and to take into account the new location of plugin directory Significant changes since 2.2.x: * Full IPv6 support * SSL layer modularised, enabling easier implementation for other SSL libraries * PolarSSL support as a drop-in replacement for OpenSSL * New plug-in API providing direct certificate access, improved logging API and easier to extend in the future * Added 'dev_type' environment variable to scripts and plug-ins - which is set to 'TUN' or 'TAP' * New feature: --management-external-key - to provide access to the encryption keys via the management interface * New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins * New feature: --client-nat support * New feature: --mark which can mark encrypted packets from the tunnel, suitable for more advanced routing and firewalling * New feature: --management-query-proxy - manage proxy settings via the management interface (supercedes --http-proxy-fallback) * New feature: --stale-routes-check, which cleans up the internal routing table * New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name * Improved client-kill management interface command * Improved UTF-8 support - and added --compat-names to provide backwards compatibility with older scripts/plug-ins * Improved auth-pam with COMMONNAME support, passing the certificate's common name in the PAM conversation * More options can now be used inside <connection> blocks * Completely new build system, enabling easier cross-compilation and Windows builds * Much of the code has been better documented * Many documentation updates * Plenty of bug fixes and other code clean-ups
2013-02-10 06:55:07 +01:00
BUILD_DIRS+= src/plugins/auth-pam
BUILD_TARGET= # empty
INSTALL_DIRS= .
INSTALL_TARGET= install
2009-10-30 20:06:06 +01:00
.include "../../mk/pam.buildlink3.mk"
.else
Upgrade OpenVPN to 2.3.0 Bump openvpn-acct-wtmpx to add its licence and to take into account the new location of plugin directory Significant changes since 2.2.x: * Full IPv6 support * SSL layer modularised, enabling easier implementation for other SSL libraries * PolarSSL support as a drop-in replacement for OpenSSL * New plug-in API providing direct certificate access, improved logging API and easier to extend in the future * Added 'dev_type' environment variable to scripts and plug-ins - which is set to 'TUN' or 'TAP' * New feature: --management-external-key - to provide access to the encryption keys via the management interface * New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins * New feature: --client-nat support * New feature: --mark which can mark encrypted packets from the tunnel, suitable for more advanced routing and firewalling * New feature: --management-query-proxy - manage proxy settings via the management interface (supercedes --http-proxy-fallback) * New feature: --stale-routes-check, which cleans up the internal routing table * New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name * Improved client-kill management interface command * Improved UTF-8 support - and added --compat-names to provide backwards compatibility with older scripts/plug-ins * Improved auth-pam with COMMONNAME support, passing the certificate's common name in the PAM conversation * More options can now be used inside <connection> blocks * Completely new build system, enabling easier cross-compilation and Windows builds * Much of the code has been better documented * Many documentation updates * Plenty of bug fixes and other code clean-ups
2013-02-10 06:55:07 +01:00
CONFIGURE_ARGS+= --disable-plugin-auth-pam
2009-10-30 20:06:06 +01:00
.endif