commit: ca31acc706315933f9be168f1647fa9e2f56a273 Author: layman <layman <AT> localhost> AuthorDate: Wed Dec 16 21:54:18 2015 +0000 Commit: Mike Auty <ikelos <AT> gentoo <DOT> org> CommitDate: Wed Dec 16 21:54:18 2015 +0000 URL: https://gitweb.gentoo.org/dev/ikelos.git/commit/?id=ca31acc7
Add in vlan support to openvpn. net-misc/openvpn/ChangeLog | 158 +++ net-misc/openvpn/ChangeLog-2015 | 1286 ++++++++++++++++++++ net-misc/openvpn/Manifest | 16 + .../openvpn/files/2.3.6-disable-compression.patch | 18 + net-misc/openvpn/files/2.3.6-null-cipher.patch | 46 + net-misc/openvpn/files/2.3.6-vlan-support.patch | 1005 +++++++++++++++ net-misc/openvpn/files/65openvpn | 1 + net-misc/openvpn/files/down.sh | 33 + net-misc/openvpn/files/openvpn-2.1.conf | 18 + net-misc/openvpn/files/openvpn-2.1.init | 133 ++ net-misc/openvpn/files/openvpn.init | 63 + net-misc/openvpn/files/openvpn.service | 12 + net-misc/openvpn/files/openvpn.tmpfile | 1 + net-misc/openvpn/files/up.sh | 100 ++ net-misc/openvpn/metadata.xml | 23 + net-misc/openvpn/openvpn-2.3.8-r1.ebuild | 138 +++ 16 files changed, 3051 insertions(+) diff --git a/net-misc/openvpn/ChangeLog b/net-misc/openvpn/ChangeLog new file mode 100644 index 0000000..2e79375 --- /dev/null +++ b/net-misc/openvpn/ChangeLog @@ -0,0 +1,158 @@ +# ChangeLog for net-misc/openvpn +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# (auto-generated from git log) + +*openvpn-9999 (09 Aug 2015) +*openvpn-2.3.8 (09 Aug 2015) +*openvpn-2.3.7 (09 Aug 2015) +*openvpn-2.3.6-r2 (09 Aug 2015) +*openvpn-2.3.6-r1 (09 Aug 2015) +*openvpn-2.3.6 (09 Aug 2015) + + 09 Aug 2015; Robin H. Johnson <robb...@gentoo.org> + +files/2.3.6-disable-compression.patch, +files/2.3.6-null-cipher.patch, + +files/65openvpn, +files/down.sh, +files/openvpn-2.1.conf, + +files/openvpn-2.1.init, +files/openvpn.init, +files/openvpn.service, + +files/openvpn.tmpfile, +files/up.sh, +metadata.xml, +openvpn-2.3.6.ebuild, + +openvpn-2.3.6-r1.ebuild, +openvpn-2.3.6-r2.ebuild, +openvpn-2.3.7.ebuild, + +openvpn-2.3.8.ebuild, +openvpn-9999.ebuild: + proj/gentoo: Initial commit + + This commit represents a new era for Gentoo: + Storing the gentoo-x86 tree in Git, as converted from CVS. + + This commit is the start of the NEW history. + Any historical data is intended to be grafted onto this point. + + Creation process: + 1. Take final CVS checkout snapshot + 2. Remove ALL ChangeLog* files + 3. Transform all Manifests to thin + 4. Remove empty Manifests + 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ + 5.1. Do not touch files with -kb/-ko keyword flags. + + Signed-off-by: Robin H. Johnson <robb...@gentoo.org> + X-Thanks: Alec Warner <anta...@gentoo.org> - did the GSoC 2006 migration + tests + X-Thanks: Robin H. Johnson <robb...@gentoo.org> - infra guy, herding this + project + X-Thanks: Nguyen Thai Ngoc Duy <pclo...@gentoo.org> - Former Gentoo + developer, wrote Git features for the migration + X-Thanks: Brian Harring <ferri...@gentoo.org> - wrote much python to improve + cvs2svn + X-Thanks: Rich Freeman <ri...@gentoo.org> - validation scripts + X-Thanks: Patrick Lauer <patr...@gentoo.org> - Gentoo dev, running new 2014 + work in migration + X-Thanks: Michał Górny <mgo...@gentoo.org> - scripts, QA, nagging + X-Thanks: All of other Gentoo developers - many ideas and lots of paint on + the bikeshed + + 09 Aug 2015; Mikle Kolyada <zlog...@gentoo.org> openvpn-2.3.7.ebuild: + x86 stable wrt bug #556874 + + Package-Manager: portage-2.2.20 + + 09 Aug 2015; Mikle Kolyada <zlog...@gentoo.org> openvpn-2.3.7.ebuild: + ia64 stable wrt bug #556874 + + Package-Manager: portage-2.2.20 + + 09 Aug 2015; Ulrich Müller <u...@gentoo.org> files/down.sh, + files/openvpn-2.1.init, files/up.sh: + [QA] Remove executable bit from files, bug 550434. + + 22 Aug 2015; Jeroen Roovers <j...@gentoo.org> openvpn-2.3.7.ebuild: + Stable for HPPA (bug #556874). + + Package-Manager: portage-2.2.20.1 + + 24 Aug 2015; Jeroen Roovers <j...@gentoo.org> openvpn-2.3.7.ebuild: + Stable for PPC64 (bug #556874). + + Package-Manager: portage-2.2.20.1 + + 24 Aug 2015; Justin Lecher <j...@gentoo.org> metadata.xml: + Use https by default + + Convert all URLs for sites supporting encrypted connections from http to + https + + Signed-off-by: Justin Lecher <j...@gentoo.org> + + 24 Aug 2015; Mike Gilbert <flop...@gentoo.org> metadata.xml: + Revert DOCTYPE SYSTEM https changes in metadata.xml + + repoman does not yet accept the https version. + This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450. + + Bug: https://bugs.gentoo.org/552720 + + 26 Aug 2015; Markus Meier <mae...@gentoo.org> openvpn-2.3.7.ebuild: + arm stable, bug #556874 + + Package-Manager: portage-2.2.20.1 + RepoMan-Options: --include-arches="arm" + + 05 Sep 2015; Mikle Kolyada <zlog...@gentoo.org> openvpn-2.3.8.ebuild: + amd64 stable wrt bug #556874 + + Package-Manager: portage-2.2.20.1 + + 08 Sep 2015; Jeroen Roovers <j...@gentoo.org> openvpn-2.3.8.ebuild: + Stable for HPPA PPC64 (bug #556874). + + Package-Manager: portage-2.2.20.1 + + 15 Sep 2015; Tobias Klausmann <klaus...@gentoo.org> openvpn-2.3.8.ebuild: + add alpha keyword + + Gentoo-Bug: 556874 + + Package-Manager: portage-2.2.20.1 + + 26 Sep 2015; Mikle Kolyada <zlog...@gentoo.org> openvpn-2.3.8.ebuild: + ia64 stable wrt bug #556874 + + Package-Manager: portage-2.2.20.1 + + 27 Sep 2015; Mikle Kolyada <zlog...@gentoo.org> openvpn-2.3.8.ebuild: + x86 stable wrt bug #556874 + + Package-Manager: portage-2.2.20.1 + + 29 Sep 2015; Markus Meier <mae...@gentoo.org> openvpn-2.3.8.ebuild: + arm stable, bug #556874 + + Package-Manager: portage-2.2.20.1 + RepoMan-Options: --include-arches="arm" + + 10 Oct 2015; Mikle Kolyada <zlog...@gentoo.org> openvpn-2.3.8.ebuild: + sparc stable wrt bug #556874 + + Package-Manager: portage-2.2.20.1 + + 12 Nov 2015; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.8.ebuild: + ppc stable wrt bug #556874 + + Package-Manager: portage-2.2.20.1 + RepoMan-Options: --include-arches="ppc" + + 06 Dec 2015; Dirkjan Ochtman <d...@gentoo.org> -openvpn-2.3.6.ebuild, + -openvpn-2.3.6-r1.ebuild, -openvpn-2.3.6-r2.ebuild, -openvpn-2.3.7.ebuild: + remove old versions + + Package-Manager: portage-2.2.20.1 + +*openvpn-2.3.8-r1 (06 Dec 2015) + + 06 Dec 2015; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.3.8-r1.ebuild: + add support for libressl (fixes bug 565242) + + Package-Manager: portage-2.2.20.1 + + 06 Dec 2015; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.3.8-r1.ebuild: + set EAPI=5 in 2.3.8-r1 + + Package-Manager: portage-2.2.20.1 + diff --git a/net-misc/openvpn/ChangeLog-2015 b/net-misc/openvpn/ChangeLog-2015 new file mode 100644 index 0000000..93cb534 --- /dev/null +++ b/net-misc/openvpn/ChangeLog-2015 @@ -0,0 +1,1286 @@ +# ChangeLog for net-misc/openvpn +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openvpn/ChangeLog,v 1.327 2015/08/08 05:13:53 prometheanfire Exp $ + +*openvpn-2.3.8 (08 Aug 2015) + + 08 Aug 2015; Matthew Thode <prometheanf...@gentoo.org> +openvpn-2.3.8.ebuild: + updating to fix asking for the password at init + + 07 Aug 2015; Tobias Klausmann <klaus...@gentoo.org> openvpn-2.3.7.ebuild: + Stable on alpha, bug 556874 + + 06 Aug 2015; Mikle Kolyada <zlog...@gentoo.org> openvpn-2.3.7.ebuild: + amd64 stable wrt bug #556874 + + 12 Jul 2015; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.3.6-r1.ebuild, + openvpn-2.3.6-r2.ebuild, openvpn-2.3.6.ebuild, openvpn-2.3.7.ebuild, + openvpn-9999.ebuild: + Don't default to polarssl, this was introduced accidentally + + 12 Jul 2015; Dirkjan Ochtman <d...@gentoo.org> openvpn-9999.ebuild: + Bring openvpn-9999 in line with 2.3.7 (fix bug 554638) + + 12 Jul 2015; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.3.6-r1.ebuild, + openvpn-2.3.6-r2.ebuild, openvpn-2.3.6.ebuild, openvpn-2.3.7.ebuild: + Remove some accidentally committed debugging cruft + +*openvpn-2.3.7 (12 Jul 2015) + + 12 Jul 2015; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.3.7.ebuild, + metadata.xml: + Version bump openvpn to 2.3.7 (fixes bug 554524, bug 489272, bug 553352, bug + 531474) + +*openvpn-2.3.6-r2 (17 Feb 2015) + + 17 Feb 2015; Dirkjan Ochtman <d...@gentoo.org> + +files/2.3.6-disable-compression.patch, +openvpn-2.3.6-r2.ebuild: + Version bump openvpn to 2.3.6-r2 (fixes bug 537318) + +*openvpn-2.3.6-r1 (08 Feb 2015) + + 08 Feb 2015; Dirkjan Ochtman <d...@gentoo.org> +files/2.3.6-null-cipher.patch, + +openvpn-2.3.6-r1.ebuild: + Fix support for null ciphers (bug 531700; thanks to gen...@nephros.org) + + 18 Jan 2015; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.3.6.ebuild: + Fix minimum version of libpkcs11-helper dependency (fixes bug 536332) + + 28 Dec 2014; Dirkjan Ochtman <d...@gentoo.org> -openvpn-2.3.2.ebuild, + -openvpn-2.3.3.ebuild, -openvpn-2.3.4-r1.ebuild, -openvpn-2.3.5.ebuild: + Remove vulnerable versions of openvpn (bug 531308) + + 26 Dec 2014; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.6.ebuild: + Stable for sparc, wrt bug #531308 + + 23 Dec 2014; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.6.ebuild: + Stable for alpha, wrt bug #531308 + + 16 Dec 2014; Markus Meier <mae...@gentoo.org> openvpn-2.3.6.ebuild: + arm stable, bug #531308 + + 06 Dec 2014; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.6.ebuild: + Stable for ia64, wrt bug #531308 + + 04 Dec 2014; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.6.ebuild: + Stable for ppc64, wrt bug #531308 + + 03 Dec 2014; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.6.ebuild: + Stable for ppc, wrt bug #531308 + + 02 Dec 2014; Mike Gilbert <flop...@gentoo.org> files/openvpn.service: + Revert previous unit file change, bug 527614. + + 02 Dec 2014; Jeroen Roovers <j...@gentoo.org> openvpn-2.3.6.ebuild: + Stable for HPPA (bug #531308). + + 02 Dec 2014; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.6.ebuild: + Stable for x86, wrt bug #531308 + + 02 Dec 2014; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.6.ebuild: + Stable for amd64, wrt bug #531308 + +*openvpn-2.3.6 (01 Dec 2014) + + 01 Dec 2014; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.3.6.ebuild: + Version bump openvpn to 2.3.6 (fixes bug 531308) + + 21 Nov 2014; Tobias Klausmann <klaus...@gentoo.org> openvpn-2.3.4-r1.ebuild: + Stable on alpha, bug 522168 + + 16 Nov 2014; Dirkjan Ochtman <d...@gentoo.org> -openvpn-2.3.1.ebuild, + -openvpn-2.3.4.ebuild: + Remove old versions of openvpn + +*openvpn-2.3.5 (16 Nov 2014) + + 16 Nov 2014; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.3.5.ebuild: + Version bump openvpn to 2.3.5 + + 05 Nov 2014; Mike Gilbert <flop...@gentoo.org> files/openvpn.service: + Use unescaped instance name for PIDFile and config file, bug 527614. + + 02 Nov 2014; Sven Vermeulen <sw...@gentoo.org> openvpn-2.3.4-r1.ebuild, + openvpn-9999.ebuild: + Remove sec-policy/selinux-* dependency from DEPEND but keep in RDEPEND (bug + #527698) + + 05 Oct 2014; Manuel Rüger <mr...@gentoo.org> openvpn-2.3.4-r1.ebuild: + Mark stable on amd64. Bug #522168 + + 21 Sep 2014; Markus Meier <mae...@gentoo.org> openvpn-2.3.4-r1.ebuild: + arm stable, bug #522168 + + 10 Sep 2014; Jeroen Roovers <j...@gentoo.org> openvpn-2.3.4-r1.ebuild: + Stable for HPPA (bug #522168). + + 27 Aug 2014; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.3.ebuild: + Stable for ppc, wrt bug #511668 + + 20 Aug 2014; Raúl Porcel <armi...@gentoo.org> openvpn-2.3.3.ebuild: + ia64/sparc stable wrt bug #511668 + + 26 Jul 2014; Pawel Hajdan jr <phajdan...@gentoo.org> openvpn-2.3.3.ebuild: + x86 stable wrt bug #511668 + + 21 Jul 2014; Chema Alonso <nim...@gentoo.org> openvpn-2.3.3.ebuild: + Stable for amd64 wrt bug #511668 + + 21 Jul 2014; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.3.3.ebuild, + openvpn-2.3.4-r1.ebuild, openvpn-2.3.4.ebuild: + Make pkcs11 USE depend on ssl flag (fixes bug 517660) + + 20 Jul 2014; Tobias Klausmann <klaus...@gentoo.org> openvpn-2.3.3.ebuild: + Stable on alpha, bug #511668 + +*openvpn-2.3.4-r1 (03 Jul 2014) + + 03 Jul 2014; Peter Volkov <p...@gentoo.org> +openvpn-2.3.4-r1.ebuild: + Added systemd USE flag to forward console query to systemd, #515982 + + 09 Jun 2014; Markus Meier <mae...@gentoo.org> openvpn-2.3.3.ebuild: + arm stable, bug #511668 + + 03 Jun 2014; Jeroen Roovers <j...@gentoo.org> openvpn-2.3.3.ebuild: + Stable for HPPA (bug #511668). + +*openvpn-2.3.4 (15 May 2014) + + 15 May 2014; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.3.4.ebuild, + openvpn-2.3.3.ebuild: + Version bump openvpn to 2.3.4 (bug 510372) + + 22 Apr 2014; Dirkjan Ochtman <d...@gentoo.org> + -files/openvpn-2.2.2-pkcs11.patch, -files/openvpn-9999-pkcs11.patch, + -openvpn-2.2.2.ebuild, -openvpn-2.3.0.ebuild: + Remove old versions, patches. + +*openvpn-2.3.3 (22 Apr 2014) + + 22 Apr 2014; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.3.3.ebuild: + Version bump openvpn to 2.3.3 (bug 507758). + + 26 Sep 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.2.ebuild: + Stable for arm, wrt bug #484726 + + 25 Sep 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.2.ebuild: + Stable for ppc, wrt bug #484726 + + 23 Sep 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.2.ebuild: + Stable for sparc, wrt bug #484726 + + 23 Sep 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.2.ebuild: + Stable for ppc64, wrt bug #484726 + + 23 Sep 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.2.ebuild: + Stable for alpha, wrt bug #484726 + + 14 Sep 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.2.ebuild: + Stable for x86, wrt bug #484726 + + 14 Sep 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.2.ebuild: + Stable for amd64, wrt bug #484726 + + 14 Sep 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.2.ebuild: + Stable for ia64, wrt bug #484726 + + 13 Sep 2013; Jeroen Roovers <j...@gentoo.org> openvpn-2.3.2.ebuild: + Stable for HPPA (bug #484726). + + 26 Aug 2013; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.3.2.ebuild: + No dies needed here. + +*openvpn-2.3.2 (10 Jun 2013) + + 10 Jun 2013; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.3.2.ebuild: + Version bump openvpn to 2.3.2 (bug 472542). + + 09 Jun 2013; Mike Frysinger <vap...@gentoo.org> metadata.xml: + Add upstream CPE tag (security info) from ChromiumOS. + + 09 Jun 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for sh, wrt bug #468756 + + 01 Jun 2013; Pacho Ramos <pa...@gentoo.org> metadata.xml: + Cleanup due bug #151880 + + 26 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for s390, wrt bug #468756 + + 20 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for s390, wrt bug #468364 + + 11 May 2013; Jeroen Roovers <j...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for HPPA (bug #468756). + + 11 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for sparc, wrt bug #468756 + + 11 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for ppc, wrt bug #468756 + + 11 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for ppc64, wrt bug #468756 + + 11 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for ia64, wrt bug #468756 + + 11 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for arm, wrt bug #468756 + + 11 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for alpha, wrt bug #468756 + + 11 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for x86, wrt bug #468756 + + 11 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.1.ebuild: + Stable for amd64, wrt bug #468756 + + 08 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for sh, wrt bug #468364 + + 08 May 2013; Jeroen Roovers <j...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for HPPA (bug #468364). + + 07 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for ppc64, wrt bug #468364 + + 07 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for sparc, wrt bug #468364 + + 07 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for ia64, wrt bug #468364 + + 05 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for alpha, wrt bug #468364 + + 05 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for arm, wrt bug #468364 + + 03 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for ppc, wrt bug #468364 + + 03 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for x86, wrt bug #468364 + + 03 May 2013; Agostino Sarubbo <a...@gentoo.org> openvpn-2.3.0.ebuild: + Stable for amd64, wrt bug #468364 + + 03 May 2013; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.3.1.ebuild: + Fix USE flag order for 2.3.1. + + 03 May 2013; Dirkjan Ochtman <d...@gentoo.org> openvpn-9999.ebuild: + Add polarssl for 9999 ebuild (thanks to josh.ce...@usa.net). + +*openvpn-2.3.1 (03 May 2013) + + 03 May 2013; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.3.1.ebuild: + Version bump to 2.3.1, add polarssl support (bug 463984, thanks to + josh.ce...@usa.net). + + 20 Feb 2013; Zac Medico <zmed...@gentoo.org> openvpn-2.3.0.ebuild: + Add ~arm-linux keyword. + + 09 Feb 2013; Dirkjan Ochtman <d...@gentoo.org> files/up.sh: + Add metric to openresolv if possible (thanks Alon Bar-Lev, bug 391175). + + 25 Jan 2013; Kacper Kowalik <xarthis...@gentoo.org> +files/openvpn.service, + +files/openvpn.tmpfile, openvpn-2.3.0.ebuild: + Add unit and tmp file for systemd compatibility. Fixes bug 448884 + + 24 Jan 2013; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.3.0.ebuild: + Emit message about split out easy-rsa. + + 12 Jan 2013; Dirkjan Ochtman <d...@gentoo.org> openvpn-9999.ebuild: + Update live ebuild with changes for 2.3.0 (bug 415995). + + 12 Jan 2013; Dirkjan Ochtman <d...@gentoo.org> + -files/openvpn-2.1_rc13-peercred.patch, -files/openvpn-2.1_rc20-pkcs11.patch, + -openvpn-2.1.4.ebuild, -files/openvpn-2.2.0-pkcs11.patch, metadata.xml: + Remove old versions and files. + +*openvpn-2.3.0 (12 Jan 2013) + + 12 Jan 2013; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.3.0.ebuild, + metadata.xml: + Version bump to 2.3.0 (bug 451376) with updated build system (bug 415995). + + 06 Jan 2013; Torsten Veller <t...@gentoo.org> openvpn-2.2.2.ebuild: + Drop duplicate arches from KEYWORDS + + 09 Sep 2012; Justin Lecher <j...@gentoo.org> openvpn-2.1.4.ebuild, + openvpn-2.2.2.ebuild, openvpn-9999.ebuild: + Drop unnessecary PN and '.' from DESCRIPTION + + 23 Aug 2012; Fabian Groffen <grob...@gentoo.org> openvpn-2.2.2.ebuild, + openvpn-9999.ebuild: + Drop ~x86-macos, it doesn't compile, and we don't care enough to fix it + + 23 Aug 2012; Christoph Junghans <ott...@gentoo.org> openvpn-2.2.2.ebuild: + added prefix keywords (bug #417519) + + 29 Jul 2012; Raúl Porcel <armi...@gentoo.org> openvpn-2.2.2.ebuild: + alpha/ia64/s390/sh/sparc stable wrt #415847 + + 01 Jun 2012; Zac Medico <zmed...@gentoo.org> openvpn-2.1.4.ebuild, + openvpn-2.2.2.ebuild, openvpn-9999.ebuild: + inherit user for enewgroup and enewuser + + 27 May 2012; Markus Meier <mae...@gentoo.org> openvpn-2.2.2.ebuild: + arm stable, bug #415847 + + 23 May 2012; Jeroen Roovers <j...@gentoo.org> openvpn-2.2.2.ebuild: + Stable for HPPA (bug #415847). + + 23 May 2012; Brent Baude <ran...@gentoo.org> openvpn-2.2.2.ebuild: + Marking openvpn-2.2.2 ppc64 for bug 415847 + + 22 May 2012; Brent Baude <ran...@gentoo.org> openvpn-2.2.2.ebuild: + Marking openvpn-2.2.2 ppc for bug 415847 + + 18 May 2012; Jeff Horelick <jdh...@gentoo.org> openvpn-2.2.2.ebuild: + marked x86 per bug 415847 + + 14 May 2012; Agostino Sarubbo <a...@gentoo.org> openvpn-2.2.2.ebuild: + Stable for amd64, wrt bug #415847 + + 14 May 2012; Dirkjan Ochtman <d...@gentoo.org> -openvpn-2.2.0-r1.ebuild: + Remove old version. + + 14 May 2012; Dirkjan Ochtman <d...@gentoo.org> openvpn-9999.ebuild: + Update live ebuild to deal with new build system (thanks Alon Bar-Lev, bug + 409577). + + 14 Apr 2012; Zac Medico <zmed...@gentoo.org> openvpn-2.2.2.ebuild: + Add ~amd64-linux keyword. + + 01 Mar 2012; Dirkjan Ochtman <d...@gentoo.org> openvpn-9999.ebuild: + Fix CVS header in live ebuild. + +*openvpn-9999 (01 Mar 2012) + + 01 Mar 2012; Dirkjan Ochtman <d...@gentoo.org> +openvpn-9999.ebuild, + +files/openvpn-9999-pkcs11.patch: + Add live ebuild (bug 385375). Thanks to Marcel Pennewiß. + + 23 Feb 2012; Christian Faulhammer <fa...@gentoo.org> + files/openvpn-2.1_rc20-pkcs11.patch, +files/openvpn-2.2.0-pkcs11.patch: + Make patch application work again, see bug 404269 + + 17 Feb 2012; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.2.2.ebuild: + Remove reference to old ipv6 use flag, bug 404137. + + 17 Feb 2012; Dirkjan Ochtman <d...@gentoo.org> -openvpn-2.2.0.ebuild: + Remove old version, fixing bug 401747. + + 16 Feb 2012; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.2.2.ebuild: + Make 2.2.2 have +ssl (bug 404111). + +*openvpn-2.2.2 (16 Feb 2012) + + 16 Feb 2012; Dirkjan Ochtman <d...@gentoo.org> + files/openvpn-2.1_rc20-pkcs11.patch, +openvpn-2.2.2.ebuild, + +files/openvpn-2.2.2-pkcs11.patch: + Version bump to 2.2.2 (bug 383537), some cleanups from darkside. + + 29 Jul 2011; Zac Medico <zmed...@gentoo.org> openvpn-2.2.0-r1.ebuild: + Add ~x86-linux keyword. + + 28 Jul 2011; Zac Medico <zmed...@gentoo.org> openvpn-2.2.0-r1.ebuild: + Fix for prefix. + +*openvpn-2.2.0-r1 (01 May 2011) + + 01 May 2011; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.2.0-r1.ebuild: + Fix issues with docdir and remaining eurephia mentions (bug 365487). + + 30 Apr 2011; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.2.0.ebuild: + Upgrade to EAPI=4 for 2.2.0, get rid of prepalldocs. + + 30 Apr 2011; Dirkjan Ochtman <d...@gentoo.org> -openvpn-2.1.2.ebuild, + -openvpn-2.1.3.ebuild: + Remove old versions. + +*openvpn-2.2.0 (30 Apr 2011) + + 30 Apr 2011; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.2.0.ebuild: + Version bump to 2.2.0, add ipv6 payload support (bug 335563). + + 21 Mar 2011; Kacper Kowalik <xarthis...@gentoo.org> openvpn-2.1.4.ebuild: + ppc/ppc64 stable wrt #354661 + + 20 Mar 2011; Raúl Porcel <armi...@gentoo.org> openvpn-2.1.4.ebuild: + s390/sh/sparc stable wrt #354661 + + 13 Mar 2011; Markus Meier <mae...@gentoo.org> openvpn-2.1.4.ebuild: + arm stable, bug #354661 + + 08 Mar 2011; Tobias Klausmann <klaus...@gentoo.org> openvpn-2.1.4.ebuild: + Stable on alpha, bug #354661 + + 03 Mar 2011; Thomas Kahle <to...@gentoo.org> openvpn-2.1.4.ebuild: + x86 stable per bug 354661 + + 21 Feb 2011; Jeroen Roovers <j...@gentoo.org> openvpn-2.1.4.ebuild: + Stable for HPPA (bug #354661). + + 13 Feb 2011; Markos Chandras <hwoar...@gentoo.org> openvpn-2.1.4.ebuild: + Stable on amd64 wrt bug #354661 + + 10 Jan 2011; Brent Baude <ran...@gentoo.org> openvpn-2.1.3.ebuild: + stable ppc, bug 342897 + + 28 Dec 2010; Brent Baude <ran...@gentoo.org> openvpn-2.1.3.ebuild: + stable ppc64, bug 342897 + +*openvpn-2.1.4 (14 Dec 2010) + + 14 Dec 2010; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.1.4.ebuild: + Version bump to 2.1.4. + + 05 Dec 2010; Raúl Porcel <armi...@gentoo.org> openvpn-2.1.3.ebuild: + alpha/s390/sh/sparc stable wrt #342897 + + 03 Nov 2010; Markus Meier <mae...@gentoo.org> openvpn-2.1.3.ebuild: + arm stable, bug #342897 + + 03 Nov 2010; Pawel Hajdan jr <phajdan...@gentoo.org> openvpn-2.1.3.ebuild: + x86 stable wrt bug #342897 + + 29 Oct 2010; Jeroen Roovers <j...@gentoo.org> openvpn-2.1.3.ebuild: + Stable for HPPA (bug #342897). + + 28 Oct 2010; Markos Chandras <hwoar...@gentoo.org> openvpn-2.1.3.ebuild: + Stable on amd64 wrt bug #342897 + + 28 Oct 2010; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.1.3.ebuild: + Fix QA issues for bug 342933. + + 27 Oct 2010; Dirkjan Ochtman <d...@gentoo.org> +files/65openvpn, + openvpn-2.1.3.ebuild: + Add CONFIG_PROTECT for /usr/share/openvpn/easy-rsa, as suggested by + hwoarang. + + 19 Oct 2010; Dirkjan Ochtman <d...@gentoo.org> + -files/openvpn-2.0.9-pam.patch, -files/openvpn-2.0.9-persistent.patch, + -openvpn-2.1.0-r1.ebuild: + Clean up cruft from old versions. + + 19 Oct 2010; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.1.3.ebuild: + Update ebuild to use new path_exists function. + + 19 Oct 2010; Jeroen Roovers <j...@gentoo.org> openvpn-2.1.2.ebuild: + Stable for HPPA (bug #338919). + + 15 Oct 2010; Brent Baude <ran...@gentoo.org> openvpn-2.1.2.ebuild: + stable ppc, bug 338919 + + 12 Oct 2010; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.1.3.ebuild: + Improved 2.1.3 ebuild; thanks to pva for the review. + + 12 Oct 2010; Raúl Porcel <armi...@gentoo.org> openvpn-2.1.2.ebuild: + alpha/arm/s390/sh/sparc stable wrt #338919 + + 06 Oct 2010; Markus Meier <mae...@gentoo.org> openvpn-2.1.2.ebuild: + x86 stable, bug #338919 + + 30 Sep 2010; Brent Baude <ran...@gentoo.org> openvpn-2.1.2.ebuild: + stable ppc64, bug 338919 + + 28 Sep 2010; Markos Chandras <hwoar...@gentoo.org> openvpn-2.1.2.ebuild: + Stable on amd64 wrt bug #338919 + +*openvpn-2.1.3 (27 Sep 2010) + + 27 Sep 2010; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.1.3.ebuild: + Version bump to 2.1.3. + + 27 Sep 2010; Dirkjan Ochtman <d...@gentoo.org> -openvpn-2.0.9.ebuild, + -openvpn-2.1_rc15.ebuild: + Clean up old versions. + + 07 Sep 2010; Joseph Jezak <jos...@gentoo.org> openvpn-2.1.0-r1.ebuild, + openvpn-2.1.2.ebuild: + Change altivec fix to work on ppc64 as well. + + 06 Sep 2010; Brent Baude <ran...@gentoo.org> openvpn-2.1.0-r1.ebuild: + Marking openvpn-2.1.0-r1 ppc64 for bug 293894 + + 04 Sep 2010; Raúl Porcel <armi...@gentoo.org> openvpn-2.1.0-r1.ebuild: + alpha/s390/sh/sparc stable wrt #293894 + + 28 Aug 2010; Markus Meier <mae...@gentoo.org> openvpn-2.1.0-r1.ebuild: + arm stable, bug #293894 + + 25 Aug 2010; Jeroen Roovers <j...@gentoo.org> openvpn-2.1.0-r1.ebuild: + Stable for HPPA PPC (bug #293894). + + 24 Aug 2010; Pawel Hajdan jr <phajdan...@gentoo.org> + openvpn-2.1.0-r1.ebuild: + x86 stable wrt security bug #293894 + + 23 Aug 2010; Markos Chandras <hwoar...@gentoo.org> + openvpn-2.1.0-r1.ebuild: + Stable on amd64 wrt bug #293894 + + 23 Aug 2010; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.1.0-r1.ebuild, + openvpn-2.1.2.ebuild: + Get rid of useless threads flag. + +*openvpn-2.1.2 (23 Aug 2010) + + 23 Aug 2010; Dirkjan Ochtman <d...@gentoo.org> +openvpn-2.1.2.ebuild: + Version bump to 2.1.2. + + 23 Aug 2010; Dirkjan Ochtman <d...@gentoo.org> openvpn-2.1.0-r1.ebuild: + Remove built_with_use, upgrade to EAPI=2. + + 23 Aug 2010; Dirkjan Ochtman <d...@gentoo.org> -openvpn-2.0.6.ebuild, + -openvpn-2.0.7-r2.ebuild, -files/openvpn-2.0.7-pam.patch, + -files/openvpn-2.0.7-persistent.patch, -openvpn-2.1_rc19.ebuild, + -openvpn-2.1_rc20.ebuild, -openvpn-2.1_rc21.ebuild: + Clean up old versions. + + 23 Aug 2010; Dirkjan Ochtman <d...@gentoo.org> metadata.xml: + Add myself as a maintainer. + + 28 Feb 2010; Cédric Krier <c...@gentoo.org> files/openvpn-2.1.init, + files/openvpn.init: + Fix init scripts to work with tabs for bug #301619 + + 28 Feb 2010; Cédric Krier <c...@gentoo.org> openvpn-2.1.0-r1.ebuild: + Filter out -maltivec on ppc for bug #293840 + +*openvpn-2.1.0-r1 (29 Dec 2009) + + 29 Dec 2009; Cédric Krier <c...@gentoo.org> -openvpn-2.1.0.ebuild, + +openvpn-2.1.0-r1.ebuild, -files/openvpn-2.1.0-stdbool.patch: + Remove stdbool patch for bug #297854 + +*openvpn-2.1.0 (19 Dec 2009) + + 19 Dec 2009; Cédric Krier <c...@gentoo.org> +openvpn-2.1.0.ebuild, + +files/openvpn-2.1.0-stdbool.patch: + Version bump and add patch for bug #293840 + +*openvpn-2.1_rc21 (15 Nov 2009) + + 15 Nov 2009; Cédric Krier <c...@gentoo.org> +openvpn-2.1_rc21.ebuild: + Version bump + + 10 Oct 2009; Cédric Krier <c...@gentoo.org> openvpn-2.1_rc20.ebuild, + metadata.xml: + Add eurephia patch for bug #272079 + +*openvpn-2.1_rc20 (10 Oct 2009) + + 10 Oct 2009; Cédric Krier <c...@gentoo.org> +openvpn-2.1_rc20.ebuild, + +files/openvpn-2.1_rc20-pkcs11.patch: + Version bump with ipv6 patch for bug #287896 and patch for bug #273586 + + 10 Oct 2009; Cédric Krier <c...@gentoo.org> files/openvpn-2.1.init: + Remove --nobind from init script for bug #282721 + + 10 Oct 2009; Raúl Porcel <armi...@gentoo.org> openvpn-2.0.9.ebuild: + sh/sparc stable wrt #272546 + + 10 Oct 2009; Raúl Porcel <armi...@gentoo.org> openvpn-2.1_rc15.ebuild: + s390/sh/sparc stable wrt #280072 + + 04 Oct 2009; Markus Meier <mae...@gentoo.org> openvpn-2.1_rc15.ebuild: + arm stable, bug #280072 + + 26 Sep 2009; Brent Baude <ran...@gentoo.org> openvpn-2.1_rc15.ebuild: + Marking openvpn-2.1_rc15 ppc64 for bug 280072 + + 29 Aug 2009; nixnut <nix...@gentoo.org> openvpn-2.1_rc15.ebuild: + ppc stable #280072 + + 29 Aug 2009; nixnut <nix...@gentoo.org> openvpn-2.0.9.ebuild: + ppc stable #272546 + + 28 Aug 2009; Tobias Klausmann <klaus...@gentoo.org> + openvpn-2.1_rc15.ebuild: + Stable on alpha, bug #280072 + + 19 Aug 2009; Jeroen Roovers <j...@gentoo.org> openvpn-2.1_rc15.ebuild: + Stable for HPPA (bug #280072). + + 05 Aug 2009; <chain...@gentoo.org> openvpn-2.1_rc15.ebuild: + Marked stable on AMD64 as requested by Cédric Krier <c...@gentoo.org> in + bug #280072. Compile-tested on a Core2 Duo, no suitable network + environment to test. + + 04 Aug 2009; Christian Faulhammer <fa...@gentoo.org> + openvpn-2.1_rc15.ebuild: + stable x86, bug 280072 + +*openvpn-2.1_rc19 (01 Aug 2009) + + 01 Aug 2009; Cédric Krier <c...@gentoo.org> +openvpn-2.1_rc19.ebuild: + Version bump + + 28 Jun 2009; Brent Baude <ran...@gentoo.org> openvpn-2.0.9.ebuild: + Marking openvpn-2.0.9 ppc64 for bug 272546 + + 21 Jun 2009; Cédric Krier <c...@gentoo.org> openvpn-2.1_rc15.ebuild: + Remove empty doc dir for bug #272994 + + 21 Jun 2009; Cédric Krier <c...@gentoo.org> openvpn-2.1_rc15.ebuild: + Add missing -Wall for plugin + + 21 Jun 2009; Cédric Krier <c...@gentoo.org> openvpn-2.0.9.ebuild: + Add missing missing file for easy-rsa for bug #273586 + + 21 Jun 2009; Cédric Krier <c...@gentoo.org> openvpn-2.1_rc15.ebuild: + Fix CFLAGS and LDFLAGS in plugin for bug #263136 + + 11 Jun 2009; Jeroen Roovers <j...@gentoo.org> openvpn-2.0.9.ebuild: + Stable for HPPA (bug #272546). + + 07 Jun 2009; Tobias Klausmann <klaus...@gentoo.org> openvpn-2.0.9.ebuild: + Stable on alpha, bug #272546 + + 07 Jun 2009; Markus Meier <mae...@gentoo.org> openvpn-2.0.9.ebuild: + amd64/x86 stable, bug #272546 + + 28 May 2009; Cédric Krier <c...@gentoo.org> openvpn-2.1_rc15.ebuild: + Fix bad header and missing RDEPEND + + 28 May 2009; Cédric Krier <c...@gentoo.org> files/up.sh: + Fix invalid resolv.conf when DOMAIN is empty for bug #269614 + + 15 Apr 2009; Cédric Krier <c...@gentoo.org> files/up.sh: + Fix up.sh to add search for all domains for bug #259382 + +*openvpn-2.1_rc15 (03 Jan 2009) + + 03 Jan 2009; Cédric Krier <c...@gentoo.org> -openvpn-2.1_rc13.ebuild, + +openvpn-2.1_rc15.ebuild: + Version bump + + 02 Nov 2008; Cédric Krier <c...@gentoo.org> + +files/openvpn-2.1_rc13-peercred.patch, openvpn-2.1_rc13.ebuild: + Add peercred patch for bug #245181 + +*openvpn-2.1_rc13 (01 Nov 2008) + + 01 Nov 2008; Cédric Krier <c...@gentoo.org> + -files/openvpn-2.1_rc9-tests.patch, -openvpn-2.1_rc9.ebuild, + +openvpn-2.1_rc13.ebuild: + Version bump + + 01 Nov 2008; Cédric Krier <c...@gentoo.org> files/openvpn-2.1.init: + Fix init script for bug #234667 + + 28 Sep 2008; Cédric Krier <c...@gentoo.org> + +files/openvpn-2.1_rc9-tests.patch, openvpn-2.1_rc9.ebuild: + Add tests patch for bug #236877 + + 02 Aug 2008; Cédric Krier <c...@gentoo.org> files/openvpn-2.1.init: + Add --script-security 2 for bug #233657 + +*openvpn-2.1_rc9 (01 Aug 2008) + + 01 Aug 2008; Cédric Krier <c...@gentoo.org> + -files/openvpn-2.1_rc7-tap.patch, -openvpn-2.1_rc7-r2.ebuild, + +openvpn-2.1_rc9.ebuild: + Version bump + +*openvpn-2.0.9 (14 May 2008) + + 14 May 2008; Cédric Krier <c...@gentoo.org> + +files/openvpn-2.0.9-pam.patch, +files/openvpn-2.0.9-persistent.patch, + +openvpn-2.0.9.ebuild: + Version bump + + 13 May 2008; Cédric Krier <c...@gentoo.org> metadata.xml: + Take ownership, after Alon Bar-Lev left + +*openvpn-2.1_rc7-r2 (18 Apr 2008) + + 18 Apr 2008; Alon Bar-Lev <alo...@gentoo.org> + files/openvpn-2.1_rc7-tap.patch, -openvpn-2.1_rc7-r1.ebuild, + +openvpn-2.1_rc7-r2.ebuild: + Fix tun (again), bug#218129, thanks to Sigmatador + +*openvpn-2.1_rc7-r1 (16 Apr 2008) + + 16 Apr 2008; Alon Bar-Lev <alo...@gentoo.org> + files/openvpn-2.1_rc7-tap.patch, -openvpn-2.1_rc7.ebuild, + +openvpn-2.1_rc7-r1.ebuild: + Fix typeo in tun, bug#217956, thanks to Sigmatador + + 17 Feb 2008; Christoph Mende <ange...@gentoo.org> openvpn-2.0.7-r2.ebuild: + Stable on amd64, bug #209177 + + 12 Feb 2008; Raúl Porcel <armi...@gentoo.org> openvpn-2.0.7-r2.ebuild: + alpha/sparc stable wrt #209177 + +*openvpn-2.1_rc7 (09 Feb 2008) + + 09 Feb 2008; Alon Bar-Lev <alo...@gentoo.org> + -files/openvpn-2.1_rc4-ip6-mss.patch, + -files/openvpn-2.1_rc6-iproute.patch, +files/openvpn-2.1_rc7-tap.patch, + -openvpn-2.1_rc4-r2.ebuild, -openvpn-2.1_rc6-r1.ebuild, + +openvpn-2.1_rc7.ebuild: + Version bump, fix bug#209055 + + 08 Feb 2008; Tobias Scherbaum <dertobi...@gentoo.org> + openvpn-2.0.7-r2.ebuild: + ppc stable, bug #209177 + + 07 Feb 2008; Jeroen Roovers <j...@gentoo.org> openvpn-2.0.7-r2.ebuild: + Stable for HPPA (bug #209177). + + 07 Feb 2008; Christian Faulhammer <op...@gentoo.org> + openvpn-2.0.7-r2.ebuild: + restrict tests if USE=ssl is not set + + 07 Feb 2008; Christian Faulhammer <op...@gentoo.org> + openvpn-2.0.7-r2.ebuild: + stable x86, bug 209177 + + 07 Feb 2008; Brent Baude <ran...@gentoo.org> openvpn-2.0.7-r2.ebuild: + stable ppc64, bug 209177 + + 30 Jan 2008; Alon Bar-Lev <alo...@gentoo.org> files/down.sh, files/up.sh: + If SVCNAME does not exist avoid doing service magic + + 29 Jan 2008; Diego Pettenò <flamee...@gentoo.org> files/openvpn-2.1.init, + files/openvpn.init: + Fix init script dependencies to work without a boot runlevel. + +*openvpn-2.1_rc6-r1 (25 Jan 2008) + + 25 Jan 2008; Alon Bar-Lev <alo...@gentoo.org> + +files/openvpn-2.1_rc6-iproute.patch, -openvpn-2.1_rc6.ebuild, + +openvpn-2.1_rc6-r1.ebuild: + Fix iproute issue, bug#207320, thanks to Graham Murray + +*openvpn-2.1_rc6 (24 Jan 2008) + + 24 Jan 2008; Alon Bar-Lev <alo...@gentoo.org> -openvpn-2.1_rc5.ebuild, + +openvpn-2.1_rc6.ebuild: + Version bump + +*openvpn-2.1_rc5 (23 Jan 2008) + + 23 Jan 2008; Alon Bar-Lev <alo...@gentoo.org> +openvpn-2.1_rc5.ebuild: + Version bump + + 21 Dec 2007; Alon Bar-Lev <alo...@gentoo.org> metadata.xml: + Take ownership, after Roy left + + 25 Sep 2007; Roy Marples <uberl...@gentoo.org> files/openvpn-2.1.conf, + files/openvpn-2.1.init, files/down.sh, files/up.sh: + PEER_DNS now allows OpenVPN to create /etc/resolv.conf or not, #193668 + + 25 Sep 2007; Roy Marples <uberl...@gentoo.org> files/down.sh, files/up.sh: + Pass parameters to service specific scripts, #193724 thanks to Sergiy Borodych + + 15 Sep 2007; Roy Marples <uberl...@gentoo.org> + -files/openvpn-2.0.4-darwin.patch, openvpn-2.0.6.ebuild, + openvpn-2.0.7-r2.ebuild, openvpn-2.1_rc4-r2.ebuild: + ppc-macos keyword and patch dropped + +*openvpn-2.1_rc4-r2 (16 Aug 2007) + + 16 Aug 2007; Roy Marples <uberl...@gentoo.org> + +files/openvpn-2.1_rc4-ip6-mss.patch, +openvpn-2.1_rc4-r2.ebuild: + Add a patch to fix mss for IPv6. + + 09 Jul 2007; Roy Marples <uberl...@gentoo.org> openvpn-2.1_rc4.ebuild, + openvpn-2.1_rc4-r1.ebuild: + Remove BSD warning about MTU as it no longer applies (I think) + + 08 Jul 2007; Roy Marples <uberl...@gentoo.org> files/openvpn-2.1.conf, + files/openvpn-2.1.init: + RE_ENTER config variable allows custom up/down scripts to re-enter openvpn. + Should fix #133107. + +*openvpn-2.1_rc4-r1 (29 Jun 2007) + + 29 Jun 2007; Roy Marples <uberl...@gentoo.org> +files/openvpn-2.1.conf, + files/openvpn-2.1.init, +openvpn-2.1_rc4-r1.ebuild: + DETECT_CLIENT config directive now controls init script behaviour, #181000. + IPv6 support added, #183457 thanks to Marcel Pennewiß. + + 08 Jun 2007; Joshua Kinard <ku...@gentoo.org> openvpn-2.0.7-r2.ebuild: + Marked unstable on mips, per #181074. + +*openvpn-2.1_rc4 (26 Apr 2007) + + 26 Apr 2007; Roy Marples <uberl...@gentoo.org> +openvpn-2.1_rc4.ebuild: + Bump, fixes #176001 thanks to boris64. + + 16 Apr 2007; Roy Marples <uberl...@gentoo.org> + +files/openvpn-2.1_rc2-freebsd.patch, openvpn-2.0.6.ebuild, + openvpn-2.0.7.ebuild, openvpn-2.0.7-r1.ebuild, openvpn-2.0.7-r2.ebuild, + openvpn-2.1_rc2.ebuild: + static USE flag now does what it says on the tin, #174786 + thanks to Michael Gisbers. + Added a patch to clean up compile and install on FreeBSD. + + 09 Mar 2007; Roy Marples <uberl...@gentoo.org> files/openvpn-2.1.init: + Hide ifconfig errors on FreeBSD. + Use printf instead of echo -e so we work on all POSIX shells. + +*openvpn-2.1_rc2 (04 Mar 2007) + + 04 Mar 2007; Roy Marples <uberl...@gentoo.org> +openvpn-2.1_rc2.ebuild: + Bumpage. + +*openvpn-2.1_rc1-r2 (23 Feb 2007) +*openvpn-2.0.7-r2 (23 Feb 2007) + + 23 Feb 2007; Roy Marples <uberl...@gentoo.org> files/openvpn-2.1.init, + files/down.sh, files/openvpn.init, files/up.sh, +openvpn-2.0.7-r2.ebuild, + +openvpn-2.1_rc1-r2.ebuild: + Init scripts no longer require bash. + + 07 Feb 2007; Roy Marples <uberl...@gentoo.org> files/down.sh, files/up.sh: + up.sh and down.sh no longer require bash. + + 05 Jan 2007; Diego Pettenò <flamee...@gentoo.org> openvpn-2.0.6.ebuild, + openvpn-2.0.7.ebuild, openvpn-2.0.7-r1.ebuild, openvpn-2.1_rc1.ebuild, + openvpn-2.1_rc1-r1.ebuild: + Remove gnuconfig_update usage, leave it to econf. + +*openvpn-2.1_rc1-r1 (08 Nov 2006) +*openvpn-2.0.7-r1 (08 Nov 2006) + + 08 Nov 2006; Roy Marples <uberl...@gentoo.org> + +files/openvpn-2.0.7-persistent.patch, + +files/openvpn-2.1_rc1-persistent.patch, +openvpn-2.0.7-r1.ebuild, + +openvpn-2.1_rc1-r1.ebuild: + Added patches to enable txqueuelen when making a persistent interface, #150791 + + 06 Nov 2006; Roy Marples <uberl...@gentoo.org> openvpn-2.0.6.ebuild, + openvpn-2.0.7.ebuild, -openvpn-2.1_beta15.ebuild, openvpn-2.1_rc1.ebuild: + die if iproute2 support was requested, but built with the minimal USE flag. + Fixes #154191 thanks to Martin Scherer. + +*openvpn-2.1_rc1 (02 Nov 2006) + + 02 Nov 2006; Roy Marples <uberl...@gentoo.org> +openvpn-2.1_rc1.ebuild: + New upstream version. + + 01 Nov 2006; Roy Marples <uberl...@gentoo.org> files/openvpn-2.1.init, + files/up.sh: + Ensure we work with all bash versions. + + 17 Oct 2006; Roy Marples <uberl...@gentoo.org> openvpn-2.0.7.ebuild, + openvpn-2.1_beta15.ebuild: + Added ~sparc-fbsd keyword. + + 14 Oct 2006; Roy Marples <uberl...@gentoo.org> files/openvpn-2.1.init: + Quiet stopping. + + 11 Oct 2006; Roy Marples <uberl...@gentoo.org> + +files/openvpn-2.0.7-pam.patch, openvpn-2.0.7.ebuild, + openvpn-2.1_beta15.ebuild: + Add a patch so we work with both LinuxPAM and OpenPAM correctly. + + 05 Oct 2006; Markus Rothe <cors...@gentoo.org> openvpn-2.1_beta15.ebuild: + Added ~ppc64 + + 13 Sep 2006; Roy Marples <uberl...@gentoo.org> -openvpn-2.1_beta14.ebuild, + openvpn-2.1_beta15.ebuild: + Fix plugin install, #147308 again. + +*openvpn-2.1_beta15 (12 Sep 2006) + + 12 Sep 2006; Roy Marples <uberl...@gentoo.org> files/up.sh, + +openvpn-2.1_beta15.ebuild: + Version bump, #147308 thanks to Alon Bar-Lev. + Fix up.sh for FreeBSD. + + 10 Sep 2006; Roy Marples <uberl...@gentoo.org> files/openvpn-2.1.init: + Add FreeBSD support + + 08 Jul 2006; Markus Rothe <cors...@gentoo.org> openvpn-2.0.6.ebuild: + Stable on ppc64 + + 06 Jul 2006; Roy Marples <uberl...@gentoo.org> files/openvpn-2.1.init, + files/openvpn.init: + Allow periods in config names, #139454 thanks to Ed Catmur. + +*openvpn-2.0.7 (29 Jun 2006) + + 29 Jun 2006; Roy Marples <uberl...@gentoo.org> +openvpn-2.0.7.ebuild: + Bump, #138250, thanks to Armando Di Cianno. + + 15 May 2006; Brent Baude <ran...@gentoo.org> openvpn-2.0.6.ebuild: + Marking openvpn-2.0.6 ~ppc64 per bug request 133417 + + 12 May 2006; Roy Marples <uberl...@gentoo.org> files/down.sh, files/up.sh: + up.sh and down.sh now save and restore resolv.conf if we don't + have resolvconf installed, #132932. + + 10 May 2006; Roy Marples <uberl...@gentoo.org> openvpn-2.1_beta14.ebuild, + files/up.sh: + up.sh no longer overwrites resolv.conf if no dns + information has been given to us by openvpn. + + Dropped the smartcard USE flag and opensc dependency as requested by the + openvpn pcks11 patch author Alon Bar-Lev, #118435. + +*openvpn-2.1_beta14 (09 May 2006) + + 09 May 2006; Roy Marples <uberl...@gentoo.org> +files/openvpn-2.1.init, + +files/down.sh, +files/up.sh, +openvpn-2.1_beta14.ebuild: + New upstream beta release with smartcard support (#118435). + We now add an openvpn user/group so you can drop root if you wish (#120425). + + If you use the remote keyword in your config then you are deemed to be a + client and we force our up/down scripts to be used. These scripts start/stop + any services depending on openvpn AND apply any DNS information to resolvconf + or /etc/resolv.conf directly if resolvconf is not installed. + + 05 May 2006; Roy Marples <uberl...@gentoo.org> files/openvpn.init: + Tweak init script to start before netmount. + + 24 Apr 2006; Roy Marples <uberl...@gentoo.org> -openvpn-2.0.5-r2.ebuild, + openvpn-2.0.6.ebuild: + Stop installing INSTALL document. + + 09 Apr 2006; Fabian Groffen <grob...@gentoo.org> openvpn-2.0.6.ebuild: + Marked ppc-macos stable (bug #128888) + + 08 Apr 2006; Bryan Østergaard <klo...@gentoo.org openvpn-2.0.6.ebuild: + Stable on alpha, bug 128888. + + 07 Apr 2006; Rene Nussbaumer <killer...@gentoo.org> openvpn-2.0.6.ebuild: + Stable on hppa. See bug #128888. + + 05 Apr 2006; Andrej Kacian <ti...@gentoo.org> openvpn-2.0.6.ebuild: + Stable on x86, bug #128888. + + 05 Apr 2006; Patrick McLean <chutz...@gentoo.org> openvpn-2.0.6.ebuild: + Stable on amd64 (bug 128888). + + 05 Apr 2006; Gustavo Zacarias <gusta...@gentoo.org> openvpn-2.0.6.ebuild: + Stable on sparc wrt security #128888 + + 05 Apr 2006; Tobias Scherbaum <dertobi...@gentoo.org> + openvpn-2.0.6.ebuild: + ppc stable, bug #128888 + +*openvpn-2.0.6 (05 Apr 2006) + + 05 Apr 2006; Roy Marples <uberl...@gentoo.org> +openvpn-2.0.6.ebuild: + New upstream release. + + 08 Feb 2006; Roy Marples <uberl...@gentoo.org> openvpn-2.0.5-r2.ebuild: + Marking stable on ppc-macos so I can punt older versions, #117111. + It's just an init script anyway, so shouldn't affect things. + + 07 Feb 2006; Aron Griffis <agrif...@gentoo.org> openvpn-2.0.5-r2.ebuild: + Mark 2.0.5-r2 stable on alpha + + 05 Feb 2006; Guy Martin <gms...@gentoo.org> openvpn-2.0.5-r2.ebuild: + Stable on hppa. + + 08 Jan 2006; Carsten Lohrke <ca...@gentoo.org> metadata.xml: + One maintainer retired, one left. + + 05 Jan 2006; Simon Stelling <bl...@gentoo.org> openvpn-2.0.5-r2.ebuild: + stable on amd64 + + 02 Jan 2006; Michael Hanselmann <han...@gentoo.org> + openvpn-2.0.5-r2.ebuild: + Stable on ppc. + + 30 Dec 2005; Roy Marples <uberl...@gentoo.org> openvpn-2.0.5-r2.ebuild: + Stable on x86, #117111. + + 30 Dec 2005; Gustavo Zacarias <gusta...@gentoo.org> + openvpn-2.0.5-r2.ebuild: + Stable on sparc wrt #117111 + + 08 Nov 2005; Roy Marples <uberl...@gentoo.org> -openvpn-2.0.1.ebuild, + -openvpn-2.0.2.ebuild, -openvpn-2.0.2-r3.ebuild, -openvpn-2.0.4-r1.ebuild, + -openvpn-2.0.4-r2.ebuild, -openvpn-2.0.5-r1.ebuild: + Punted a few versions. + +*openvpn-2.0.5-r2 (06 Nov 2005) + + 06 Nov 2005; Roy Marples <uberl...@gentoo.org> openvpn-2.0.5.ebuild, + +openvpn-2.0.5-r2.ebuild: + easyrsa pkitool is now installed, #111635. + easyrsa no longer gets installed when minimum USE flag is set. + + 06 Nov 2005; Simon Stelling <bl...@gentoo.org> openvpn-2.0.5.ebuild: + stable on amd64 wrt bug 111116 + + 05 Nov 2005; Bryan Østergaard <klo...@gentoo.org> openvpn-2.0.5.ebuild: + Stable on alpha, bug 111116. + + 04 Nov 2005; Gustavo Zacarias <gusta...@gentoo.org> openvpn-2.0.5.ebuild: + Stable on sparc wrt #111116 + + 04 Nov 2005; Fabian Groffen <grob...@gentoo.org> openvpn-2.0.5.ebuild: + Marked ppc-macos for bug #111116 (again) + + 04 Nov 2005; Mark Loeser <halc...@gentoo.org> openvpn-2.0.5.ebuild: + Stable on x86; bug #111116 + + 03 Nov 2005; Michael Hanselmann <han...@gentoo.org> openvpn-2.0.5.ebuild: + Stable on ppc. See bug #111116. + +*openvpn-2.0.5-r1 (03 Nov 2005) +*openvpn-2.0.5 (03 Nov 2005) + + 03 Nov 2005; Roy Marples <uberl...@gentoo.org> +openvpn-2.0.5.ebuild, + +openvpn-2.0.5-r1.ebuild: + Version bump - fixes some serious issues 2.0.4 had + 2.0.5 has old init script + 2.0.5-r1 has new init script + + 03 Nov 2005; Roy Marples <uberl...@gentoo.org> openvpn-2.0.4-r1.ebuild, + openvpn-2.0.4-r2.ebuild: + easy-rsa now gets installed properly, #111351 + + 03 Nov 2005; Gustavo Zacarias <gusta...@gentoo.org> + openvpn-2.0.4-r1.ebuild: + Stable on sparc wrt #111116 + + 02 Nov 2005; Fabian Groffen <grob...@gentoo.org> + +files/openvpn-2.0.4-darwin.patch, openvpn-2.0.4-r1.ebuild, + openvpn-2.0.4-r2.ebuild: + Fixed compilation problem on Darwin and marked ppc-macos (bug #111116) + +*openvpn-2.0.4-r2 (02 Nov 2005) +*openvpn-2.0.4-r1 (02 Nov 2005) + + 02 Nov 2005; Roy Marples <uberl...@gentoo.org> -openvpn-2.0.4.ebuild, + +openvpn-2.0.4-r1.ebuild, +openvpn-2.0.4-r2.ebuild: + 2.0.4 removed as it had the new init script + 2.0.4-r1 added with old init script + 2.0.4-r2 added with new init script + + 02 Nov 2005; Roy Marples <uberl...@gentoo.org> openvpn-2.0.4.ebuild: + Fixed pam issue when building plugins, #111267 + + 02 Nov 2005; Michael Hanselmann <han...@gentoo.org> openvpn-2.0.4.ebuild: + Stable on ppc. + + 02 Nov 2005; Andrej Kacian <ti...@gentoo.org> openvpn-2.0.4.ebuild: + Stable on x86, security bug #111116. + +*openvpn-2.0.4 (02 Nov 2005) + + 02 Nov 2005; Roy Marples <uberl...@gentoo.org> metadata.xml, + +openvpn-2.0.4.ebuild: + Added myself as a maintainer until luckyduck comes back online + + Version bump, wrt bug #111116 + + Examples flag really now works, #100943 + + init script now appends the --cd option only when the same option + is not specified in the config file, #109363 + + 15 Oct 2005; Roy Marples <uberl...@gentoo.org> openvpn-2.0.2-r3.ebuild: + plugins now really install to /usr/lib/openvpn + +*openvpn-2.0.2-r3 (14 Oct 2005) + + 14 Oct 2005; Roy Marples <uberl...@gentoo.org> files/openvpn.init, + -openvpn-2.0.2-r2.ebuild, +openvpn-2.0.2-r3.ebuild: + init script now modprobes tun if /dev/tun does not exist and errors + if tun/tap support is not enabled in the kernel + + iproute2 USE flag fixed as --disable-iproute2 also enables it in the Makefile + +*openvpn-2.0.2-r2 (14 Oct 2005) + + 14 Oct 2005; Roy Marples <uberl...@gentoo.org> files/openvpn.init, + -openvpn-2.0.2-r1.ebuild, +openvpn-2.0.2-r2.ebuild: + Rev bump for new init script which stops properly on baselayout-1.11 and + earlier. + + 14 Oct 2005; Roy Marples <uberl...@gentoo.org> openvpn-2.0.2-r1.ebuild: + Added net-tools as a dependency if iproute2 USE flag is not used. + +*openvpn-2.0.2-r1 (13 Oct 2005) + + 13 Oct 2005; Roy Marples <uberl...@gentoo.org> +files/openvpn.init, + +openvpn-2.0.2-r1.ebuild: + New init script which allows more granular control of seperate vpns, #105439 + Install all docs, #100943 + new iproute2 USE flag, #98782 thanks to Sean Lynn + new static USE flag, #105479 thanks to Clemens Noss + new minimal USE flag which decides to build bundled plugins or not, #103711 + +*openvpn-2.0.2 (19 Sep 2005) + + 19 Sep 2005; Seemant Kulleen <seem...@gentoo.org> -openvpn-2.0.ebuild, + -openvpn-2.0-r1.ebuild, +openvpn-2.0.2.ebuild: + version bump to newest upstream release. wfm, and luckyduck is missing. + Closes bug #103913 + + 15 Sep 2005; Aron Griffis <agrif...@gentoo.org> openvpn-2.0.1.ebuild: + Mark 2.0.1 stable on alpha + + 30 Aug 2005; Gustavo Zacarias <gusta...@gentoo.org> openvpn-2.0.1.ebuild: + Stable on sparc wrt #102871 + + 24 Aug 2005; Olivier Crête <tes...@gentoo.org> openvpn-2.0.1.ebuild: + Stable on x86 per security bug #102871 + + 21 Aug 2005; Fabian Groffen <grob...@gentoo.org> openvpn-2.0.1.ebuild: + Stable on ppc-macos (bug #102871) + + 21 Aug 2005; Michael Hanselmann <han...@gentoo.org> openvpn-2.0.1.ebuild: + Stable on ppc. + + 21 Aug 2005; Luis Medinas <metal...@gentoo.org> openvpn-2.0.1.ebuild: + Marked Stable on AMD64. Fixes bug #102871. + +*openvpn-2.0.1 (21 Aug 2005) + + 21 Aug 2005; petre rodan <kaio...@gentoo.org> +openvpn-2.0.1.ebuild: + version bump as per security bug #102871; added selinux RDEPEND + + 25 Jun 2005; Jan Brinkmann <luckyd...@gentoo.org> openvpn-2.0-r1.ebuild: + -r1 installs the initscript again, fixes #96855. + + 18 Jun 2005; Jason Wever <we...@gentoo.org> openvpn-2.0.ebuild: + Stable on SPARC. + + 09 Jun 2005; Jan Brinkmann <luckyd...@gentoo.org> openvpn-2.0-r1.ebuild: + Minor fixes. + +*openvpn-2.0-r1 (30 May 2005) + + 30 May 2005; Jan Brinkmann <luckyd...@gentoo.org> files/openvpn, + +openvpn-2.0-r1.ebuild: + make use of our initscript again, fixes #94350. the initscript now supports + checking if a connection is already online, see #92369 for details. thanks + to Christian Hesse <m...@earthworm.de> for the suggestion. + + 28 May 2005; Jan Brinkmann <luckyd...@gentoo.org> openvpn-2.0.ebuild: + stable on amd64, ppc and x86 + + 07 May 2005; Jeffrey Forman <jfor...@gentoo.org> openvpn-1.6.0.ebuild: + openvpn-1.6.0 stable on sparc + + 01 May 2005; Jan Brinkmann <luckyd...@gentoo.org> openvpn-1.5.0-r1.ebuild, + openvpn-1.6.0.ebuild: + marked 1.6.0 stable on amd64 and x86, some cosmetic changes. + + 29 Apr 2005; Jan Brinkmann <luckyd...@gentoo.org> metadata.xml: + herd -> secure-tunneling + + 29 Apr 2005; Jan Brinkmann <luckyd...@gentoo.org> openvpn-2.0.ebuild: + added a compatibility warning. + +*openvpn-2.0 (29 Apr 2005) + + 29 Apr 2005; Jan Brinkmann <luckyd...@gentoo.org> metadata.xml, + -openvpn-1.1.0.ebuild, -openvpn-1.3.1.ebuild, -openvpn-1.3.2.ebuild, + -openvpn-1.3.2-r1.ebuild, -openvpn-1.4.2.ebuild, -openvpn-1.5.0.ebuild, + +openvpn-2.0.ebuild: + added ebuild for 2.0, fixes #50767. also updated metadata.xml, took over + maintainership. did some cleanup, removed older versions. introduced support + for the examples useflag. + + 05 Feb 2005; <so...@gentoo.org> openvpn-1.5.0-r1.ebuild, + openvpn-1.6.0.ebuild: + - q/a fix. os-headers are not needed in RDEPEND + + 23 Jan 2005; Daniel Black <dragonhe...@gentoo.org> openvpn-1.5.0-r1.ebuild, + openvpn-1.6.0.ebuild: + threads is now a global use flags. Changed pthreads to threads. + + 29 Dec 2004; Ciaran McCreesh <ciar...@gentoo.org> : + Change encoding to UTF-8 for GLEP 31 compliance + + 18 Dec 2004; Simon Stelling <bl...@gentoo.org> openvpn-1.6.0.ebuild: + added ~amd64 + + 24 Nov 2004; Kito <k...@gentoo.org> openvpn-1.6.0.ebuild: + added ~ppc-macos. closes bug Bug 72324 + + 17 Oct 2004; <so...@gentoo.org> openvpn-1.5.0-r1.ebuild, + openvpn-1.6.0.ebuild: + added gnuconfig_update for bug #61187 + +*openvpn-1.6.0 (02 Oct 2004) + + 02 Oct 2004; Joshua Charles Campbell <warpz...@gentoo.org> openvpn-1.6.0.ebuild: + Version bump + + 02 Oct 2004; Bryan Østergaard <klo...@gentoo.org> openvpn-1.5.0-r1.ebuild: + Keyword ~alpha, bug 65839. + + 25 Aug 2004; Sven Wegener <swege...@gentoo.org> openvpn-1.1.0.ebuild, + openvpn-1.3.1.ebuild, openvpn-1.3.2-r1.ebuild, openvpn-1.3.2.ebuild, + openvpn-1.4.2.ebuild, openvpn-1.5.0-r1.ebuild, openvpn-1.5.0.ebuild: + Changed SRC_URI to use mirror:// syntax. + + 09 Jul 2004; Travis Tilley <l...@gentoo.org> openvpn-1.5.0-r1.ebuild, + openvpn-1.5.0.ebuild: + switch linux-headers dependency to virtual/os-headers + + 25 Mar 2004; Jason Wever <we...@gentoo.org> openvpn-1.5.0-r1.ebuild: + Marked stable on sparc. + +*openvpn-1.5.0-r1 (15 Mar 2004) + + 15 Mar 2004; <warpz...@gentoo.org> metadata.xml, openvpn-1.5.0-r1.ebuild; + Added pthreads support and made the ebuild actually consider its use flags, wow. + +*openvpn-1.5.0 (24 Dec 2003) + +*openvpn-1.4.2 (03 Aug 2003) + + 03 Aug 2003; <warpz...@gentoo.org> metadata.xml, openvpn-1.5.0.ebuild: + version 1.5.0 added + fixed init script added. Closes several bugs. + +*openvpn-1.4.2 (03 Aug 2003) + + 03 Aug 2003; <warpz...@gentoo.org> metadata.xml, openvpn-1.4.2.ebuild: + ~ppc keyword + +*openvpn-1.4.2 (03 Aug 2003) + + 03 Aug 2003; <warpz...@gentoo.org> metadata.xml, openvpn-1.4.2.ebuild: + version 1.4.2 added + + 06 Dec 2002; Rodney Rees <man...@gentoo.org> : changed sparc ~sparc keywords + +*openvpn-1.3.2-r1 (20 May 2003) + + 20 May 2003; Ryan Phillips <rphill...@gentoo.org> openvpn-1.3.2-r1.ebuild : + Included init script. Bug #20085 Fixed. Submitted by Warp Zero + +*openvpn-1.3.2 (31 Jan 2003) + + 31 Jan 2003; Ryan Phillips <rphill...@gentoo.org> openvpn-1.3.2 : + + new version. + +*openvpn-1.3.1 (15 Jul 2002) + + 15 Jul 2002; Ryan Phillips <rphill...@gentoo.org> openvpn-1.3.1 : + + new version. Thanks to Marko Mikulicic + +*openvpn-1.1.0 (26 May 2002) + + 09 Jul 2002; phoen][x <phoe...@gentoo.org> openvpn-1.1.0.ebuild : + Added KEYWORDS. + + 26 May 2002; Mike Jones <ashmo...@gentoo.org> ChangeLog, openvpn-1.1.0.ebuild: + Added initial ChangeLog which should be updated whenever the package is + updated in any way. This changelog is targetted to users. This means that the + comments should well explained and written in clean English. The details about + writing correct changelogs are explained in the skel.ChangeLog file which you + can find in the root directory of the portage repository. + diff --git a/net-misc/openvpn/Manifest b/net-misc/openvpn/Manifest new file mode 100644 index 0000000..83bfe3b --- /dev/null +++ b/net-misc/openvpn/Manifest @@ -0,0 +1,16 @@ +AUX 2.3.6-disable-compression.patch 579 SHA256 644068d1925a7b2866a4afaef15ebb27f5bbf1b55eed0894d34f7603c230bd9a SHA512 56acdd4716df4f6a0367fd583296718e30d3fa4b6b129159f61f913eba97769943a2354e9b51572314a206f68a20def091a89aec12bc942d94b05369128d3a97 WHIRLPOOL 1fb293d49f63a75cb772c262d9a55a6cb00be0f154387bf4fb3e9be1602038bd70348fad5f1a2b714fa7b45cbcd36a4db2c6f1441f3a00aff7d51732b3629708 +AUX 2.3.6-null-cipher.patch 1531 SHA256 a3f8ac3630c9887d18d21e0ac9781d615cf8dff277c070306b36c5d0faa8a1ac SHA512 0aa288af3c0b43977bf84b099ea28dbf7ab9a1096d76e8f706989570984c70a4c298430eac35b0c80eab8bc05e6072d965c20a9e3689e7448e759abb92c93fb2 WHIRLPOOL cbefb2a1b6d63373890a76d3a6153335f8d05b07e4546893e7a8871c653d39f06941615181308fbf41a07cf702b2a730dfacc6a01840efdbfbeaf301a58362bb +AUX 2.3.6-vlan-support.patch 32652 SHA256 5b53cd595b77c8c391b9ad4844028b8524b9d6e877a5a6ae36ce82dff0eea2a3 SHA512 a28532cf98c47a79bce3f87683560b3bff7f5ec727d709eaa12543f8c2b4285b8cca49aa69f591d93c8d13ef7ab901f835eec72776cc27da693058293e14627d WHIRLPOOL fe42ad83d82f1e57b9de8a44bc8a03220d3e2f28b797d7144714ced3b34a8d4d7daf66351fbcc712e56599fc6eb5414077c839df8ffd6616eae38c2b6258d724 +AUX 65openvpn 45 SHA256 d5758e39fdc75dcbb5a788b1afa743c3c1f08c63c535aa32c300b965474d765c SHA512 713345092b60d1322d3fa96fd72d69ed82dbfee5031a675114bc60acfdacaf0811f6bf4530cf937ca5a86b3f2665b28951b9087ec91c2c0faf75bdaf1e25bdbb WHIRLPOOL 534e7dcf2ac953e9ec5de05810022471cb26a16806cd036f25d02550e20f8aaa91410bd005bc7a5e4a549d8a40d01ae317be1d1e1e25d91ed989bbbea7ede9d2 +AUX down.sh 943 SHA256 39debebcd8c899f20e6d355cbc8eaab46e28b83a9f6c33a94c065688a4f3d2c7 SHA512 5defd61edf11cc63f3f8f60bef7fa730c4bcdd2545d664bd94666dd3aea80bd9d190263d8835a555e4287a594f6fce0f52426aed49c60233ff637a2a6164a997 WHIRLPOOL c66fd1e016656fe83d7f55b77bf232058397f9cd3054abe13ec006c227afe6746ee4ada310ff43761ec95510f736b8e542f136711d648642eecafe055975c57e +AUX openvpn-2.1.conf 892 SHA256 330149a83684ddabe413d134d4c8efad4c88b18c2ab67165014deff5f7fffad2 SHA512 982ade883afbe2e656a9cbbe36c31c0e8b4f7bbbe5b63df9f7b834f02a9153032fb7445c85d3e91f62c68a7ddd13c3afbf420fb71cdd13d9c4b69f867bdd9f37 WHIRLPOOL 6ef644826e1e9e2a100e0fa20b5c9190e92c9e08a366dee28dccf3f70fa0593f3c4d271e42db3920630f03704aa2aef8e84d9efbb2b4b6a0d08e74bb340fb0a5 +AUX openvpn-2.1.init 4186 SHA256 d1b1f8a00935d77521bceb62535350444df3470fa45f4d33c3934051a1bb595b SHA512 7ecd0b4dc7341ea0df598752bec8ae6011bea7973ed9dbf17a12c308aed46362e1507fcb3a3bb26049619747f2f819deec1a42c6dce2c13d2a769f1e37735a2f WHIRLPOOL 9d34c438b7d9e45678e2aa48ab42a68b9e2801423688c6280cbb4934a8ef04cbf8a7953a061659f57fb02adf535596ac9313268c29e2dc18cffbf7315681da82 +AUX openvpn.init 1486 SHA256 c4b9e0899fa5ee0b90c5100da7711dc7a6a5658f10042b0feda9e7efb90a11cf SHA512 450595b9ec82ded74c26ed9f73182122e05f53655262a342b195dcedfe63a06a5d9927a3bbe50d0d04f810cc786ac3eb78843877f426c893e165b967bc8ac012 WHIRLPOOL e549221283b4b92c9ada312a746c4ad4c645493c1c844ddaddefecee4c31e17bd4bd8555618408e065c83143e157aaf7e75b44f01abe43f507835df2aa1149d3 +AUX openvpn.service 335 SHA256 a63a6e1505f2b3e20f2c82588dd0c23da9d8c750e1f36fec2ba20a8b5b0c9de1 SHA512 fbd41b80253aaae6750301ac95d8b3bf09e3a70556cc0513792c8e06faa70a716233d134d4928295f381f0f235fcde0eeac9cfa074924b6666a4b46ff7cf91a9 WHIRLPOOL 16f44d10ab03110a21a69716fbac2e64e5376426edd26783d7946d928dd0cc106810126436488843da8e16277d3aa83d208fe50c4aebd9cff86526ce1762b215 +AUX openvpn.tmpfile 39 SHA256 ef3453056a26487d27908d5ced124285403d8e88deb843fccdba9f6724966826 SHA512 659713b35eee340f2b6578796f4335dda391aa635892e802e3f2531f31c9470460b4e4b3be45457f81f3b08b7d60ce15d16f8d70b968fbf24f846ef5f8611a58 WHIRLPOOL 19e4611ffda68a99851921ccaf3a99d04350cd3e0d8833136da151119c267edc383ff96162aa47a2f77171ae908ad011e4119a7a18961ed0bddcbf38d997b976 +AUX up.sh 2865 SHA256 d887ee065261affd849227fa27e092cf66549d824a698f302312d15f787dd840 SHA512 35201b0e60ad20358080007e595eb4f96d186ba8e88f0485c55d164c28e3d78a12f3e09347ba3d76abb9b8b03fb4a53664bd74ab484be1548090022b956925fd WHIRLPOOL 8d25a66d192a6710466d149aec7a1719dfe91558205e8ba7e25b93e58869c8fedc96ba4ce2aedb0595b7e0b63299e6e41be1ba82c6b93ae6bbbb26d409c9bf51 +DIST openvpn-2.3.8.tar.gz 1214843 SHA256 532435eff61c14b44a583f27b72f93e7864e96c95fe51134ec0ad4b1b1107c51 SHA512 b619283d87eea2e47a2f0dfdbf0ffd1d10388fbdaadb33b43c7a2743748a4814f869fad6215d32fab156664d554ae94af456e7bf496890c68e6729b153d76db9 WHIRLPOOL 4868c735ca5e65b34f477457ea38eb6db45fae80563490d1e39ece9bf29b13976dd82d50d054da70c4ee146cb2e88e847bafc3f7ff47112d4494fa0f408d65d0 +EBUILD openvpn-2.3.8-r1.ebuild 4381 SHA256 2192986546297c598950830a4679bb4cce2c89095c1b638a777a1a7c78b59140 SHA512 ea1bf18b97897459bc7f8ae39d8f785b8b9e0cd9826ca934f955e4e566b4b835286a10c834dd1794ec1e9eeeac4f58b6c0f6f51bd7e253fc0140c7778fad8a42 WHIRLPOOL daa7b6e766df85f7ca940d6a18b3c119a1b9772ee2009065b023b71f35db56a35dabbb6041982220b4f951206c971a554dbc3ea0ac1bfe3353a6f5915bd66a2f +MISC ChangeLog 5210 SHA256 c07b34e233cf871beb74436576e8e2ed35a3f697d019546c8d46704cc81fb8e4 SHA512 5dceca6859e3f9b52e0de28721bd6054d6b76fc46a0c10a9e0f2781f0f2b97d9c81279ce9bc8dabca8bef75f5698d9e1f1febcd6250a97e9e87bbd96e5917d96 WHIRLPOOL 1d3fb678aafdad476d302a2ff66d91a19209eff8a69946f8acb5d9f5d6bb25f4b15a7877d6d17f95e54cf1149bed73205b6f45408f29614b0e721e97e1ac61f5 +MISC ChangeLog-2015 45794 SHA256 5934bd3b7fb69833e6a786bff437d0322694e126d2448b3a72c771aff9888052 SHA512 66728563ecab8aabb1dc5ae24fb141a59573bc6e3bf8baa3a78d40dc4d5dc083a70ad76eef883f6efd968850aeece364d2534512ea00dc7ea349ef9e0d128afc WHIRLPOOL 60cd7cdce8fa00c525ba5814bd151fe043692b70cbdac13cec36644c7c695db3b7c24d444cbf3f6f38246e52c9b2f7e9f766fb13ec07196c40d038c881e9e340 +MISC metadata.xml 988 SHA256 f8d77075b01a7250cfe43ecc06a635ffabe022b9c59eff660a236aff040d84dc SHA512 986f7a5de176f45aeed2e03770cc6b8ac0f1a55f410127c6c7b666255e742a483393db5c85e32f78c2f5e683e8124c3d907acb151245c2a982e587a59e1a4f2c WHIRLPOOL 10e57141519cfeefb7bfa89f0c3a1f4fea64067f8245c123545c85a48934294f694e5d3e888959f215aeccfa97fb54e500b31d4163e76942d80c5d3a6aebdc5f diff --git a/net-misc/openvpn/files/2.3.6-disable-compression.patch b/net-misc/openvpn/files/2.3.6-disable-compression.patch new file mode 100644 index 0000000..d9d1c76 --- /dev/null +++ b/net-misc/openvpn/files/2.3.6-disable-compression.patch @@ -0,0 +1,18 @@ +https://community.openvpn.net/openvpn/changeset/5d5233778868ddd568140c394adfcfc8e3453245/ + +--- openvpn-2.3.6/src/openvpn/ssl_openssl.c.orig 2014-11-29 23:00:35.000000000 +0800 ++++ openvpn-2.3.6/src/openvpn/ssl_openssl.c 2015-01-12 21:14:30.186993686 +0800 +@@ -238,6 +238,13 @@ + if (tls_ver_min > TLS_VER_1_2 || tls_ver_max < TLS_VER_1_2) + sslopt |= SSL_OP_NO_TLSv1_2; + #endif ++ ++#ifdef SSL_OP_NO_COMPRESSION ++ msg (M_WARN, "[Workaround] disable SSL compression"); ++ sslopt |= SSL_OP_NO_COMPRESSION; ++#endif ++ ++ + SSL_CTX_set_options (ctx->ctx, sslopt); + } + diff --git a/net-misc/openvpn/files/2.3.6-null-cipher.patch b/net-misc/openvpn/files/2.3.6-null-cipher.patch new file mode 100644 index 0000000..1e831cf --- /dev/null +++ b/net-misc/openvpn/files/2.3.6-null-cipher.patch @@ -0,0 +1,46 @@ +The "really fix cipher none" patch has been merged to release/2.3 and master: + +commit 785838614afc20d362b64907b0212e9a779e2287 (release/2.3) +commit 98156e90e1e83133a6a6a020db8e7333ada6156b (master) + +diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h +index 8749878..4e45df0 100644 +--- a/src/openvpn/crypto_backend.h ++++ b/src/openvpn/crypto_backend.h +@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt); + * + * @return true iff the cipher is a CBC mode cipher. + */ +-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) +- __attribute__((nonnull)); ++bool cipher_kt_mode_cbc(const cipher_kt_t *cipher); + + /** + * Check if the supplied cipher is a supported OFB or CFB mode cipher. +@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) + * + * @return true iff the cipher is a OFB or CFB mode cipher. + */ +-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) +- __attribute__((nonnull)); ++bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher); + + + /** +diff --git a/tests/t_lpback.sh b/tests/t_lpback.sh +index 8f88ad9..d7792cd 100755 +--- a/tests/t_lpback.sh ++++ b/tests/t_lpback.sh +@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \ + # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5) + CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' ) + ++# Also test cipher 'none' ++CIPHERS=${CIPHERS}$(printf "\nnone") ++ + "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$ + set +e + +-- +1.9.1 + diff --git a/net-misc/openvpn/files/2.3.6-vlan-support.patch b/net-misc/openvpn/files/2.3.6-vlan-support.patch new file mode 100644 index 0000000..e06645d --- /dev/null +++ b/net-misc/openvpn/files/2.3.6-vlan-support.patch @@ -0,0 +1,1005 @@ +diff --git a/configure.ac b/configure.ac +index 9132468..5646af5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -257,6 +257,12 @@ AC_ARG_ENABLE( + [enable_systemd="no"] + ) + ++AC_ARG_ENABLE(vlan-tagging, ++ [ --disable-vlan-tagging Disable support for 802.1Q-based VLAN tagging], ++ [VLAN_TAGGING="$enableval"], ++ [VLAN_TAGGING="yes"] ++) ++ + AC_ARG_WITH( + [special-build], + [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])], +@@ -1160,6 +1166,10 @@ if test "${enable_plugin_auth_pam}" = "yes"; then + fi + fi + ++if test "$VLAN_TAGGING" = "yes"; then ++ AC_DEFINE(ENABLE_VLAN_TAGGING, 1, [Enable 802.1Q-based VLAN tagging/untagging]) ++fi ++ + CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`" + AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings]) + +diff --git a/doc/openvpn.8 b/doc/openvpn.8 +index a8c189c..e8e222a 100644 +--- a/doc/openvpn.8 ++++ b/doc/openvpn.8 +@@ -3623,6 +3623,109 @@ connection is torn down. + + Not implemented on Windows. + .\"********************************************************* ++.TP ++.B \-\-vlan\-tagging ++Turns the OpenVPN server instance into a switch that understands VLAN-tagging, ++based on IEEE 802.1Q. ++ ++The tap device and each of the connecting clients is seen as a port of the ++switch. All client ports are in untagged mode and the tap device is ++VLAN-tagged, untagged or accepts both, depending on the ++.B \-\-vlan\-accept ++setting. ++ ++Ethernet frames with a prepended 802.1Q tag are called "tagged". If the VLAN ++Identifier (VID) field in such a tag is non-zero, the frame is called ++"VLAN-tagged". If the VID is zero, but the Priority Control Point (PCP) field ++is non-zero, the frame is called "prio-tagged". If there is no 802.1Q tag, the ++frame is "untagged". ++ ++Using the ++.B \-\-vlan\-pvid v ++option once per client, each port can be associated with a certain VID. Packets ++can only be distributed between ports with a matching VID. Therefore, clients ++with differing VIDs are completely separated from one-another, even if ++.B \-\-client-to-client ++is activated. ++ ++The filtering of packets takes place in the OpenVPN server. Clients do not ++need support for VLAN tagging. ++ ++The ++.B \-\-vlan\-tagging ++option is off by default. While turned off, OpenVPN ++does no parsing and accepts any Ethernet frames. ++ ++The option can only be activated in ++.B \-\-dev tap ++mode. ++ ++.\"********************************************************* ++.TP ++.B \-\-vlan\-accept all | tagged | untagged ++Allows the tap device's VLAN tagging policy to be configured. You can choose ++between the following modes: ++ ++.B all ++(default) -- Admit all frames. ++.br ++.B tagged ++-- Admit only VLAN-tagged frames. ++.br ++.B untagged ++-- Admit only untagged and priority-tagged frames. ++ ++(Note: Some vendors refer to switch ports running in ++.B tagged ++mode as "trunk ports" and switch ports running in ++.B untagged ++mode as "access ports".) ++ ++Incoming untagged or priority-tagged packets from clients are assigned with the ++client's Port VLAN Identifier (PVID) as their VID. In ++.B untagged ++mode, incoming untagged or priority-tagged packets on the tap device are ++associated with the global ++.B \-\-vlan\-pvid ++setting. In ++.B tagged ++mode, any incoming untagged or priority-tagged packets are dropped. For ++VLAN-tagged packets, any priority information is lost as soon as the ++VLAN-tagging is removed. ++ ++In ++.B tagged ++mode, packets going out through the tap device are VLAN-tagged with the ++originating client's VID. ++ ++In ++.B all ++mode, incoming tagged packets are handled the same way as in ++.B tagged ++mode. Incoming untagged packets are handled as in ++.B untagged ++mode. Outgoing packets are tagged, unless the VID matches the global PVID, in ++which case the packets go out untagged. ++.\"********************************************************* ++.TP ++.B \-\-vlan\-pvid v ++Specifies which VLAN identifier a "port" is associated with. Not valid without ++\fB\-\-vlan\-tagging\fR. ++ ++In client context, the setting specifies which VLAN identifier a client is ++associated with. In global context, the tap device's VLAN identifier is set. ++The latter only makes sense in ++.B \-\-vlan\-accept untagged ++and ++.B \-\-vlan\-accept all ++mode. ++ ++Valid values for ++.B v ++go from 1 through to 4094. Defaults to 1. ++ ++In some switch implementations, the PVID is also referred to as "Native VLAN". ++.\"********************************************************* + .SS Client Mode + Use client mode when connecting to an OpenVPN server + which has +diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h +index 3ee4ebc..2ebec47 100644 +--- a/src/openvpn/errlevel.h ++++ b/src/openvpn/errlevel.h +@@ -149,6 +149,8 @@ + #define D_PF_DROPPED_BCAST LOGLEV(7, 71, M_DEBUG) /* packet filter dropped a broadcast packet */ + #define D_PF_DEBUG LOGLEV(7, 72, M_DEBUG) /* packet filter debugging, must also define PF_DEBUG in pf.h */ + ++#define D_VLAN_DEBUG LOGLEV(7, 72, M_DEBUG) /* show VLAN tagging/untagging debug info */ ++ + #define D_HANDSHAKE_VERBOSE LOGLEV(8, 70, M_DEBUG) /* show detailed description of each handshake */ + #define D_TLS_DEBUG_MED LOGLEV(8, 70, M_DEBUG) /* limited info from tls_session routines */ + #define D_INTERVAL LOGLEV(8, 70, M_DEBUG) /* show interval.h debugging info */ +diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c +index ba4ef46..dc9183b 100644 +--- a/src/openvpn/mroute.c ++++ b/src/openvpn/mroute.c +@@ -210,12 +210,28 @@ mroute_extract_addr_ipv4 (struct mroute_addr *src, + return ret; + } + ++static void mroute_copy_ether_to_addr(struct mroute_addr *maddr, ++ const uint8_t *eth_addr, ++ uint16_t vid) ++{ ++ maddr->type = MR_ADDR_ETHER; ++ maddr->netbits = 0; ++ memcpy (maddr->addr, eth_addr, 6); ++#ifdef ENABLE_VLAN_TAGGING ++ maddr->len = 8; ++ memcpy (maddr->addr + 6, &vid, 2); ++#else ++ maddr->len = 6; ++#endif ++} ++ + unsigned int + mroute_extract_addr_ether (struct mroute_addr *src, + struct mroute_addr *dest, + struct mroute_addr *esrc, + struct mroute_addr *edest, +- const struct buffer *buf) ++ const struct buffer *buf, ++ uint16_t vid) + { + unsigned int ret = 0; + if (BLEN (buf) >= (int) sizeof (struct openvpn_ethhdr)) +@@ -223,17 +239,11 @@ mroute_extract_addr_ether (struct mroute_addr *src, + const struct openvpn_ethhdr *eth = (const struct openvpn_ethhdr *) BPTR (buf); + if (src) + { +- src->type = MR_ADDR_ETHER; +- src->netbits = 0; +- src->len = 6; +- memcpy (src->addr, eth->source, 6); ++ mroute_copy_ether_to_addr(src, eth->source, vid); + } + if (dest) + { +- dest->type = MR_ADDR_ETHER; +- dest->netbits = 0; +- dest->len = 6; +- memcpy (dest->addr, eth->dest, 6); ++ mroute_copy_ether_to_addr(dest, eth->dest, vid); + + /* ethernet broadcast/multicast packet? */ + if (is_mac_mcast_addr (eth->dest)) +@@ -248,7 +258,16 @@ mroute_extract_addr_ether (struct mroute_addr *src, + struct buffer b = *buf; + if (buf_advance (&b, sizeof (struct openvpn_ethhdr))) + { +- switch (ntohs (eth->proto)) ++ uint16_t proto = ntohs (eth->proto); ++ if (proto == OPENVPN_ETH_P_8021Q && ++ BLEN (buf) >= (int) sizeof (struct openvpn_8021qhdr)) ++ { ++ const struct openvpn_8021qhdr *tag = (const struct openvpn_8021qhdr *) BPTR (buf); ++ proto = ntohs (tag->proto); ++ buf_advance (&b, SIZE_ETH_TO_8021Q_HDR); ++ } ++ ++ switch (proto) + { + case OPENVPN_ETH_P_IPV4: + ret |= (mroute_extract_addr_ipv4 (esrc, edest, &b) << MROUTE_SEC_SHIFT); +@@ -391,6 +410,9 @@ mroute_addr_print_ex (const struct mroute_addr *ma, + { + case MR_ADDR_ETHER: + buf_printf (&out, "%s", format_hex_ex (ma->addr, 6, 0, 1, ":", gc)); ++#ifdef ENABLE_VLAN_TAGGING ++ buf_printf (&out, "@%u", *(uint16_t*)(ma->addr + 6)); ++#endif + break; + case MR_ADDR_IPV4: + { +diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h +index 608f70b..175dd2a 100644 +--- a/src/openvpn/mroute.h ++++ b/src/openvpn/mroute.h +@@ -138,7 +138,8 @@ mroute_extract_addr_from_packet (struct mroute_addr *src, + struct mroute_addr *esrc, + struct mroute_addr *edest, + const struct buffer *buf, +- int tunnel_type) ++ int tunnel_type, ++ uint16_t vid) + { + unsigned int mroute_extract_addr_ipv4 (struct mroute_addr *src, + struct mroute_addr *dest, +@@ -148,13 +149,14 @@ mroute_extract_addr_from_packet (struct mroute_addr *src, + struct mroute_addr *dest, + struct mroute_addr *esrc, + struct mroute_addr *edest, +- const struct buffer *buf); ++ const struct buffer *buf, ++ uint16_t vid); + unsigned int ret = 0; + verify_align_4 (buf); + if (tunnel_type == DEV_TYPE_TUN) + ret = mroute_extract_addr_ipv4 (src, dest, buf); + else if (tunnel_type == DEV_TYPE_TAP) +- ret = mroute_extract_addr_ether (src, dest, esrc, edest, buf); ++ ret = mroute_extract_addr_ether (src, dest, esrc, edest, buf, vid); + return ret; + } + +diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c +index 6ddfbb5..36a86a5 100644 +--- a/src/openvpn/multi.c ++++ b/src/openvpn/multi.c +@@ -6,6 +6,7 @@ + * packet compression. + * + * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sa...@openvpn.net> ++ * Copyright (C) 2010 Fabian Knittel <fabian.knit...@lettink.de> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 +@@ -1956,7 +1957,8 @@ static void + multi_bcast (struct multi_context *m, + const struct buffer *buf, + const struct multi_instance *sender_instance, +- const struct mroute_addr *sender_addr) ++ const struct mroute_addr *sender_addr, ++ uint16_t vid) + { + struct hash_iterator hi; + struct hash_element *he; +@@ -2001,6 +2003,10 @@ multi_bcast (struct multi_context *m, + } + } + #endif ++#ifdef ENABLE_VLAN_TAGGING ++ if (vid != 0 && vid != mi->context.options.vlan_pvid) ++ continue; ++#endif + multi_add_mbuf (m, mi, mb); + } + } +@@ -2179,6 +2185,37 @@ done: + gc_free (&gc); + } + ++#ifdef ENABLE_VLAN_TAGGING ++/* ++ * Decides whether or not to drop an ethernet frame. VLAN-tagged frames are ++ * dropped. All other frames are accepted. ++ * ++ * @param buf The ethernet frame. ++ * @return Returns true if the frame should be dropped, false otherwise. ++ */ ++static bool ++buf_filter_incoming_8021q_vlan_tag (const struct buffer *buf) ++{ ++ const struct openvpn_8021qhdr *vlanhdr; ++ uint16_t vid; ++ ++ if (BLEN (buf) < (int) sizeof (struct openvpn_8021qhdr)) ++ return false; /* Frame too small. */ ++ ++ vlanhdr = (const struct openvpn_8021qhdr *) BPTR (buf); ++ ++ if (ntohs (vlanhdr->tpid) != OPENVPN_ETH_P_8021Q) ++ return false; /* Frame is untagged. */ ++ ++ vid = vlanhdr_get_vid (vlanhdr); ++ if (vid == 0) ++ return false; /* Frame only priority-tagged. */ ++ ++ msg (D_VLAN_DEBUG, "dropping VLAN-tagged incoming frame, vid: %u", vid); ++ return true; ++} ++#endif ++ + /* + * Process packets in the TCP/UDP socket -> TUN/TAP interface direction, + * i.e. client -> server direction. +@@ -2254,7 +2291,8 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins + NULL, + NULL, + &c->c2.to_tun, +- DEV_TYPE_TUN); ++ DEV_TYPE_TUN, ++ 0); + + /* drop packet if extract failed */ + if (!(mroute_flags & MROUTE_EXTRACT_SUCCEEDED)) +@@ -2284,7 +2322,7 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins + if (mroute_flags & MROUTE_EXTRACT_MCAST) + { + /* for now, treat multicast as broadcast */ +- multi_bcast (m, &c->c2.to_tun, m->pending, NULL); ++ multi_bcast (m, &c->c2.to_tun, m->pending, NULL, 0); + } + else /* possible client to client routing */ + { +@@ -2321,10 +2359,27 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins + } + else if (TUNNEL_TYPE (m->top.c1.tuntap) == DEV_TYPE_TAP) + { ++#ifdef ENABLE_VLAN_TAGGING ++ uint16_t vid = 0; ++#else ++ const uint16_t vid = 0; ++#endif + #ifdef ENABLE_PF + struct mroute_addr edest; + mroute_addr_reset (&edest); + #endif ++#ifdef ENABLE_VLAN_TAGGING ++ if (m->top.options.vlan_tagging) ++ { ++ if (buf_filter_incoming_8021q_vlan_tag (&c->c2.to_tun)) ++ { ++ /* Drop VLAN-tagged frame. */ ++ c->c2.to_tun.len = 0; ++ } ++ else ++ vid = c->options.vlan_pvid; ++ } ++#endif + /* extract packet source and dest addresses */ + mroute_flags = mroute_extract_addr_from_packet (&src, + &dest, +@@ -2335,7 +2390,8 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins + NULL, + #endif + &c->c2.to_tun, +- DEV_TYPE_TAP); ++ DEV_TYPE_TAP, ++ vid); + + if (mroute_flags & MROUTE_EXTRACT_SUCCEEDED) + { +@@ -2346,7 +2402,7 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins + { + if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST)) + { +- multi_bcast (m, &c->c2.to_tun, m->pending, NULL); ++ multi_bcast (m, &c->c2.to_tun, m->pending, NULL, vid); + } + else /* try client-to-client routing */ + { +@@ -2404,6 +2460,165 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins + return ret; + } + ++#ifdef ENABLE_VLAN_TAGGING ++/* ++ * For vlan_accept == VAF_ONLY_UNTAGGED_OR_PRIORITY: ++ * Only untagged frames and frames that are priority-tagged (VID == 0) are ++ * accepted. (This means that VLAN-tagged frames are dropped.) For frames ++ * that aren't dropped, the global vlan_pvid is returned as VID. ++ * ++ * For vlan_accept == VAF_ONLY_VLAN_TAGGED: ++ * If a frame is VLAN-tagged the tagging is removed and the embedded VID is ++ * returned. Any included priority information is lost. ++ * If a frame isn't VLAN-tagged, the frame is dropped. ++ * ++ * For vlan_accept == VAF_ALL: ++ * Accepts both VLAN-tagged and untagged (or priority-tagged) frames and ++ * and handles them as described above. ++ * ++ * @param c The global context. ++ * @param buf The ethernet frame. ++ * @return Returns -1 if the frame is dropped or the VID if it is accepted. ++ */ ++static int16_t ++multi_remove_8021q_vlan_tag (const struct context *c, struct buffer *buf) ++{ ++ struct openvpn_ethhdr eth; ++ struct openvpn_8021qhdr vlanhdr; ++ uint16_t vid; ++ uint16_t pcp; ++ ++ if (BLEN (buf) < (sizeof (struct openvpn_8021qhdr))) ++ goto drop; ++ ++ vlanhdr = *(const struct openvpn_8021qhdr *) BPTR (buf); ++ ++ if (ntohs (vlanhdr.tpid) != OPENVPN_ETH_P_8021Q) ++ { ++ /* Untagged frame. */ ++ ++ if (c->options.vlan_accept == VAF_ONLY_VLAN_TAGGED) ++ { ++ /* We only accept vlan-tagged frames, so drop frames without vlan-tag ++ */ ++ msg (D_VLAN_DEBUG, "dropping frame without vlan-tag (proto/len 0x%04x)", ++ ntohs (vlanhdr.tpid)); ++ goto drop; ++ } ++ ++ msg (D_VLAN_DEBUG, "assuming pvid for frame without vlan-tag, pvid: %u (proto/len 0x%04x)", ++ c->options.vlan_pvid, ntohs (vlanhdr.tpid)); ++ /* We return the global PVID as the VID for the untagged frame. */ ++ return c->options.vlan_pvid; ++ } ++ ++ /* Tagged frame. */ ++ ++ vid = vlanhdr_get_vid (&vlanhdr); ++ pcp = vlanhdr_get_pcp (&vlanhdr); ++ ++ if (c->options.vlan_accept == VAF_ONLY_UNTAGGED_OR_PRIORITY) ++ { ++ /* We only accept untagged / prio-tagged frames. ++ */ ++ ++ if (vid != 0) ++ { ++ /* VLAN-tagged frame - which isn't acceptable here - so drop it. */ ++ msg (D_VLAN_DEBUG, "dropping frame with vlan-tag, vid: %u (proto/len 0x%04x)", ++ vid, ntohs (vlanhdr.proto)); ++ goto drop; ++ } ++ ++ /* Fall-through for prio-tagged frames. */ ++ } ++ ++ /* At this point the frame is acceptable to us. It may be prio-tagged and/or ++ VLAN-tagged. */ ++ ++ if (vid != 0) ++ { ++ /* VLAN-tagged frame. Strip the tagging. Any priority information is lost. */ ++ ++ msg (D_VLAN_DEBUG, "removing vlan-tag from frame: vid: %u, wrapped proto/len: 0x%04x", ++ vid, ntohs (vlanhdr.proto)); ++ memcpy (ð, &vlanhdr, sizeof (eth)); ++ eth.proto = vlanhdr.proto; ++ ++ buf_advance (buf, SIZE_ETH_TO_8021Q_HDR); ++ memcpy (BPTR (buf), ð, sizeof eth); ++ ++ return vid; ++ } ++ else ++ { ++ /* Prio-tagged frame. We assume that the sender knows what it's doing and ++ don't stript the tagging. */ ++ ++ /* We return the global PVID as the VID for the priority-tagged frame. */ ++ return c->options.vlan_pvid; ++ } ++drop: ++ /* Drop the frame. */ ++ buf->len = 0; ++ return -1; ++} ++ ++/* ++ * Adds VLAN tagging to a frame. Assumes vlan_accept == VAF_ONLY_VLAN_TAGGED ++ * or VAF_ALL and a matching PVID. ++ */ ++void ++multi_prepend_8021q_vlan_tag (const struct context *c, struct buffer *buf) ++{ ++ struct openvpn_ethhdr eth; ++ struct openvpn_8021qhdr *vlanhdr; ++ ++ /* Frame too small? */ ++ if (BLEN (buf) < (int) sizeof (struct openvpn_ethhdr)) ++ goto drop; ++ ++ eth = *(const struct openvpn_ethhdr *) BPTR (buf); ++ if (ntohs (eth.proto) == OPENVPN_ETH_P_8021Q) ++ { ++ /* Priority-tagged frame. (VLAN-tagged frames couldn't have reached us ++ here.) */ ++ ++ /* Frame too small for header type? */ ++ if (BLEN (buf) < (int) (sizeof (struct openvpn_8021qhdr))) ++ goto drop; ++ ++ vlanhdr = (struct openvpn_8021qhdr *) BPTR (buf); ++ } ++ else ++ { ++ /* Untagged frame. */ ++ ++ /* Not enough head room for VLAN tag? */ ++ if (buf_reverse_capacity (buf) < SIZE_ETH_TO_8021Q_HDR) ++ goto drop; ++ ++ vlanhdr = (struct openvpn_8021qhdr *) buf_prepend (buf, SIZE_ETH_TO_8021Q_HDR); ++ ++ /* Initialise VLAN-tag ... */ ++ memcpy (vlanhdr, ð, sizeof eth); ++ vlanhdr->tpid = htons (OPENVPN_ETH_P_8021Q); ++ vlanhdr->proto = eth.proto; ++ vlanhdr_set_pcp (vlanhdr, 0); ++ vlanhdr_set_cfi (vlanhdr, 0); ++ } ++ ++ vlanhdr_set_vid (vlanhdr, c->options.vlan_pvid); ++ ++ msg (D_VLAN_DEBUG, "tagging frame: vid %u (wrapping proto/len: %04x)", ++ c->options.vlan_pvid, vlanhdr->proto); ++ return; ++drop: ++ /* Drop the frame. */ ++ buf->len = 0; ++} ++#endif /* ENABLE_VLAN_TAGGING */ ++ + /* + * Process packets in the TUN/TAP interface -> TCP/UDP socket direction, + * i.e. server -> client direction. +@@ -2419,6 +2634,11 @@ multi_process_incoming_tun (struct multi_context *m, const unsigned int mpp_flag + unsigned int mroute_flags; + struct mroute_addr src, dest; + const int dev_type = TUNNEL_TYPE (m->top.c1.tuntap); ++#ifdef ENABLE_VLAN_TAGGING ++ int16_t vid = 0; ++#else ++ const int16_t vid = 0; ++#endif + + #ifdef ENABLE_PF + struct mroute_addr esrc, *e1, *e2; +@@ -2446,6 +2666,15 @@ multi_process_incoming_tun (struct multi_context *m, const unsigned int mpp_flag + * the appropriate multi_instance object. + */ + ++#ifdef ENABLE_VLAN_TAGGING ++ if (dev_type == DEV_TYPE_TAP && m->top.options.vlan_tagging) ++ { ++ if ((vid = multi_remove_8021q_vlan_tag (&m->top, ++ &m->top.c2.buf)) == -1) ++ return false; ++ } ++#endif ++ + mroute_flags = mroute_extract_addr_from_packet (&src, + &dest, + #ifdef ENABLE_PF +@@ -2455,7 +2684,8 @@ multi_process_incoming_tun (struct multi_context *m, const unsigned int mpp_flag + #endif + NULL, + &m->top.c2.buf, +- dev_type); ++ dev_type, ++ vid); + + if (mroute_flags & MROUTE_EXTRACT_SUCCEEDED) + { +@@ -2466,9 +2696,9 @@ multi_process_incoming_tun (struct multi_context *m, const unsigned int mpp_flag + { + /* for now, treat multicast as broadcast */ + #ifdef ENABLE_PF +- multi_bcast (m, &m->top.c2.buf, NULL, e2); ++ multi_bcast (m, &m->top.c2.buf, NULL, e2, vid); + #else +- multi_bcast (m, &m->top.c2.buf, NULL, NULL); ++ multi_bcast (m, &m->top.c2.buf, NULL, NULL, vid); + #endif + } + else +@@ -2637,7 +2867,7 @@ gremlin_flood_clients (struct multi_context *m) + ASSERT (buf_write_u8 (&buf, get_random () & 0xFF)); + + for (i = 0; i < parm.n_packets; ++i) +- multi_bcast (m, &buf, NULL, NULL); ++ multi_bcast (m, &buf, NULL, NULL, 0); + + gc_free (&gc); + } +diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h +index 32b89d2..10151e4 100644 +--- a/src/openvpn/multi.h ++++ b/src/openvpn/multi.h +@@ -555,6 +555,10 @@ multi_get_timeout (struct multi_context *m, struct timeval *dest) + static inline bool + multi_process_outgoing_tun (struct multi_context *m, const unsigned int mpp_flags) + { ++#ifdef ENABLE_VLAN_TAGGING ++ void multi_prepend_8021q_vlan_tag (const struct context *c, ++ struct buffer *buf); ++#endif + struct multi_instance *mi = m->pending; + bool ret = true; + +@@ -565,6 +569,35 @@ multi_process_outgoing_tun (struct multi_context *m, const unsigned int mpp_flag + mi->context.c2.to_tun.len); + #endif + set_prefix (mi); ++#ifdef ENABLE_VLAN_TAGGING ++ if (m->top.options.vlan_accept == VAF_ONLY_UNTAGGED_OR_PRIORITY) ++ { ++ /* Packets aren't VLAN-tagged on the tap device. */ ++ ++ if (m->top.options.vlan_pvid != mi->context.options.vlan_pvid) ++ { ++ /* Packet is coming from the wrong VID, drop it. */ ++ mi->context.c2.to_tun.len = 0; ++ } ++ } ++ else if (m->top.options.vlan_accept == VAF_ALL) ++ { ++ /* Packets either need to be VLAN-tagged or not, depending on the ++ packet's originating VID and the port's native VID (PVID). */ ++ ++ if (m->top.options.vlan_pvid != mi->context.options.vlan_pvid) ++ { ++ /* Packets need to be VLAN-tagged, because the packet's VID does not ++ match the port's PVID. */ ++ multi_prepend_8021q_vlan_tag (&mi->context, &mi->context.c2.to_tun); ++ } ++ } ++ else if (m->top.options.vlan_accept == VAF_ONLY_VLAN_TAGGED) ++ { ++ /* All packets on the port (the tap device) need to be VLAN-tagged. */ ++ multi_prepend_8021q_vlan_tag (&mi->context, &mi->context.c2.to_tun); ++ } ++#endif + process_outgoing_tun (&mi->context); + ret = multi_process_post (m, mi, mpp_flags); + clear_prefix (); +diff --git a/src/openvpn/options.c b/src/openvpn/options.c +index 4ea03d1..c0baf63 100644 +--- a/src/openvpn/options.c ++++ b/src/openvpn/options.c +@@ -476,6 +476,11 @@ static const char usage_message[] = + " sessions to a web server at host:port. dir specifies an\n" + " optional directory to write origin IP:port data.\n" + #endif ++#ifdef ENABLE_VLAN_TAGGING ++ "--vlan-tagging : Enable 802.1Q-based VLAN tagging.\n" ++ "--vlan-accept tagged|untagged|all : Set VLAN tagging mode. Default is 'all'.\n" ++ "--vlan-pvid v : Sets the Port VLAN Identifier. Defaults to 1.\n" ++#endif + #endif + "\n" + "Client options (when connecting to a multi-client server):\n" +@@ -845,6 +850,10 @@ init_options (struct options *o, const bool init_gc) + #ifdef ENABLE_PKCS11 + o->pkcs11_pin_cache_period = -1; + #endif /* ENABLE_PKCS11 */ ++#ifdef ENABLE_VLAN_TAGGING ++ o->vlan_accept = VAF_ALL; ++ o->vlan_pvid = 1; ++#endif + + /* tmp is only used in P2MP server context */ + #if P2MP_SERVER +@@ -1139,6 +1148,23 @@ dhcp_option_address_parse (const char *name, const char *parm, in_addr_t *array, + + #endif + ++#ifdef ENABLE_VLAN_TAGGING ++static const char * ++print_vlan_accept (enum vlan_acceptable_frames mode) ++{ ++ switch (mode) ++ { ++ case VAF_ONLY_VLAN_TAGGED: ++ return "tagged"; ++ case VAF_ONLY_UNTAGGED_OR_PRIORITY: ++ return "untagged"; ++ case VAF_ALL: ++ return "all"; ++ } ++ return NULL; ++} ++#endif ++ + #if P2MP + + #ifndef ENABLE_SMALL +@@ -1204,6 +1230,11 @@ show_p2mp_parms (const struct options *o) + SHOW_STR (port_share_host); + SHOW_STR (port_share_port); + #endif ++#ifdef ENABLE_VLAN_TAGGING ++ SHOW_BOOL (vlan_tagging); ++ msg (D_SHOW_PARMS, " vlan_accept = %s", print_vlan_accept (o->vlan_accept)); ++ SHOW_INT (vlan_pvid); ++#endif + #endif /* P2MP_SERVER */ + + SHOW_BOOL (client); +@@ -2058,6 +2089,17 @@ options_postprocess_verify_ce (const struct options *options, const struct conne + if ((options->ssl_flags & SSLF_AUTH_USER_PASS_OPTIONAL) && !ccnr) + msg (M_USAGE, "--auth-user-pass-optional %s", postfix); + } ++#ifdef ENABLE_VLAN_TAGGING ++ if (options->vlan_tagging && dev != DEV_TYPE_TAP) ++ msg (M_USAGE, "--vlan-tagging must be used with --dev tap"); ++ if (!options->vlan_tagging) ++ { ++ if (options->vlan_accept != defaults.vlan_accept) ++ msg (M_USAGE, "--vlan-accept requires --vlan-tagging"); ++ if (options->vlan_pvid != defaults.vlan_pvid) ++ msg (M_USAGE, "--vlan-pvid requires --vlan-tagging"); ++ } ++#endif + } + else + { +@@ -2104,6 +2146,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne + if (options->port_share_host || options->port_share_port) + msg (M_USAGE, "--port-share requires TCP server mode (--mode server --proto tcp-server)"); + #endif ++#ifdef ENABLE_VLAN_TAGGING ++ if (options->vlan_tagging) ++ msg (M_USAGE, "--vlan-tagging requires --mode server"); ++#endif + + if (options->stale_routes_check_interval) + msg (M_USAGE, "--stale-routes-check requires --mode server"); +@@ -7023,6 +7069,45 @@ add_option (struct options *options, + options->use_peer_id = true; + options->peer_id = atoi(p[1]); + } ++#ifdef ENABLE_VLAN_TAGGING ++ else if (streq (p[0], "vlan-tagging")) ++ { ++ VERIFY_PERMISSION (OPT_P_GENERAL); ++ options->vlan_tagging = true; ++ } ++ else if (streq (p[0], "vlan-accept") && p[1]) ++ { ++ VERIFY_PERMISSION (OPT_P_GENERAL); ++ if (streq (p[1], "tagged")) ++ { ++ options->vlan_accept = VAF_ONLY_VLAN_TAGGED; ++ } ++ else if (streq (p[1], "untagged")) ++ { ++ options->vlan_accept = VAF_ONLY_UNTAGGED_OR_PRIORITY; ++ } ++ else if (streq (p[1], "all")) ++ { ++ options->vlan_accept = VAF_ALL; ++ } ++ else ++ { ++ msg (msglevel, "--vlan-accept must be 'tagged', 'untagged' or 'all'"); ++ goto err; ++ } ++ } ++ else if (streq (p[0], "vlan-pvid") && p[1]) ++ { ++ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_INSTANCE); ++ options->vlan_pvid = positive_atoi (p[1]); ++ if (options->vlan_pvid < OPENVPN_8021Q_MIN_VID || ++ options->vlan_pvid > OPENVPN_8021Q_MAX_VID) ++ { ++ msg (msglevel, "the parameter of --vlan-pvid parameters must be >= %u and <= %u", OPENVPN_8021Q_MIN_VID, OPENVPN_8021Q_MAX_VID); ++ goto err; ++ } ++ } ++#endif + else + { + int i; +diff --git a/src/openvpn/options.h b/src/openvpn/options.h +index 7a8b21e..35fa6b1 100644 +--- a/src/openvpn/options.h ++++ b/src/openvpn/options.h +@@ -159,6 +159,15 @@ struct remote_list + struct remote_entry *array[CONNECTION_LIST_SIZE]; + }; + ++#ifdef ENABLE_VLAN_TAGGING ++enum vlan_acceptable_frames ++{ ++ VAF_ONLY_VLAN_TAGGED, ++ VAF_ONLY_UNTAGGED_OR_PRIORITY, ++ VAF_ALL, ++}; ++#endif ++ + struct remote_host_store + { + # define RH_HOST_LEN 80 +@@ -597,6 +606,12 @@ struct options + + bool use_peer_id; + uint32_t peer_id; ++ ++#ifdef ENABLE_VLAN_TAGGING ++ bool vlan_tagging; ++ enum vlan_acceptable_frames vlan_accept; ++ uint16_t vlan_pvid; ++#endif + }; + + #define streq(x, y) (!strcmp((x), (y))) +diff --git a/src/openvpn/proto.c b/src/openvpn/proto.c +index 7b58e6a..2921a6e 100644 +--- a/src/openvpn/proto.c ++++ b/src/openvpn/proto.c +@@ -60,9 +60,22 @@ is_ipv_X ( int tunnel_type, struct buffer *buf, int ip_ver ) + + sizeof (struct openvpn_iphdr))) + return false; + eh = (const struct openvpn_ethhdr *) BPTR (buf); +- if (ntohs (eh->proto) != (ip_ver == 6 ? OPENVPN_ETH_P_IPV6 : OPENVPN_ETH_P_IPV4)) +- return false; +- offset = sizeof (struct openvpn_ethhdr); ++ if (ntohs (eh->proto) == OPENVPN_ETH_P_8021Q) { ++ const struct openvpn_8021qhdr *evh; ++ if (BLEN (buf) < (int)(sizeof (struct openvpn_8021qhdr) ++ + sizeof (struct openvpn_iphdr))) ++ return false; ++ evh = (const struct openvpn_8021qhdr *) BPTR (buf); ++ if (ntohs (evh->proto) != ++ (ip_ver == 6 ? OPENVPN_ETH_P_IPV6 : OPENVPN_ETH_P_IPV4)) ++ return false; ++ else ++ offset = sizeof (struct openvpn_8021qhdr); ++ } else if (ntohs (eh->proto) != ++ (ip_ver == 6 ? OPENVPN_ETH_P_IPV6 : OPENVPN_ETH_P_IPV4)) ++ return false; ++ else ++ offset = sizeof (struct openvpn_ethhdr); + } + else + return false; +diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h +index f91e787..45e885f 100644 +--- a/src/openvpn/proto.h ++++ b/src/openvpn/proto.h +@@ -6,6 +6,7 @@ + * packet compression. + * + * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sa...@openvpn.net> ++ * Copyright (C) 2010 Fabian Knittel <fabian.knit...@lettink.de> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 +@@ -61,9 +62,29 @@ struct openvpn_ethhdr + # define OPENVPN_ETH_P_IPV4 0x0800 /* IPv4 protocol */ + # define OPENVPN_ETH_P_IPV6 0x86DD /* IPv6 protocol */ + # define OPENVPN_ETH_P_ARP 0x0806 /* ARP protocol */ ++# define OPENVPN_ETH_P_8021Q 0x8100 /* 802.1Q protocol */ + uint16_t proto; /* packet type ID field */ + }; + ++struct openvpn_8021qhdr ++{ ++ uint8_t dest[OPENVPN_ETH_ALEN]; /* destination ethernet addr */ ++ uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */ ++ ++ uint16_t tpid; /* 802.1Q Tag Protocol Identifier */ ++# define OPENVPN_8021Q_MASK_VID htons (0x0FFF) /* mask VID out of pcp_cfi_vid */ ++# define OPENVPN_8021Q_MASK_PCP htons (0xE000) /* mask PCP out of pcp_cfi_vid */ ++# define OPENVPN_8021Q_MASK_CFI htons (0x1000) /* mask CFI out of pcp_cfi_vid */ ++ uint16_t pcp_cfi_vid; /* bit fields, see IEEE 802.1Q */ ++ uint16_t proto; /* contained packet type ID field */ ++}; ++ ++/* ++ * Size difference between a regular Ethernet II header and an Ethernet II ++ * header with additional IEEE 802.1Q tagging. ++ */ ++#define SIZE_ETH_TO_8021Q_HDR (sizeof (struct openvpn_8021qhdr) - sizeof (struct openvpn_ethhdr)) ++ + struct openvpn_arp { + # define ARP_MAC_ADDR_TYPE 0x0001 + uint16_t mac_addr_type; /* 0x0001 */ +@@ -234,4 +255,80 @@ void ipv4_packet_size_verify (const uint8_t *data, + counter_type *errors); + #endif + ++#ifdef ENABLE_VLAN_TAGGING ++# define OPENVPN_8021Q_MIN_VID 1 ++# define OPENVPN_8021Q_MAX_VID 4094 ++ ++/* ++ * Retrieve the Priority Code Point (PCP) from the IEEE 802.1Q header. ++ * ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging. ++ * @return Returns the PCP in host byte order. ++ */ ++static inline uint16_t ++vlanhdr_get_pcp (const struct openvpn_8021qhdr *hdr) ++{ ++ return ntohs (hdr->pcp_cfi_vid & OPENVPN_8021Q_MASK_PCP); ++} ++/* ++ * Retrieve the Canonical Format Indicator (CFI) from the IEEE 802.1Q header. ++ * ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging. ++ * @return Returns the CFI in host byte order. ++ */ ++static inline uint16_t ++vlanhdr_get_cfi (const struct openvpn_8021qhdr *hdr) ++{ ++ return ntohs (hdr->pcp_cfi_vid & OPENVPN_8021Q_MASK_CFI); ++} ++/* ++ * Retrieve the VLAN Identifier (VID) from the IEEE 802.1Q header. ++ * ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging. ++ * @return Returns the VID in host byte order. ++ */ ++static inline uint16_t ++vlanhdr_get_vid (const struct openvpn_8021qhdr *hdr) ++{ ++ return ntohs (hdr->pcp_cfi_vid & OPENVPN_8021Q_MASK_VID); ++} ++ ++/* ++ * Set the Priority Code Point (PCP) in an IEEE 802.1Q header. ++ * ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging. ++ * @param pcp The PCP to set (in host byte order). ++ */ ++static inline void ++vlanhdr_set_pcp (struct openvpn_8021qhdr *hdr, const uint16_t pcp) ++{ ++ hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_PCP) | ++ (htons (pcp) & OPENVPN_8021Q_MASK_PCP); ++} ++/* ++ * Set the Canonical Format Indicator (CFI) in an IEEE 802.1Q header. ++ * ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging. ++ * @param cfi The CFI to set (in host byte order). ++ */ ++static inline void ++vlanhdr_set_cfi (struct openvpn_8021qhdr *hdr, const uint16_t cfi) ++{ ++ hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_CFI) | ++ (htons (cfi) & OPENVPN_8021Q_MASK_CFI); ++} ++/* ++ * Set the VLAN Identifier (VID) in an IEEE 802.1Q header. ++ * ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging. ++ * @param vid The VID to set (in host byte order). ++ */ ++static inline void ++vlanhdr_set_vid (struct openvpn_8021qhdr *hdr, const uint16_t vid) ++{ ++ hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_VID) | ++ (htons (vid) & OPENVPN_8021Q_MASK_VID); ++} ++#endif ++ + #endif diff --git a/net-misc/openvpn/files/65openvpn b/net-misc/openvpn/files/65openvpn new file mode 100644 index 0000000..4ddb034 --- /dev/null +++ b/net-misc/openvpn/files/65openvpn @@ -0,0 +1 @@ +CONFIG_PROTECT="/usr/share/openvpn/easy-rsa" diff --git a/net-misc/openvpn/files/down.sh b/net-misc/openvpn/files/down.sh new file mode 100644 index 0000000..1c70db0 --- /dev/null +++ b/net-misc/openvpn/files/down.sh @@ -0,0 +1,33 @@ +#!/bin/sh +# Copyright (c) 2006-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# Contributed by Roy Marples (uberl...@gentoo.org) + +# If we have a service specific script, run this now +if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then + /etc/openvpn/"${SVCNAME}"-down.sh "$@" +fi + +# Restore resolv.conf to how it was +if [ "${PEER_DNS}" != "no" ]; then + if [ -x /sbin/resolvconf ] ; then + /sbin/resolvconf -d "${dev}" + elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then + # Important that we copy instead of move incase resolv.conf is + # a symlink and not an actual file + cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf + rm -f /etc/resolv.conf-"${dev}".sv + fi +fi + +if [ -n "${SVCNAME}" ]; then + # Re-enter the init script to start any dependant services + if /etc/init.d/"${SVCNAME}" --quiet status ; then + export IN_BACKGROUND=true + /etc/init.d/"${SVCNAME}" --quiet stop + fi +fi + +exit 0 + +# vim: ts=4 : diff --git a/net-misc/openvpn/files/openvpn-2.1.conf b/net-misc/openvpn/files/openvpn-2.1.conf new file mode 100644 index 0000000..72510c3 --- /dev/null +++ b/net-misc/openvpn/files/openvpn-2.1.conf @@ -0,0 +1,18 @@ +# OpenVPN automatically creates an /etc/resolv.conf (or sends it to +# resolvconf) if given DNS information by the OpenVPN server. +# Set PEER_DNS="no" to stop this. +PEER_DNS="yes" + +# OpenVPN can run in many modes. Most people will want the init script +# to automatically detect the mode and try and apply a good default +# configuration and setup scripts. However, there are cases where the +# OpenVPN configuration looks like a client, but it's really a peer or +# something else. DETECT_CLIENT controls this behaviour. +DETECT_CLIENT="yes" + +# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn +# init script (ie, it first becomes "inactive" and the script then starts the +# script again to make it "started") then you can state this below. +# In other words, unless you understand service dependencies and are a +# competent shell scripter, don't set this. +RE_ENTER="no" diff --git a/net-misc/openvpn/files/openvpn-2.1.init b/net-misc/openvpn/files/openvpn-2.1.init new file mode 100644 index 0000000..d65e6f8 --- /dev/null +++ b/net-misc/openvpn/files/openvpn-2.1.init @@ -0,0 +1,133 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPNDIR=${VPNDIR:-/etc/openvpn} +VPN=${SVCNAME#*.} +if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then + VPNPID="/var/run/openvpn.${VPN}.pid" +else + VPNPID="/var/run/openvpn.pid" +fi +VPNCONF="${VPNDIR}/${VPN}.conf" + +depend() { + need localmount net + use dns + after bootmisc +} + +checkconfig() { + # Linux has good dynamic tun/tap creation + if [ $(uname -s) = "Linux" ] ; then + if [ ! -e /dev/net/tun ]; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available" \ + "in this kernel" + return 1 + fi + fi + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then + ebegin "Detected broken /dev/net/tun symlink, fixing..." + rm -f /dev/net/tun + ln -s /dev/misc/net/tun /dev/net/tun + eend $? + fi + return 0 + fi + + # Other OS's don't, so we rely on a pre-configured interface + # per vpn instance + local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}") + if [ -z ${ifname} ] ; then + eerror "You need to specify the interface that this openvpn" \ + "instance should use" \ + "by using the dev option in ${VPNCONF}" + return 1 + fi + + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then + # Try and create it + echo > /dev/"${ifname}" >/dev/null + fi + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then + eerror "${VPNCONF} requires interface ${ifname}" \ + "but that does not exist" + return 1 + fi +} + +start() { + # If we are re-called by the openvpn gentoo-up.sh script + # then we don't actually want to start openvpn + [ "${IN_BACKGROUND}" = "true" ] && return 0 + + ebegin "Starting ${SVCNAME}" + + checkconfig || return 1 + + local args="" reenter=${RE_ENTER:-no} + # If the config file does not specify the cd option, we do + # But if we specify it, we override the config option which we do not want + if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then + args="${args} --cd ${VPNDIR}" + fi + + # We mark the service as inactive and then start it. + # When we get an authenticated packet from the peer then we run our script + # which configures our DNS if any and marks us as up. + if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \ + grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then + reenter="yes" + args="${args} --up-delay --up-restart" + args="${args} --script-security 2" + args="${args} --up /etc/openvpn/up.sh" + args="${args} --down-pre --down /etc/openvpn/down.sh" + + # Warn about setting scripts as we override them + if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then + ewarn "WARNING: You have defined your own up/down scripts" + ewarn "As you're running as a client, we now force Gentoo specific" + ewarn "scripts to be run for up and down events." + ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh" + ewarn "where you can put your own code." + fi + + # Warn about the inability to change ip/route/dns information when + # dropping privs + if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then + ewarn "WARNING: You are dropping root privileges!" + ewarn "As such openvpn may not be able to change ip, routing" + ewarn "or DNS configuration." + fi + else + # So we're a server. Run as openvpn unless otherwise specified + grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn" + grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn" + fi + + # Ensure that our scripts get the PEER_DNS variable + [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}" + + [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}" + start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ + -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \ + --setenv SVCNAME "${SVCNAME}" ${args} + eend $? "Check your logs to see why startup failed" +} + +stop() { + # If we are re-called by the openvpn gentoo-down.sh script + # then we don't actually want to stop openvpn + if [ "${IN_BACKGROUND}" = "true" ] ; then + mark_service_inactive "${SVCNAME}" + return 0 + fi + + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --quiet \ + --exec /usr/sbin/openvpn --pidfile "${VPNPID}" + eend $? +} + +# vim: set ts=4 : diff --git a/net-misc/openvpn/files/openvpn.init b/net-misc/openvpn/files/openvpn.init new file mode 100644 index 0000000..489ab49 --- /dev/null +++ b/net-misc/openvpn/files/openvpn.init @@ -0,0 +1,63 @@ +#!/sbin/runscript +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +VPNDIR="/etc/openvpn" +VPN="${SVCNAME#*.}" +if [ -n "${VPN}" ] && [ "${SVCNAME}" != "openvpn" ]; then + VPNPID="/var/run/openvpn.${VPN}.pid" +else + VPNPID="/var/run/openvpn.pid" +fi +VPNCONF="${VPNDIR}/${VPN}.conf" + +depend() { + need localmount net + before netmount + after bootmisc +} + +checktundevice() { + if [ ! -e /dev/net/tun ]; then + if ! modprobe tun ; then + eerror "TUN/TAP support is not available in this kernel" + return 1 + fi + fi + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then + ebegin "Detected broken /dev/net/tun symlink, fixing..." + rm -f /dev/net/tun + ln -s /dev/misc/net/tun /dev/net/tun + eend $? + fi +} + +start() { + ebegin "Starting ${SVCNAME}" + + checktundevice || return 1 + + if [ ! -e "${VPNCONF}" ]; then + eend 1 "${VPNCONF} does not exist" + return 1 + fi + + local args="" + # If the config file does not specify the cd option, we do + # But if we specify it, we override the config option which we do not want + if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then + args="${args} --cd ${VPNDIR}" + fi + + start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \ + -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon ${args} + eend $? "Check your logs to see why startup failed" +} + +stop() { + ebegin "Stopping ${SVCNAME}" + start-stop-daemon --stop --exec /usr/sbin/openvpn --pidfile "${VPNPID}" + eend $? +} + +# vim: ts=4 diff --git a/net-misc/openvpn/files/openvpn.service b/net-misc/openvpn/files/openvpn.service new file mode 100644 index 0000000..358dcb7 --- /dev/null +++ b/net-misc/openvpn/files/openvpn.service @@ -0,0 +1,12 @@ +[Unit] +Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I +After=syslog.target network.target + +[Service] +PrivateTmp=true +Type=forking +PIDFile=/var/run/openvpn/%i.pid +ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf + +[Install] +WantedBy=multi-user.target diff --git a/net-misc/openvpn/files/openvpn.tmpfile b/net-misc/openvpn/files/openvpn.tmpfile new file mode 100644 index 0000000..d5fca71 --- /dev/null +++ b/net-misc/openvpn/files/openvpn.tmpfile @@ -0,0 +1 @@ +D /var/run/openvpn 0710 root openvpn - diff --git a/net-misc/openvpn/files/up.sh b/net-misc/openvpn/files/up.sh new file mode 100644 index 0000000..6ce82d6 --- /dev/null +++ b/net-misc/openvpn/files/up.sh @@ -0,0 +1,100 @@ +#!/bin/sh +# Copyright (c) 2006-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# Contributed by Roy Marples (uberl...@gentoo.org) + +# Setup our resolv.conf +# Vitally important that we use the domain entry in resolv.conf so we +# can setup the nameservers are for the domain ONLY in resolvconf if +# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc. +# nscd/libc users will get the VPN nameservers before their other ones +# and will use the first one that responds - maybe the LAN ones? +# non resolvconf users just the the VPN resolv.conf + +# FIXME:- if we have >1 domain, then we have to use search :/ +# We need to add a flag to resolvconf to say +# "these nameservers should only be used for the listed search domains +# if other global nameservers are present on other interfaces" +# This however, will break compatibility with Debians resolvconf +# A possible workaround would be to just list multiple domain lines +# and try and let resolvconf handle it + +min_route() { + local n=1 + local m + local r + + eval m="\$route_metric_$n" + while [ -n "${m}" ]; do + if [ -z "$r" ] || [ "$r" -gt "$m" ]; then + r="$m" + fi + n="$(($n+1))" + eval m="\$route_metric_$n" + done + + echo "$r" +} + +if [ "${PEER_DNS}" != "no" ]; then + NS= + DOMAIN= + SEARCH= + i=1 + while true ; do + eval opt=\$foreign_option_${i} + [ -z "${opt}" ] && break + if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then + if [ -z "${DOMAIN}" ] ; then + DOMAIN="${opt#dhcp-option DOMAIN *}" + else + SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}" + fi + elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then + NS="${NS}nameserver ${opt#dhcp-option DNS *}\n" + fi + i=$((${i} + 1)) + done + + if [ -n "${NS}" ] ; then + DNS="# Generated by openvpn for interface ${dev}\n" + if [ -n "${SEARCH}" ] ; then + DNS="${DNS}search ${DOMAIN} ${SEARCH}\n" + elif [ -n "${DOMAIN}" ]; then + DNS="${DNS}domain ${DOMAIN}\n" + fi + DNS="${DNS}${NS}" + if [ -x /sbin/resolvconf ] ; then + metric="$(min_route)" + printf "${DNS}" | /sbin/resolvconf -a "${dev}" ${metric:+-m ${metric}} + else + # Preserve the existing resolv.conf + if [ -e /etc/resolv.conf ] ; then + cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv + fi + printf "${DNS}" > /etc/resolv.conf + chmod 644 /etc/resolv.conf + fi + fi +fi + +# Below section is Gentoo specific +# Quick summary - our init scripts are re-entrant and set the SVCNAME env var +# as we could have >1 openvpn service + +if [ -n "${SVCNAME}" ]; then + # If we have a service specific script, run this now + if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then + /etc/openvpn/"${SVCNAME}"-up.sh "$@" + fi + + # Re-enter the init script to start any dependant services + if ! /etc/init.d/"${SVCNAME}" --quiet status ; then + export IN_BACKGROUND=true + /etc/init.d/${SVCNAME} --quiet start + fi +fi + +exit 0 + +# vim: ts=4 : diff --git a/net-misc/openvpn/metadata.xml b/net-misc/openvpn/metadata.xml new file mode 100644 index 0000000..7f3d1f9 --- /dev/null +++ b/net-misc/openvpn/metadata.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer> + <email>d...@gentoo.org</email> + <name>Dirkjan Ochtman</name> + </maintainer> + <longdescription>OpenVPN is an easy-to-use, robust and highly +configurable VPN daemon which can be used to securely link two or more +networks using an encrypted tunnel.</longdescription> + <use> + <flag name="down-root">Enable the down-root plugin</flag> + <flag name="iproute2">Enabled iproute2 support instead of net-tools</flag> + <flag name="passwordsave">Enables openvpn to save passwords</flag> + <flag name="polarssl">Use PolarSSL instead of OpenSSL</flag> + <flag name="pkcs11">Enable PKCS#11 smartcard support</flag> + <flag name="plugins">Enable the OpenVPN plugin system</flag> + <flag name="socks">Enable socks support</flag> + </use> + <upstream> + <remote-id type="cpe">cpe:/a:openvpn:openvpn</remote-id> + </upstream> +</pkgmetadata> diff --git a/net-misc/openvpn/openvpn-2.3.8-r1.ebuild b/net-misc/openvpn/openvpn-2.3.8-r1.ebuild new file mode 100644 index 0000000..8658417 --- /dev/null +++ b/net-misc/openvpn/openvpn-2.3.8-r1.ebuild @@ -0,0 +1,138 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 + +inherit eutils autotools multilib flag-o-matic user systemd + +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes" +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz" +HOMEPAGE="http://openvpn.net/" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux" +IUSE="examples down-root iproute2 libressl +lzo pam passwordsave pkcs11 +plugins polarssl selinux socks +ssl static systemd userland_BSD" + +REQUIRED_USE="static? ( !plugins !pkcs11 ) + polarssl? ( ssl !libressl ) + pkcs11? ( ssl ) + !plugins? ( !pam !down-root )" + +DEPEND=" + kernel_linux? ( + iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools ) + ) + pam? ( virtual/pam ) + ssl? ( + !polarssl? ( + !libressl? ( >=dev-libs/openssl-0.9.7:* ) + libressl? ( dev-libs/libressl ) + ) + polarssl? ( >=net-libs/polarssl-1.2.10 ) + ) + lzo? ( >=dev-libs/lzo-1.07 ) + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 ) + systemd? ( sys-apps/systemd )" +RDEPEND="${DEPEND} + selinux? ( sec-policy/selinux-openvpn ) +" + +src_prepare() { + epatch "${FILESDIR}/2.3.6-vlan-support.patch" + eautoreconf +} + +src_configure() { + use static && LDFLAGS="${LDFLAGS} -Xcompiler -static" + local myconf + use polarssl && myconf="--with-crypto-library=polarssl" + econf \ + ${myconf} \ + --docdir="${EPREFIX}/usr/share/doc/${PF}" \ + --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \ + $(use_enable passwordsave password-save) \ + $(use_enable ssl) \ + $(use_enable ssl crypto) \ + $(use_enable lzo) \ + $(use_enable pkcs11) \ + $(use_enable plugins) \ + $(use_enable iproute2) \ + $(use_enable socks) \ + $(use_enable pam plugin-auth-pam) \ + $(use_enable down-root plugin-down-root) \ + $(use_enable systemd) +} + +src_install() { + default + find "${ED}/usr" -name '*.la' -delete + # install documentation + dodoc AUTHORS ChangeLog PORTS README README.IPv6 + + # Install some helper scripts + keepdir /etc/openvpn + exeinto /etc/openvpn + doexe "${FILESDIR}/up.sh" + doexe "${FILESDIR}/down.sh" + + # Install the init script and config file + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn + + # install examples, controlled by the respective useflag + if use examples ; then + # dodoc does not supportly support directory traversal, #15193 + insinto /usr/share/doc/${PF}/examples + doins -r sample contrib + fi + + systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf + systemd_newunit distro/systemd/openvpn-client@.service openvpn-client@.service + systemd_newunit distro/systemd/openvpn-server@.service openvpn-server@.service +} + +pkg_postinst() { + # Add openvpn user so openvpn servers can drop privs + # Clients should run as root so they can change ip addresses, + # dns information and other such things. + enewgroup openvpn + enewuser openvpn "" "" "" openvpn + + if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then + ewarn "WARNING: The openvpn init script has changed" + ewarn "" + fi + + elog "The openvpn init script expects to find the configuration file" + elog "openvpn.conf in /etc/openvpn along with any extra files it may need." + elog "" + elog "To create more VPNs, simply create a new .conf file for it and" + elog "then create a symlink to the openvpn init script from a link called" + elog "openvpn.newconfname - like so" + elog " cd /etc/openvpn" + elog " ${EDITOR##*/} foo.conf" + elog " cd /etc/init.d" + elog " ln -s openvpn openvpn.foo" + elog "" + elog "You can then treat openvpn.foo as any other service, so you can" + elog "stop one vpn and start another if you need to." + + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then + ewarn "" + ewarn "WARNING: If you use the remote keyword then you are deemed to be" + ewarn "a client by our init script and as such we force up,down scripts." + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you" + ewarn "can move your scripts to." + fi + + if use plugins ; then + einfo "" + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}" + fi + + einfo "" + einfo "OpenVPN 2.3.x no longer includes the easy-rsa suite of utilities." + einfo "They can now be emerged via app-crypt/easy-rsa." +}