Updated version of the beta1 diff I sent earlier, for those who care. I did not receive feedback so far but it works fine for my client-only setup, so I'll probably commit this when the release is out.
Index: Makefile =================================================================== RCS file: /d/cvs/ports/net/openvpn/Makefile,v retrieving revision 1.101 diff -u -p -r1.101 Makefile --- Makefile 17 May 2020 08:53:27 -0000 1.101 +++ Makefile 4 Oct 2020 21:07:54 -0000 @@ -2,8 +2,8 @@ COMMENT= easy-to-use, robust, and highly configurable VPN -DISTNAME= openvpn-2.4.9 -REVISION= 0 +DISTNAME= openvpn-2.5_rc2 +PKGNAME= openvpn-2.5rc2 CATEGORIES= net security @@ -18,14 +18,18 @@ WANTLIB += c lz4 lzo2 MASTER_SITES= https://swupdate.openvpn.org/community/releases/ +BUILD_DEPENDS= textproc/py-docutils,python3 LIB_DEPENDS= archivers/lzo2 \ archivers/lz4 +TEST_DEPENDS= devel/cmocka -SEPARATE_BUILD= Yes +#SEPARATE_BUILD= Yes CONFIGURE_STYLE= gnu -CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ - LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}" +CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ + LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}" \ + RST2HTML="${LOCALBASE}/bin/rst2html-3" \ + RST2MAN="${LOCALBASE}/bin/rst2man-3" DEBUG_PACKAGES= ${BUILD_PACKAGES} Index: distinfo =================================================================== RCS file: /d/cvs/ports/net/openvpn/distinfo,v retrieving revision 1.44 diff -u -p -r1.44 distinfo --- distinfo 21 Apr 2020 23:43:55 -0000 1.44 +++ distinfo 4 Oct 2020 21:08:12 -0000 @@ -1,2 +1,2 @@ -SHA256 (openvpn-2.4.9.tar.gz) = RrJo74jmfKbeLp8ZlD655ayFROVfXB869ncpjQPmS24= -SIZE (openvpn-2.4.9.tar.gz) = 1455736 +SHA256 (openvpn-2.5_rc2.tar.gz) = yUHlNgqNsMkHD1V4KG7H9IIqeeuJKHUtkdRCXiGtnxk= +SIZE (openvpn-2.5_rc2.tar.gz) = 1799431 Index: patches/patch-configure =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-configure,v retrieving revision 1.22 diff -u -p -r1.22 patch-configure --- patches/patch-configure 21 Apr 2020 23:43:55 -0000 1.22 +++ patches/patch-configure 23 Aug 2020 11:04:42 -0000 @@ -2,7 +2,7 @@ $OpenBSD: patch-configure,v 1.22 2020/04 Index: configure --- configure.orig +++ configure -@@ -18146,7 +18146,7 @@ else +@@ -18249,7 +18249,7 @@ else fi Index: patches/patch-include_Makefile_in =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-include_Makefile_in,v retrieving revision 1.11 diff -u -p -r1.11 patch-include_Makefile_in --- patches/patch-include_Makefile_in 21 Apr 2020 23:43:55 -0000 1.11 +++ patches/patch-include_Makefile_in 23 Aug 2020 11:04:42 -0000 @@ -2,7 +2,7 @@ $OpenBSD: patch-include_Makefile_in,v 1. Index: include/Makefile.in --- include/Makefile.in.orig +++ include/Makefile.in -@@ -336,7 +336,7 @@ host_cpu = @host_cpu@ +@@ -339,7 +339,7 @@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ Index: patches/patch-sample_sample-config-files_static-home_conf =================================================================== RCS file: patches/patch-sample_sample-config-files_static-home_conf diff -N patches/patch-sample_sample-config-files_static-home_conf --- patches/patch-sample_sample-config-files_static-home_conf 29 Nov 2016 09:22:02 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,17 +0,0 @@ -$OpenBSD: patch-sample_sample-config-files_static-home_conf,v 1.2 2016/11/29 09:22:02 jca Exp $ ---- sample/sample-config-files/static-home.conf.orig Thu Nov 3 09:49:49 2016 -+++ sample/sample-config-files/static-home.conf Fri Nov 18 17:49:59 2016 -@@ -40,10 +40,10 @@ cipher AES-256-CBC - ; port 1194 - - # Downgrade UID and GID to --# "nobody" after initialization -+# "_openvpn" after initialization - # for extra security. --; user nobody --; group nobody -+user _openvpn -+group _openvpn - - # If you built OpenVPN with - # LZO compression, uncomment Index: patches/patch-sample_sample-config-files_static-office_conf =================================================================== RCS file: patches/patch-sample_sample-config-files_static-office_conf diff -N patches/patch-sample_sample-config-files_static-office_conf --- patches/patch-sample_sample-config-files_static-office_conf 29 Nov 2016 09:22:02 -0000 1.2 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,17 +0,0 @@ -$OpenBSD: patch-sample_sample-config-files_static-office_conf,v 1.2 2016/11/29 09:22:02 jca Exp $ ---- sample/sample-config-files/static-office.conf.orig Thu Nov 3 09:49:49 2016 -+++ sample/sample-config-files/static-office.conf Fri Nov 18 17:49:59 2016 -@@ -37,10 +37,10 @@ cipher AES-256-CBC - ; port 1194 - - # Downgrade UID and GID to --# "nobody" after initialization -+# "_openvpn" after initialization - # for extra security. --; user nobody --; group nobody -+user _openvpn -+group _openvpn - - # If you built OpenVPN with - # LZO compression, uncomment Index: patches/patch-sample_sample-config-files_tls-home_conf =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_tls-home_conf,v retrieving revision 1.1 diff -u -p -r1.1 patch-sample_sample-config-files_tls-home_conf --- patches/patch-sample_sample-config-files_tls-home_conf 20 Apr 2013 16:22:55 -0000 1.1 +++ patches/patch-sample_sample-config-files_tls-home_conf 23 Aug 2020 11:04:42 -0000 @@ -1,7 +1,8 @@ $OpenBSD: patch-sample_sample-config-files_tls-home_conf,v 1.1 2013/04/20 16:22:55 sthen Exp $ ---- sample/sample-config-files/tls-home.conf.orig Mon Sep 10 17:01:08 2012 -+++ sample/sample-config-files/tls-home.conf Thu Mar 7 14:02:35 2013 -@@ -48,10 +48,10 @@ key home.key +Index: sample/sample-config-files/tls-home.conf +--- sample/sample-config-files/tls-home.conf.orig ++++ sample/sample-config-files/tls-home.conf +@@ -48,10 +48,10 @@ cipher AES-256-GCM ; port 1194 # Downgrade UID and GID to Index: patches/patch-sample_sample-config-files_tls-office_conf =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-sample_sample-config-files_tls-office_conf,v retrieving revision 1.1 diff -u -p -r1.1 patch-sample_sample-config-files_tls-office_conf --- patches/patch-sample_sample-config-files_tls-office_conf 20 Apr 2013 16:22:55 -0000 1.1 +++ patches/patch-sample_sample-config-files_tls-office_conf 23 Aug 2020 11:04:42 -0000 @@ -1,7 +1,8 @@ $OpenBSD: patch-sample_sample-config-files_tls-office_conf,v 1.1 2013/04/20 16:22:55 sthen Exp $ ---- sample/sample-config-files/tls-office.conf.orig Mon Sep 10 17:01:08 2012 -+++ sample/sample-config-files/tls-office.conf Thu Mar 7 14:02:35 2013 -@@ -48,10 +48,10 @@ key office.key +Index: sample/sample-config-files/tls-office.conf +--- sample/sample-config-files/tls-office.conf.orig ++++ sample/sample-config-files/tls-office.conf +@@ -51,10 +51,10 @@ cipher AES-256-GCM ; port 1194 # Downgrade UID and GID to Index: patches/patch-src_openvpn_route_c =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_route_c,v retrieving revision 1.13 diff -u -p -r1.13 patch-src_openvpn_route_c --- patches/patch-src_openvpn_route_c 5 Apr 2019 06:56:00 -0000 1.13 +++ patches/patch-src_openvpn_route_c 4 Oct 2020 21:12:37 -0000 @@ -7,7 +7,7 @@ $OpenBSD: patch-src_openvpn_route_c,v 1. Index: src/openvpn/route.c --- src/openvpn/route.c.orig +++ src/openvpn/route.c -@@ -1781,12 +1781,17 @@ add_route(struct route_ipv4 *r, +@@ -1804,12 +1804,17 @@ add_route(struct route_ipv4 *r, } #endif @@ -28,7 +28,7 @@ Index: src/openvpn/route.c argv_msg(D_ROUTE, &argv); status = openvpn_execve_check(&argv, es, 0, "ERROR: OpenBSD/NetBSD route add command failed"); -@@ -3603,7 +3608,7 @@ get_default_gateway(struct route_gateway_info *rgi) +@@ -3476,7 +3481,7 @@ get_default_gateway(struct route_gateway_info *rgi, op /* setup data to send to routing socket */ pid = getpid(); seq = 0; @@ -37,7 +37,7 @@ Index: src/openvpn/route.c bzero(&m_rtmsg, sizeof(m_rtmsg)); bzero(&so_dst, sizeof(so_dst)); -@@ -3821,7 +3826,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf +@@ -3694,7 +3699,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_inf /* setup data to send to routing socket */ pid = getpid(); seq = 0; Index: patches/patch-src_openvpn_tun_c =================================================================== RCS file: /d/cvs/ports/net/openvpn/patches/patch-src_openvpn_tun_c,v retrieving revision 1.17 diff -u -p -r1.17 patch-src_openvpn_tun_c --- patches/patch-src_openvpn_tun_c 21 Feb 2019 23:41:12 -0000 1.17 +++ patches/patch-src_openvpn_tun_c 4 Oct 2020 21:12:37 -0000 @@ -6,44 +6,33 @@ $OpenBSD: patch-src_openvpn_tun_c,v 1.17 Index: src/openvpn/tun.c --- src/openvpn/tun.c.orig +++ src/openvpn/tun.c -@@ -1202,7 +1202,7 @@ do_ifconfig(struct tuntap *tt, - if (tun) - { - argv_printf(&argv, -- "%s %s %s %s mtu %d netmask 255.255.255.255 up -link0", -+ "%s %s %s %s mtu %d netmask 255.255.255.255 up", - IFCONFIG_PATH, - actual, - ifconfig_local, -@@ -1214,7 +1214,7 @@ do_ifconfig(struct tuntap *tt, - { - remote_end = create_arbitrary_remote( tt ); - argv_printf(&argv, -- "%s %s %s %s mtu %d netmask %s up -link0", -+ "%s %s %s %s mtu %d netmask %s up", - IFCONFIG_PATH, - actual, - ifconfig_local, -@@ -1225,8 +1225,13 @@ do_ifconfig(struct tuntap *tt, - } - else - { -+ /* -+ * OpenBSD has distinct tun and tap devices -+ * so we don't need the "link0" extra parameter to specify we want to do -+ * tunneling at the ethernet level -+ */ - argv_printf(&argv, -- "%s %s %s netmask %s mtu %d broadcast %s link0", -+ "%s %s %s netmask %s mtu %d broadcast %s", - IFCONFIG_PATH, - actual, - ifconfig_local, -@@ -2615,7 +2620,6 @@ close_tun(struct tuntap *tt) +@@ -1346,21 +1346,26 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname + if (tun) + { + argv_printf(&argv, +- "%s %s %s %s mtu %d netmask 255.255.255.255 up -link0", ++ "%s %s %s %s mtu %d netmask 255.255.255.255 up", + IFCONFIG_PATH, ifname, ifconfig_local, + ifconfig_remote_netmask, tun_mtu); + } + else if (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET) + { + remote_end = create_arbitrary_remote( tt ); +- argv_printf(&argv, "%s %s %s %s mtu %d netmask %s up -link0", ++ argv_printf(&argv, "%s %s %s %s mtu %d netmask %s up", + IFCONFIG_PATH, ifname, ifconfig_local, + print_in_addr_t(remote_end, 0, &gc), tun_mtu, + ifconfig_remote_netmask); } - else if (tt) + else { -- struct gc_arena gc = gc_new(); - struct argv argv = argv_new(); - - /* setup command, close tun dev (clears tt->actual_name!), run command +- argv_printf(&argv, "%s %s %s netmask %s mtu %d link0", ++ /* ++ * OpenBSD has distinct tun and tap devices ++ * so we don't need the "link0" extra parameter to specify we want to do ++ * tunneling at the ethernet level ++ */ ++ argv_printf(&argv, "%s %s %s netmask %s mtu %d", + IFCONFIG_PATH, ifname, ifconfig_local, + ifconfig_remote_netmask, tun_mtu); + } Index: pkg/PLIST =================================================================== RCS file: /d/cvs/ports/net/openvpn/pkg/PLIST,v retrieving revision 1.26 diff -u -p -r1.26 PLIST --- pkg/PLIST 10 Nov 2019 17:50:00 -0000 1.26 +++ pkg/PLIST 23 Aug 2020 11:04:42 -0000 @@ -21,6 +21,7 @@ share/doc/openvpn/README.IPv6 share/doc/openvpn/README.down-root share/doc/openvpn/README.mbedtls share/doc/openvpn/management-notes.txt +share/doc/openvpn/openvpn.8.html share/doc/pkg-readmes/${PKGSTEM} share/examples/openvpn/ share/examples/openvpn/sample-config-files/ @@ -34,8 +35,6 @@ share/examples/openvpn/sample-config-fil share/examples/openvpn/sample-config-files/openvpn-shutdown.sh share/examples/openvpn/sample-config-files/openvpn-startup.sh share/examples/openvpn/sample-config-files/server.conf -share/examples/openvpn/sample-config-files/static-home.conf -share/examples/openvpn/sample-config-files/static-office.conf share/examples/openvpn/sample-config-files/tls-home.conf share/examples/openvpn/sample-config-files/tls-office.conf share/examples/openvpn/sample-config-files/xinetd-client-config -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
