From 2b8ec473db602aa7a76010e79775df34b41c5037 Mon Sep 17 00:00:00 2001 From: jlam Date: Wed, 17 Aug 2005 19:55:57 +0000 Subject: Update net/openvpn to version 2.0.1. Major changes from version 1.6.0 include: Adding a highly scalable server for handling multiple TCP/UDP clients over point-to-point TUN interfaces, all using a single port number. The server has been designed so that it can run with reduced privilege. On the client side, "pull" has been added, which basically says "accept certain config file options which the server pushes back to you." The major win of the push/pull capability is that the same client configuration file can be used on each client provided each client has its own set of SSL/TLS keys which have been signed by the master CA. A management interface has been developed which can be used to remotely control or centrally manage an OpenVPN daemon. "remote" can now specify a set of machines, or a hostname can be configured with multiple addresses in DNS. A server will be randomly chosen from the list, and if the connect fails, another will be tried (see the "remote-random" option) A package for easy RSA key management (easy-rsa-2.0rc1) has been included to aid in generating SSL keys and certificates for use with OpenVPN. --- net/openvpn/DESCR | 7 ++- net/openvpn/MESSAGE | 26 ++++++++ net/openvpn/Makefile | 92 ++++++++++++++++++++++------- net/openvpn/PLIST | 87 ++++++++++++++++++--------- net/openvpn/distinfo | 13 ++-- net/openvpn/files/openvpn.sh | 75 +++++++++++++++++++++++ net/openvpn/patches/patch-aa | 46 ++++----------- net/openvpn/patches/patch-ab | 137 ++++++++++++++++++++++++++++++++++++++++--- net/openvpn/patches/patch-ac | 45 -------------- 9 files changed, 378 insertions(+), 150 deletions(-) create mode 100644 net/openvpn/MESSAGE create mode 100644 net/openvpn/files/openvpn.sh delete mode 100644 net/openvpn/patches/patch-ac (limited to 'net') diff --git a/net/openvpn/DESCR b/net/openvpn/DESCR index b600286a4c8..e29f0d0e128 100644 --- a/net/openvpn/DESCR +++ b/net/openvpn/DESCR @@ -1,3 +1,4 @@ -OpenVPN is an easy-to-use, robust, and highly configurable VPN (Virtual Private -Network) daemon which can be used to securely link two or more private networks -using an encrypted tunnel over the internet. It uses UDP to avoid TCP over TCP. +OpenVPN is a robust and highly flexible tunneling application +that uses all of the encryption, authentication, and certification +features of the OpenSSL library to securely tunnel IP networks over +a single TCP/UDP port. diff --git a/net/openvpn/MESSAGE b/net/openvpn/MESSAGE new file mode 100644 index 00000000000..78520dffe99 --- /dev/null +++ b/net/openvpn/MESSAGE @@ -0,0 +1,26 @@ +=========================================================================== +$NetBSD: MESSAGE,v 1.1 2005/08/17 19:55:57 jlam Exp $ + +The openvpn rc.d script looks for configuration files in: + + ${PKG_SYSCONFDIR} + +and by default will start an openvpn process for each config file in +that directory. + +The sample configuration files have been installed into: + + ${PREFIX}/share/examples/openvpn/config + +Please refer to the openvpn(8) manpage for full documentation on the +available options. + +There is also a package for ``easy'' RSA key management installed into: + + ${PREFIX}/share/openvpn/easy-rsa + +that may optionally be used to set up a certificate authority for +generating SSL certificates for use with OpenVPN. Please refer to the +README file in that directory for specific instructions. + +=========================================================================== diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index 752a0c34885..d6698b0a6fe 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -1,31 +1,79 @@ -# $NetBSD: Makefile,v 1.7 2005/04/11 21:46:53 tv Exp $ +# $NetBSD: Makefile,v 1.8 2005/08/17 19:55:57 jlam Exp $ +# -DISTNAME= openvpn-1.6.0 -CATEGORIES= net security -MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=openvpn/} +DISTNAME= openvpn-2.0.1 +PKGNAME= ${DISTNAME:S/_//} +CATEGORIES= net +MASTER_SITES= http://openvpn.net/release/ \ + http://openvpn.net/release/old/ MAINTAINER= tech-pkg@NetBSD.org -HOMEPAGE= http://openvpn.sourceforge.net/ -COMMENT= Easy-to-use, robust, and highly configurable VPN over UDP +HOMEPAGE= http://openvpn.net/ +COMMENT= Easy-to-use SSL VPN daemon -#USE_PKGINSTALL= YES +GNU_CONFIGURE= yes +USE_TOOLS= grep:run +USE_LIBTOOL= yes +USE_PKGINSTALL= yes +USE_OLD_DES_API= yes +TEST_TARGET= check -GNU_CONFIGURE= YES -CONFIGURE_ARGS+= --with-ssl-headers=${SSLBASE}/include/openssl -CONFIGURE_ARGS+= --with-ssl-lib=${SSLBASE}/lib -CONFIGURE_ARGS+= --with-lzo-headers=${BUILDLINK_PREFIX.liblzo}/include -CONFIGURE_ARGS+= --with-lzo-lib=${BUILDLINK_PREFIX.liblzo}/lib +PKG_SYSCONFSUBDIR= openvpn +DATADIR= ${PREFIX}/share/${PKGBASE} +DOCDIR= ${PREFIX}/share/doc/${PKGBASE} +EGDIR= ${PREFIX}/share/examples/${PKGBASE} +RCD_SCRIPTS= openvpn -EGDIR= ${PREFIX}/share/examples/openvpn +CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} +CONFIGURE_ARGS+= --enable-pthread +CONFIGURE_ARGS+= --enable-password-save +CONFIGURE_ARGS+= --disable-dependency-tracking -post-install: - ${INSTALL_DATA_DIR} ${EGDIR}/sample-config-files - ${INSTALL_DATA} ${WRKSRC}/sample-config-files/* ${EGDIR}/sample-config-files - ${INSTALL_DATA_DIR} ${EGDIR}/sample-keys - ${INSTALL_DATA} ${WRKSRC}/sample-keys/* ${EGDIR}/sample-keys - ${INSTALL_DATA_DIR} ${EGDIR}/sample-scripts - ${INSTALL_DATA} ${WRKSRC}/sample-scripts/* ${EGDIR}/sample-scripts - -.include "../../archivers/liblzo/buildlink3.mk" +# OpenVPN 2.x has a shared module "plugin" architecture that allows +# inserting callbacks into the server for various tasks. +# +DL_AUTO_VARS= yes +.include "../../mk/dlopen.buildlink3.mk" + +.include "../../archivers/lzo/buildlink3.mk" .include "../../security/openssl/buildlink3.mk" +.include "../../mk/pthread.buildlink3.mk" + +post-build: + for file in ${WRKSRC}/easy-rsa/2.0/pkitool; do \ + ${SED} -e "s|^\(GREP\)=.*|\1=\""${GREP}"\"|" \ + -e "s|^\(OPENSSL\)=.*|\1=\""${SSLBASE}/bin/openssl"\"|" \ + $$file > $$file.new; \ + ${MV} -f $$file.new $$file; \ + ${CHMOD} +x $$file; \ + done + +post-install: + ${INSTALL_DATA_DIR} ${DATADIR}/easy-rsa + dir=${DATADIR:S/^${PREFIX}\///}/easy-rsa; \ + cd ${WRKSRC}/easy-rsa/2.0; \ + ${GREP} "^$$dir/" ${PKGDIR}/PLIST | ${SED} "s|^$$dir/||" | \ + while read file; do \ + case $$file in \ + [A-Z]*|*.cnf) ${INSTALL_DATA} $$file ${PREFIX}/$$dir ;; \ + *) ${INSTALL_SCRIPT} $$file ${PREFIX}/$$dir ;; \ + esac; \ + done + ${INSTALL_DATA_DIR} ${DOCDIR} + ${INSTALL_DATA} ${WRKSRC}/management/management-notes.txt ${DOCDIR} + ${INSTALL_DATA_DIR} ${EGDIR} + ${INSTALL_DATA_DIR} ${EGDIR}/config + cd ${WRKSRC}/sample-config-files; for file in *; do \ + ${INSTALL_DATA} $$file ${EGDIR}/config; \ + done + ${INSTALL_DATA_DIR} ${EGDIR}/scripts + cd ${WRKSRC}/sample-scripts; for file in *; do \ + ${INSTALL_DATA} $$file ${EGDIR}/scripts; \ + done + ${INSTALL_DATA_DIR} ${EGDIR}/keys + cd ${WRKSRC}/sample-keys; for file in *; do \ + ${INSTALL_DATA} $$file ${EGDIR}/keys; \ + done + + .include "../../mk/bsd.pkg.mk" diff --git a/net/openvpn/PLIST b/net/openvpn/PLIST index da1c5c794fc..fc868d0d029 100644 --- a/net/openvpn/PLIST +++ b/net/openvpn/PLIST @@ -1,31 +1,62 @@ -@comment $NetBSD: PLIST,v 1.1.1.1 2004/02/10 12:39:17 wulf Exp $ +@comment $NetBSD: PLIST,v 1.2 2005/08/17 19:55:57 jlam Exp $ man/man8/openvpn.8 sbin/openvpn -share/examples/openvpn/sample-config-files/README -share/examples/openvpn/sample-config-files/firewall.sh -share/examples/openvpn/sample-config-files/home.up -share/examples/openvpn/sample-config-files/loopback-client -share/examples/openvpn/sample-config-files/loopback-server -share/examples/openvpn/sample-config-files/office.up -share/examples/openvpn/sample-config-files/openvpn-shutdown.sh -share/examples/openvpn/sample-config-files/openvpn-startup.sh -share/examples/openvpn/sample-config-files/static-home.conf -share/examples/openvpn/sample-config-files/static-office.conf -share/examples/openvpn/sample-config-files/tls-home.conf -share/examples/openvpn/sample-config-files/tls-office.conf -share/examples/openvpn/sample-config-files/xinetd-client-config -share/examples/openvpn/sample-config-files/xinetd-server-config -share/examples/openvpn/sample-keys/README -share/examples/openvpn/sample-keys/client.crt -share/examples/openvpn/sample-keys/client.key -share/examples/openvpn/sample-keys/dh1024.pem -share/examples/openvpn/sample-keys/server.crt -share/examples/openvpn/sample-keys/server.key -share/examples/openvpn/sample-keys/tmp-ca.crt -share/examples/openvpn/sample-keys/tmp-ca.key -share/examples/openvpn/sample-scripts/openvpn.init -share/examples/openvpn/sample-scripts/verify-cn -@dirrm share/examples/openvpn/sample-config-files -@dirrm share/examples/openvpn/sample-keys -@dirrm share/examples/openvpn/sample-scripts +share/doc/openvpn/management-notes.txt +share/examples/openvpn/config/README +share/examples/openvpn/config/client.conf +share/examples/openvpn/config/firewall.sh +share/examples/openvpn/config/home.up +share/examples/openvpn/config/loopback-client +share/examples/openvpn/config/loopback-server +share/examples/openvpn/config/office.up +share/examples/openvpn/config/openvpn-shutdown.sh +share/examples/openvpn/config/openvpn-startup.sh +share/examples/openvpn/config/server.conf +share/examples/openvpn/config/static-home.conf +share/examples/openvpn/config/static-office.conf +share/examples/openvpn/config/tls-home.conf +share/examples/openvpn/config/tls-office.conf +share/examples/openvpn/config/xinetd-client-config +share/examples/openvpn/config/xinetd-server-config +share/examples/openvpn/keys/README +share/examples/openvpn/keys/client.crt +share/examples/openvpn/keys/client.key +share/examples/openvpn/keys/dh1024.pem +share/examples/openvpn/keys/pass.crt +share/examples/openvpn/keys/pass.key +share/examples/openvpn/keys/pkcs12.p12 +share/examples/openvpn/keys/server.crt +share/examples/openvpn/keys/server.key +share/examples/openvpn/keys/tmp-ca.crt +share/examples/openvpn/keys/tmp-ca.key +share/examples/openvpn/scripts/auth-pam.pl +share/examples/openvpn/scripts/bridge-start +share/examples/openvpn/scripts/bridge-stop +share/examples/openvpn/scripts/openvpn.init +share/examples/openvpn/scripts/verify-cn +share/examples/rc.d/openvpn +share/openvpn/easy-rsa/README +share/openvpn/easy-rsa/build-ca +share/openvpn/easy-rsa/build-dh +share/openvpn/easy-rsa/build-inter +share/openvpn/easy-rsa/build-key +share/openvpn/easy-rsa/build-key-pass +share/openvpn/easy-rsa/build-key-pkcs12 +share/openvpn/easy-rsa/build-key-server +share/openvpn/easy-rsa/build-req +share/openvpn/easy-rsa/build-req-pass +share/openvpn/easy-rsa/clean-all +share/openvpn/easy-rsa/inherit-inter +share/openvpn/easy-rsa/list-crl +share/openvpn/easy-rsa/openssl.cnf +share/openvpn/easy-rsa/pkitool +share/openvpn/easy-rsa/revoke-full +share/openvpn/easy-rsa/sign-req +share/openvpn/easy-rsa/vars +@dirrm share/openvpn/easy-rsa +@dirrm share/openvpn +@dirrm share/examples/openvpn/scripts +@dirrm share/examples/openvpn/keys +@dirrm share/examples/openvpn/config @dirrm share/examples/openvpn +@dirrm share/doc/openvpn diff --git a/net/openvpn/distinfo b/net/openvpn/distinfo index ce4a205ef52..bd8062036fb 100644 --- a/net/openvpn/distinfo +++ b/net/openvpn/distinfo @@ -1,8 +1,7 @@ -$NetBSD: distinfo,v 1.3 2005/02/24 12:13:58 agc Exp $ +$NetBSD: distinfo,v 1.4 2005/08/17 19:55:57 jlam Exp $ -SHA1 (openvpn-1.6.0.tar.gz) = 1a7a4e1b610564902f50b488f19254ab9a1f9c7e -RMD160 (openvpn-1.6.0.tar.gz) = ffcb1746590bdd4dab6777856a6caf8c129d57de -Size (openvpn-1.6.0.tar.gz) = 430324 bytes -SHA1 (patch-aa) = 1467b3f2cacc16657e88bc292c778ef7cfc48d66 -SHA1 (patch-ab) = b32248e2d9dc6dfdf015d86873770544a214103b -SHA1 (patch-ac) = b689cd044be21205eb4c53edd856ea2161b45cc1 +SHA1 (openvpn-2.0.1.tar.gz) = d0ce0f41c8832e96511761ba4db1d209267c2caa +RMD160 (openvpn-2.0.1.tar.gz) = ced7028e996f119ce1b0e21305aaa744d2181fd9 +Size (openvpn-2.0.1.tar.gz) = 662428 bytes +SHA1 (patch-aa) = c28596050d1f5850219816ea2d855eeda6f37d12 +SHA1 (patch-ab) = d5f9d23078607adbc1bfe23960da6b87725df122 diff --git a/net/openvpn/files/openvpn.sh b/net/openvpn/files/openvpn.sh new file mode 100644 index 00000000000..f1d55fdb08b --- /dev/null +++ b/net/openvpn/files/openvpn.sh @@ -0,0 +1,75 @@ +#!@RCD_SCRIPTS_SHELL@ +# +# $NetBSD: openvpn.sh,v 1.1 2005/08/17 19:55:57 jlam Exp $ +# +# PROVIDE: openvpn +# REQUIRE: NETWORKING +# +# To start openvpn at startup, copy this script to /etc/rc.d. You will +# also need to set the following variables: +# +# openvpn=YES +# +# The following variables are optional: +# +# openvpn_cfg="server.conf" # whitespace-separated list of +# # OpenVPN config files relative to +# # directory @PKG_SYSCONFDIR@. If +# # set, then an openvpn process is +# # started for each file, otherwise +# # a process is started for all +# # *.conf files. +# +# For information on how to write an OpenVPN config file, please read the +# openvpn(8) man page or check the website at: +# +# http://openvpn.net/ +# + +. /etc/rc.subr + +name="openvpn" +rcvar=$name +sysconfdir="@PKG_SYSCONFDIR@" +command="@PREFIX@/sbin/openvpn" +command_args="--cd $sysconfdir --daemon" +extra_commands="reload" +required_dirs="$sysconfdir" + +start_cmd="openvpn_start" + +openvpn_start() +{ + : ${openvpn_cfg="*.conf"} + + for d in $required_dirs; do + if [ ! -d "$d/." ]; then + warn "$d is not a directory." + return 1 + fi + done + if [ -z "$openvpn_cfg" ]; then + warn "\$openvpn_cfg is empty." + return 1 + fi + savewd="$PWD" + cd $sysconfdir + for f in $openvpn_cfg; do + if [ ! -r "$f" ]; then + warn "$f is not readable." + cd $savewd + return 1 + fi + done + for f in $openvpn_cfg; do + doit="$command $command_args --config $f" + if ! eval $doit; then + cd $savewd + return 1 + fi + done + cd $savewd +} + +load_rc_config $name +run_rc_command "$1" diff --git a/net/openvpn/patches/patch-aa b/net/openvpn/patches/patch-aa index 2fbe72acbde..4fa51ec1d09 100644 --- a/net/openvpn/patches/patch-aa +++ b/net/openvpn/patches/patch-aa @@ -1,40 +1,14 @@ -$NetBSD: patch-aa,v 1.1 2005/02/21 23:26:24 bad Exp $ +$NetBSD: patch-aa,v 1.2 2005/08/17 19:55:57 jlam Exp $ ---- route.c.orig Sun Mar 14 06:34:20 2004 -+++ route.c Tue Feb 22 00:02:54 2005 -@@ -626,7 +626,7 @@ - msg (D_ROUTE, "%s", BSTR (&buf)); - status = system_check (BSTR (&buf), "ERROR: FreeBSD route add command failed", false); +--- easy-rsa/2.0/README.orig 2005-07-17 16:13:42.000000000 -0400 ++++ easy-rsa/2.0/README +@@ -46,9 +46,6 @@ Release Notes for easy-rsa-2.0 --#elif defined(TARGET_OPENBSD) -+#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) + * This release only affects the Linux/Unix version of easy-rsa. + The Windows version (written to use the Windows shell) is unchanged. +- Note that the new pkitool script is written in bash, and will not +- run on Windows unless bash is installed. To install bash on Windows, +- see the MSYS package available here: http://www.mingw.org/ - buf_printf (&buf, ROUTE_PATH " add"); + INSTALL easy-rsa -@@ -641,7 +641,7 @@ - netmask); - - msg (D_ROUTE, "%s", BSTR (&buf)); -- status = system_check (BSTR (&buf), "ERROR: OpenBSD route add command failed", false); -+ status = system_check (BSTR (&buf), "ERROR: Net/OpenBSD route add command failed", false); - - #else - msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script"); -@@ -713,7 +713,7 @@ - msg (D_ROUTE, "%s", BSTR (&buf)); - system_check (BSTR (&buf), "ERROR: FreeBSD route delete command failed", false); - --#elif defined(TARGET_OPENBSD) -+#elif defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) - - buf_printf (&buf, ROUTE_PATH " delete -net %s %s -netmask %s", - network, -@@ -721,7 +721,7 @@ - netmask); - - msg (D_ROUTE, "%s", BSTR (&buf)); -- system_check (BSTR (&buf), "ERROR: OpenBSD route delete command failed", false); -+ system_check (BSTR (&buf), "ERROR: Net/OpenBSD route delete command failed", false); - - #else - msg (M_FATAL, "Sorry, but I don't know how to do 'route' commands on this operating system. Try putting your routes in a --route-up script"); diff --git a/net/openvpn/patches/patch-ab b/net/openvpn/patches/patch-ab index 03ca5e6a072..a122a1acb68 100644 --- a/net/openvpn/patches/patch-ab +++ b/net/openvpn/patches/patch-ab @@ -1,13 +1,132 @@ -$NetBSD: patch-ab,v 1.1 2005/02/21 23:26:24 bad Exp $ +$NetBSD: patch-ab,v 1.2 2005/08/17 19:55:57 jlam Exp $ ---- syshead.h.orig Thu Apr 1 13:52:34 2004 -+++ syshead.h Tue Feb 22 00:09:49 2005 -@@ -247,6 +247,8 @@ - #include - #endif +--- easy-rsa/2.0/pkitool.orig 2005-07-15 14:38:14.000000000 -0400 ++++ easy-rsa/2.0/pkitool +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!/bin/sh -+#include + # OpenVPN -- An application to securely tunnel IP networks + # over a single TCP/UDP port, with support for SSL/TLS-based +@@ -31,7 +31,10 @@ PROGNAME=pkitool + VERSION=2.0 + DEBUG=0 + +-function need_vars ++GREP=grep ++OPENSSL=openssl + - #endif /* TARGET_NETBSD */ ++need_vars() + { + echo ' Please edit the vars script to reflect your configuration,' + echo ' then source it with "source ./vars".' +@@ -40,7 +43,7 @@ function need_vars + echo " Finally, you can run this tool ($PROGNAME) to build certificates/keys." + } + +-function usage ++usage() + { + echo "$PROGNAME $VERSION" + echo "Usage: $PROGNAME [options...] [common-name]" +@@ -103,7 +106,7 @@ BATCH="-batch" + CA="ca" + + # Process options +-while [ "$1" ] && [ "${1:0:2}" = "--" ]; do ++while [ $# -gt 0 ]; do + case "$1" in + --server ) REQ_EXT="$REQ_EXT -extensions server" + CA_EXT="$CA_EXT -extensions server" ;; +@@ -115,8 +118,9 @@ while [ "$1" ] && [ "${1:0:2}" = "--" ]; + --csr ) DO_CA="0" ;; + --sign ) DO_REQ="0" ;; + --pkcs12 ) DO_P12="1" ;; +- * ) echo "$PROGNAME: unknown option: $1" +- exit 1 ++ --* ) echo "$PROGNAME: unknown option: $1" ++ exit 1 ;; ++ * ) break ;; + esac + shift + done +@@ -128,25 +132,25 @@ if [ $DO_P12 -eq 1 ]; then + fi + + # If undefined, set default key expiration intervals +-if [ -z $KEY_EXPIRE ]; then +- export KEY_EXPIRE=3650 ++if [ -z "$KEY_EXPIRE" ]; then ++ KEY_EXPIRE=3650 + fi +-if [ -z $CA_EXPIRE ]; then +- export CA_EXPIRE=3650 ++if [ -z "$CA_EXPIRE" ]; then ++ CA_EXPIRE=3650 + fi + + # Set organizational unit to empty string if undefined + if [ -z "$KEY_OU" ]; then +- export KEY_OU="" ++ KEY_OU="" + fi + + # Set KEY_CN + if [ $DO_ROOT -eq 1 ]; then + if [ -z "$KEY_CN" ]; then + if [ "$1" ]; then +- export KEY_CN="$1" ++ KEY_CN="$1" + elif [ "$KEY_ORG" ]; then +- export KEY_CN="$KEY_ORG CA" ++ KEY_CN="$KEY_ORG CA" + fi + fi + if [ $BATCH ] && [ "$KEY_CN" ]; then +@@ -159,9 +163,10 @@ else + usage + exit 1 + else +- export KEY_CN="$1" ++ KEY_CN="$1" + fi + fi ++export CA_EXPIRE KEY_EXPIRE KEY_OU KEY_CN + + # Show parameters (debugging) + if [ $DEBUG -eq 1 ]; then +@@ -186,7 +191,9 @@ if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" + + # Make sure $KEY_CONFIG points to the correct version + # of openssl.cnf +- if ! grep -Eqi 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" ; then ++ if $GREP -i 'easy-rsa version 2\.[0-9]' "$KEY_CONFIG" >/dev/null; then ++ : ++ else + echo "$PROGNAME: KEY_CONFIG (set by the ./vars script) is pointing to the wrong" + echo "version of openssl.cnf: $KEY_CONFIG" + echo "The correct version should have a comment that says: easy-rsa version 2.x"; +@@ -195,7 +202,7 @@ if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" + + # Build root CA + if [ $DO_ROOT -eq 1 ]; then +- openssl req $BATCH -days $CA_EXPIRE $NODES_REQ -new -x509 \ ++ $OPENSSL req $BATCH -days $CA_EXPIRE $NODES_REQ -new -x509 \ + -keyout "$CA.key" -out "$CA.crt" -config "$KEY_CONFIG" && \ + chmod 0600 "$CA.key" + else +@@ -209,11 +216,11 @@ if [ -d "$KEY_DIR" ] && [ "$KEY_CONFIG" + fi - #ifdef WIN32 + # Build cert/key +- ( [ $DO_REQ -eq 0 ] || openssl req $BATCH -days $KEY_EXPIRE $NODES_REQ -new \ ++ ( [ $DO_REQ -eq 0 ] || $OPENSSL req $BATCH -days $KEY_EXPIRE $NODES_REQ -new \ + -keyout "$KEY_CN.key" -out "$KEY_CN.csr" $REQ_EXT -config "$KEY_CONFIG" ) && \ +- ( [ $DO_CA -eq 0 ] || openssl ca $BATCH -days $KEY_EXPIRE -out "$KEY_CN.crt" \ ++ ( [ $DO_CA -eq 0 ] || $OPENSSL ca $BATCH -days $KEY_EXPIRE -out "$KEY_CN.crt" \ + -in "$KEY_CN.csr" $CA_EXT -config "$KEY_CONFIG" ) && \ +- ( [ $DO_P12 -eq 0 ] || openssl pkcs12 -export -inkey "$KEY_CN.key" \ ++ ( [ $DO_P12 -eq 0 ] || $OPENSSL pkcs12 -export -inkey "$KEY_CN.key" \ + -in "$KEY_CN.crt" -certfile "$CA.crt" -out "$KEY_CN.p12" $NODES_P12 ) && \ + ( [ $DO_CA -eq 0 ] || chmod 0600 "$KEY_CN.key" ) && \ + ( [ $DO_P12 -eq 0 ] || chmod 0600 "$KEY_CN.p12" ) diff --git a/net/openvpn/patches/patch-ac b/net/openvpn/patches/patch-ac deleted file mode 100644 index 908061e7b8f..00000000000 --- a/net/openvpn/patches/patch-ac +++ /dev/null @@ -1,45 +0,0 @@ -$NetBSD: patch-ac,v 1.1 2005/02/21 23:26:24 bad Exp $ - ---- tun.c.orig Thu Apr 1 13:54:57 2004 -+++ tun.c Tue Feb 22 00:14:00 2005 -@@ -579,7 +579,13 @@ - tun_mtu - ); - else -- no_tap_ifconfig (); -+ openvpn_snprintf (command_line, sizeof (command_line), -+ IFCONFIG_PATH " %s %s netmask %s mtu %d up", -+ actual, -+ ifconfig_local, -+ ifconfig_remote_netmask, -+ tun_mtu -+ ); - msg (M_INFO, "%s", command_line); - system_check (command_line, "NetBSD ifconfig failed", true); - tt->did_ifconfig = true; -@@ -1263,6 +1269,25 @@ - int - write_tun (struct tuntap* tt, uint8_t *buf, int len) - { -+ if (tt->type == DEV_TYPE_TAP) -+ { -+ /* NetBSD's /dev/tap doesn't pad ethernet frames to the minimum length. */ -+ ssize_t rv; -+ struct iovec iv[2]; -+ char pad[ETHER_MIN_LEN]; -+ -+ iv[0].iov_base = buf; -+ iv[0].iov_len = len; -+ iv[1].iov_base = &pad; -+ iv[1].iov_len = ETHER_MIN_LEN - len; -+ -+ rv = writev(tt->fd, iv, (len < ETHER_MIN_LEN) ? 2 : 1); -+ if (rv > len) -+ return len; -+ else -+ return rv; -+ } -+ else - return write (tt->fd, buf, len); - } - -- cgit v1.2.3