7 years ago · e137b5880e
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -9,14 +9,17 @@ include $(TOPDIR)/rules.mk
 
				 
			
 
				 PKG_NAME:=openvpn
			
 
				 
			
 
				-PKG_VERSION:=2.4.0
			
 
				-PKG_RELEASE:=3
			
 
				+PKG_VERSION:=2.4.2
			
 
				+PKG_RELEASE:=1
			
 
				 
			
 
				-PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
			
 
				+PKG_SOURCE_URL:=\
			
 
				+	https://build.openvpn.net/downloads/releases/ \
			
 
				+	https://swupdate.openvpn.net/community/releases/
			
 
				 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
			
 
				-PKG_HASH:=6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e
			
 
				+PKG_HASH:=df5c4f384b7df6b08a2f6fa8a84b9fd382baf59c2cef1836f82e2a7f62f1bff9
			
 
				 
			
 
				 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
			
 
				+PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
			
 
				 
			
 
				 PKG_INSTALL:=1
			
 
				 PKG_FIXUP:=autoreconf
			
@@ -39,7 +42,6 @@ ifeq ($(1),nossl)
 
				 else
			
 
				   PROVIDES:=openvpn openvpn-crypto
			
 
				 endif
			
 
				-  MAINTAINER:=Mirko Vogt <mirko@openwrt.org>
			
 
				 endef
			
 
				 
			
 
				 Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+PACKAGE_openvpn-openssl:libopenssl)
			
@@ -106,6 +108,7 @@ endef
 
				 define Package/openvpn-$(BUILD_VARIANT)/install
			
 
				 	$(INSTALL_DIR) \
			
 
				 		$(1)/usr/sbin \
			
 
				+		$(1)/usr/share/openvpn \
			
 
				 		$(1)/etc/init.d \
			
 
				 		$(1)/etc/config \
			
 
				 		$(1)/etc/openvpn \
			
@@ -118,6 +121,9 @@ define Package/openvpn-$(BUILD_VARIANT)/install
 
				 	$(INSTALL_BIN) \
			
 
				 		files/openvpn.init \
			
 
				 		$(1)/etc/init.d/openvpn
			
 
				+	$(INSTALL_DATA) \
			
 
				+		files/openvpn.options \
			
 
				+		$(1)/usr/share/openvpn/openvpn.options
			
 
				 
			
 
				 	$(INSTALL_CONF) files/openvpn.config \
			
 
				 		$(1)/etc/config/openvpn
			
--- a/package/network/services/openvpn/files/openvpn.init
+++ b/package/network/services/openvpn/files/openvpn.init
@@ -68,6 +68,9 @@ openvpn_add_instance() {
 
				 		--config "$conf"
			
 
				 	procd_set_param file "$dir/$conf"
			
 
				 	procd_set_param respawn
			
 
				+	procd_append_param respawn 3600
			
 
				+	procd_append_param respawn 5
			
 
				+	procd_append_param respawn -1
			
 
				 	procd_close_instance
			
 
				 }
			
 
				 
			
@@ -93,40 +96,14 @@ start_instance() {
 
				 	[ ! -d "/var/etc" ] && mkdir -p "/var/etc"
			
 
				 	[ -f "/var/etc/openvpn-$s.conf" ] && rm "/var/etc/openvpn-$s.conf"
			
 
				 
			
 
				-	# append flags
			
 
				-	append_bools "$s" \
			
 
				-		allow_recursive_routing auth_nocache auth_user_pass_optional bind ccd_exclusive client client_cert_not_required \
			
 
				-		client_to_client comp_noadapt disable disable_occ down_pre duplicate_cn fast_io float http_proxy_retry \
			
 
				-		ifconfig_noexec ifconfig_nowarn ifconfig_pool_linear management_forget_disconnect management_hold \
			
 
				-		management_query_passwords management_signal mktun mlock mtu_test multihome mute_replay_warnings \
			
 
				-		ncp_disable nobind no_iv no_name_remapping no_replay opt_verify passtos persist_key persist_local_ip \
			
 
				-		persist_remote_ip persist_tun ping_timer_rem pull push_reset remote_random rmtun route_noexec route_nopull \
			
 
				-		single_session socks_proxy_retry suppress_timestamps tcp_nodelay test_crypto tls_client tls_exit tls_server \
			
 
				-		tun_ipv6 up_delay up_restart username_as_common_name
			
 
				-
			
 
				-	# append params
			
 
				-	append_params "$s" \
			
 
				-		cd askpass auth auth_retry auth_user_pass auth_user_pass_verify bcast_buffers ca cert capath \
			
 
				-		chroot cipher client_config_dir client_connect client_disconnect comp_lzo compress connect_freq \
			
 
				-		connect_retry connect_timeout connect_retry_max crl_verify dev dev_node dev_type dh \
			
 
				-		ecdh_curve echo engine explicit_exit_notify fragment group hand_window hash_size http_proxy \
			
 
				-		http_proxy_option http_proxy_timeout ifconfig ifconfig_pool ifconfig_pool_persist ifconfig_push \
			
 
				-		inactive ipchange iroute keepalive key key_direction key_method keysize learn_address link_mtu lladdr \
			
 
				-		local log log_append lport management management_log_cache max_clients max_routes_per_client mode \
			
 
				-		mssfix mtu_disc mute ncp_ciphers nice ns_cert_type ping ping_exit ping_restart pkcs12 plugin \
			
 
				-		port port_share prng proto pull_filter rcvbuf redirect_gateway remap_usr1 remote remote_cert_eku \
			
 
				-		remote_cert_ku remote_cert_tls reneg_bytes reneg_pkts reneg_sec replay_persist replay_window \
			
 
				-		resolv_retry route route_delay route_gateway route_metric route_pre_down route_up rport \
			
 
				-		script_security secret server server_bridge setenv shaper sndbuf socks_proxy status status_version \
			
 
				-		syslog tcp_queue_limit tls_auth tls_crypt tls_version_min tls_cipher tls_timeout \
			
 
				-		tls_verify tmp_dir topology tran_window tun_mtu tun_mtu_extra txqueuelen user verb \
			
 
				-		down push up verify_x509_name x509_username_field ifconfig_ipv6 route_ipv6 server_ipv6 \
			
 
				-		ifconfig_ipv6_pool ifconfig_ipv6_push iroute_ipv6
			
 
				+	append_bools "$s" $OPENVPN_BOOLS
			
 
				+	append_params "$s" $OPENVPN_PARAMS
			
 
				 
			
 
				 	openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf"
			
 
				 }
			
 
				 
			
 
				 start_service() {
			
 
				+	. /usr/share/openvpn/openvpn.options
			
 
				 	config_load 'openvpn'
			
 
				 	config_foreach start_instance 'openvpn'
			
 
				 
			
--- a/package/network/services/openvpn/files/openvpn.options
+++ b/package/network/services/openvpn/files/openvpn.options
@@ -0,0 +1,197 @@
 
				+OPENVPN_PARAMS='
			
 
				+askpass
			
 
				+auth
			
 
				+auth_retry
			
 
				+auth_user_pass
			
 
				+auth_user_pass_verify
			
 
				+bcast_buffers
			
 
				+ca
			
 
				+capath
			
 
				+cd
			
 
				+cert
			
 
				+chroot
			
 
				+cipher
			
 
				+client_config_dir
			
 
				+client_connect
			
 
				+client_disconnect
			
 
				+comp_lzo
			
 
				+compress
			
 
				+connect_freq
			
 
				+connect_retry
			
 
				+connect_retry_max
			
 
				+connect_timeout
			
 
				+crl_verify
			
 
				+dev
			
 
				+dev_node
			
 
				+dev_type
			
 
				+dh
			
 
				+down
			
 
				+ecdh_curve
			
 
				+echo
			
 
				+engine
			
 
				+explicit_exit_notify
			
 
				+fragment
			
 
				+group
			
 
				+hand_window
			
 
				+hash_size
			
 
				+http_proxy
			
 
				+http_proxy_option
			
 
				+http_proxy_timeout
			
 
				+ifconfig
			
 
				+ifconfig_ipv6
			
 
				+ifconfig_ipv6_pool
			
 
				+ifconfig_ipv6_push
			
 
				+ifconfig_pool
			
 
				+ifconfig_pool_persist
			
 
				+ifconfig_push
			
 
				+inactive
			
 
				+ipchange
			
 
				+iroute
			
 
				+iroute_ipv6
			
 
				+keepalive
			
 
				+key
			
 
				+key_direction
			
 
				+key_method
			
 
				+keysize
			
 
				+learn_address
			
 
				+link_mtu
			
 
				+lladdr
			
 
				+local
			
 
				+log
			
 
				+log_append
			
 
				+lport
			
 
				+management
			
 
				+management_log_cache
			
 
				+max_clients
			
 
				+max_routes_per_client
			
 
				+mode
			
 
				+mssfix
			
 
				+mtu_disc
			
 
				+mute
			
 
				+ncp_ciphers
			
 
				+nice
			
 
				+ns_cert_type
			
 
				+ping
			
 
				+ping_exit
			
 
				+ping_restart
			
 
				+pkcs12
			
 
				+plugin
			
 
				+port
			
 
				+port_share
			
 
				+prng
			
 
				+proto
			
 
				+pull_filter
			
 
				+push
			
 
				+rcvbuf
			
 
				+redirect_gateway
			
 
				+remap_usr1
			
 
				+remote
			
 
				+remote_cert_eku
			
 
				+remote_cert_ku
			
 
				+remote_cert_tls
			
 
				+reneg_bytes
			
 
				+reneg_pkts
			
 
				+reneg_sec
			
 
				+replay_persist
			
 
				+replay_window
			
 
				+resolv_retry
			
 
				+route
			
 
				+route_delay
			
 
				+route_gateway
			
 
				+route_ipv6
			
 
				+route_metric
			
 
				+route_pre_down
			
 
				+route_up
			
 
				+rport
			
 
				+script_security
			
 
				+secret
			
 
				+server
			
 
				+server_bridge
			
 
				+server_ipv6
			
 
				+setenv
			
 
				+shaper
			
 
				+sndbuf
			
 
				+socks_proxy
			
 
				+status
			
 
				+status_version
			
 
				+syslog
			
 
				+tcp_queue_limit
			
 
				+tls_auth
			
 
				+tls_cipher
			
 
				+tls_crypt
			
 
				+tls_timeout
			
 
				+tls_verify
			
 
				+tls_version_min
			
 
				+tmp_dir
			
 
				+topology
			
 
				+tran_window
			
 
				+tun_mtu
			
 
				+tun_mtu_extra
			
 
				+txqueuelen
			
 
				+up
			
 
				+user
			
 
				+verb
			
 
				+verify_x509_name
			
 
				+x509_username_field
			
 
				+'
			
 
				+
			
 
				+OPENVPN_BOOLS='
			
 
				+allow_recursive_routing
			
 
				+auth_nocache
			
 
				+auth_user_pass_optional
			
 
				+bind
			
 
				+ccd_exclusive
			
 
				+client
			
 
				+client_cert_not_required
			
 
				+client_to_client
			
 
				+comp_noadapt
			
 
				+disable
			
 
				+disable_occ
			
 
				+down_pre
			
 
				+duplicate_cn
			
 
				+fast_io
			
 
				+float
			
 
				+http_proxy_retry
			
 
				+ifconfig_noexec
			
 
				+ifconfig_nowarn
			
 
				+ifconfig_pool_linear
			
 
				+management_forget_disconnect
			
 
				+management_hold
			
 
				+management_query_passwords
			
 
				+management_signal
			
 
				+mktun
			
 
				+mlock
			
 
				+mtu_test
			
 
				+multihome
			
 
				+mute_replay_warnings
			
 
				+ncp_disable
			
 
				+nobind
			
 
				+no_iv
			
 
				+no_name_remapping
			
 
				+no_replay
			
 
				+opt_verify
			
 
				+passtos
			
 
				+persist_key
			
 
				+persist_local_ip
			
 
				+persist_remote_ip
			
 
				+persist_tun
			
 
				+ping_timer_rem
			
 
				+pull
			
 
				+push_reset
			
 
				+remote_random
			
 
				+rmtun
			
 
				+route_noexec
			
 
				+route_nopull
			
 
				+single_session
			
 
				+socks_proxy_retry
			
 
				+suppress_timestamps
			
 
				+tcp_nodelay
			
 
				+test_crypto
			
 
				+tls_client
			
 
				+tls_exit
			
 
				+tls_server
			
 
				+tun_ipv6
			
 
				+up_delay
			
 
				+up_restart
			
 
				+username_as_common_name
			
 
				+'
			
--- a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
+++ b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
@@ -1,6 +1,6 @@
 
				 --- a/src/openvpn/ssl_mbedtls.c
			
 
				 +++ b/src/openvpn/ssl_mbedtls.c
			
 
				-@@ -1333,7 +1333,7 @@ const char *
			
 
				+@@ -1337,7 +1337,7 @@ const char *
			
 
				  get_ssl_library_version(void)
			
 
				  {
			
 
				      static char mbedtls_version[30];
			
--- a/package/network/services/openvpn/patches/200-small_build_enable_occ.patch
+++ b/package/network/services/openvpn/patches/200-small_build_enable_occ.patch
@@ -1,12 +0,0 @@
 
				---- a/src/openvpn/syshead.h
			
 
				-+++ b/src/openvpn/syshead.h
			
 
				-@@ -589,9 +589,7 @@ socket_defined (const socket_descriptor_
			
 
				- /*
			
 
				-  * Should we include OCC (options consistency check) code?
			
 
				-  */
			
 
				--#ifndef ENABLE_SMALL
			
 
				- #define ENABLE_OCC
			
 
				--#endif
			
 
				- 
			
 
				- /*
			
 
				-  * Should we include NTLM proxy functionality
			
--- a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
+++ b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
@@ -1,12 +1,12 @@
 
				 --- a/configure.ac
			
 
				 +++ b/configure.ac
			
 
				-@@ -1014,37 +1014,14 @@ dnl
			
 
				+@@ -1058,37 +1058,14 @@ dnl
			
 
				  AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
			
 
				  AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
			
 
				  if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
			
 
				 -    AC_CHECKING([for LZ4 Library and Header files])
			
 
				 -    havelz4lib=1
			
 
				-
			
 
				+ 
			
 
				 -    # if LZ4_LIBS is set, we assume it will work, otherwise test
			
 
				 -    if test -z "${LZ4_LIBS}"; then
			
 
				 -	AC_CHECK_LIB(lz4, LZ4_compress,
			
@@ -19,7 +19,7 @@
 
				 +    AC_MSG_RESULT([Using LZ4 library in src/compat/compat-lz4.*])
			
 
				 +    AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
			
 
				 +    LZ4_LIBS=""
			
 
				-
			
 
				+ 
			
 
				 -    saved_CFLAGS="${CFLAGS}"
			
 
				 -    CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
			
 
				 -    AC_CHECK_HEADERS(lz4.h,
			
@@ -39,3 +39,5 @@
 
				      AC_DEFINE(ENABLE_LZ4, 1, [Enable LZ4 compression library])
			
 
				 -    CFLAGS="${saved_CFLAGS}"
			
 
				  fi
			
 
				+ 
			
 
				+