An open implementation of Fortinet's proprietary PPP+SSL VPN solution Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>lilik-openwrt-22.03
@ -0,0 +1,66 @@ | |||
# | |||
# Copyright (C) 2019 - Lucian Cristian <lucian.cristian@gmail.com> | |||
# | |||
# This is free software, licensed under the GNU General Public License v3. | |||
# See /LICENSE for more information. | |||
# | |||
include $(TOPDIR)/rules.mk | |||
PKG_NAME:=openfortivpn | |||
PKG_VERSION:=1.10.0 | |||
PKG_RELEASE:=1 | |||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz | |||
PKG_SOURCE_URL:=https://codeload.github.com/adrienverge/openfortivpn/tar.gz/v$(PKG_VERSION)? | |||
PKG_HASH:=d6ea0c84c0cf811530073fa19865334bb42ab10a780157fe95c4efb3476ad58d | |||
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com> | |||
PKG_LICENSE:=GPL-3.0-or-later OpenSSL | |||
PKG_LICENSE_FILES:=LICENSE LICENSE.OpenSSL | |||
PKG_BUILD_PARALLEL:=1 | |||
PKG_INSTALL:=1 | |||
PKG_FIXUP:=autoreconf | |||
include $(INCLUDE_DIR)/package.mk | |||
define Package/openfortivpn | |||
SUBMENU:=VPN | |||
SECTION:=net | |||
CATEGORY:=Network | |||
TITLE:=Fortinet SSL VPN client | |||
URL:=https://github.com/adrienverge/openfortivpn | |||
DEPENDS:=+ppp +libopenssl | |||
endef | |||
define Package/openfortivpn/description | |||
An open implementation of Fortinet's proprietary PPP+SSL VPN solution | |||
It spawns a pppd process and operates the communication between the gateway and this process. | |||
It is compatible with Fortinet VPNs. | |||
endef | |||
CONFIGURE_ARGS += \ | |||
--enable-proc \ | |||
--with-rt_dst="yes" \ | |||
--with-pppd="/usr/sbin/pppd" | |||
TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed | |||
define Package/openfortivpn/conffiles | |||
/etc/config/openfortivpn | |||
endef | |||
define Package/openfortivpn/install | |||
$(INSTALL_DIR) \ | |||
$(1)/usr/sbin \ | |||
$(1)/etc/config \ | |||
$(1)/etc/init.d | |||
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openfortivpn $(1)/usr/sbin/ | |||
$(INSTALL_DATA) ./files/openfortivpn.config $(1)/etc/config/openfortivpn | |||
$(INSTALL_BIN) ./files/openfortivpn.init $(1)/etc/init.d/openfortivpn | |||
endef | |||
$(eval $(call BuildPackage,openfortivpn)) |
@ -0,0 +1,12 @@ | |||
config service 'openfortivpn' | |||
option 'enabled' '0' | |||
option 'host' 'vpn-gateway' | |||
option 'port' '10443' | |||
option 'set_routes' '0' | |||
option 'set_dns' '0' | |||
option 'pppd_use_peerdns' '0' | |||
option 'username' 'foo' | |||
option 'password' 'bar' | |||
config 'certs' | |||
# example X509 certificate sha256 sum, trust only defined one(s)! | |||
option 'trusted_cert' 'e46d4aff08ba6914e64daa85bc6112a422fa7ce16631bff0b592a28556f993db' |
@ -0,0 +1,75 @@ | |||
#!/bin/sh /etc/rc.common | |||
START=99 | |||
USE_PROCD=1 | |||
BIN=/usr/sbin/openfortivpn | |||
CONFIG=/var/etc/openfortivpn.config | |||
validate_certs_section() { | |||
uci_load_validate openfortivpn certs "$1" "$2" \ | |||
'trusted_cert:string' | |||
} | |||
validate_openfortivpn_section() { | |||
uci_load_validate openfortivpn service "$1" "$2" \ | |||
'enabled:uinteger' \ | |||
'host:string' \ | |||
'port:uinteger' \ | |||
'username:string' \ | |||
'password:string' \ | |||
'set_routes:uinteger' \ | |||
'set_dns:uinteger' \ | |||
'pppd_use_peerdns:uinteger' | |||
} | |||
setup_certs() { | |||
[ "$2" = 0 ] || { | |||
echo "validation failed" | |||
return 1 | |||
} | |||
[ -n "$trusted_cert" ] || return 0 | |||
echo "trusted-cert = $trusted_cert" >> $CONFIG | |||
} | |||
setup_config() { | |||
[ "$2" = 0 ] || { | |||
echo "validation failed" | |||
return 1 | |||
} | |||
[ "$enabled" -eq 0 ] && return 1 | |||
mkdir -p /var/etc | |||
echo '# auto-generated config file from /etc/config/openfortivpn' > $CONFIG | |||
[ -n "$host" ] && echo "host = $host" >> $CONFIG | |||
[ -n "$port" ] && echo "port = $port" >> $CONFIG | |||
[ -n "$username" ] && echo "username = $username" >> $CONFIG | |||
[ -n "$password" ] && echo "password = $password" >> $CONFIG | |||
[ -n "$set_routes" ] && echo "set-routes = $set_routes" >> $CONFIG | |||
[ -n "$set_dns" ] && echo "set-dns = $set_dns" >> $CONFIG | |||
[ -n "$pppd_use_peerdns" ] && echo "pppd-use-peerdns = $pppd_use_peerdns" >> $CONFIG | |||
return 0 | |||
} | |||
start_service() { | |||
config_load openfortivpn | |||
validate_openfortivpn_section openfortivpn setup_config || return | |||
config_foreach validate_certs_section certs setup_certs | |||
procd_open_instance | |||
procd_set_param stderr 1 | |||
procd_set_param command $BIN -c $CONFIG --use-syslog | |||
procd_close_instance | |||
} | |||
service_triggers () { | |||
procd_add_reload_trigger "openfortivpn" | |||
procd_open_validate | |||
validate_openfortivpn_section | |||
validate_certs_section | |||
procd_close_validate | |||
} |