diff --git a/net/openfortivpn/Makefile b/net/openfortivpn/Makefile new file mode 100644 index 000000000..aca8b7afc --- /dev/null +++ b/net/openfortivpn/Makefile @@ -0,0 +1,66 @@ +# +# Copyright (C) 2019 - Lucian Cristian +# +# This is free software, licensed under the GNU General Public License v3. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=openfortivpn +PKG_VERSION:=1.10.0 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/adrienverge/openfortivpn/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=d6ea0c84c0cf811530073fa19865334bb42ab10a780157fe95c4efb3476ad58d + +PKG_MAINTAINER:=Lucian Cristian +PKG_LICENSE:=GPL-3.0-or-later OpenSSL +PKG_LICENSE_FILES:=LICENSE LICENSE.OpenSSL + +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +PKG_FIXUP:=autoreconf + +include $(INCLUDE_DIR)/package.mk + +define Package/openfortivpn + SUBMENU:=VPN + SECTION:=net + CATEGORY:=Network + TITLE:=Fortinet SSL VPN client + URL:=https://github.com/adrienverge/openfortivpn + DEPENDS:=+ppp +libopenssl +endef + +define Package/openfortivpn/description + An open implementation of Fortinet's proprietary PPP+SSL VPN solution + It spawns a pppd process and operates the communication between the gateway and this process. + It is compatible with Fortinet VPNs. +endef + +CONFIGURE_ARGS += \ + --enable-proc \ + --with-rt_dst="yes" \ + --with-pppd="/usr/sbin/pppd" + +TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed + +define Package/openfortivpn/conffiles +/etc/config/openfortivpn +endef + +define Package/openfortivpn/install + $(INSTALL_DIR) \ + $(1)/usr/sbin \ + $(1)/etc/config \ + $(1)/etc/init.d + + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openfortivpn $(1)/usr/sbin/ + $(INSTALL_DATA) ./files/openfortivpn.config $(1)/etc/config/openfortivpn + $(INSTALL_BIN) ./files/openfortivpn.init $(1)/etc/init.d/openfortivpn +endef + +$(eval $(call BuildPackage,openfortivpn)) diff --git a/net/openfortivpn/files/openfortivpn.config b/net/openfortivpn/files/openfortivpn.config new file mode 100644 index 000000000..108e3eb7e --- /dev/null +++ b/net/openfortivpn/files/openfortivpn.config @@ -0,0 +1,12 @@ +config service 'openfortivpn' + option 'enabled' '0' + option 'host' 'vpn-gateway' + option 'port' '10443' + option 'set_routes' '0' + option 'set_dns' '0' + option 'pppd_use_peerdns' '0' + option 'username' 'foo' + option 'password' 'bar' +config 'certs' +# example X509 certificate sha256 sum, trust only defined one(s)! + option 'trusted_cert' 'e46d4aff08ba6914e64daa85bc6112a422fa7ce16631bff0b592a28556f993db' diff --git a/net/openfortivpn/files/openfortivpn.init b/net/openfortivpn/files/openfortivpn.init new file mode 100644 index 000000000..e9fdc20d5 --- /dev/null +++ b/net/openfortivpn/files/openfortivpn.init @@ -0,0 +1,75 @@ +#!/bin/sh /etc/rc.common + +START=99 +USE_PROCD=1 +BIN=/usr/sbin/openfortivpn +CONFIG=/var/etc/openfortivpn.config + + +validate_certs_section() { + uci_load_validate openfortivpn certs "$1" "$2" \ + 'trusted_cert:string' +} + +validate_openfortivpn_section() { + uci_load_validate openfortivpn service "$1" "$2" \ + 'enabled:uinteger' \ + 'host:string' \ + 'port:uinteger' \ + 'username:string' \ + 'password:string' \ + 'set_routes:uinteger' \ + 'set_dns:uinteger' \ + 'pppd_use_peerdns:uinteger' +} + +setup_certs() { + [ "$2" = 0 ] || { + echo "validation failed" + return 1 + } + + [ -n "$trusted_cert" ] || return 0 + echo "trusted-cert = $trusted_cert" >> $CONFIG +} + +setup_config() { + [ "$2" = 0 ] || { + echo "validation failed" + return 1 + } + + [ "$enabled" -eq 0 ] && return 1 + + mkdir -p /var/etc + echo '# auto-generated config file from /etc/config/openfortivpn' > $CONFIG + + [ -n "$host" ] && echo "host = $host" >> $CONFIG + [ -n "$port" ] && echo "port = $port" >> $CONFIG + [ -n "$username" ] && echo "username = $username" >> $CONFIG + [ -n "$password" ] && echo "password = $password" >> $CONFIG + [ -n "$set_routes" ] && echo "set-routes = $set_routes" >> $CONFIG + [ -n "$set_dns" ] && echo "set-dns = $set_dns" >> $CONFIG + [ -n "$pppd_use_peerdns" ] && echo "pppd-use-peerdns = $pppd_use_peerdns" >> $CONFIG + return 0 +} + +start_service() { + config_load openfortivpn + validate_openfortivpn_section openfortivpn setup_config || return + config_foreach validate_certs_section certs setup_certs + + procd_open_instance + procd_set_param stderr 1 + procd_set_param command $BIN -c $CONFIG --use-syslog + procd_close_instance +} + +service_triggers () { + procd_add_reload_trigger "openfortivpn" + + procd_open_validate + validate_openfortivpn_section + validate_certs_section + procd_close_validate +}