Some VPN providers require username and password for client to connect.
This commit adds an option to specify username, password and
cert_password directly in uci config which then gets expanded during
start of openpvn client.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
New easyrsa will look for missing vars and x509-types where easyrsa
is located (following symlink). /usr/bin/easyrsa is now a link
to /usr/lib/easyrsa/easyrsa and /usr/lib/easyrsa/{vars,x509-types} a
link to /etc/easyrsa/{vars,x509-types}. This keeps the same previous
OpenWrt easyrsa behavior which tries to use $PWD/pki and
/etc/easyrsa/{vars,x509-types}, but without patching it.
Easyrsa can also use env vars to set pki root path (instead of
/usr/lib/easyrsa), pki path (instead of $PWD/pki) and vars path.
Those variables are commented in /etc/profile.d/50-openvpn-easy-rsa.sh
as an example of how to make easyrsa run independent of $PWD. That
scriptlet also sets $EASYRSA_TEMP_DIR from $EASYRSA_PKI/tmp to /tmp
in order to avoid writing to persistent media (normally flash). However,
as a profile scriptlet, it will only be used after session is restarted.
The "build" tgz was replaced by the "source" tar. "build" version has a
different file structure, making any patch backports too complex.
I'm also putting myself as maintainer.
Closesopenwrt/openwrt#2926, since it moved to openwrt/packages.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Fix the prefix instead.
Replace custom Compile section with PKG_INSTALL.
Minor cleanups for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove several configure options. apr-(utils) has been fixed, which
makes them useless. Also removed PKG_BUILD_DEPENDS for that reason.
Simplify NLS with autoreconf_bool.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved
Signed-off-by: Simon Day <email@simonday.info>
Added a patch to remove BUILDCXXFLAGS. For some reason, TARGET_CXXFLAGS
are leaking.
Removed custom Build/Compile section. There's already PKG_INSTALL.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Updating the system image or the package should not obliterate
the downloaded/unpacked geolocation database. If you use xt_geoip
in /etc/firewall.user you don't want the database disappearing
when sysupgrade runs and then reboots your system as you'll be
left exposed.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
specified for montioring
eg allows ipv4 and ipv6 forwarded traffic to be monitored from
both main network and dmz in single graph
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved
Signed-off-by: Simon Day <email@simonday.info>
specified for montioring
eg allows ipv4 and ipv6 forwarded traffic to be monitored from
both main network and dmz in single graph
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved
Signed-off-by: Simon Day <email@simonday.info>
Major change for version 3.3.1 are:
* Fix a segfault issue in ksmbd.mountd.
* Reorganize ndr write functions.
Major changes for version 3.3.0 are:
* Add samr and lsarpc RPC support.
* Generate subauth values for domain.
* Add Kerberos support.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Unlike ipv4, this option is supposed to be an IP address, otherwise, an
error occurs on startup:
can't parse "br-lan" as valid IPv6 listening address
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
OpenVPN recommends disabling compression, as it may weaken the security
of the connection. For users who need compression, we build with LZ4
support by default. LZO in OpenVPN pulls in liblzo at approx. 32 kB.
OpenWrt users will no longer be able to connect to OpenVPN peers that
require LZO compression, unless they build the OpenVPN package themselves.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
New features:
* Per client tls-crypt keys
* ChaCha20-Poly1305 can be used to encrypt the data channel
* Routes are added/removed via Netlink instead of ifconfig/route
(unless iproute2 support is enabled).
* VLAN support when using a TAP device
Significant changes:
* Server support can no longer be disabled.
* Crypto support can no longer be disabled, remove nossl variant.
* Blowfish (BF-CBC) is no longer implicitly the default cipher.
OpenVPN peers prior to 2.4, or peers with data cipher negotiation
disabled, will not be able to connect to a 2.5 peer unless
option data_fallback_ciphers is set on the 2.5 peer and it contains a
cipher supported by the client.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
reload_server() gracefully with SIGUSR1 to lighttpd
relog() to reopen log files with SIGHUP to lighttpd
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
* update upstream version to lighttpd-1.4.56
* depend on Nettle for MD5, SHA1, SHA256
* multiple TLS options: gnutls, mbedtls, nss, openssl, wolfssl
* new module mod_authn_dbi
* mod_authn_* depend on mod_auth
* mod_authn_file is included if mod_auth is selected in build
* mod_vhostdb_* depend on mod_vhostdb
* mod_deflate subsumes mod_compress
* remove from Makefile the include of nls.mk (no longer needed)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Rosen Penev
Michal Hrusecky
Jan Pavlinec
Philip Prindeville
Luiz Angelo Daros de Luca
Paul Spooren
Stan Grishin
Andy Walsh
Karl Palsson
Simon Day
Glenn Strauss
Jitao Lu
Nikos Mavrogiannopoulos
David Yang
Eric Luehrsen
Lucian Cristian
W. Michael Petullo
Martin Blumenstingl
Christian Lachner
Magnus Kroken
Moritz Warning
Stijn Tintel