Backport openvpn freatures from kamikaze to whiterussian

Add easy-rsa package to openvpn, closes #541
Fix kmod-ipip module (wrong kernel extension)


git-svn-id: svn://svn.openwrt.org/openwrt/trunk@3800 3c298f89-4303-0410-b956-a3cf2f4a3e73

5 files changed, 183 insertions, 1 deletions

diff --git a/openwrt/package/openvpn/Config.in b/openwrt/package/openvpn/Config.in
index 3feffa301..e8c88e726 100644
--- a/openwrt/package/openvpn/Config.in
+++ b/openwrt/package/openvpn/Config.in
@@ -12,6 +12,17 @@ config BR2_PACKAGE_OPENVPN
 	  
 	  Depends: kmod-tun, libpthread
 
+config BR2_PACKAGE_OPENVPN_EASY_RSA
+	prompt "openvpn-easy-rsa................ simple shell scripts to manage a Certificate Authority"
+	tristate
+	default m if CONFIG_DEVEL
+	select BR2_PACKAGE_OPENSSL_UTIL
+	depends on BR2_PACKAGE_OPENVPN
+	help
+	  collection of shell scripts to manage a simple CA infrastructure
+
+	  Depends: openpvn, openssl-util
+
 config BR2_COMPILE_OPENVPN_WITH_SERVER
 	prompt "Enable server support"
 	bool
diff --git a/openwrt/package/openvpn/Makefile b/openwrt/package/openvpn/Makefile
index f1a0f8b67..cf3017ef1 100644
--- a/openwrt/package/openvpn/Makefile
+++ b/openwrt/package/openvpn/Makefile
@@ -17,6 +17,7 @@ PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
 include $(TOPDIR)/package/rules.mk
 
 $(eval $(call PKG_template,OPENVPN,openvpn,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,OPENVPN_EASY_RSA,openvpn-easy-rsa,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
 
 PKG_DEPEND:="kmod-tun"
 
@@ -102,3 +103,9 @@ $(IPKG_OPENVPN):
 	echo "Depends: $(PKG_DEPEND)" >> $(IDIR_OPENVPN)/CONTROL/control
 	$(IPKG_BUILD) $(IDIR_OPENVPN) $(PACKAGE_DIR)
 
+$(IPKG_OPENVPN_EASY_RSA):
+	install -d -m0755 $(IDIR_OPENVPN_EASY_RSA)/usr/sbin $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa
+	$(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req} $(IDIR_OPENVPN_EASY_RSA)/usr/sbin
+	install -m 0644 $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl.cnf $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/openssl.cnf
+	install -m 0644 $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/vars
+	$(IPKG_BUILD) $(IDIR_OPENVPN_EASY_RSA) $(PACKAGE_DIR)
diff --git a/openwrt/package/openvpn/ipkg/openvpn-easy-rsa.control b/openwrt/package/openvpn/ipkg/openvpn-easy-rsa.control
new file mode 100644
index 000000000..6ce25a46a
--- /dev/null
+++ b/openwrt/package/openvpn/ipkg/openvpn-easy-rsa.control
@@ -0,0 +1,5 @@
+Package: openvpn-easy-rsa
+Priority: optional
+Section: net
+Description: collection of shell scripts to manage a simple CA infrastructure
+Depends: openssl-util
diff --git a/openwrt/package/openvpn/patches/easy-rsa.patch b/openwrt/package/openvpn/patches/easy-rsa.patch
new file mode 100644
index 000000000..c5332b790
--- /dev/null
+++ b/openwrt/package/openvpn/patches/easy-rsa.patch
@@ -0,0 +1,159 @@
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-ca openvpn-2.0.7/easy-rsa/2.0/build-ca
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-ca	2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-ca	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ #
+ # Build a root certificate
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-dh openvpn-2.0.7/easy-rsa/2.0/build-dh
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-dh	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-dh	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+ 
+ # Build Diffie-Hellman parameters for the server side
+ # of an SSL/TLS connection.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-inter openvpn-2.0.7/easy-rsa/2.0/build-inter
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-inter	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-inter	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Make an intermediate CA certificate/private key pair using a locally generated
+ # root certificate.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key openvpn-2.0.7/easy-rsa/2.0/build-key
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-key	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Make a certificate/private key pair using a locally generated
+ # root certificate.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pass openvpn-2.0.7/easy-rsa/2.0/build-key-pass
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pass	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-key-pass	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Similar to build-key, but protect the private key
+ # with a password.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pkcs12 openvpn-2.0.7/easy-rsa/2.0/build-key-pkcs12
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pkcs12	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-key-pkcs12	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Make a certificate/private key pair using a locally generated
+ # root certificate and convert it to a PKCS #12 file including the
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-server openvpn-2.0.7/easy-rsa/2.0/build-key-server
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-server	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-key-server	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Make a certificate/private key pair using a locally generated
+ # root certificate.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-req openvpn-2.0.7/easy-rsa/2.0/build-req
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-req	2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-req	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Build a certificate signing request and private key.  Use this
+ # when your root certificate and key is not available locally.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-req-pass openvpn-2.0.7/easy-rsa/2.0/build-req-pass
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-req-pass	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-req-pass	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Like build-req, but protect your private key
+ # with a password.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/clean-all openvpn-2.0.7/easy-rsa/2.0/clean-all
+--- openvpn-2.0.7.orig/easy-rsa/2.0/clean-all	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/clean-all	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+ 
+ # Initialize the $KEY_DIR directory.
+ # Note that this script does a
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/inherit-inter openvpn-2.0.7/easy-rsa/2.0/inherit-inter
+--- openvpn-2.0.7.orig/easy-rsa/2.0/inherit-inter	2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/inherit-inter	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+ 
+ # Build a new PKI which is rooted on an intermediate certificate generated
+ # by ./build-inter or ./pkitool --inter from a parent PKI.  The new PKI should
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/list-crl openvpn-2.0.7/easy-rsa/2.0/list-crl
+--- openvpn-2.0.7.orig/easy-rsa/2.0/list-crl	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/list-crl	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+ 
+ # list revoked certificates
+ 
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/pkitool openvpn-2.0.7/easy-rsa/2.0/pkitool
+--- openvpn-2.0.7.orig/easy-rsa/2.0/pkitool	2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/pkitool	2006-05-09 17:47:40.000000000 +0200
+@@ -1,5 +1,7 @@
+ #!/bin/sh
+ 
++. /etc/easy-rsa/vars
++
+ #  OpenVPN -- An application to securely tunnel IP networks
+ #             over a single TCP/UDP port, with support for SSL/TLS-based
+ #             session authentication and key exchange,
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/revoke-full openvpn-2.0.7/easy-rsa/2.0/revoke-full
+--- openvpn-2.0.7.orig/easy-rsa/2.0/revoke-full	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/revoke-full	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+ 
+ # revoke a certificate, regenerate CRL,
+ # and verify revocation
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/sign-req openvpn-2.0.7/easy-rsa/2.0/sign-req
+--- openvpn-2.0.7.orig/easy-rsa/2.0/sign-req	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/sign-req	2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ # Sign a certificate signing request (a .csr file)
+ # with a local root certificate and key.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/vars openvpn-2.0.7/easy-rsa/2.0/vars
+--- openvpn-2.0.7.orig/easy-rsa/2.0/vars	2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/vars	2006-05-09 17:47:40.000000000 +0200
+@@ -12,7 +12,7 @@
+ # This variable should point to
+ # the top level of the easy-rsa
+ # tree.
+-export EASY_RSA="`pwd`"
++export EASY_RSA="/etc/easy-rsa"
+ 
+ # This variable should point to
+ # the openssl.cnf file included
diff --git a/openwrt/target/linux/generic-2.6/modules.mk b/openwrt/target/linux/generic-2.6/modules.mk
index 8157a4c9a..b582400bd 100644
--- a/openwrt/target/linux/generic-2.6/modules.mk
+++ b/openwrt/target/linux/generic-2.6/modules.mk
@@ -19,7 +19,7 @@ $(eval $(call KMOD_template,IMQ,imq,\
 ))
 
 $(eval $(call KMOD_template,IPIP,ipip,\
-	$(MODULES_DIR)/kernel/net/ipv4/ipip.o \
+	$(MODULES_DIR)/kernel/net/ipv4/ipip.ko \
 ,CONFIG_NET_IPIP,,60,ipip))
 
 $(eval $(call KMOD_template,IPV6,ipv6,\