summaryrefslogtreecommitdiffstats
path: root/openwrt/package/openvpn
diff options
context:
space:
mode:
Diffstat (limited to 'openwrt/package/openvpn')
-rw-r--r--openwrt/package/openvpn/Config.in11
-rw-r--r--openwrt/package/openvpn/Makefile7
-rw-r--r--openwrt/package/openvpn/ipkg/openvpn-easy-rsa.control5
-rw-r--r--openwrt/package/openvpn/patches/easy-rsa.patch159
4 files changed, 182 insertions, 0 deletions
diff --git a/openwrt/package/openvpn/Config.in b/openwrt/package/openvpn/Config.in
index 3feffa301..e8c88e726 100644
--- a/openwrt/package/openvpn/Config.in
+++ b/openwrt/package/openvpn/Config.in
@@ -12,6 +12,17 @@ config BR2_PACKAGE_OPENVPN
Depends: kmod-tun, libpthread
+config BR2_PACKAGE_OPENVPN_EASY_RSA
+ prompt "openvpn-easy-rsa................ simple shell scripts to manage a Certificate Authority"
+ tristate
+ default m if CONFIG_DEVEL
+ select BR2_PACKAGE_OPENSSL_UTIL
+ depends on BR2_PACKAGE_OPENVPN
+ help
+ collection of shell scripts to manage a simple CA infrastructure
+
+ Depends: openpvn, openssl-util
+
config BR2_COMPILE_OPENVPN_WITH_SERVER
prompt "Enable server support"
bool
diff --git a/openwrt/package/openvpn/Makefile b/openwrt/package/openvpn/Makefile
index f1a0f8b67..cf3017ef1 100644
--- a/openwrt/package/openvpn/Makefile
+++ b/openwrt/package/openvpn/Makefile
@@ -17,6 +17,7 @@ PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
include $(TOPDIR)/package/rules.mk
$(eval $(call PKG_template,OPENVPN,openvpn,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
+$(eval $(call PKG_template,OPENVPN_EASY_RSA,openvpn-easy-rsa,$(PKG_VERSION)-$(PKG_RELEASE),$(ARCH)))
PKG_DEPEND:="kmod-tun"
@@ -102,3 +103,9 @@ $(IPKG_OPENVPN):
echo "Depends: $(PKG_DEPEND)" >> $(IDIR_OPENVPN)/CONTROL/control
$(IPKG_BUILD) $(IDIR_OPENVPN) $(PACKAGE_DIR)
+$(IPKG_OPENVPN_EASY_RSA):
+ install -d -m0755 $(IDIR_OPENVPN_EASY_RSA)/usr/sbin $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa
+ $(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req} $(IDIR_OPENVPN_EASY_RSA)/usr/sbin
+ install -m 0644 $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl.cnf $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/openssl.cnf
+ install -m 0644 $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/vars
+ $(IPKG_BUILD) $(IDIR_OPENVPN_EASY_RSA) $(PACKAGE_DIR)
diff --git a/openwrt/package/openvpn/ipkg/openvpn-easy-rsa.control b/openwrt/package/openvpn/ipkg/openvpn-easy-rsa.control
new file mode 100644
index 000000000..6ce25a46a
--- /dev/null
+++ b/openwrt/package/openvpn/ipkg/openvpn-easy-rsa.control
@@ -0,0 +1,5 @@
+Package: openvpn-easy-rsa
+Priority: optional
+Section: net
+Description: collection of shell scripts to manage a simple CA infrastructure
+Depends: openssl-util
diff --git a/openwrt/package/openvpn/patches/easy-rsa.patch b/openwrt/package/openvpn/patches/easy-rsa.patch
new file mode 100644
index 000000000..c5332b790
--- /dev/null
+++ b/openwrt/package/openvpn/patches/easy-rsa.patch
@@ -0,0 +1,159 @@
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-ca openvpn-2.0.7/easy-rsa/2.0/build-ca
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-ca 2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-ca 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ #
+ # Build a root certificate
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-dh openvpn-2.0.7/easy-rsa/2.0/build-dh
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-dh 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-dh 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+
+ # Build Diffie-Hellman parameters for the server side
+ # of an SSL/TLS connection.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-inter openvpn-2.0.7/easy-rsa/2.0/build-inter
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-inter 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-inter 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ # Make an intermediate CA certificate/private key pair using a locally generated
+ # root certificate.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key openvpn-2.0.7/easy-rsa/2.0/build-key
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-key 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ # Make a certificate/private key pair using a locally generated
+ # root certificate.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pass openvpn-2.0.7/easy-rsa/2.0/build-key-pass
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pass 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-key-pass 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ # Similar to build-key, but protect the private key
+ # with a password.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pkcs12 openvpn-2.0.7/easy-rsa/2.0/build-key-pkcs12
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-pkcs12 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-key-pkcs12 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ # Make a certificate/private key pair using a locally generated
+ # root certificate and convert it to a PKCS #12 file including the
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-key-server openvpn-2.0.7/easy-rsa/2.0/build-key-server
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-key-server 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-key-server 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ # Make a certificate/private key pair using a locally generated
+ # root certificate.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-req openvpn-2.0.7/easy-rsa/2.0/build-req
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-req 2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-req 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ # Build a certificate signing request and private key. Use this
+ # when your root certificate and key is not available locally.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/build-req-pass openvpn-2.0.7/easy-rsa/2.0/build-req-pass
+--- openvpn-2.0.7.orig/easy-rsa/2.0/build-req-pass 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/build-req-pass 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ # Like build-req, but protect your private key
+ # with a password.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/clean-all openvpn-2.0.7/easy-rsa/2.0/clean-all
+--- openvpn-2.0.7.orig/easy-rsa/2.0/clean-all 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/clean-all 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+
+ # Initialize the $KEY_DIR directory.
+ # Note that this script does a
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/inherit-inter openvpn-2.0.7/easy-rsa/2.0/inherit-inter
+--- openvpn-2.0.7.orig/easy-rsa/2.0/inherit-inter 2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/inherit-inter 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+
+ # Build a new PKI which is rooted on an intermediate certificate generated
+ # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/list-crl openvpn-2.0.7/easy-rsa/2.0/list-crl
+--- openvpn-2.0.7.orig/easy-rsa/2.0/list-crl 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/list-crl 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+
+ # list revoked certificates
+
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/pkitool openvpn-2.0.7/easy-rsa/2.0/pkitool
+--- openvpn-2.0.7.orig/easy-rsa/2.0/pkitool 2005-11-02 19:42:38.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/pkitool 2006-05-09 17:47:40.000000000 +0200
+@@ -1,5 +1,7 @@
+ #!/bin/sh
+
++. /etc/easy-rsa/vars
++
+ # OpenVPN -- An application to securely tunnel IP networks
+ # over a single TCP/UDP port, with support for SSL/TLS-based
+ # session authentication and key exchange,
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/revoke-full openvpn-2.0.7/easy-rsa/2.0/revoke-full
+--- openvpn-2.0.7.orig/easy-rsa/2.0/revoke-full 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/revoke-full 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,6 @@
+-#!/bin/bash
++#!/bin/sh
++
++. /etc/easy-rsa/vars
+
+ # revoke a certificate, regenerate CRL,
+ # and verify revocation
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/sign-req openvpn-2.0.7/easy-rsa/2.0/sign-req
+--- openvpn-2.0.7.orig/easy-rsa/2.0/sign-req 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/sign-req 2006-05-09 17:47:40.000000000 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+
+ # Sign a certificate signing request (a .csr file)
+ # with a local root certificate and key.
+diff -ur openvpn-2.0.7.orig/easy-rsa/2.0/vars openvpn-2.0.7/easy-rsa/2.0/vars
+--- openvpn-2.0.7.orig/easy-rsa/2.0/vars 2005-11-02 19:42:39.000000000 +0100
++++ openvpn-2.0.7/easy-rsa/2.0/vars 2006-05-09 17:47:40.000000000 +0200
+@@ -12,7 +12,7 @@
+ # This variable should point to
+ # the top level of the easy-rsa
+ # tree.
+-export EASY_RSA="`pwd`"
++export EASY_RSA="/etc/easy-rsa"
+
+ # This variable should point to
+ # the openssl.cnf file included