#
-# Copyright (C) 2010-2012 OpenWrt.org
+# Copyright (C) 2010-2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
PKG_NAME:=openvpn
-PKG_REV:=56cffde5d5320e0b1ec364d3e486aca9
-PKG_VERSION:=2.3.0
-PKG_RELEASE=1
+PKG_VERSION:=2.4.4
+PKG_RELEASE:=1
-PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=\
+ https://build.openvpn.net/downloads/releases/ \
+ https://swupdate.openvpn.net/community/releases/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_HASH:=96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_INSTALL:=1
PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
+PKG_LICENSE:=GPL-2.0
include $(INCLUDE_DIR)/package.mk
MENU:=1
DEPENDS:=+kmod-tun +OPENVPN_$(1)_ENABLE_LZO:liblzo +OPENVPN_$(1)_ENABLE_IPROUTE2:ip $(3)
VARIANT:=$(1)
- MAINTAINER:=Mirko Vogt <mirko@openwrt.org>
+ifeq ($(1),nossl)
+ PROVIDES:=openvpn
+else
+ PROVIDES:=openvpn openvpn-crypto
+endif
endef
-Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+libopenssl)
-Package/openvpn-polarssl=$(call Package/openvpn/Default,polarssl,PolarSSL,+libpolarssl)
+Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+PACKAGE_openvpn-openssl:libopenssl)
+Package/openvpn-mbedtls=$(call Package/openvpn/Default,mbedtls,mbedTLS,+PACKAGE_openvpn-mbedtls:libmbedtls)
Package/openvpn-nossl=$(call Package/openvpn/Default,nossl,plaintext (no SSL))
define Package/openvpn/config/Default
endef
Package/openvpn-openssl/config=$(call Package/openvpn/config/Default,openssl)
-Package/openvpn-polarssl/config=$(call Package/openvpn/config/Default,polarssl)
+Package/openvpn-mbedtls/config=$(call Package/openvpn/config/Default,mbedtls)
Package/openvpn-nossl/config=$(call Package/openvpn/config/Default,nossl)
-define Package/openvpn-easy-rsa
- $(call Package/openvpn)
- DEPENDS:=+openssl-util
- TITLE:=Simple shell scripts to manage a Certificate Authority
-endef
-
-define Package/openvpn-easy-rsa/conffiles
-/etc/easy-rsa/keys/serial
-/etc/easy-rsa/keys/index.txt
-/etc/easy-rsa/vars
-endef
-
-
-ifeq ($(BUILD_VARIANT),polarssl)
-CONFIG_OPENVPN_POLARSSL:=y
+ifeq ($(BUILD_VARIANT),mbedtls)
+CONFIG_OPENVPN_MBEDTLS:=y
endif
ifeq ($(BUILD_VARIANT),openssl)
CONFIG_OPENVPN_OPENSSL:=y
CONFIGURE_VARS += \
IFCONFIG=/sbin/ifconfig \
ROUTE=/sbin/route \
- IPROUTE=/usr/sbin/ip \
+ IPROUTE=/sbin/ip \
NETSTAT=/sbin/netstat
+TARGET_CFLAGS += -ffunction-sections -fdata-sections
+TARGET_LDFLAGS += -Wl,--gc-sections
+
define Build/Configure
$(call Build/Configure/Default, \
- --enable-small \
+ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SMALL),--enable-small) \
--disable-selinux \
--disable-systemd \
--disable-plugins \
--disable-debug \
- --disable-eurephia \
--disable-pkcs11 \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZO),--enable,--disable)-lzo \
+ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZ4),--enable,--disable)-lz4 \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_X509_ALT_USERNAME),enable,disable-x509-alt-username)-ssl \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SERVER),--enable,--disable)-server \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MANAGEMENT),--enable,--disable)-management \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SOCKS),--enable,--disable)-socks \
- $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_HTTP),--enable,--disable)-http \
+ $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_HTTP),--enable,--disable)-http-proxy \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_FRAGMENT),--enable,--disable)-fragment \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MULTIHOME),--enable,--disable)-multihome \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_IPROUTE2),--enable,--disable)-iproute2 \
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_PF),--enable,--disable)-pf \
$(if $(CONFIG_OPENVPN_NOSSL),--disable-ssl --disable-crypto,--enable-ssl --enable-crypto) \
$(if $(CONFIG_OPENVPN_OPENSSL),--with-crypto-library=openssl) \
- $(if $(CONFIG_OPENVPN_POLARSSL),--with-crypto-library=polarssl) \
+ $(if $(CONFIG_OPENVPN_MBEDTLS),--with-crypto-library=mbedtls) \
)
endef
define Package/openvpn-$(BUILD_VARIANT)/install
$(INSTALL_DIR) \
$(1)/usr/sbin \
+ $(1)/usr/share/openvpn \
$(1)/etc/init.d \
$(1)/etc/config \
$(1)/etc/openvpn \
$(INSTALL_BIN) \
files/openvpn.init \
$(1)/etc/init.d/openvpn
+ $(INSTALL_DATA) \
+ files/openvpn.options \
+ $(1)/usr/share/openvpn/openvpn.options
$(INSTALL_CONF) files/openvpn.config \
$(1)/etc/config/openvpn
$(1)/lib/upgrade/keep.d/openvpn
endef
-define Package/openvpn-easy-rsa/install
- $(INSTALL_DIR) $(1)/usr/sbin
- $(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/
- $(INSTALL_DIR) $(1)/etc/easy-rsa
- $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl-1.0.0.cnf $(1)/etc/easy-rsa/openssl-1.0.0.cnf
- $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars
- $(INSTALL_DIR) $(1)/etc/easy-rsa/keys
- $(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt
- $(INSTALL_DATA) files/easy-rsa.serial $(1)/etc/easy-rsa/keys/serial
-endef
-
$(eval $(call BuildPackage,openvpn-openssl))
-$(eval $(call BuildPackage,openvpn-polarssl))
+$(eval $(call BuildPackage,openvpn-mbedtls))
$(eval $(call BuildPackage,openvpn-nossl))
-$(eval $(call BuildPackage,openvpn-easy-rsa))