--- /dev/null
+#
+# Copyright (C) 2019 - Lucian Cristian <lucian.cristian@gmail.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=openfortivpn
+PKG_VERSION:=1.10.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/adrienverge/openfortivpn/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=d6ea0c84c0cf811530073fa19865334bb42ab10a780157fe95c4efb3476ad58d
+
+PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
+PKG_LICENSE:=GPL-3.0-or-later OpenSSL
+PKG_LICENSE_FILES:=LICENSE LICENSE.OpenSSL
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/openfortivpn
+ SUBMENU:=VPN
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=Fortinet SSL VPN client
+ URL:=https://github.com/adrienverge/openfortivpn
+ DEPENDS:=+ppp +libopenssl
+endef
+
+define Package/openfortivpn/description
+ An open implementation of Fortinet's proprietary PPP+SSL VPN solution
+ It spawns a pppd process and operates the communication between the gateway and this process.
+ It is compatible with Fortinet VPNs.
+endef
+
+CONFIGURE_ARGS += \
+ --enable-proc \
+ --with-rt_dst="yes" \
+ --with-pppd="/usr/sbin/pppd"
+
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+
+define Package/openfortivpn/conffiles
+/etc/config/openfortivpn
+endef
+
+define Package/openfortivpn/install
+ $(INSTALL_DIR) \
+ $(1)/usr/sbin \
+ $(1)/etc/config \
+ $(1)/etc/init.d
+
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openfortivpn $(1)/usr/sbin/
+ $(INSTALL_DATA) ./files/openfortivpn.config $(1)/etc/config/openfortivpn
+ $(INSTALL_BIN) ./files/openfortivpn.init $(1)/etc/init.d/openfortivpn
+endef
+
+$(eval $(call BuildPackage,openfortivpn))
--- /dev/null
+config service 'openfortivpn'
+ option 'enabled' '0'
+ option 'host' 'vpn-gateway'
+ option 'port' '10443'
+ option 'set_routes' '0'
+ option 'set_dns' '0'
+ option 'pppd_use_peerdns' '0'
+ option 'username' 'foo'
+ option 'password' 'bar'
+config 'certs'
+# example X509 certificate sha256 sum, trust only defined one(s)!
+ option 'trusted_cert' 'e46d4aff08ba6914e64daa85bc6112a422fa7ce16631bff0b592a28556f993db'
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+BIN=/usr/sbin/openfortivpn
+CONFIG=/var/etc/openfortivpn.config
+
+
+validate_certs_section() {
+ uci_load_validate openfortivpn certs "$1" "$2" \
+ 'trusted_cert:string'
+}
+
+validate_openfortivpn_section() {
+ uci_load_validate openfortivpn service "$1" "$2" \
+ 'enabled:uinteger' \
+ 'host:string' \
+ 'port:uinteger' \
+ 'username:string' \
+ 'password:string' \
+ 'set_routes:uinteger' \
+ 'set_dns:uinteger' \
+ 'pppd_use_peerdns:uinteger'
+}
+
+setup_certs() {
+ [ "$2" = 0 ] || {
+ echo "validation failed"
+ return 1
+ }
+
+ [ -n "$trusted_cert" ] || return 0
+ echo "trusted-cert = $trusted_cert" >> $CONFIG
+}
+
+setup_config() {
+ [ "$2" = 0 ] || {
+ echo "validation failed"
+ return 1
+ }
+
+ [ "$enabled" -eq 0 ] && return 1
+
+ mkdir -p /var/etc
+ echo '# auto-generated config file from /etc/config/openfortivpn' > $CONFIG
+
+ [ -n "$host" ] && echo "host = $host" >> $CONFIG
+ [ -n "$port" ] && echo "port = $port" >> $CONFIG
+ [ -n "$username" ] && echo "username = $username" >> $CONFIG
+ [ -n "$password" ] && echo "password = $password" >> $CONFIG
+ [ -n "$set_routes" ] && echo "set-routes = $set_routes" >> $CONFIG
+ [ -n "$set_dns" ] && echo "set-dns = $set_dns" >> $CONFIG
+ [ -n "$pppd_use_peerdns" ] && echo "pppd-use-peerdns = $pppd_use_peerdns" >> $CONFIG
+ return 0
+}
+
+start_service() {
+ config_load openfortivpn
+ validate_openfortivpn_section openfortivpn setup_config || return
+ config_foreach validate_certs_section certs setup_certs
+
+ procd_open_instance
+ procd_set_param stderr 1
+ procd_set_param command $BIN -c $CONFIG --use-syslog
+ procd_close_instance
+}
+
+service_triggers () {
+ procd_add_reload_trigger "openfortivpn"
+
+ procd_open_validate
+ validate_openfortivpn_section
+ validate_certs_section
+ procd_close_validate
+}