openfortivpn: add package

An open implementation of Fortinet's proprietary PPP+SSL VPN solution

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>

diff --git a/net/openfortivpn/Makefile b/net/openfortivpn/Makefile
new file mode 100644 (file)
index 0000000..aca8b7a
--- /dev/null
+++ b/net/openfortivpn/Makefile
@@ -0,0 +1,66 @@
+#
+# Copyright (C) 2019 - Lucian Cristian <lucian.cristian@gmail.com>
+#
+# This is free software, licensed under the GNU General Public License v3.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=openfortivpn
+PKG_VERSION:=1.10.0
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/adrienverge/openfortivpn/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=d6ea0c84c0cf811530073fa19865334bb42ab10a780157fe95c4efb3476ad58d
+
+PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
+PKG_LICENSE:=GPL-3.0-or-later OpenSSL
+PKG_LICENSE_FILES:=LICENSE LICENSE.OpenSSL
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+PKG_FIXUP:=autoreconf
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/openfortivpn
+  SUBMENU:=VPN
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=Fortinet SSL VPN client
+  URL:=https://github.com/adrienverge/openfortivpn
+  DEPENDS:=+ppp +libopenssl
+endef
+
+define Package/openfortivpn/description
+  An open implementation of Fortinet's proprietary PPP+SSL VPN solution
+  It spawns a pppd process and operates the communication between the gateway and this process.
+  It is compatible with Fortinet VPNs.
+endef
+
+CONFIGURE_ARGS += \
+       --enable-proc \
+       --with-rt_dst="yes" \
+       --with-pppd="/usr/sbin/pppd"
+
+TARGET_LDFLAGS += -Wl,--gc-sections,--as-needed
+
+define Package/openfortivpn/conffiles
+/etc/config/openfortivpn
+endef
+
+define Package/openfortivpn/install
+       $(INSTALL_DIR) \
+         $(1)/usr/sbin \
+         $(1)/etc/config \
+         $(1)/etc/init.d
+
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/openfortivpn $(1)/usr/sbin/
+       $(INSTALL_DATA) ./files/openfortivpn.config $(1)/etc/config/openfortivpn
+       $(INSTALL_BIN) ./files/openfortivpn.init $(1)/etc/init.d/openfortivpn
+endef
+
+$(eval $(call BuildPackage,openfortivpn))

diff --git a/net/openfortivpn/files/openfortivpn.config b/net/openfortivpn/files/openfortivpn.config
new file mode 100644 (file)
index 0000000..108e3eb
--- /dev/null
+++ b/net/openfortivpn/files/openfortivpn.config
@@ -0,0 +1,12 @@
+config service 'openfortivpn'
+    option 'enabled' '0'
+    option 'host' 'vpn-gateway'
+    option 'port' '10443'
+    option 'set_routes' '0'
+    option 'set_dns' '0'
+    option 'pppd_use_peerdns' '0'
+    option 'username' 'foo'
+    option 'password' 'bar'
+config 'certs'
+# example X509 certificate sha256 sum, trust only defined one(s)!
+    option 'trusted_cert' 'e46d4aff08ba6914e64daa85bc6112a422fa7ce16631bff0b592a28556f993db'

diff --git a/net/openfortivpn/files/openfortivpn.init b/net/openfortivpn/files/openfortivpn.init
new file mode 100644 (file)
index 0000000..e9fdc20
--- /dev/null
+++ b/net/openfortivpn/files/openfortivpn.init
@@ -0,0 +1,75 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+BIN=/usr/sbin/openfortivpn
+CONFIG=/var/etc/openfortivpn.config
+
+
+validate_certs_section() {
+       uci_load_validate openfortivpn certs "$1" "$2" \
+               'trusted_cert:string'
+}
+
+validate_openfortivpn_section() {
+       uci_load_validate openfortivpn service "$1" "$2" \
+               'enabled:uinteger' \
+               'host:string' \
+               'port:uinteger' \
+               'username:string' \
+               'password:string' \
+               'set_routes:uinteger' \
+               'set_dns:uinteger' \
+               'pppd_use_peerdns:uinteger'
+}
+
+setup_certs() {
+       [ "$2" = 0 ] || {
+               echo "validation failed"
+               return 1
+       }
+
+       [ -n "$trusted_cert" ] || return 0
+       echo "trusted-cert = $trusted_cert" >> $CONFIG
+}
+
+setup_config() {
+       [ "$2" = 0 ] || {
+               echo "validation failed"
+               return 1
+       }
+
+       [ "$enabled" -eq 0 ] && return 1
+
+       mkdir -p /var/etc
+       echo '# auto-generated config file from /etc/config/openfortivpn' > $CONFIG
+
+       [ -n "$host" ] && echo "host =  $host" >> $CONFIG
+       [ -n "$port" ] && echo "port =  $port" >> $CONFIG
+       [ -n "$username" ] && echo "username =  $username" >> $CONFIG
+       [ -n "$password" ] && echo "password =  $password" >> $CONFIG
+       [ -n "$set_routes" ] && echo "set-routes = $set_routes" >> $CONFIG
+       [ -n "$set_dns" ] && echo "set-dns = $set_dns" >> $CONFIG
+       [ -n "$pppd_use_peerdns" ] && echo "pppd-use-peerdns = $pppd_use_peerdns" >> $CONFIG
+       return 0
+}
+
+start_service() {
+       config_load openfortivpn
+       validate_openfortivpn_section openfortivpn setup_config || return
+       config_foreach validate_certs_section certs setup_certs
+
+       procd_open_instance
+       procd_set_param stderr 1
+       procd_set_param command $BIN -c $CONFIG --use-syslog
+       procd_close_instance
+}
+
+service_triggers () {
+       procd_add_reload_trigger "openfortivpn"
+
+       procd_open_validate
+       validate_openfortivpn_section
+       validate_certs_section
+       procd_close_validate
+}