From: Jo-Philipp Wich Date: Fri, 18 Dec 2009 20:09:08 +0000 (+0000) Subject: [packages] This patch adds uanytun a tiny implementaion of SATP the X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fsvn-archive%2Farchive.git;a=commitdiff_plain;hb=ee64a4e242886c0ecd9c394aeba4acf9ce3ca373 [packages] This patch adds uanytun a tiny implementaion of SATP the secure anycast tunneling protocol. For additional infos please visit http://www.anytun.org. Signed-off-by: Christian Pointner SVN-Revision: 18843 --- diff --git a/net/uanytun/Makefile b/net/uanytun/Makefile new file mode 100644 index 0000000000..9a5c7ce8a2 --- /dev/null +++ b/net/uanytun/Makefile @@ -0,0 +1,204 @@ +# +# Copyright (C) 2008 Christian Pointner, +# +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# +# This Makefile builds uAnytun Package for OpenWRT +# +# $Id: $ + +include $(TOPDIR)/rules.mk + +PKG_NAME:=uanytun +PKG_VERSION:=0.3.2 +PKG_RELEASE:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://www.anytun.org/download/ +PKG_MD5SUM:=d861328e33ec0d34cccecd9ca2a284b6 + +include $(INCLUDE_DIR)/package.mk + + +define Package/uanytun/template + SECTION:=net + CATEGORY:=Network + TITLE:=micro anycast tunneling daemon + URL:=http://www.anytun.org/ + MAINTAINER:=Christian Pointner + SUBMENU:=VPN +endef + +define Package/uanytun/desc-template +uAnytun is a tiny implementation of SATP the secure anycast tunneling protocol. + SATP defines a protocol used for communication between any combination of + unicast and anycast tunnel endpoints. It has less protocol overhead than + IPSec in Tunnel mode and allows tunneling of every ETHER TYPE protocol (e.g. + ethernet, ip, arp ...). SATP directly includes cryptography and message + authentication based on the methodes used by SRTP. It is intended to deliver + a generic, scaleable and secure solution for tunneling and relaying of packets + of any protocol. + Unlike Anytun which is a full featured implementation uAnytun has no support + for multiple connections or synchronisation. It is a small single threaded + implementation intended to act as a client on small platforms. +endef + + +define Package/uanytun + $(call Package/uanytun/template) + DEPENDS:=+kmod-tun +libgcrypt +endef + +define Package/uanytun/conffiles +/etc/config/uanytun +endef + +define Package/uanytun/description + $(call Package/uanytun/desc-template) +endef + + +define Package/uanytun-sslcrypt + $(call Package/uanytun/template) + DEPENDS:=+kmod-tun +libopenssl +endef + +define Package/uanytun-sslcrypt/conffiles +/etc/config/uanytun-sslcrypt +endef + +define Package/uanytun-sslcrypt/description + $(call Package/uanytun/desc-template) +endef + + +define Package/uanytun-nocrypt + $(call Package/uanytun/template) + DEPENDS:=+kmod-tun +endef + +define Package/uanytun-nocrypt/conffiles +/etc/config/uanytun-nocrypt +endef + +define Package/uanytun-nocrypt/description + $(call Package/uanytun/desc-template) +endef + + + +ifneq ($(CONFIG_PACKAGE_uanytun-nocrypt),) + define Build/Configure/uanytun-nocrypt + rm -rf $(PKG_BUILD_DIR)/uanytun-nocrypt + mkdir -p $(PKG_BUILD_DIR)/uanytun-nocrypt + $(CP) -r $(PKG_BUILD_DIR)/src $(PKG_BUILD_DIR)/uanytun-nocrypt + (cd $(PKG_BUILD_DIR)/uanytun-nocrypt/src; \ + touch include.mk; \ + ln -s linux/tun.c . \ + ) + endef + + define Build/Compile/uanytun-nocrypt + $(MAKE) -C $(PKG_BUILD_DIR)/uanytun-nocrypt/src \ + $(TARGET_CONFIGURE_OPTS) \ + NO_CRYPT_OBJ=1 \ + TARGET=Linux \ + CFLAGS="$(TARGET_CFLAGS) -DNO_CRYPT" \ + LDFLAGS="$(TARGET_LDFLAGS) -ldl" + $(STRIP) $(PKG_BUILD_DIR)/uanytun-nocrypt/src/uanytun + endef +endif + +ifneq ($(CONFIG_PACKAGE_uanytun-sslcrypt),) + define Build/Configure/uanytun-sslcrypt + rm -rf $(PKG_BUILD_DIR)/uanytun-sslcrypt + mkdir -p $(PKG_BUILD_DIR)/uanytun-sslcrypt + $(CP) -r $(PKG_BUILD_DIR)/src $(PKG_BUILD_DIR)/uanytun-sslcrypt + (cd $(PKG_BUILD_DIR)/uanytun-sslcrypt/src; \ + touch include.mk; \ + ln -s linux/tun.c . \ + ) + endef + + define Build/Compile/uanytun-sslcrypt + $(MAKE) -C $(PKG_BUILD_DIR)/uanytun-sslcrypt/src \ + $(TARGET_CONFIGURE_OPTS) \ + TARGET=Linux \ + CFLAGS="$(TARGET_CFLAGS) -DUSE_SSL_CRYPTO -I$(STAGING_DIR)/usr/include" \ + LDFLAGS="$(TARGET_LDFLAGS) -ldl -lcrypto" + $(STRIP) $(PKG_BUILD_DIR)/uanytun-sslcrypt/src/uanytun + endef +endif + +ifneq ($(CONFIG_PACKAGE_uanytun),) + define Build/Configure/uanytun-default + rm -rf $(PKG_BUILD_DIR)/uanytun + mkdir -p $(PKG_BUILD_DIR)/uanytun + $(CP) -r $(PKG_BUILD_DIR)/src $(PKG_BUILD_DIR)/uanytun + (cd $(PKG_BUILD_DIR)/uanytun/src; \ + touch include.mk; \ + ln -s linux/tun.c . \ + ) + endef + + define Build/Compile/uanytun-default + $(MAKE) -C $(PKG_BUILD_DIR)/uanytun/src \ + $(TARGET_CONFIGURE_OPTS) \ + TARGET=Linux \ + CFLAGS="$(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include" \ + LDFLAGS="$(TARGET_LDFLAGS) -ldl -lgcrypt -lgpg-error" + $(STRIP) $(PKG_BUILD_DIR)/uanytun/src/uanytun + endef +endif + + +define Build/Configure + $(call Build/Configure/uanytun-nocrypt) + $(call Build/Configure/uanytun-sslcrypt) + $(call Build/Configure/uanytun-default) +endef + +define Build/Compile + $(call Build/Compile/uanytun-nocrypt) + $(call Build/Compile/uanytun-sslcrypt) + $(call Build/Compile/uanytun-default) +endef + +define Build/Clean + rm -rf $(PKG_BUILD_DIR)/uanytun-nocrypt + rm -rf $(PKG_BUILD_DIR)/uanytun-sslcrypt + rm -rf $(PKG_BUILD_DIR)/uanytun +endef + + + +define Package/uanytun/install-generic + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_DATA) ./files/$(3) $(1)/etc/config/$(2) + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/$(2)/src/uanytun $(1)/usr/sbin/$(2) + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/uanytun.init $(1)/etc/init.d/$(2) + @sed -e 's/BIN=uanytun/BIN=$(2)/' -i $(1)/etc/init.d/$(2) +endef + +define Package/uanytun/install + $(call Package/uanytun/install-generic,$(1),uanytun,uanytun.config) +endef + +define Package/uanytun-sslcrypt/install + $(call Package/uanytun/install-generic,$(1),uanytun-sslcrypt,uanytun.config) +endef + +define Package/uanytun-nocrypt/install + $(call Package/uanytun/install-generic,$(1),uanytun-nocrypt,uanytun-nocrypt.config) +endef + + + +$(eval $(call BuildPackage,uanytun)) +$(eval $(call BuildPackage,uanytun-sslcrypt)) +$(eval $(call BuildPackage,uanytun-nocrypt)) diff --git a/net/uanytun/files/uanytun-nocrypt.config b/net/uanytun/files/uanytun-nocrypt.config new file mode 100644 index 0000000000..9792d1f009 --- /dev/null +++ b/net/uanytun/files/uanytun-nocrypt.config @@ -0,0 +1,88 @@ +config "client1" + option disabled 0 + option username 'nobody' + option groupname 'nogroup' +# option chroot "/var/run/uanytun" + +# option interface '' +# option port '4444' +# option sender_id '1' + +# option dev 'anytun0' + option type 'tun' + option ifconfig '192.168.123.1/24' +# option post-up-script '/etc/uanytun/client1-post-up.sh' + + option remote_host 'example.com' + option remote_port '4444' + + option window_size 0 + option mux 1 + + option log 'syslog:3,anytun-client1,daemon' + + +config "client2" + option disabled 1 + option username 'nobody' + option groupname 'nogroup' + + option type 'tun' + option ifconfig '192.168.123.2/24' + + option remote_host 'example.com' + option remote_port '4444' + + option window_size 0 + option mux 2 + + option log 'syslog:3,anytun-client2,daemon' + + +config "client3" + option disabled 1 + option username 'nobody' + option groupname 'nogroup' + + option type 'tun' + option ifconfig '192.168.123.3/24' + + option remote_host 'example.com' + option remote_port '4444' + + option window_size 0 + option mux 3 + + option log 'syslog:3,anytun-client3,daemon' + + +config "p2p-a" + option disabled 1 + option username 'nobody' + option groupname 'nogroup' + + option type 'tun' + option ifconfig '192.168.223.1/24' + + option remote_host 'p2p-b.example.com' + option remote_port '4444' + + option window_size 0 + + option log 'syslog:3,anytun-p2p-a,daemon' + + +config "p2p-b" + option disabled 1 + option username 'nobody' + option groupname 'nogroup' + + option type 'tun' + option ifconfig '192.168.223.2/24' + + option remote_host 'p2p-a.example.com' + option remote_port '4444' + + option window_size 0 + + option log 'syslog:3,anytun-p2p-b,daemon' diff --git a/net/uanytun/files/uanytun.config b/net/uanytun/files/uanytun.config new file mode 100644 index 0000000000..c53db37385 --- /dev/null +++ b/net/uanytun/files/uanytun.config @@ -0,0 +1,116 @@ +config "client1" + option disabled 0 +# option username 'nobody' +# option groupname 'nogroup' +# option chroot "/var/run/uanytun" + +# option interface '' +# option port '4444' +# option sender_id '1' + + option cipher 'aes-ctr' +# option cipher 'null' +# option cipher 'aes-ctr-128' +# option cipher 'aes-ctr-192' +# option cipher 'aes-ctr-256' + option auth_algo 'sha1' +# option auth_algo 'null' +# option auth_tag_length 10 + +# option dev 'anytun0' + option type 'tun' + option ifconfig '192.168.123.1/24' +# option post-up-script '/etc/uanytun/client1-post-up.sh' + + option remote_host 'example.com' + option remote_port '4444' + + option window_size 0 + option mux 1 + + option role 'client' +# option kd_prf 'null' +# option kd_prf 'aes-ctr' +# option kd_prf 'aes-ctr-128' +# option kd_prf 'aes-ctr-192' +# option kd_prf 'aes-ctr-256' +# option ld_kdr '0' +# option key '0123456789ABCDEF0123456789ABCDEF' +# option salt '0123456789ABCD0123456789ABCD' + option passphrase 'Creating_VPN_Tunnels_With_Anytun_Is_Easy' + + option log 'syslog:3,anytun-client1,daemon' + + +config "client2" + option disabled 1 + + option cipher 'aes-ctr' + option auth_algo 'sha1' + option type 'tun' + option ifconfig '192.168.123.2/24' + + option remote_host 'example.com' + option remote_port '4444' + + option window_size 0 + option mux 2 + option role 'client' + option passphrase 'Creating_VPN_Tunnels_With_Anytun_Is_Easy' + + option log 'syslog:3,anytun-client2,daemon' + + +config "client3" + option disabled 1 + + option cipher 'aes-ctr' + option auth_algo 'sha1' + option type 'tun' + option ifconfig '192.168.123.3/24' + + option remote_host 'example.com' + option remote_port '4444' + + option window_size 0 + option mux 3 + option role 'client' + option passphrase 'Creating_VPN_Tunnels_With_Anytun_Is_Easy' + + option log 'syslog:3,anytun-client3,daemon' + + +config "p2p-a" + option disabled 1 + + option cipher 'aes-ctr' + option auth_algo 'sha1' + option type 'tun' + option ifconfig '192.168.223.1/24' + + option remote_host 'p2p-b.example.com' + option remote_port '4444' + + option window_size 0 + option role 'alice' + option passphrase 'Creating_P2P_VPN_Tunnels_With_Anytun_Is_Easy' + + option log 'syslog:3,anytun-p2p-a,daemon' + + +config "p2p-b" + option disabled 1 + + option cipher 'aes-ctr' + option auth_algo 'sha1' + option type 'tun' + option ifconfig '192.168.223.2/24' + + option remote_host 'p2p-a.example.com' + option remote_port '4444' + + option window_size 0 + option role 'bob' + option passphrase 'Creating_P2P_VPN_Tunnels_With_Anytun_Is_Easy' + + option log 'syslog:3,anytun-p2p-b,daemon' diff --git a/net/uanytun/files/uanytun.init b/net/uanytun/files/uanytun.init new file mode 100644 index 0000000000..59e1c23cd4 --- /dev/null +++ b/net/uanytun/files/uanytun.init @@ -0,0 +1,104 @@ +#!/bin/sh /etc/rc.common +START=50 + +BIN=uanytun +DAEMON=/usr/sbin/$BIN +DESC=$BIN +RUN_D=/var/run + + +option_cb() { + local varname="$1" + local value="$2" + + if ! echo "$CONFIG_OPTIONS" | grep " $varname " > /dev/null; then + CONFIG_OPTIONS="$CONFIG_OPTIONS $varname " + fi +} + +foreach_config_forced() { + foreach_config $1 "forced" +} + +foreach_config() { + local cfg="$1" + local name + local option + local value + local args="" + local forced=0 + + if [ -n "$2" ] && [ "x$2" == "xforced" ]; then + forced=1 + fi + + config_get name "$cfg" TYPE + for option in $CONFIG_OPTIONS + do + config_get value "$cfg" "$option" + if [ "x$option" == "xdisabled" ]; then + if [ $forced -eq 0 ] && [ $value -eq 1 ]; then + echo -n " $name(disabled)" + return + fi + continue + fi + + option=`echo $option | tr '_' '-'` + if [ -n "$value" ]; then + args="$args --$option $value" + fi + done + echo -n " $name" + local status="OK" + $DAEMON --write-pid "$RUN_D/$BIN.$name.pid" $args || status="failed" + echo -n "($status)" +} + +stop_vpn() { + local name=$1 + local pidfile=$RUN_D/$BIN.$name.pid + echo -n " $name" + local status="OK" + if [ ! -f "$pidfile" ]; then + status="tunnel not active" + else + kill `cat $pidfile` > /dev/null 2>&1 || status="failed" + rm -f $pidfile + fi + echo -n "($status)" +} + +start() { + echo -n "Starting $DESC:" + config_load $BIN + if [ $# -gt 0 ]; then + while [ $# -gt 0 ]; do + config_foreach foreach_config_forced "$1" + shift + done + else + config_foreach foreach_config "" + fi + echo "." +} + +stop() { + echo -n "Stopping $DESC:" + local name + local pidfile + + if [ $# -gt 0 ]; then + while [ $# -gt 0 ]; do + stop_vpn $1 + shift + done + else + for pidfile in `ls $RUN_D/$BIN.*.pid 2> /dev/null`; do + name=${pidfile%%.pid} + name=${name##$RUN_D/$BIN.} + stop_vpn $name + done + fi + echo "." +}