a28deda590
OpenVPN assumes that its control channel messages are sent and received unfragmented, this assumption is broken when CBC record splitting is enabled in mbedTLS. The record splitting is intended as countermeasure against BEAST attacks which do not apply to OpenVPN, therefore we simply disable it until upstream OpenVPN gains the ability to process fragmented control messages. Disabling the splitting also works around a (not remotely triggerable) segmentation fault in mbedTLS. References: * https://dev.openwrt.org/ticket/19101 * https://community.openvpn.net/openvpn/ticket/524 * https://github.com/ARMmbed/mbedtls/pull/185 Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45602
125 lines
3.9 KiB
Makefile
125 lines
3.9 KiB
Makefile
#
|
|
# Copyright (C) 2010-2015 OpenWrt.org
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=openvpn
|
|
|
|
PKG_VERSION:=2.3.6
|
|
PKG_RELEASE:=4
|
|
|
|
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
|
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
|
PKG_MD5SUM:=6ca03fe0fd093e0d01601abee808835c
|
|
|
|
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
|
|
|
|
PKG_INSTALL:=1
|
|
PKG_FIXUP:=autoreconf
|
|
PKG_BUILD_PARALLEL:=1
|
|
PKG_LICENSE:=GPL-2.0
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/openvpn/Default
|
|
TITLE:=Open source VPN solution using $(2)
|
|
SECTION:=net
|
|
CATEGORY:=Network
|
|
URL:=http://openvpn.net
|
|
SUBMENU:=VPN
|
|
MENU:=1
|
|
DEPENDS:=+kmod-tun +OPENVPN_$(1)_ENABLE_LZO:liblzo +OPENVPN_$(1)_ENABLE_IPROUTE2:ip $(3)
|
|
VARIANT:=$(1)
|
|
MAINTAINER:=Mirko Vogt <mirko@openwrt.org>
|
|
endef
|
|
|
|
Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+libopenssl)
|
|
Package/openvpn-polarssl=$(call Package/openvpn/Default,polarssl,PolarSSL,+libpolarssl)
|
|
Package/openvpn-nossl=$(call Package/openvpn/Default,nossl,plaintext (no SSL))
|
|
|
|
define Package/openvpn/config/Default
|
|
source "$(SOURCE)/Config-$(1).in"
|
|
endef
|
|
|
|
Package/openvpn-openssl/config=$(call Package/openvpn/config/Default,openssl)
|
|
Package/openvpn-polarssl/config=$(call Package/openvpn/config/Default,polarssl)
|
|
Package/openvpn-nossl/config=$(call Package/openvpn/config/Default,nossl)
|
|
|
|
ifeq ($(BUILD_VARIANT),polarssl)
|
|
CONFIG_OPENVPN_POLARSSL:=y
|
|
endif
|
|
ifeq ($(BUILD_VARIANT),openssl)
|
|
CONFIG_OPENVPN_OPENSSL:=y
|
|
endif
|
|
ifeq ($(BUILD_VARIANT),nossl)
|
|
CONFIG_OPENVPN_NOSSL:=y
|
|
endif
|
|
|
|
CONFIGURE_VARS += \
|
|
IFCONFIG=/sbin/ifconfig \
|
|
ROUTE=/sbin/route \
|
|
IPROUTE=/usr/sbin/ip \
|
|
NETSTAT=/sbin/netstat
|
|
|
|
define Build/Configure
|
|
$(call Build/Configure/Default, \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SMALL),--enable-small) \
|
|
--disable-selinux \
|
|
--disable-systemd \
|
|
--disable-plugins \
|
|
--disable-debug \
|
|
--disable-eurephia \
|
|
--disable-pkcs11 \
|
|
--enable-password-save \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZO),--enable,--disable)-lzo \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_X509_ALT_USERNAME),enable,disable-x509-alt-username)-ssl \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SERVER),--enable,--disable)-server \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MANAGEMENT),--enable,--disable)-management \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SOCKS),--enable,--disable)-socks \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_HTTP),--enable,--disable)-http \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_FRAGMENT),--enable,--disable)-fragment \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MULTIHOME),--enable,--disable)-multihome \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_IPROUTE2),--enable,--disable)-iproute2 \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_DEF_AUTH),--enable,--disable)-def-auth \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_PF),--enable,--disable)-pf \
|
|
$(if $(CONFIG_OPENVPN_NOSSL),--disable-ssl --disable-crypto,--enable-ssl --enable-crypto) \
|
|
$(if $(CONFIG_OPENVPN_OPENSSL),--with-crypto-library=openssl) \
|
|
$(if $(CONFIG_OPENVPN_POLARSSL),--with-crypto-library=polarssl) \
|
|
)
|
|
endef
|
|
|
|
define Package/openvpn-$(BUILD_VARIANT)/conffiles
|
|
/etc/config/openvpn
|
|
endef
|
|
|
|
define Package/openvpn-$(BUILD_VARIANT)/install
|
|
$(INSTALL_DIR) \
|
|
$(1)/usr/sbin \
|
|
$(1)/etc/init.d \
|
|
$(1)/etc/config \
|
|
$(1)/etc/openvpn \
|
|
$(1)/lib/upgrade/keep.d
|
|
|
|
$(INSTALL_BIN) \
|
|
$(PKG_INSTALL_DIR)/usr/sbin/openvpn \
|
|
$(1)/usr/sbin/
|
|
|
|
$(INSTALL_BIN) \
|
|
files/openvpn.init \
|
|
$(1)/etc/init.d/openvpn
|
|
|
|
$(INSTALL_CONF) files/openvpn.config \
|
|
$(1)/etc/config/openvpn
|
|
|
|
$(INSTALL_DATA) \
|
|
files/openvpn.upgrade \
|
|
$(1)/lib/upgrade/keep.d/openvpn
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,openvpn-openssl))
|
|
$(eval $(call BuildPackage,openvpn-polarssl))
|
|
$(eval $(call BuildPackage,openvpn-nossl))
|