diff --git a/net/xl2tpd/Makefile b/net/xl2tpd/Makefile new file mode 100644 index 0000000000..7d1f932f35 --- /dev/null +++ b/net/xl2tpd/Makefile @@ -0,0 +1,71 @@ +# +# Copyright (C) 2006-2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=xl2tpd +PKG_VERSION:=1.3.6 +PKG_RELEASE:=1 +PKG_MAINTAINER:=Daniel Golle + +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/xelerance/xl2tpd.git +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_VERSION:=5619e1771048e74b729804e8602f409af0f3faea +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz + +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/xl2tpd + SECTION:=net + CATEGORY:=Network + TITLE:=An L2TP (Layer 2 Tunneling Protocol) daemon + URL:=http://www.xelerance.com/software/xl2tpd/ + SUBMENU:=VPN + DEPENDS:=+ppp-mod-pppol2tp +ip +resolveip +endef + +define Package/xl2tpd/description +l2tpd is the open source implementation of the L2TP tunneling protocol (RFC2661). +It does implement both LAC and LNS role in a L2TP networking architecture. The +main goal of this protocol is to tunnel PPP frame trough an IP network. +endef + +# XXX: CFLAGS are already set by Build/Compile/Default +MAKE_FLAGS+= \ + OFLAGS="" + +define Package/xl2tpd/conffiles +/etc/xl2tpd/xl2tpd.conf +/etc/xl2tpd/xl2tp-secrets +/etc/ppp/options.xl2tpd +endef + +define Package/xl2tpd/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/sbin/xl2tpd $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/sbin/xl2tpd-control $(1)/usr/sbin/ + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/xl2tpd.init $(1)/etc/init.d/xl2tpd + + $(INSTALL_DIR) $(1)/etc/xl2tpd + $(INSTALL_DATA) ./files/xl2tpd.conf $(1)/etc/xl2tpd/ + $(INSTALL_CONF) ./files/xl2tp-secrets $(1)/etc/xl2tpd/ + + $(INSTALL_DIR) $(1)/etc/ppp + $(INSTALL_DATA) ./files/options.xl2tpd $(1)/etc/ppp/ + + $(INSTALL_DIR) $(1)/lib/netifd/proto + $(INSTALL_BIN) ./files/l2tp.sh $(1)/lib/netifd/proto +endef + +$(eval $(call BuildPackage,xl2tpd)) diff --git a/net/xl2tpd/README b/net/xl2tpd/README new file mode 100644 index 0000000000..aadc26e4ec --- /dev/null +++ b/net/xl2tpd/README @@ -0,0 +1,23 @@ +OpenWRT Package for xl2tpd + +xl2tpd is a development from the original l2tpd package originally written by +Mark Spencer, subsequently forked by Scott Balmos and David Stipp, inherited +by Jeff McAdams, modified substantially by Jacco de Leeuw and then forked +again by Xelerance (after it was abandoned by l2tpd.org). + +Rationale for inclusion in OpenWRT: + +l2tpd has some serious alignment problems on RISC platforms. It also runs +purely in userspace. + +Some of the features added in this fork include: + +1. IPSec SA reference tracking inconjunction with openswan's IPSec transport + mode, which adds support for multiple clients behind the same NAT router + and multiple clients on the same internal IP behind different NAT routers. + +2. Support for the pppol2tp kernel mode L2TP. + +3. Alignment and endian problems resolved. + +hcg diff --git a/net/xl2tpd/files/l2tp.sh b/net/xl2tpd/files/l2tp.sh new file mode 100644 index 0000000000..867234dbe1 --- /dev/null +++ b/net/xl2tpd/files/l2tp.sh @@ -0,0 +1,107 @@ +#!/bin/sh + +[ -x /usr/sbin/xl2tpd ] || exit 0 + +[ -n "$INCLUDE_ONLY" ] || { + . /lib/functions.sh + . ../netifd-proto.sh + init_proto "$@" +} + +proto_l2tp_init_config() { + proto_config_add_string "username" + proto_config_add_string "password" + proto_config_add_string "keepalive" + proto_config_add_string "pppd_options" + proto_config_add_boolean "ipv6" + proto_config_add_int "mtu" + proto_config_add_string "server" + available=1 + no_device=1 +} + +proto_l2tp_setup() { + local config="$1" + local iface="$2" + local optfile="/tmp/l2tp/options.${config}" + + local ip serv_addr server + json_get_var server server && { + for ip in $(resolveip -t 5 "$server"); do + ( proto_add_host_dependency "$config" "$ip" ) + serv_addr=1 + done + } + [ -n "$serv_addr" ] || { + echo "Could not resolve server address" + sleep 5 + proto_setup_failed "$config" + exit 1 + } + + if [ ! -p /var/run/xl2tpd/l2tp-control ]; then + /etc/init.d/xl2tpd start + fi + + json_get_vars ipv6 demand keepalive username password pppd_options + [ "$ipv6" = 1 ] || ipv6="" + if [ "${demand:-0}" -gt 0 ]; then + demand="precompiled-active-filter /etc/ppp/filter demand idle $demand" + else + demand="persist" + fi + + [ -n "$mtu" ] || json_get_var mtu mtu + + local interval="${keepalive##*[, ]}" + [ "$interval" != "$keepalive" ] || interval=5 + + mkdir -p /tmp/l2tp + + echo "${keepalive:+lcp-echo-interval $interval lcp-echo-failure ${keepalive%%[, ]*}}" > "${optfile}" + echo "usepeerdns" >> "${optfile}" + echo "nodefaultroute" >> "${optfile}" + echo "${username:+user \"$username\" password \"$password\"}" >> "${optfile}" + echo "ipparam \"$config\"" >> "${optfile}" + echo "ifname \"l2tp-$config\"" >> "${optfile}" + echo "ip-up-script /lib/netifd/ppp-up" >> "${optfile}" + echo "ipv6-up-script /lib/netifd/ppp-up" >> "${optfile}" + echo "ip-down-script /lib/netifd/ppp-down" >> "${optfile}" + echo "ipv6-down-script /lib/netifd/ppp-down" >> "${optfile}" + # Don't wait for LCP term responses; exit immediately when killed. + echo "lcp-max-terminate 0" >> "${optfile}" + echo "${ipv6:++ipv6} ${pppd_options}" >> "${optfile}" + echo "${mtu:+mtu $mtu mru $mtu}" >> "${optfile}" + + xl2tpd-control add l2tp-${config} pppoptfile=${optfile} lns=${server} redial=yes redial timeout=20 + xl2tpd-control connect l2tp-${config} +} + +proto_l2tp_teardown() { + local interface="$1" + local optfile="/tmp/l2tp/options.${interface}" + + case "$ERROR" in + 11|19) + proto_notify_error "$interface" AUTH_FAILED + proto_block_restart "$interface" + ;; + 2) + proto_notify_error "$interface" INVALID_OPTIONS + proto_block_restart "$interface" + ;; + esac + + xl2tpd-control disconnect l2tp-${interface} + # Wait for interface to go down + while [ -d /sys/class/net/l2tp-${interface} ]; do + sleep 1 + done + + xl2tpd-control remove l2tp-${interface} + rm -f ${optfile} +} + +[ -n "$INCLUDE_ONLY" ] || { + add_protocol l2tp +} diff --git a/net/xl2tpd/files/options.xl2tpd b/net/xl2tpd/files/options.xl2tpd new file mode 100644 index 0000000000..f0fc4f40eb --- /dev/null +++ b/net/xl2tpd/files/options.xl2tpd @@ -0,0 +1,13 @@ +# + +lock +noauth +debug +dump +logfd 2 +logfile /var/log/xl2tpd.log +noccp +novj +novjccomp +nopcomp +noaccomp diff --git a/net/xl2tpd/files/xl2tp-secrets b/net/xl2tpd/files/xl2tp-secrets new file mode 100644 index 0000000000..0fb513f6fb --- /dev/null +++ b/net/xl2tpd/files/xl2tp-secrets @@ -0,0 +1,5 @@ +# Secrets for authenticating l2tp tunnels +# us them secret +# * marko blah2 +# zeus marko blah +# * * interop diff --git a/net/xl2tpd/files/xl2tpd.conf b/net/xl2tpd/files/xl2tpd.conf new file mode 100644 index 0000000000..2423ff6454 --- /dev/null +++ b/net/xl2tpd/files/xl2tpd.conf @@ -0,0 +1,23 @@ +[global] +port = 1701 +auth file = /etc/xl2tpd/xl2tp-secrets +access control = no + +;[lns default] +;exclusive = yes +;ip range = 192.168.254.202-192.168.254.210 +;lac = 10.0.1.2 +;hidden bit = no +;local ip = 192.168.254.200 +;length bit = yes +;refuse authentication = yes +;name = VersaLink +;ppp debug = yes +;pppoptfile = /etc/ppp/options.xl2tpd + +;[lac left] +;lns = 10.0.1.2 +;refuse authentication = yes +;name = VersaLink +;ppp debug = yes +;pppoptfile = /etc/ppp/options.xl2tpd diff --git a/net/xl2tpd/files/xl2tpd.conf.sample b/net/xl2tpd/files/xl2tpd.conf.sample new file mode 100644 index 0000000000..477afa5a69 --- /dev/null +++ b/net/xl2tpd/files/xl2tpd.conf.sample @@ -0,0 +1,73 @@ +; +; Sample l2tpd configuration file +; +; This example file should give you some idea of how the options for l2tpd +; should work. The best place to look for a list of all options is in +; the source code itself, until I have the time to write better documetation :) +; Specifically, the file "file.c" contains a list of commands at the end. +; +; You most definitely don't have to spell out everything as it is done here +; +; [global] ; Global parameters: +; port = 1701 ; * Bind to port 1701 +; auth file = /etc/xl2tpd/xl2tp-secrets ; * Where our challenge secrets are +; access control = yes ; * Refuse connections without IP match +; rand source = dev ; Source for entropy for random +; ; numbers, options are: +; ; dev - reads of /dev/urandom +; ; sys - uses rand() +; ; egd - reads from egd socket +; ; egd is not yet implemented +; +; [lns default] ; Our fallthrough LNS definition +; exclusive = no ; * Only permit one tunnel per host +; ip range = 192.168.0.1-192.168.0.20 ; * Allocate from this IP range +; no ip range = 192.168.0.3-192.168.0.9 ; * Except these hosts +; ip range = 192.168.0.5 ; * But this one is okay +; ip range = lac1-lac2 ; * And anything from lac1 to lac2's IP +; lac = 192.168.1.4 - 192.168.1.8 ; * These can connect as LAC's +; no lac = untrusted.marko.net ; * This guy can't connect +; hidden bit = no ; * Use hidden AVP's? +; local ip = 192.168.1.2 ; * Our local IP to use +; length bit = yes ; * Use length bit in payload? +; require chap = yes ; * Require CHAP auth. by peer +; refuse pap = yes ; * Refuse PAP authentication +; refuse chap = no ; * Refuse CHAP authentication +; refuse authentication = no ; * Refuse authentication altogether +; require authentication = yes ; * Require peer to authenticate +; unix authentication = no ; * Use /etc/passwd for auth. +; name = myhostname ; * Report this as our hostname +; ppp debug = no ; * Turn on PPP debugging +; pppoptfile = /etc/ppp/options.xl2tpd.lns ; * ppp options file +; call rws = 10 ; * RWS for call (-1 is valid) +; tunnel rws = 4 ; * RWS for tunnel (must be > 0) +; flow bit = yes ; * Include sequence numbers +; challenge = yes ; * Challenge authenticate peer ; +; +; [lac marko] ; Example VPN LAC definition +; lns = lns.marko.net ; * Who is our LNS? +; lns = lns2.marko.net ; * A backup LNS (not yet used) +; redial = yes ; * Redial if disconnected? +; redial timeout = 15 ; * Wait n seconds between redials +; max redials = 5 ; * Give up after n consecutive failures +; hidden bit = yes ; * User hidden AVP's? +; local ip = 192.168.1.1 ; * Force peer to use this IP for us +; remote ip = 192.168.1.2 ; * Force peer to use this as their IP +; length bit = no ; * Use length bit in payload? +; require pap = no ; * Require PAP auth. by peer +; require chap = yes ; * Require CHAP auth. by peer +; refuse pap = yes ; * Refuse PAP authentication +; refuse chap = no ; * Refuse CHAP authentication +; refuse authentication = no ; * Refuse authentication altogether +; require authentication = yes ; * Require peer to authenticate +; name = marko ; * Report this as our hostname +; ppp debug = no ; * Turn on PPP debugging +; pppoptfile = /etc/ppp/options.xl2tpd.marko ; * ppp options file for this lac +; call rws = 10 ; * RWS for call (-1 is valid) +; tunnel rws = 4 ; * RWS for tunnel (must be > 0) +; flow bit = yes ; * Include sequence numbers +; challenge = yes ; * Challenge authenticate peer +; +; [lac cisco] ; Another quick LAC +; lns = cisco.marko.net ; * Required, but can take from default +; require authentication = yes diff --git a/net/xl2tpd/files/xl2tpd.init b/net/xl2tpd/files/xl2tpd.init new file mode 100644 index 0000000000..22e845901d --- /dev/null +++ b/net/xl2tpd/files/xl2tpd.init @@ -0,0 +1,18 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2006-2010 OpenWrt.org + +START=60 +BIN=xl2tpd +DEFAULT=/etc/default/$BIN +RUN_D=/var/run +PID_F=$RUN_D/$BIN.pid + +start() { + mkdir -p $RUN_D/$BIN + [ -f $DEFAULT ] && . $DEFAULT + $BIN $OPTIONS +} + +stop() { + [ -f $PID_F ] && kill $(cat $PID_F) +} diff --git a/net/xl2tpd/patches/100-makefile_opt_flags.patch b/net/xl2tpd/patches/100-makefile_opt_flags.patch new file mode 100644 index 0000000000..82e875d70f --- /dev/null +++ b/net/xl2tpd/patches/100-makefile_opt_flags.patch @@ -0,0 +1,12 @@ +--- a/Makefile ++++ b/Makefile +@@ -91,7 +91,8 @@ OSFLAGS+= -DUSE_KERNEL + + IPFLAGS?= -DIP_ALLOCATION + +-CFLAGS+= $(DFLAGS) -O2 -fno-builtin -Wall -DSANITY $(OSFLAGS) $(IPFLAGS) ++OFLAGS=-O2 ++CFLAGS+= $(DFLAGS) $(OFLAGS) -fno-builtin -Wall -DSANITY $(OSFLAGS) $(IPFLAGS) + HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h + OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o + SRCS=${OBJS:.o=.c} ${HDRS} diff --git a/net/xl2tpd/patches/110-makefile_dont_build_pfc.patch b/net/xl2tpd/patches/110-makefile_dont_build_pfc.patch new file mode 100644 index 0000000000..460a0f15db --- /dev/null +++ b/net/xl2tpd/patches/110-makefile_dont_build_pfc.patch @@ -0,0 +1,43 @@ +--- a/Makefile ++++ b/Makefile +@@ -107,10 +107,10 @@ BINDIR?=$(DESTDIR)${PREFIX}/bin + MANDIR?=$(DESTDIR)${PREFIX}/share/man + + +-all: $(EXEC) pfc $(CONTROL_EXEC) ++all: $(EXEC) $(CONTROL_EXEC) + + clean: +- rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC) ++ rm -f $(OBJS) $(EXEC) $(CONTROL_EXEC) + + $(EXEC): $(OBJS) $(HDRS) + $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS) +@@ -118,14 +118,10 @@ $(EXEC): $(OBJS) $(HDRS) + $(CONTROL_EXEC): $(CONTROL_SRCS) + $(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@ + +-pfc: +- $(CC) $(CFLAGS) -c contrib/pfc.c +- $(CC) $(LDFLAGS) -o pfc pfc.o -lpcap $(LDLIBS) +- + romfs: + $(ROMFSINST) /bin/$(EXEC) + +-install: ${EXEC} pfc ${CONTROL_EXEC} ++install: ${EXEC} ${CONTROL_EXEC} + install -d -m 0755 ${SBINDIR} + install -m 0755 $(EXEC) ${SBINDIR}/$(EXEC) + install -d -m 0755 ${MANDIR}/man5 +@@ -133,11 +129,6 @@ install: ${EXEC} pfc ${CONTROL_EXEC} + install -m 0644 doc/xl2tpd.8 ${MANDIR}/man8/ + install -m 0644 doc/xl2tpd.conf.5 doc/l2tp-secrets.5 \ + ${MANDIR}/man5/ +- # pfc +- install -d -m 0755 ${BINDIR} +- install -m 0755 pfc ${BINDIR}/pfc +- install -d -m 0755 ${MANDIR}/man1 +- install -m 0644 contrib/pfc.1 ${MANDIR}/man1/ + # control exec + install -d -m 0755 ${SBINDIR} + install -m 0755 $(CONTROL_EXEC) ${SBINDIR}/$(CONTROL_EXEC)