From nobody@FreeBSD.org  Mon Mar 21 18:39:23 2005
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9763116A4CE
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Mar 2005 18:39:23 +0000 (GMT)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3283B43D4C
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Mar 2005 18:39:23 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id j2LIdN1i068814
	for <freebsd-gnats-submit@FreeBSD.org>; Mon, 21 Mar 2005 18:39:23 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id j2LIdNUc068813;
	Mon, 21 Mar 2005 18:39:23 GMT
	(envelope-from nobody)
Message-Id: <200503211839.j2LIdNUc068813@www.freebsd.org>
Date: Mon, 21 Mar 2005 18:39:23 GMT
From: Kevin Leung <hysoka@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: [New Port] security/openvpn2 It contains the latest OpenVPN
X-Send-Pr-Version: www-2.3
X-GNATS-Notify: vs

>Number:         79099
>Category:       ports
>Synopsis:       [New Port] security/openvpn2 It contains the latest OpenVPN
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Mon Mar 21 18:40:02 GMT 2005
>Closed-Date:    Mon Apr 18 08:40:52 GMT 2005
>Last-Modified:  Mon Apr 18 08:40:52 GMT 2005
>Originator:     Kevin Leung
>Release:        
>Organization:
>Environment:
>Description:
      This port includes useful scripts to easily setup Ethernet Bridge for VPN. Please review and commit it for the benefits of all FreeBSD users.
>How-To-Repeat:
      
>Fix:
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	/usr/ports/security/openvpn2/
#	/usr/ports/security/openvpn2/files
#	/usr/ports/security/openvpn2/files/vpn-up
#	/usr/ports/security/openvpn2/files/openvpn2.sh.sample
#	/usr/ports/security/openvpn2/files/vpn-down
#	/usr/ports/security/openvpn2/pkg-message
#	/usr/ports/security/openvpn2/pkg-descr
#	/usr/ports/security/openvpn2/pkg-plist
#	/usr/ports/security/openvpn2/distinfo
#	/usr/ports/security/openvpn2/Makefile
#
echo c - /usr/ports/security/openvpn2/
mkdir -p /usr/ports/security/openvpn2/ > /dev/null 2>&1
echo c - /usr/ports/security/openvpn2/files
mkdir -p /usr/ports/security/openvpn2/files > /dev/null 2>&1
echo x - /usr/ports/security/openvpn2/files/vpn-up
sed 's/^X//' >/usr/ports/security/openvpn2/files/vpn-up << 'END-of-/usr/ports/security/openvpn2/files/vpn-up'
X#!/bin/sh
X# $FreeBSD$
X# The compilation of software known as FreeBSD is distributed under the
X# following terms:
X# 
X# Copyright (C) 1992-2005 The FreeBSD Project. All rights reserved.
X# 
X# Redistribution and use in source and binary forms, with or without
X# modification, are permitted provided that the following conditions
X# are met:
X# 1. Redistributions of source code must retain the above copyright
X#    notice, this list of conditions and the following disclaimer.
X# 2. Redistributions in binary form must reproduce the above copyright
X#    notice, this list of conditions and the following disclaimer in the
X#    documentation and/or other materials provided with the distribution.
X# 
X# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
X# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
X# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
X# ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
X# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
X# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
X# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
X# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
X# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
X# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
X# SUCH DAMAGE.
X
X
XBRIDGE_KLD="bridge"
XVLAN_DEV="vlan0"
XVLAN_KLD="if_vlan"
XVLAN_DEV_IP="192.168.1.1"
XVLAN_DEV_NETMASK="255.255.255.0"
XETH_DEV="rl0"
XTAP_DEV="tap0"
XTAP_KLD="if_tap"
X
X( kldstat -n $BRIDGE_KLD > /dev/null 2>&1 ) || kldload $BRIDGE_KLD
X( kldstat -n $VLAN_KLD > /dev/null 2>&1 ) || kldload $VLAN_KLD
X( kldstat -n $TAP_KLD > /dev/null 2>&1 ) || kldload $TAP_KLD
X
X__vlan_ip=`ifconfig $VLAN_DEV  | grep -E '([0-9]{1,3}\.){3}' | awk '{print $2}'`
Xif [ "$__vlan_ip" != "$VLAN_DEV_IP" ]; then
X	if ! `ifconfig $VLAN_DEV > /dev/null 2>&1`; then
X		ifconfig $VLAN_DEV create
X		ifconfig $VLAN_DEV vlan 1 vlandev $ETH_DEV
X	fi
X	ifconfig $VLAN_DEV inet $VLAN_DEV_IP netmask $VLAN_DEV_NETMASK
Xfi
X
Xsysctl net.link.ether.bridge.enable=1
Xsysctl net.link.ether.bridge.config="${VLAN_DEV},${TAP_DEV}"
Xsysctl net.inet.ip.forwarding=1
Xpfctl -e -f /etc/pf/pf.conf
X
Xexit 0
END-of-/usr/ports/security/openvpn2/files/vpn-up
echo x - /usr/ports/security/openvpn2/files/openvpn2.sh.sample
sed 's/^X//' >/usr/ports/security/openvpn2/files/openvpn2.sh.sample << 'END-of-/usr/ports/security/openvpn2/files/openvpn2.sh.sample'
X#!/bin/sh
X#
X# $FreeBSD$
X#
X
X# PROVIDE: openvpn2
X# REQUIRE: NETWORKING SERVERS DAEMON
X# BEFORE: LOGIN
X# KEYWORD: shutdown
X
X#
X# Add the following line to /etc/rc.conf to enable openvpn2:
X# openvpn2_enable (bool):	Set to "NO" by default.
X#			Set it to "YES" to enable OpenVPN.
X
X. /etc/rc.subr
X
Xname="openvpn2"
Xrcvar=`set_rcvar`
X
Xload_rc_config $name
X
X: ${openvpn2_enable:="NO"}
X: ${openvpn2_conf:="server.conf"}
X
Xcommand=/usr/local/sbin/${name}
Xstart_cmd="${name}_start"
Xstop_cmd="${name}_stop"
Xrestart_cmd="${name}_restart"
X
Xopenvpn2_start()
X{
X	${command} --cd /usr/local/etc/${name} --config ${openvpn2_conf} --up /usr/local/libexec/openvpn2/vpn-up --daemon
X}
X
Xopenvpn2_stop()
X{
X	killall ${name}
X	/usr/local/libexec/openvpn2/vpn-down
X}
X
Xopenvpn2_restart()
X{
X	$stop_cmd
X	$start_cmd
X}
X
Xrun_rc_command "$1"
END-of-/usr/ports/security/openvpn2/files/openvpn2.sh.sample
echo x - /usr/ports/security/openvpn2/files/vpn-down
sed 's/^X//' >/usr/ports/security/openvpn2/files/vpn-down << 'END-of-/usr/ports/security/openvpn2/files/vpn-down'
X#!/bin/sh
X# $FreeBSD$
X# The compilation of software known as FreeBSD is distributed under the
X# following terms:
X# 
X# Copyright (C) 1992-2005 The FreeBSD Project. All rights reserved.
X# 
X# Redistribution and use in source and binary forms, with or without
X# modification, are permitted provided that the following conditions
X# are met:
X# 1. Redistributions of source code must retain the above copyright
X#    notice, this list of conditions and the following disclaimer.
X# 2. Redistributions in binary form must reproduce the above copyright
X#    notice, this list of conditions and the following disclaimer in the
X#    documentation and/or other materials provided with the distribution.
X# 
X# THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
X# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
X# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
X# ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
X# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
X# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
X# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
X# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
X# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
X# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
X# SUCH DAMAGE.
X
Xsysctl net.link.ether.bridge.enable=0
Xsysctl net.link.ether.bridge.config=''
Xsysctl net.inet.ip.forwarding=0
Xpfctl -d
X
Xexit 0
END-of-/usr/ports/security/openvpn2/files/vpn-down
echo x - /usr/ports/security/openvpn2/pkg-message
sed 's/^X//' >/usr/ports/security/openvpn2/pkg-message << 'END-of-/usr/ports/security/openvpn2/pkg-message'
X
X### ---------------------------------------------------------------------- ###
X###  To use the tap driver, you may need to do: kldload if_tap             ###
X###  See ${PREFIX}/etc/rc.d/openvpn.sh.sample for how to do this  	   ###
X###  automatically at system boot-up time.                                 ###
X### ---------------------------------------------------------------------- ###
X### In version 2.0, --tun-mtu 1500 --mssfix 1450 is now the default.
X### In 1.x the default is --link-mtu 1300 for tun interfaces and
X### --tun-mtu 1500 for tap interfaces, with --mssfix disabled).
X### 
X### Also in verson 2.0, when using TLS, --key-method 2 is now the default.
X### Use --key-method 1 on the 2.0 side to communicate with 1.x.
X### 
X### Starting with version 2.0-beta12, OpenVPN has adopted a consistent
X### approach to string remapping to prevent trusted or semi-trusted peers
X### from sending maliciously crafted strings. The details are discussed
X### in the String Types and Remapping section of the man page.
X### ---------------------------------------------------------------------- ###
END-of-/usr/ports/security/openvpn2/pkg-message
echo x - /usr/ports/security/openvpn2/pkg-descr
sed 's/^X//' >/usr/ports/security/openvpn2/pkg-descr << 'END-of-/usr/ports/security/openvpn2/pkg-descr'
XOpenVPN is a robust and highly configurable VPN (Virtual Private
XNetwork) daemon. OpenVPN implements OSI layer 2 or 3 secure network
Xextension using the industry standard SSL/TLS protocol. The beauty
Xis that it tunnels networks through connection-oriented stateful
Xfirewalls without having to use explicit firewall rules.
X
XWWW: http://openvpn.net/
X
X- Kevin Leung
Xhysoka@gmail.com
END-of-/usr/ports/security/openvpn2/pkg-descr
echo x - /usr/ports/security/openvpn2/pkg-plist
sed 's/^X//' >/usr/ports/security/openvpn2/pkg-plist << 'END-of-/usr/ports/security/openvpn2/pkg-plist'
Xetc/openvpn2/client.conf.sample
Xetc/openvpn2/server.conf.sample
Xetc/rc.d/openvpn2.sh.sample
Xlibexec/openvpn2/easy-rsa/README
Xlibexec/openvpn2/easy-rsa/build-ca
Xlibexec/openvpn2/easy-rsa/build-dh
Xlibexec/openvpn2/easy-rsa/build-inter
Xlibexec/openvpn2/easy-rsa/build-key
Xlibexec/openvpn2/easy-rsa/build-key-pass
Xlibexec/openvpn2/easy-rsa/build-key-pkcs12
Xlibexec/openvpn2/easy-rsa/build-key-server
Xlibexec/openvpn2/easy-rsa/build-req
Xlibexec/openvpn2/easy-rsa/build-req-pass
Xlibexec/openvpn2/easy-rsa/clean-all
Xlibexec/openvpn2/easy-rsa/list-crl
Xlibexec/openvpn2/easy-rsa/make-crl
Xlibexec/openvpn2/easy-rsa/openssl.cnf
Xlibexec/openvpn2/easy-rsa/revoke-crt
Xlibexec/openvpn2/easy-rsa/revoke-full
Xlibexec/openvpn2/easy-rsa/sign-req
Xlibexec/openvpn2/easy-rsa/vars
Xlibexec/openvpn2/vpn-down
Xlibexec/openvpn2/vpn-up
Xsbin/openvpn2
Xshare/doc/openvpn2/AUTHORS
Xshare/doc/openvpn2/COPYING
Xshare/doc/openvpn2/COPYRIGHT.GPL
Xshare/doc/openvpn2/ChangeLog
Xshare/doc/openvpn2/INSTALL
Xshare/doc/openvpn2/NEWS
Xshare/doc/openvpn2/PORTS
Xshare/doc/openvpn2/README
Xshare/doc/openvpn2/sample-config-files/README
Xshare/doc/openvpn2/sample-config-files/client.conf
Xshare/doc/openvpn2/sample-config-files/firewall.sh
Xshare/doc/openvpn2/sample-config-files/home.up
Xshare/doc/openvpn2/sample-config-files/loopback-client
Xshare/doc/openvpn2/sample-config-files/loopback-server
Xshare/doc/openvpn2/sample-config-files/office.up
Xshare/doc/openvpn2/sample-config-files/openvpn-shutdown.sh
Xshare/doc/openvpn2/sample-config-files/openvpn-startup.sh
Xshare/doc/openvpn2/sample-config-files/server.conf
Xshare/doc/openvpn2/sample-config-files/static-home.conf
Xshare/doc/openvpn2/sample-config-files/static-office.conf
Xshare/doc/openvpn2/sample-config-files/tls-home.conf
Xshare/doc/openvpn2/sample-config-files/tls-office.conf
Xshare/doc/openvpn2/sample-config-files/xinetd-client-config
Xshare/doc/openvpn2/sample-config-files/xinetd-server-config
Xshare/doc/openvpn2/sample-scripts/auth-pam.pl
Xshare/doc/openvpn2/sample-scripts/bridge-start
Xshare/doc/openvpn2/sample-scripts/bridge-stop
Xshare/doc/openvpn2/sample-scripts/openvpn.init
Xshare/doc/openvpn2/sample-scripts/verify-cn
X@dirrm share/nls/en_US.US-ASCII
X@dirrm share/nls/POSIX
X@dirrm share/doc/openvpn2/sample-scripts
X@dirrm share/doc/openvpn2/sample-config-files
X@dirrm share/doc/openvpn2
X@dirrm libexec/openvpn2/easy-rsa
X@dirrm libexec/openvpn2
X@dirrm etc/openvpn2
END-of-/usr/ports/security/openvpn2/pkg-plist
echo x - /usr/ports/security/openvpn2/distinfo
sed 's/^X//' >/usr/ports/security/openvpn2/distinfo << 'END-of-/usr/ports/security/openvpn2/distinfo'
XMD5 (openvpn-2.0_rc17.tar.gz) = 95fbbe3f86bd390406a90286826b9170
XSIZE (openvpn-2.0_rc17.tar.gz) = 639133
END-of-/usr/ports/security/openvpn2/distinfo
echo x - /usr/ports/security/openvpn2/Makefile
sed 's/^X//' >/usr/ports/security/openvpn2/Makefile << 'END-of-/usr/ports/security/openvpn2/Makefile'
X# New ports collection makefile for:	openvpn2
X# Date created:				2005-03-13
X# Whom:					Kevin Leung (hysoka.gmail.com)	
X#
X# $FreeBSD$
X#
X
XPORTNAME=	openvpn2
XPORTVERSION=	2.0p17
XCATEGORIES=	security
XMASTER_SITES=	${MASTER_SITE_SOURCEFORGE} \
X		http://osdn.dl.sourceforge.net/sourceforge/openvpn/
XMASTER_SITE_SUBDIR=	openvpn
XDISTNAME=	openvpn-2.0_rc17
X
XMAINTAINER=	hysoka@gmail.com
XCOMMENT=	SSL/VPN solution
X
XLIB_DEPENDS=	lzo.1:${PORTSDIR}/archivers/lzo
X
XGNU_CONFIGURE=	yes
XUSE_GMAKE=	yes
XUSE_OPENSSL=	yes
XUSE_REINPLACE=	yes
X
XCONFIGURE_TARGET=	--build=${ARCH}-portbld-freebsd${OSREL}
XCONFIGURE_ARGS=	--with-lzo-lib=${LOCALBASE}/lib \
X		--with-lzo-headers=${LOCALBASE}/include \
X		--prefix=${PREFIX}
X
XMAN8=		${PORTNAME}.8
X
Xdo-install:
X	${INSTALL_PROGRAM} ${WRKSRC}/openvpn ${PREFIX}/sbin/${PORTNAME}
X	${INSTALL_MAN} ${WRKSRC}/openvpn.8 ${MANPREFIX}/man/man8/${MAN8}
X
Xpost-install:
X	${INSTALL_SCRIPT} ${FILESDIR}/openvpn2.sh.sample \
X		${PREFIX}/etc/rc.d/openvpn2.sh.sample
X	${MKDIR} ${PREFIX}/libexec/${PORTNAME}
X	for f in ${FILESDIR}/vpn-*; do \
X		${INSTALL_SCRIPT} $$f \
X			${PREFIX}/libexec/${PORTNAME}/`basename $$f` \
X	;done
X
X	${MKDIR} ${PREFIX}/etc/${PORTNAME}
X	${INSTALL_DATA} ${WRKSRC}/sample-config-files/server.conf ${PREFIX}/etc/${PORTNAME}/server.conf.sample
X	${INSTALL_DATA} ${WRKSRC}/sample-config-files/client.conf ${PREFIX}/etc/${PORTNAME}/client.conf.sample
X
X.if !defined(NOPORTDOCS)
X	@${MKDIR} ${DOCSDIR}
X.for docs in AUTHORS COPYING COPYRIGHT.GPL ChangeLog INSTALL NEWS \
X	PORTS README
X	@${INSTALL_DATA} ${WRKSRC}/${docs} ${DOCSDIR}
X.endfor
X	@${RM} -rf ${WRKSRC}/easy-rsa/Windows
X.for dirs in easy-rsa
X	libexec_path=${PREFIX}/libexec/${PORTNAME}/${dirs} ; \
X	${MKDIR} $$libexec_path ; \
X	${INSTALL_SCRIPT} ${WRKSRC}/${dirs}/* $$libexec_path
X.endfor
X.for dirs in sample-scripts sample-config-files
X	@${MKDIR} ${DOCSDIR}/${dirs}
X	@${INSTALL_DATA} ${WRKSRC}/${dirs}/* ${DOCSDIR}/${dirs}
X.endfor
X.endif
X	@${CAT} ${PKGMESSAGE}
X
X.include <bsd.port.mk>
END-of-/usr/ports/security/openvpn2/Makefile
exit
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: vs 
State-Changed-When: Tue Apr 5 11:50:11 GMT 2005 
State-Changed-Why:  
Two questions: 
- OpenVPN seems to be moving fast, 2 weeks later there's already rc20. 
Shouldn't we wait until 2.0 is "released"? 
- If it is released, will the old openvpn-port still be required? If not, 
there's no reason to keep the old one around. 

Cheers, 
Volker 

http://www.freebsd.org/cgi/query-pr.cgi?pr=79099 

From: Kevin Leung <hysoka@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org, hysoka@gmail.com
Cc:  
Subject: Re: ports/79099: [New Port] security/openvpn2 It contains the latest OpenVPN
Date: Wed, 6 Apr 2005 00:15:12 +0800

 I think we should have this seperate new port because:
 
 1. The OpenVPN 1.x config options are different. We should install the
 config files in new directory to avoid surprises.
 
 2. There are people who do not want to upgrade because 1.x works well
 for them. Same reason why we have www/apache2.
 
 3. We should test early before 2.0 release. We are helping the OpenVPN
 developers this way. Think about what we did when firefox was in
 version 0.8
 
 If you consider my reasons valid, I am willing to keep this port to
 the latest version available.
State-Changed-From-To: feedback->closed 
State-Changed-By: sem 
State-Changed-When: Mon Apr 18 08:40:32 GMT 2005 
State-Changed-Why:  
Superseded by ports/80034 

http://www.freebsd.org/cgi/query-pr.cgi?pr=79099 
>Unformatted:
