Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Auty <ikelos@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] dev/ikelos:master commit in: net-misc/openvpn/files/, net-misc/openvpn/
Date: Wed, 16 Dec 2015 21:54:31
Message-Id: 1450302858.ca31acc706315933f9be168f1647fa9e2f56a273.ikelos@gentoo
1 commit: ca31acc706315933f9be168f1647fa9e2f56a273
2 Author: layman <layman <AT> localhost>
3 AuthorDate: Wed Dec 16 21:54:18 2015 +0000
4 Commit: Mike Auty <ikelos <AT> gentoo <DOT> org>
5 CommitDate: Wed Dec 16 21:54:18 2015 +0000
6 URL: https://gitweb.gentoo.org/dev/ikelos.git/commit/?id=ca31acc7
7
8 Add in vlan support to openvpn.
9
10 net-misc/openvpn/ChangeLog | 158 +++
11 net-misc/openvpn/ChangeLog-2015 | 1286 ++++++++++++++++++++
12 net-misc/openvpn/Manifest | 16 +
13 .../openvpn/files/2.3.6-disable-compression.patch | 18 +
14 net-misc/openvpn/files/2.3.6-null-cipher.patch | 46 +
15 net-misc/openvpn/files/2.3.6-vlan-support.patch | 1005 +++++++++++++++
16 net-misc/openvpn/files/65openvpn | 1 +
17 net-misc/openvpn/files/down.sh | 33 +
18 net-misc/openvpn/files/openvpn-2.1.conf | 18 +
19 net-misc/openvpn/files/openvpn-2.1.init | 133 ++
20 net-misc/openvpn/files/openvpn.init | 63 +
21 net-misc/openvpn/files/openvpn.service | 12 +
22 net-misc/openvpn/files/openvpn.tmpfile | 1 +
23 net-misc/openvpn/files/up.sh | 100 ++
24 net-misc/openvpn/metadata.xml | 23 +
25 net-misc/openvpn/openvpn-2.3.8-r1.ebuild | 138 +++
26 16 files changed, 3051 insertions(+)
27
28 diff --git a/net-misc/openvpn/ChangeLog b/net-misc/openvpn/ChangeLog
29 new file mode 100644
30 index 0000000..2e79375
31 --- /dev/null
32 +++ b/net-misc/openvpn/ChangeLog
33 @@ -0,0 +1,158 @@
34 +# ChangeLog for net-misc/openvpn
35 +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
36 +# (auto-generated from git log)
37 +
38 +*openvpn-9999 (09 Aug 2015)
39 +*openvpn-2.3.8 (09 Aug 2015)
40 +*openvpn-2.3.7 (09 Aug 2015)
41 +*openvpn-2.3.6-r2 (09 Aug 2015)
42 +*openvpn-2.3.6-r1 (09 Aug 2015)
43 +*openvpn-2.3.6 (09 Aug 2015)
44 +
45 + 09 Aug 2015; Robin H. Johnson <robbat2@g.o>
46 + +files/2.3.6-disable-compression.patch, +files/2.3.6-null-cipher.patch,
47 + +files/65openvpn, +files/down.sh, +files/openvpn-2.1.conf,
48 + +files/openvpn-2.1.init, +files/openvpn.init, +files/openvpn.service,
49 + +files/openvpn.tmpfile, +files/up.sh, +metadata.xml, +openvpn-2.3.6.ebuild,
50 + +openvpn-2.3.6-r1.ebuild, +openvpn-2.3.6-r2.ebuild, +openvpn-2.3.7.ebuild,
51 + +openvpn-2.3.8.ebuild, +openvpn-9999.ebuild:
52 + proj/gentoo: Initial commit
53 +
54 + This commit represents a new era for Gentoo:
55 + Storing the gentoo-x86 tree in Git, as converted from CVS.
56 +
57 + This commit is the start of the NEW history.
58 + Any historical data is intended to be grafted onto this point.
59 +
60 + Creation process:
61 + 1. Take final CVS checkout snapshot
62 + 2. Remove ALL ChangeLog* files
63 + 3. Transform all Manifests to thin
64 + 4. Remove empty Manifests
65 + 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
66 + 5.1. Do not touch files with -kb/-ko keyword flags.
67 +
68 + Signed-off-by: Robin H. Johnson <robbat2@g.o>
69 + X-Thanks: Alec Warner <antarus@g.o> - did the GSoC 2006 migration
70 + tests
71 + X-Thanks: Robin H. Johnson <robbat2@g.o> - infra guy, herding this
72 + project
73 + X-Thanks: Nguyen Thai Ngoc Duy <pclouds@g.o> - Former Gentoo
74 + developer, wrote Git features for the migration
75 + X-Thanks: Brian Harring <ferringb@g.o> - wrote much python to improve
76 + cvs2svn
77 + X-Thanks: Rich Freeman <rich0@g.o> - validation scripts
78 + X-Thanks: Patrick Lauer <patrick@g.o> - Gentoo dev, running new 2014
79 + work in migration
80 + X-Thanks: Michał Górny <mgorny@g.o> - scripts, QA, nagging
81 + X-Thanks: All of other Gentoo developers - many ideas and lots of paint on
82 + the bikeshed
83 +
84 + 09 Aug 2015; Mikle Kolyada <zlogene@g.o> openvpn-2.3.7.ebuild:
85 + x86 stable wrt bug #556874
86 +
87 + Package-Manager: portage-2.2.20
88 +
89 + 09 Aug 2015; Mikle Kolyada <zlogene@g.o> openvpn-2.3.7.ebuild:
90 + ia64 stable wrt bug #556874
91 +
92 + Package-Manager: portage-2.2.20
93 +
94 + 09 Aug 2015; Ulrich Müller <ulm@g.o> files/down.sh,
95 + files/openvpn-2.1.init, files/up.sh:
96 + [QA] Remove executable bit from files, bug 550434.
97 +
98 + 22 Aug 2015; Jeroen Roovers <jer@g.o> openvpn-2.3.7.ebuild:
99 + Stable for HPPA (bug #556874).
100 +
101 + Package-Manager: portage-2.2.20.1
102 +
103 + 24 Aug 2015; Jeroen Roovers <jer@g.o> openvpn-2.3.7.ebuild:
104 + Stable for PPC64 (bug #556874).
105 +
106 + Package-Manager: portage-2.2.20.1
107 +
108 + 24 Aug 2015; Justin Lecher <jlec@g.o> metadata.xml:
109 + Use https by default
110 +
111 + Convert all URLs for sites supporting encrypted connections from http to
112 + https
113 +
114 + Signed-off-by: Justin Lecher <jlec@g.o>
115 +
116 + 24 Aug 2015; Mike Gilbert <floppym@g.o> metadata.xml:
117 + Revert DOCTYPE SYSTEM https changes in metadata.xml
118 +
119 + repoman does not yet accept the https version.
120 + This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450.
121 +
122 + Bug: https://bugs.gentoo.org/552720
123 +
124 + 26 Aug 2015; Markus Meier <maekke@g.o> openvpn-2.3.7.ebuild:
125 + arm stable, bug #556874
126 +
127 + Package-Manager: portage-2.2.20.1
128 + RepoMan-Options: --include-arches="arm"
129 +
130 + 05 Sep 2015; Mikle Kolyada <zlogene@g.o> openvpn-2.3.8.ebuild:
131 + amd64 stable wrt bug #556874
132 +
133 + Package-Manager: portage-2.2.20.1
134 +
135 + 08 Sep 2015; Jeroen Roovers <jer@g.o> openvpn-2.3.8.ebuild:
136 + Stable for HPPA PPC64 (bug #556874).
137 +
138 + Package-Manager: portage-2.2.20.1
139 +
140 + 15 Sep 2015; Tobias Klausmann <klausman@g.o> openvpn-2.3.8.ebuild:
141 + add alpha keyword
142 +
143 + Gentoo-Bug: 556874
144 +
145 + Package-Manager: portage-2.2.20.1
146 +
147 + 26 Sep 2015; Mikle Kolyada <zlogene@g.o> openvpn-2.3.8.ebuild:
148 + ia64 stable wrt bug #556874
149 +
150 + Package-Manager: portage-2.2.20.1
151 +
152 + 27 Sep 2015; Mikle Kolyada <zlogene@g.o> openvpn-2.3.8.ebuild:
153 + x86 stable wrt bug #556874
154 +
155 + Package-Manager: portage-2.2.20.1
156 +
157 + 29 Sep 2015; Markus Meier <maekke@g.o> openvpn-2.3.8.ebuild:
158 + arm stable, bug #556874
159 +
160 + Package-Manager: portage-2.2.20.1
161 + RepoMan-Options: --include-arches="arm"
162 +
163 + 10 Oct 2015; Mikle Kolyada <zlogene@g.o> openvpn-2.3.8.ebuild:
164 + sparc stable wrt bug #556874
165 +
166 + Package-Manager: portage-2.2.20.1
167 +
168 + 12 Nov 2015; Agostino Sarubbo <ago@g.o> openvpn-2.3.8.ebuild:
169 + ppc stable wrt bug #556874
170 +
171 + Package-Manager: portage-2.2.20.1
172 + RepoMan-Options: --include-arches="ppc"
173 +
174 + 06 Dec 2015; Dirkjan Ochtman <djc@g.o> -openvpn-2.3.6.ebuild,
175 + -openvpn-2.3.6-r1.ebuild, -openvpn-2.3.6-r2.ebuild, -openvpn-2.3.7.ebuild:
176 + remove old versions
177 +
178 + Package-Manager: portage-2.2.20.1
179 +
180 +*openvpn-2.3.8-r1 (06 Dec 2015)
181 +
182 + 06 Dec 2015; Dirkjan Ochtman <djc@g.o> +openvpn-2.3.8-r1.ebuild:
183 + add support for libressl (fixes bug 565242)
184 +
185 + Package-Manager: portage-2.2.20.1
186 +
187 + 06 Dec 2015; Dirkjan Ochtman <djc@g.o> openvpn-2.3.8-r1.ebuild:
188 + set EAPI=5 in 2.3.8-r1
189 +
190 + Package-Manager: portage-2.2.20.1
191 +
192
193 diff --git a/net-misc/openvpn/ChangeLog-2015 b/net-misc/openvpn/ChangeLog-2015
194 new file mode 100644
195 index 0000000..93cb534
196 --- /dev/null
197 +++ b/net-misc/openvpn/ChangeLog-2015
198 @@ -0,0 +1,1286 @@
199 +# ChangeLog for net-misc/openvpn
200 +# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
201 +# $Header: /var/cvsroot/gentoo-x86/net-misc/openvpn/ChangeLog,v 1.327 2015/08/08 05:13:53 prometheanfire Exp $
202 +
203 +*openvpn-2.3.8 (08 Aug 2015)
204 +
205 + 08 Aug 2015; Matthew Thode <prometheanfire@g.o> +openvpn-2.3.8.ebuild:
206 + updating to fix asking for the password at init
207 +
208 + 07 Aug 2015; Tobias Klausmann <klausman@g.o> openvpn-2.3.7.ebuild:
209 + Stable on alpha, bug 556874
210 +
211 + 06 Aug 2015; Mikle Kolyada <zlogene@g.o> openvpn-2.3.7.ebuild:
212 + amd64 stable wrt bug #556874
213 +
214 + 12 Jul 2015; Dirkjan Ochtman <djc@g.o> openvpn-2.3.6-r1.ebuild,
215 + openvpn-2.3.6-r2.ebuild, openvpn-2.3.6.ebuild, openvpn-2.3.7.ebuild,
216 + openvpn-9999.ebuild:
217 + Don't default to polarssl, this was introduced accidentally
218 +
219 + 12 Jul 2015; Dirkjan Ochtman <djc@g.o> openvpn-9999.ebuild:
220 + Bring openvpn-9999 in line with 2.3.7 (fix bug 554638)
221 +
222 + 12 Jul 2015; Dirkjan Ochtman <djc@g.o> openvpn-2.3.6-r1.ebuild,
223 + openvpn-2.3.6-r2.ebuild, openvpn-2.3.6.ebuild, openvpn-2.3.7.ebuild:
224 + Remove some accidentally committed debugging cruft
225 +
226 +*openvpn-2.3.7 (12 Jul 2015)
227 +
228 + 12 Jul 2015; Dirkjan Ochtman <djc@g.o> +openvpn-2.3.7.ebuild,
229 + metadata.xml:
230 + Version bump openvpn to 2.3.7 (fixes bug 554524, bug 489272, bug 553352, bug
231 + 531474)
232 +
233 +*openvpn-2.3.6-r2 (17 Feb 2015)
234 +
235 + 17 Feb 2015; Dirkjan Ochtman <djc@g.o>
236 + +files/2.3.6-disable-compression.patch, +openvpn-2.3.6-r2.ebuild:
237 + Version bump openvpn to 2.3.6-r2 (fixes bug 537318)
238 +
239 +*openvpn-2.3.6-r1 (08 Feb 2015)
240 +
241 + 08 Feb 2015; Dirkjan Ochtman <djc@g.o> +files/2.3.6-null-cipher.patch,
242 + +openvpn-2.3.6-r1.ebuild:
243 + Fix support for null ciphers (bug 531700; thanks to gentoo@×××××××.org)
244 +
245 + 18 Jan 2015; Dirkjan Ochtman <djc@g.o> openvpn-2.3.6.ebuild:
246 + Fix minimum version of libpkcs11-helper dependency (fixes bug 536332)
247 +
248 + 28 Dec 2014; Dirkjan Ochtman <djc@g.o> -openvpn-2.3.2.ebuild,
249 + -openvpn-2.3.3.ebuild, -openvpn-2.3.4-r1.ebuild, -openvpn-2.3.5.ebuild:
250 + Remove vulnerable versions of openvpn (bug 531308)
251 +
252 + 26 Dec 2014; Agostino Sarubbo <ago@g.o> openvpn-2.3.6.ebuild:
253 + Stable for sparc, wrt bug #531308
254 +
255 + 23 Dec 2014; Agostino Sarubbo <ago@g.o> openvpn-2.3.6.ebuild:
256 + Stable for alpha, wrt bug #531308
257 +
258 + 16 Dec 2014; Markus Meier <maekke@g.o> openvpn-2.3.6.ebuild:
259 + arm stable, bug #531308
260 +
261 + 06 Dec 2014; Agostino Sarubbo <ago@g.o> openvpn-2.3.6.ebuild:
262 + Stable for ia64, wrt bug #531308
263 +
264 + 04 Dec 2014; Agostino Sarubbo <ago@g.o> openvpn-2.3.6.ebuild:
265 + Stable for ppc64, wrt bug #531308
266 +
267 + 03 Dec 2014; Agostino Sarubbo <ago@g.o> openvpn-2.3.6.ebuild:
268 + Stable for ppc, wrt bug #531308
269 +
270 + 02 Dec 2014; Mike Gilbert <floppym@g.o> files/openvpn.service:
271 + Revert previous unit file change, bug 527614.
272 +
273 + 02 Dec 2014; Jeroen Roovers <jer@g.o> openvpn-2.3.6.ebuild:
274 + Stable for HPPA (bug #531308).
275 +
276 + 02 Dec 2014; Agostino Sarubbo <ago@g.o> openvpn-2.3.6.ebuild:
277 + Stable for x86, wrt bug #531308
278 +
279 + 02 Dec 2014; Agostino Sarubbo <ago@g.o> openvpn-2.3.6.ebuild:
280 + Stable for amd64, wrt bug #531308
281 +
282 +*openvpn-2.3.6 (01 Dec 2014)
283 +
284 + 01 Dec 2014; Dirkjan Ochtman <djc@g.o> +openvpn-2.3.6.ebuild:
285 + Version bump openvpn to 2.3.6 (fixes bug 531308)
286 +
287 + 21 Nov 2014; Tobias Klausmann <klausman@g.o> openvpn-2.3.4-r1.ebuild:
288 + Stable on alpha, bug 522168
289 +
290 + 16 Nov 2014; Dirkjan Ochtman <djc@g.o> -openvpn-2.3.1.ebuild,
291 + -openvpn-2.3.4.ebuild:
292 + Remove old versions of openvpn
293 +
294 +*openvpn-2.3.5 (16 Nov 2014)
295 +
296 + 16 Nov 2014; Dirkjan Ochtman <djc@g.o> +openvpn-2.3.5.ebuild:
297 + Version bump openvpn to 2.3.5
298 +
299 + 05 Nov 2014; Mike Gilbert <floppym@g.o> files/openvpn.service:
300 + Use unescaped instance name for PIDFile and config file, bug 527614.
301 +
302 + 02 Nov 2014; Sven Vermeulen <swift@g.o> openvpn-2.3.4-r1.ebuild,
303 + openvpn-9999.ebuild:
304 + Remove sec-policy/selinux-* dependency from DEPEND but keep in RDEPEND (bug
305 + #527698)
306 +
307 + 05 Oct 2014; Manuel Rüger <mrueg@g.o> openvpn-2.3.4-r1.ebuild:
308 + Mark stable on amd64. Bug #522168
309 +
310 + 21 Sep 2014; Markus Meier <maekke@g.o> openvpn-2.3.4-r1.ebuild:
311 + arm stable, bug #522168
312 +
313 + 10 Sep 2014; Jeroen Roovers <jer@g.o> openvpn-2.3.4-r1.ebuild:
314 + Stable for HPPA (bug #522168).
315 +
316 + 27 Aug 2014; Agostino Sarubbo <ago@g.o> openvpn-2.3.3.ebuild:
317 + Stable for ppc, wrt bug #511668
318 +
319 + 20 Aug 2014; Raúl Porcel <armin76@g.o> openvpn-2.3.3.ebuild:
320 + ia64/sparc stable wrt bug #511668
321 +
322 + 26 Jul 2014; Pawel Hajdan jr <phajdan.jr@g.o> openvpn-2.3.3.ebuild:
323 + x86 stable wrt bug #511668
324 +
325 + 21 Jul 2014; Chema Alonso <nimiux@g.o> openvpn-2.3.3.ebuild:
326 + Stable for amd64 wrt bug #511668
327 +
328 + 21 Jul 2014; Dirkjan Ochtman <djc@g.o> openvpn-2.3.3.ebuild,
329 + openvpn-2.3.4-r1.ebuild, openvpn-2.3.4.ebuild:
330 + Make pkcs11 USE depend on ssl flag (fixes bug 517660)
331 +
332 + 20 Jul 2014; Tobias Klausmann <klausman@g.o> openvpn-2.3.3.ebuild:
333 + Stable on alpha, bug #511668
334 +
335 +*openvpn-2.3.4-r1 (03 Jul 2014)
336 +
337 + 03 Jul 2014; Peter Volkov <pva@g.o> +openvpn-2.3.4-r1.ebuild:
338 + Added systemd USE flag to forward console query to systemd, #515982
339 +
340 + 09 Jun 2014; Markus Meier <maekke@g.o> openvpn-2.3.3.ebuild:
341 + arm stable, bug #511668
342 +
343 + 03 Jun 2014; Jeroen Roovers <jer@g.o> openvpn-2.3.3.ebuild:
344 + Stable for HPPA (bug #511668).
345 +
346 +*openvpn-2.3.4 (15 May 2014)
347 +
348 + 15 May 2014; Dirkjan Ochtman <djc@g.o> +openvpn-2.3.4.ebuild,
349 + openvpn-2.3.3.ebuild:
350 + Version bump openvpn to 2.3.4 (bug 510372)
351 +
352 + 22 Apr 2014; Dirkjan Ochtman <djc@g.o>
353 + -files/openvpn-2.2.2-pkcs11.patch, -files/openvpn-9999-pkcs11.patch,
354 + -openvpn-2.2.2.ebuild, -openvpn-2.3.0.ebuild:
355 + Remove old versions, patches.
356 +
357 +*openvpn-2.3.3 (22 Apr 2014)
358 +
359 + 22 Apr 2014; Dirkjan Ochtman <djc@g.o> +openvpn-2.3.3.ebuild:
360 + Version bump openvpn to 2.3.3 (bug 507758).
361 +
362 + 26 Sep 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.2.ebuild:
363 + Stable for arm, wrt bug #484726
364 +
365 + 25 Sep 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.2.ebuild:
366 + Stable for ppc, wrt bug #484726
367 +
368 + 23 Sep 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.2.ebuild:
369 + Stable for sparc, wrt bug #484726
370 +
371 + 23 Sep 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.2.ebuild:
372 + Stable for ppc64, wrt bug #484726
373 +
374 + 23 Sep 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.2.ebuild:
375 + Stable for alpha, wrt bug #484726
376 +
377 + 14 Sep 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.2.ebuild:
378 + Stable for x86, wrt bug #484726
379 +
380 + 14 Sep 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.2.ebuild:
381 + Stable for amd64, wrt bug #484726
382 +
383 + 14 Sep 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.2.ebuild:
384 + Stable for ia64, wrt bug #484726
385 +
386 + 13 Sep 2013; Jeroen Roovers <jer@g.o> openvpn-2.3.2.ebuild:
387 + Stable for HPPA (bug #484726).
388 +
389 + 26 Aug 2013; Dirkjan Ochtman <djc@g.o> openvpn-2.3.2.ebuild:
390 + No dies needed here.
391 +
392 +*openvpn-2.3.2 (10 Jun 2013)
393 +
394 + 10 Jun 2013; Dirkjan Ochtman <djc@g.o> +openvpn-2.3.2.ebuild:
395 + Version bump openvpn to 2.3.2 (bug 472542).
396 +
397 + 09 Jun 2013; Mike Frysinger <vapier@g.o> metadata.xml:
398 + Add upstream CPE tag (security info) from ChromiumOS.
399 +
400 + 09 Jun 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.1.ebuild:
401 + Stable for sh, wrt bug #468756
402 +
403 + 01 Jun 2013; Pacho Ramos <pacho@g.o> metadata.xml:
404 + Cleanup due bug #151880
405 +
406 + 26 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.1.ebuild:
407 + Stable for s390, wrt bug #468756
408 +
409 + 20 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.0.ebuild:
410 + Stable for s390, wrt bug #468364
411 +
412 + 11 May 2013; Jeroen Roovers <jer@g.o> openvpn-2.3.1.ebuild:
413 + Stable for HPPA (bug #468756).
414 +
415 + 11 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.1.ebuild:
416 + Stable for sparc, wrt bug #468756
417 +
418 + 11 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.1.ebuild:
419 + Stable for ppc, wrt bug #468756
420 +
421 + 11 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.1.ebuild:
422 + Stable for ppc64, wrt bug #468756
423 +
424 + 11 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.1.ebuild:
425 + Stable for ia64, wrt bug #468756
426 +
427 + 11 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.1.ebuild:
428 + Stable for arm, wrt bug #468756
429 +
430 + 11 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.1.ebuild:
431 + Stable for alpha, wrt bug #468756
432 +
433 + 11 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.1.ebuild:
434 + Stable for x86, wrt bug #468756
435 +
436 + 11 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.1.ebuild:
437 + Stable for amd64, wrt bug #468756
438 +
439 + 08 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.0.ebuild:
440 + Stable for sh, wrt bug #468364
441 +
442 + 08 May 2013; Jeroen Roovers <jer@g.o> openvpn-2.3.0.ebuild:
443 + Stable for HPPA (bug #468364).
444 +
445 + 07 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.0.ebuild:
446 + Stable for ppc64, wrt bug #468364
447 +
448 + 07 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.0.ebuild:
449 + Stable for sparc, wrt bug #468364
450 +
451 + 07 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.0.ebuild:
452 + Stable for ia64, wrt bug #468364
453 +
454 + 05 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.0.ebuild:
455 + Stable for alpha, wrt bug #468364
456 +
457 + 05 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.0.ebuild:
458 + Stable for arm, wrt bug #468364
459 +
460 + 03 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.0.ebuild:
461 + Stable for ppc, wrt bug #468364
462 +
463 + 03 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.0.ebuild:
464 + Stable for x86, wrt bug #468364
465 +
466 + 03 May 2013; Agostino Sarubbo <ago@g.o> openvpn-2.3.0.ebuild:
467 + Stable for amd64, wrt bug #468364
468 +
469 + 03 May 2013; Dirkjan Ochtman <djc@g.o> openvpn-2.3.1.ebuild:
470 + Fix USE flag order for 2.3.1.
471 +
472 + 03 May 2013; Dirkjan Ochtman <djc@g.o> openvpn-9999.ebuild:
473 + Add polarssl for 9999 ebuild (thanks to josh.cepek@×××.net).
474 +
475 +*openvpn-2.3.1 (03 May 2013)
476 +
477 + 03 May 2013; Dirkjan Ochtman <djc@g.o> +openvpn-2.3.1.ebuild:
478 + Version bump to 2.3.1, add polarssl support (bug 463984, thanks to
479 + josh.cepek@×××.net).
480 +
481 + 20 Feb 2013; Zac Medico <zmedico@g.o> openvpn-2.3.0.ebuild:
482 + Add ~arm-linux keyword.
483 +
484 + 09 Feb 2013; Dirkjan Ochtman <djc@g.o> files/up.sh:
485 + Add metric to openresolv if possible (thanks Alon Bar-Lev, bug 391175).
486 +
487 + 25 Jan 2013; Kacper Kowalik <xarthisius@g.o> +files/openvpn.service,
488 + +files/openvpn.tmpfile, openvpn-2.3.0.ebuild:
489 + Add unit and tmp file for systemd compatibility. Fixes bug 448884
490 +
491 + 24 Jan 2013; Dirkjan Ochtman <djc@g.o> openvpn-2.3.0.ebuild:
492 + Emit message about split out easy-rsa.
493 +
494 + 12 Jan 2013; Dirkjan Ochtman <djc@g.o> openvpn-9999.ebuild:
495 + Update live ebuild with changes for 2.3.0 (bug 415995).
496 +
497 + 12 Jan 2013; Dirkjan Ochtman <djc@g.o>
498 + -files/openvpn-2.1_rc13-peercred.patch, -files/openvpn-2.1_rc20-pkcs11.patch,
499 + -openvpn-2.1.4.ebuild, -files/openvpn-2.2.0-pkcs11.patch, metadata.xml:
500 + Remove old versions and files.
501 +
502 +*openvpn-2.3.0 (12 Jan 2013)
503 +
504 + 12 Jan 2013; Dirkjan Ochtman <djc@g.o> +openvpn-2.3.0.ebuild,
505 + metadata.xml:
506 + Version bump to 2.3.0 (bug 451376) with updated build system (bug 415995).
507 +
508 + 06 Jan 2013; Torsten Veller <tove@g.o> openvpn-2.2.2.ebuild:
509 + Drop duplicate arches from KEYWORDS
510 +
511 + 09 Sep 2012; Justin Lecher <jlec@g.o> openvpn-2.1.4.ebuild,
512 + openvpn-2.2.2.ebuild, openvpn-9999.ebuild:
513 + Drop unnessecary PN and '.' from DESCRIPTION
514 +
515 + 23 Aug 2012; Fabian Groffen <grobian@g.o> openvpn-2.2.2.ebuild,
516 + openvpn-9999.ebuild:
517 + Drop ~x86-macos, it doesn't compile, and we don't care enough to fix it
518 +
519 + 23 Aug 2012; Christoph Junghans <ottxor@g.o> openvpn-2.2.2.ebuild:
520 + added prefix keywords (bug #417519)
521 +
522 + 29 Jul 2012; Raúl Porcel <armin76@g.o> openvpn-2.2.2.ebuild:
523 + alpha/ia64/s390/sh/sparc stable wrt #415847
524 +
525 + 01 Jun 2012; Zac Medico <zmedico@g.o> openvpn-2.1.4.ebuild,
526 + openvpn-2.2.2.ebuild, openvpn-9999.ebuild:
527 + inherit user for enewgroup and enewuser
528 +
529 + 27 May 2012; Markus Meier <maekke@g.o> openvpn-2.2.2.ebuild:
530 + arm stable, bug #415847
531 +
532 + 23 May 2012; Jeroen Roovers <jer@g.o> openvpn-2.2.2.ebuild:
533 + Stable for HPPA (bug #415847).
534 +
535 + 23 May 2012; Brent Baude <ranger@g.o> openvpn-2.2.2.ebuild:
536 + Marking openvpn-2.2.2 ppc64 for bug 415847
537 +
538 + 22 May 2012; Brent Baude <ranger@g.o> openvpn-2.2.2.ebuild:
539 + Marking openvpn-2.2.2 ppc for bug 415847
540 +
541 + 18 May 2012; Jeff Horelick <jdhore@g.o> openvpn-2.2.2.ebuild:
542 + marked x86 per bug 415847
543 +
544 + 14 May 2012; Agostino Sarubbo <ago@g.o> openvpn-2.2.2.ebuild:
545 + Stable for amd64, wrt bug #415847
546 +
547 + 14 May 2012; Dirkjan Ochtman <djc@g.o> -openvpn-2.2.0-r1.ebuild:
548 + Remove old version.
549 +
550 + 14 May 2012; Dirkjan Ochtman <djc@g.o> openvpn-9999.ebuild:
551 + Update live ebuild to deal with new build system (thanks Alon Bar-Lev, bug
552 + 409577).
553 +
554 + 14 Apr 2012; Zac Medico <zmedico@g.o> openvpn-2.2.2.ebuild:
555 + Add ~amd64-linux keyword.
556 +
557 + 01 Mar 2012; Dirkjan Ochtman <djc@g.o> openvpn-9999.ebuild:
558 + Fix CVS header in live ebuild.
559 +
560 +*openvpn-9999 (01 Mar 2012)
561 +
562 + 01 Mar 2012; Dirkjan Ochtman <djc@g.o> +openvpn-9999.ebuild,
563 + +files/openvpn-9999-pkcs11.patch:
564 + Add live ebuild (bug 385375). Thanks to Marcel Pennewiß.
565 +
566 + 23 Feb 2012; Christian Faulhammer <fauli@g.o>
567 + files/openvpn-2.1_rc20-pkcs11.patch, +files/openvpn-2.2.0-pkcs11.patch:
568 + Make patch application work again, see bug 404269
569 +
570 + 17 Feb 2012; Dirkjan Ochtman <djc@g.o> openvpn-2.2.2.ebuild:
571 + Remove reference to old ipv6 use flag, bug 404137.
572 +
573 + 17 Feb 2012; Dirkjan Ochtman <djc@g.o> -openvpn-2.2.0.ebuild:
574 + Remove old version, fixing bug 401747.
575 +
576 + 16 Feb 2012; Dirkjan Ochtman <djc@g.o> openvpn-2.2.2.ebuild:
577 + Make 2.2.2 have +ssl (bug 404111).
578 +
579 +*openvpn-2.2.2 (16 Feb 2012)
580 +
581 + 16 Feb 2012; Dirkjan Ochtman <djc@g.o>
582 + files/openvpn-2.1_rc20-pkcs11.patch, +openvpn-2.2.2.ebuild,
583 + +files/openvpn-2.2.2-pkcs11.patch:
584 + Version bump to 2.2.2 (bug 383537), some cleanups from darkside.
585 +
586 + 29 Jul 2011; Zac Medico <zmedico@g.o> openvpn-2.2.0-r1.ebuild:
587 + Add ~x86-linux keyword.
588 +
589 + 28 Jul 2011; Zac Medico <zmedico@g.o> openvpn-2.2.0-r1.ebuild:
590 + Fix for prefix.
591 +
592 +*openvpn-2.2.0-r1 (01 May 2011)
593 +
594 + 01 May 2011; Dirkjan Ochtman <djc@g.o> +openvpn-2.2.0-r1.ebuild:
595 + Fix issues with docdir and remaining eurephia mentions (bug 365487).
596 +
597 + 30 Apr 2011; Dirkjan Ochtman <djc@g.o> openvpn-2.2.0.ebuild:
598 + Upgrade to EAPI=4 for 2.2.0, get rid of prepalldocs.
599 +
600 + 30 Apr 2011; Dirkjan Ochtman <djc@g.o> -openvpn-2.1.2.ebuild,
601 + -openvpn-2.1.3.ebuild:
602 + Remove old versions.
603 +
604 +*openvpn-2.2.0 (30 Apr 2011)
605 +
606 + 30 Apr 2011; Dirkjan Ochtman <djc@g.o> +openvpn-2.2.0.ebuild:
607 + Version bump to 2.2.0, add ipv6 payload support (bug 335563).
608 +
609 + 21 Mar 2011; Kacper Kowalik <xarthisius@g.o> openvpn-2.1.4.ebuild:
610 + ppc/ppc64 stable wrt #354661
611 +
612 + 20 Mar 2011; Raúl Porcel <armin76@g.o> openvpn-2.1.4.ebuild:
613 + s390/sh/sparc stable wrt #354661
614 +
615 + 13 Mar 2011; Markus Meier <maekke@g.o> openvpn-2.1.4.ebuild:
616 + arm stable, bug #354661
617 +
618 + 08 Mar 2011; Tobias Klausmann <klausman@g.o> openvpn-2.1.4.ebuild:
619 + Stable on alpha, bug #354661
620 +
621 + 03 Mar 2011; Thomas Kahle <tomka@g.o> openvpn-2.1.4.ebuild:
622 + x86 stable per bug 354661
623 +
624 + 21 Feb 2011; Jeroen Roovers <jer@g.o> openvpn-2.1.4.ebuild:
625 + Stable for HPPA (bug #354661).
626 +
627 + 13 Feb 2011; Markos Chandras <hwoarang@g.o> openvpn-2.1.4.ebuild:
628 + Stable on amd64 wrt bug #354661
629 +
630 + 10 Jan 2011; Brent Baude <ranger@g.o> openvpn-2.1.3.ebuild:
631 + stable ppc, bug 342897
632 +
633 + 28 Dec 2010; Brent Baude <ranger@g.o> openvpn-2.1.3.ebuild:
634 + stable ppc64, bug 342897
635 +
636 +*openvpn-2.1.4 (14 Dec 2010)
637 +
638 + 14 Dec 2010; Dirkjan Ochtman <djc@g.o> +openvpn-2.1.4.ebuild:
639 + Version bump to 2.1.4.
640 +
641 + 05 Dec 2010; Raúl Porcel <armin76@g.o> openvpn-2.1.3.ebuild:
642 + alpha/s390/sh/sparc stable wrt #342897
643 +
644 + 03 Nov 2010; Markus Meier <maekke@g.o> openvpn-2.1.3.ebuild:
645 + arm stable, bug #342897
646 +
647 + 03 Nov 2010; Pawel Hajdan jr <phajdan.jr@g.o> openvpn-2.1.3.ebuild:
648 + x86 stable wrt bug #342897
649 +
650 + 29 Oct 2010; Jeroen Roovers <jer@g.o> openvpn-2.1.3.ebuild:
651 + Stable for HPPA (bug #342897).
652 +
653 + 28 Oct 2010; Markos Chandras <hwoarang@g.o> openvpn-2.1.3.ebuild:
654 + Stable on amd64 wrt bug #342897
655 +
656 + 28 Oct 2010; Dirkjan Ochtman <djc@g.o> openvpn-2.1.3.ebuild:
657 + Fix QA issues for bug 342933.
658 +
659 + 27 Oct 2010; Dirkjan Ochtman <djc@g.o> +files/65openvpn,
660 + openvpn-2.1.3.ebuild:
661 + Add CONFIG_PROTECT for /usr/share/openvpn/easy-rsa, as suggested by
662 + hwoarang.
663 +
664 + 19 Oct 2010; Dirkjan Ochtman <djc@g.o>
665 + -files/openvpn-2.0.9-pam.patch, -files/openvpn-2.0.9-persistent.patch,
666 + -openvpn-2.1.0-r1.ebuild:
667 + Clean up cruft from old versions.
668 +
669 + 19 Oct 2010; Dirkjan Ochtman <djc@g.o> openvpn-2.1.3.ebuild:
670 + Update ebuild to use new path_exists function.
671 +
672 + 19 Oct 2010; Jeroen Roovers <jer@g.o> openvpn-2.1.2.ebuild:
673 + Stable for HPPA (bug #338919).
674 +
675 + 15 Oct 2010; Brent Baude <ranger@g.o> openvpn-2.1.2.ebuild:
676 + stable ppc, bug 338919
677 +
678 + 12 Oct 2010; Dirkjan Ochtman <djc@g.o> openvpn-2.1.3.ebuild:
679 + Improved 2.1.3 ebuild; thanks to pva for the review.
680 +
681 + 12 Oct 2010; Raúl Porcel <armin76@g.o> openvpn-2.1.2.ebuild:
682 + alpha/arm/s390/sh/sparc stable wrt #338919
683 +
684 + 06 Oct 2010; Markus Meier <maekke@g.o> openvpn-2.1.2.ebuild:
685 + x86 stable, bug #338919
686 +
687 + 30 Sep 2010; Brent Baude <ranger@g.o> openvpn-2.1.2.ebuild:
688 + stable ppc64, bug 338919
689 +
690 + 28 Sep 2010; Markos Chandras <hwoarang@g.o> openvpn-2.1.2.ebuild:
691 + Stable on amd64 wrt bug #338919
692 +
693 +*openvpn-2.1.3 (27 Sep 2010)
694 +
695 + 27 Sep 2010; Dirkjan Ochtman <djc@g.o> +openvpn-2.1.3.ebuild:
696 + Version bump to 2.1.3.
697 +
698 + 27 Sep 2010; Dirkjan Ochtman <djc@g.o> -openvpn-2.0.9.ebuild,
699 + -openvpn-2.1_rc15.ebuild:
700 + Clean up old versions.
701 +
702 + 07 Sep 2010; Joseph Jezak <josejx@g.o> openvpn-2.1.0-r1.ebuild,
703 + openvpn-2.1.2.ebuild:
704 + Change altivec fix to work on ppc64 as well.
705 +
706 + 06 Sep 2010; Brent Baude <ranger@g.o> openvpn-2.1.0-r1.ebuild:
707 + Marking openvpn-2.1.0-r1 ppc64 for bug 293894
708 +
709 + 04 Sep 2010; Raúl Porcel <armin76@g.o> openvpn-2.1.0-r1.ebuild:
710 + alpha/s390/sh/sparc stable wrt #293894
711 +
712 + 28 Aug 2010; Markus Meier <maekke@g.o> openvpn-2.1.0-r1.ebuild:
713 + arm stable, bug #293894
714 +
715 + 25 Aug 2010; Jeroen Roovers <jer@g.o> openvpn-2.1.0-r1.ebuild:
716 + Stable for HPPA PPC (bug #293894).
717 +
718 + 24 Aug 2010; Pawel Hajdan jr <phajdan.jr@g.o>
719 + openvpn-2.1.0-r1.ebuild:
720 + x86 stable wrt security bug #293894
721 +
722 + 23 Aug 2010; Markos Chandras <hwoarang@g.o>
723 + openvpn-2.1.0-r1.ebuild:
724 + Stable on amd64 wrt bug #293894
725 +
726 + 23 Aug 2010; Dirkjan Ochtman <djc@g.o> openvpn-2.1.0-r1.ebuild,
727 + openvpn-2.1.2.ebuild:
728 + Get rid of useless threads flag.
729 +
730 +*openvpn-2.1.2 (23 Aug 2010)
731 +
732 + 23 Aug 2010; Dirkjan Ochtman <djc@g.o> +openvpn-2.1.2.ebuild:
733 + Version bump to 2.1.2.
734 +
735 + 23 Aug 2010; Dirkjan Ochtman <djc@g.o> openvpn-2.1.0-r1.ebuild:
736 + Remove built_with_use, upgrade to EAPI=2.
737 +
738 + 23 Aug 2010; Dirkjan Ochtman <djc@g.o> -openvpn-2.0.6.ebuild,
739 + -openvpn-2.0.7-r2.ebuild, -files/openvpn-2.0.7-pam.patch,
740 + -files/openvpn-2.0.7-persistent.patch, -openvpn-2.1_rc19.ebuild,
741 + -openvpn-2.1_rc20.ebuild, -openvpn-2.1_rc21.ebuild:
742 + Clean up old versions.
743 +
744 + 23 Aug 2010; Dirkjan Ochtman <djc@g.o> metadata.xml:
745 + Add myself as a maintainer.
746 +
747 + 28 Feb 2010; Cédric Krier <cedk@g.o> files/openvpn-2.1.init,
748 + files/openvpn.init:
749 + Fix init scripts to work with tabs for bug #301619
750 +
751 + 28 Feb 2010; Cédric Krier <cedk@g.o> openvpn-2.1.0-r1.ebuild:
752 + Filter out -maltivec on ppc for bug #293840
753 +
754 +*openvpn-2.1.0-r1 (29 Dec 2009)
755 +
756 + 29 Dec 2009; Cédric Krier <cedk@g.o> -openvpn-2.1.0.ebuild,
757 + +openvpn-2.1.0-r1.ebuild, -files/openvpn-2.1.0-stdbool.patch:
758 + Remove stdbool patch for bug #297854
759 +
760 +*openvpn-2.1.0 (19 Dec 2009)
761 +
762 + 19 Dec 2009; Cédric Krier <cedk@g.o> +openvpn-2.1.0.ebuild,
763 + +files/openvpn-2.1.0-stdbool.patch:
764 + Version bump and add patch for bug #293840
765 +
766 +*openvpn-2.1_rc21 (15 Nov 2009)
767 +
768 + 15 Nov 2009; Cédric Krier <cedk@g.o> +openvpn-2.1_rc21.ebuild:
769 + Version bump
770 +
771 + 10 Oct 2009; Cédric Krier <cedk@g.o> openvpn-2.1_rc20.ebuild,
772 + metadata.xml:
773 + Add eurephia patch for bug #272079
774 +
775 +*openvpn-2.1_rc20 (10 Oct 2009)
776 +
777 + 10 Oct 2009; Cédric Krier <cedk@g.o> +openvpn-2.1_rc20.ebuild,
778 + +files/openvpn-2.1_rc20-pkcs11.patch:
779 + Version bump with ipv6 patch for bug #287896 and patch for bug #273586
780 +
781 + 10 Oct 2009; Cédric Krier <cedk@g.o> files/openvpn-2.1.init:
782 + Remove --nobind from init script for bug #282721
783 +
784 + 10 Oct 2009; Raúl Porcel <armin76@g.o> openvpn-2.0.9.ebuild:
785 + sh/sparc stable wrt #272546
786 +
787 + 10 Oct 2009; Raúl Porcel <armin76@g.o> openvpn-2.1_rc15.ebuild:
788 + s390/sh/sparc stable wrt #280072
789 +
790 + 04 Oct 2009; Markus Meier <maekke@g.o> openvpn-2.1_rc15.ebuild:
791 + arm stable, bug #280072
792 +
793 + 26 Sep 2009; Brent Baude <ranger@g.o> openvpn-2.1_rc15.ebuild:
794 + Marking openvpn-2.1_rc15 ppc64 for bug 280072
795 +
796 + 29 Aug 2009; nixnut <nixnut@g.o> openvpn-2.1_rc15.ebuild:
797 + ppc stable #280072
798 +
799 + 29 Aug 2009; nixnut <nixnut@g.o> openvpn-2.0.9.ebuild:
800 + ppc stable #272546
801 +
802 + 28 Aug 2009; Tobias Klausmann <klausman@g.o>
803 + openvpn-2.1_rc15.ebuild:
804 + Stable on alpha, bug #280072
805 +
806 + 19 Aug 2009; Jeroen Roovers <jer@g.o> openvpn-2.1_rc15.ebuild:
807 + Stable for HPPA (bug #280072).
808 +
809 + 05 Aug 2009; <chainsaw@g.o> openvpn-2.1_rc15.ebuild:
810 + Marked stable on AMD64 as requested by Cédric Krier <cedk@g.o> in
811 + bug #280072. Compile-tested on a Core2 Duo, no suitable network
812 + environment to test.
813 +
814 + 04 Aug 2009; Christian Faulhammer <fauli@g.o>
815 + openvpn-2.1_rc15.ebuild:
816 + stable x86, bug 280072
817 +
818 +*openvpn-2.1_rc19 (01 Aug 2009)
819 +
820 + 01 Aug 2009; Cédric Krier <cedk@g.o> +openvpn-2.1_rc19.ebuild:
821 + Version bump
822 +
823 + 28 Jun 2009; Brent Baude <ranger@g.o> openvpn-2.0.9.ebuild:
824 + Marking openvpn-2.0.9 ppc64 for bug 272546
825 +
826 + 21 Jun 2009; Cédric Krier <cedk@g.o> openvpn-2.1_rc15.ebuild:
827 + Remove empty doc dir for bug #272994
828 +
829 + 21 Jun 2009; Cédric Krier <cedk@g.o> openvpn-2.1_rc15.ebuild:
830 + Add missing -Wall for plugin
831 +
832 + 21 Jun 2009; Cédric Krier <cedk@g.o> openvpn-2.0.9.ebuild:
833 + Add missing missing file for easy-rsa for bug #273586
834 +
835 + 21 Jun 2009; Cédric Krier <cedk@g.o> openvpn-2.1_rc15.ebuild:
836 + Fix CFLAGS and LDFLAGS in plugin for bug #263136
837 +
838 + 11 Jun 2009; Jeroen Roovers <jer@g.o> openvpn-2.0.9.ebuild:
839 + Stable for HPPA (bug #272546).
840 +
841 + 07 Jun 2009; Tobias Klausmann <klausman@g.o> openvpn-2.0.9.ebuild:
842 + Stable on alpha, bug #272546
843 +
844 + 07 Jun 2009; Markus Meier <maekke@g.o> openvpn-2.0.9.ebuild:
845 + amd64/x86 stable, bug #272546
846 +
847 + 28 May 2009; Cédric Krier <cedk@g.o> openvpn-2.1_rc15.ebuild:
848 + Fix bad header and missing RDEPEND
849 +
850 + 28 May 2009; Cédric Krier <cedk@g.o> files/up.sh:
851 + Fix invalid resolv.conf when DOMAIN is empty for bug #269614
852 +
853 + 15 Apr 2009; Cédric Krier <cedk@g.o> files/up.sh:
854 + Fix up.sh to add search for all domains for bug #259382
855 +
856 +*openvpn-2.1_rc15 (03 Jan 2009)
857 +
858 + 03 Jan 2009; Cédric Krier <cedk@g.o> -openvpn-2.1_rc13.ebuild,
859 + +openvpn-2.1_rc15.ebuild:
860 + Version bump
861 +
862 + 02 Nov 2008; Cédric Krier <cedk@g.o>
863 + +files/openvpn-2.1_rc13-peercred.patch, openvpn-2.1_rc13.ebuild:
864 + Add peercred patch for bug #245181
865 +
866 +*openvpn-2.1_rc13 (01 Nov 2008)
867 +
868 + 01 Nov 2008; Cédric Krier <cedk@g.o>
869 + -files/openvpn-2.1_rc9-tests.patch, -openvpn-2.1_rc9.ebuild,
870 + +openvpn-2.1_rc13.ebuild:
871 + Version bump
872 +
873 + 01 Nov 2008; Cédric Krier <cedk@g.o> files/openvpn-2.1.init:
874 + Fix init script for bug #234667
875 +
876 + 28 Sep 2008; Cédric Krier <cedk@g.o>
877 + +files/openvpn-2.1_rc9-tests.patch, openvpn-2.1_rc9.ebuild:
878 + Add tests patch for bug #236877
879 +
880 + 02 Aug 2008; Cédric Krier <cedk@g.o> files/openvpn-2.1.init:
881 + Add --script-security 2 for bug #233657
882 +
883 +*openvpn-2.1_rc9 (01 Aug 2008)
884 +
885 + 01 Aug 2008; Cédric Krier <cedk@g.o>
886 + -files/openvpn-2.1_rc7-tap.patch, -openvpn-2.1_rc7-r2.ebuild,
887 + +openvpn-2.1_rc9.ebuild:
888 + Version bump
889 +
890 +*openvpn-2.0.9 (14 May 2008)
891 +
892 + 14 May 2008; Cédric Krier <cedk@g.o>
893 + +files/openvpn-2.0.9-pam.patch, +files/openvpn-2.0.9-persistent.patch,
894 + +openvpn-2.0.9.ebuild:
895 + Version bump
896 +
897 + 13 May 2008; Cédric Krier <cedk@g.o> metadata.xml:
898 + Take ownership, after Alon Bar-Lev left
899 +
900 +*openvpn-2.1_rc7-r2 (18 Apr 2008)
901 +
902 + 18 Apr 2008; Alon Bar-Lev <alonbl@g.o>
903 + files/openvpn-2.1_rc7-tap.patch, -openvpn-2.1_rc7-r1.ebuild,
904 + +openvpn-2.1_rc7-r2.ebuild:
905 + Fix tun (again), bug#218129, thanks to Sigmatador
906 +
907 +*openvpn-2.1_rc7-r1 (16 Apr 2008)
908 +
909 + 16 Apr 2008; Alon Bar-Lev <alonbl@g.o>
910 + files/openvpn-2.1_rc7-tap.patch, -openvpn-2.1_rc7.ebuild,
911 + +openvpn-2.1_rc7-r1.ebuild:
912 + Fix typeo in tun, bug#217956, thanks to Sigmatador
913 +
914 + 17 Feb 2008; Christoph Mende <angelos@g.o> openvpn-2.0.7-r2.ebuild:
915 + Stable on amd64, bug #209177
916 +
917 + 12 Feb 2008; Raúl Porcel <armin76@g.o> openvpn-2.0.7-r2.ebuild:
918 + alpha/sparc stable wrt #209177
919 +
920 +*openvpn-2.1_rc7 (09 Feb 2008)
921 +
922 + 09 Feb 2008; Alon Bar-Lev <alonbl@g.o>
923 + -files/openvpn-2.1_rc4-ip6-mss.patch,
924 + -files/openvpn-2.1_rc6-iproute.patch, +files/openvpn-2.1_rc7-tap.patch,
925 + -openvpn-2.1_rc4-r2.ebuild, -openvpn-2.1_rc6-r1.ebuild,
926 + +openvpn-2.1_rc7.ebuild:
927 + Version bump, fix bug#209055
928 +
929 + 08 Feb 2008; Tobias Scherbaum <dertobi123@g.o>
930 + openvpn-2.0.7-r2.ebuild:
931 + ppc stable, bug #209177
932 +
933 + 07 Feb 2008; Jeroen Roovers <jer@g.o> openvpn-2.0.7-r2.ebuild:
934 + Stable for HPPA (bug #209177).
935 +
936 + 07 Feb 2008; Christian Faulhammer <opfer@g.o>
937 + openvpn-2.0.7-r2.ebuild:
938 + restrict tests if USE=ssl is not set
939 +
940 + 07 Feb 2008; Christian Faulhammer <opfer@g.o>
941 + openvpn-2.0.7-r2.ebuild:
942 + stable x86, bug 209177
943 +
944 + 07 Feb 2008; Brent Baude <ranger@g.o> openvpn-2.0.7-r2.ebuild:
945 + stable ppc64, bug 209177
946 +
947 + 30 Jan 2008; Alon Bar-Lev <alonbl@g.o> files/down.sh, files/up.sh:
948 + If SVCNAME does not exist avoid doing service magic
949 +
950 + 29 Jan 2008; Diego Pettenò <flameeyes@g.o> files/openvpn-2.1.init,
951 + files/openvpn.init:
952 + Fix init script dependencies to work without a boot runlevel.
953 +
954 +*openvpn-2.1_rc6-r1 (25 Jan 2008)
955 +
956 + 25 Jan 2008; Alon Bar-Lev <alonbl@g.o>
957 + +files/openvpn-2.1_rc6-iproute.patch, -openvpn-2.1_rc6.ebuild,
958 + +openvpn-2.1_rc6-r1.ebuild:
959 + Fix iproute issue, bug#207320, thanks to Graham Murray
960 +
961 +*openvpn-2.1_rc6 (24 Jan 2008)
962 +
963 + 24 Jan 2008; Alon Bar-Lev <alonbl@g.o> -openvpn-2.1_rc5.ebuild,
964 + +openvpn-2.1_rc6.ebuild:
965 + Version bump
966 +
967 +*openvpn-2.1_rc5 (23 Jan 2008)
968 +
969 + 23 Jan 2008; Alon Bar-Lev <alonbl@g.o> +openvpn-2.1_rc5.ebuild:
970 + Version bump
971 +
972 + 21 Dec 2007; Alon Bar-Lev <alonbl@g.o> metadata.xml:
973 + Take ownership, after Roy left
974 +
975 + 25 Sep 2007; Roy Marples <uberlord@g.o> files/openvpn-2.1.conf,
976 + files/openvpn-2.1.init, files/down.sh, files/up.sh:
977 + PEER_DNS now allows OpenVPN to create /etc/resolv.conf or not, #193668
978 +
979 + 25 Sep 2007; Roy Marples <uberlord@g.o> files/down.sh, files/up.sh:
980 + Pass parameters to service specific scripts, #193724 thanks to Sergiy Borodych
981 +
982 + 15 Sep 2007; Roy Marples <uberlord@g.o>
983 + -files/openvpn-2.0.4-darwin.patch, openvpn-2.0.6.ebuild,
984 + openvpn-2.0.7-r2.ebuild, openvpn-2.1_rc4-r2.ebuild:
985 + ppc-macos keyword and patch dropped
986 +
987 +*openvpn-2.1_rc4-r2 (16 Aug 2007)
988 +
989 + 16 Aug 2007; Roy Marples <uberlord@g.o>
990 + +files/openvpn-2.1_rc4-ip6-mss.patch, +openvpn-2.1_rc4-r2.ebuild:
991 + Add a patch to fix mss for IPv6.
992 +
993 + 09 Jul 2007; Roy Marples <uberlord@g.o> openvpn-2.1_rc4.ebuild,
994 + openvpn-2.1_rc4-r1.ebuild:
995 + Remove BSD warning about MTU as it no longer applies (I think)
996 +
997 + 08 Jul 2007; Roy Marples <uberlord@g.o> files/openvpn-2.1.conf,
998 + files/openvpn-2.1.init:
999 + RE_ENTER config variable allows custom up/down scripts to re-enter openvpn.
1000 + Should fix #133107.
1001 +
1002 +*openvpn-2.1_rc4-r1 (29 Jun 2007)
1003 +
1004 + 29 Jun 2007; Roy Marples <uberlord@g.o> +files/openvpn-2.1.conf,
1005 + files/openvpn-2.1.init, +openvpn-2.1_rc4-r1.ebuild:
1006 + DETECT_CLIENT config directive now controls init script behaviour, #181000.
1007 + IPv6 support added, #183457 thanks to Marcel Pennewiß.
1008 +
1009 + 08 Jun 2007; Joshua Kinard <kumba@g.o> openvpn-2.0.7-r2.ebuild:
1010 + Marked unstable on mips, per #181074.
1011 +
1012 +*openvpn-2.1_rc4 (26 Apr 2007)
1013 +
1014 + 26 Apr 2007; Roy Marples <uberlord@g.o> +openvpn-2.1_rc4.ebuild:
1015 + Bump, fixes #176001 thanks to boris64.
1016 +
1017 + 16 Apr 2007; Roy Marples <uberlord@g.o>
1018 + +files/openvpn-2.1_rc2-freebsd.patch, openvpn-2.0.6.ebuild,
1019 + openvpn-2.0.7.ebuild, openvpn-2.0.7-r1.ebuild, openvpn-2.0.7-r2.ebuild,
1020 + openvpn-2.1_rc2.ebuild:
1021 + static USE flag now does what it says on the tin, #174786
1022 + thanks to Michael Gisbers.
1023 + Added a patch to clean up compile and install on FreeBSD.
1024 +
1025 + 09 Mar 2007; Roy Marples <uberlord@g.o> files/openvpn-2.1.init:
1026 + Hide ifconfig errors on FreeBSD.
1027 + Use printf instead of echo -e so we work on all POSIX shells.
1028 +
1029 +*openvpn-2.1_rc2 (04 Mar 2007)
1030 +
1031 + 04 Mar 2007; Roy Marples <uberlord@g.o> +openvpn-2.1_rc2.ebuild:
1032 + Bumpage.
1033 +
1034 +*openvpn-2.1_rc1-r2 (23 Feb 2007)
1035 +*openvpn-2.0.7-r2 (23 Feb 2007)
1036 +
1037 + 23 Feb 2007; Roy Marples <uberlord@g.o> files/openvpn-2.1.init,
1038 + files/down.sh, files/openvpn.init, files/up.sh, +openvpn-2.0.7-r2.ebuild,
1039 + +openvpn-2.1_rc1-r2.ebuild:
1040 + Init scripts no longer require bash.
1041 +
1042 + 07 Feb 2007; Roy Marples <uberlord@g.o> files/down.sh, files/up.sh:
1043 + up.sh and down.sh no longer require bash.
1044 +
1045 + 05 Jan 2007; Diego Pettenò <flameeyes@g.o> openvpn-2.0.6.ebuild,
1046 + openvpn-2.0.7.ebuild, openvpn-2.0.7-r1.ebuild, openvpn-2.1_rc1.ebuild,
1047 + openvpn-2.1_rc1-r1.ebuild:
1048 + Remove gnuconfig_update usage, leave it to econf.
1049 +
1050 +*openvpn-2.1_rc1-r1 (08 Nov 2006)
1051 +*openvpn-2.0.7-r1 (08 Nov 2006)
1052 +
1053 + 08 Nov 2006; Roy Marples <uberlord@g.o>
1054 + +files/openvpn-2.0.7-persistent.patch,
1055 + +files/openvpn-2.1_rc1-persistent.patch, +openvpn-2.0.7-r1.ebuild,
1056 + +openvpn-2.1_rc1-r1.ebuild:
1057 + Added patches to enable txqueuelen when making a persistent interface, #150791
1058 +
1059 + 06 Nov 2006; Roy Marples <uberlord@g.o> openvpn-2.0.6.ebuild,
1060 + openvpn-2.0.7.ebuild, -openvpn-2.1_beta15.ebuild, openvpn-2.1_rc1.ebuild:
1061 + die if iproute2 support was requested, but built with the minimal USE flag.
1062 + Fixes #154191 thanks to Martin Scherer.
1063 +
1064 +*openvpn-2.1_rc1 (02 Nov 2006)
1065 +
1066 + 02 Nov 2006; Roy Marples <uberlord@g.o> +openvpn-2.1_rc1.ebuild:
1067 + New upstream version.
1068 +
1069 + 01 Nov 2006; Roy Marples <uberlord@g.o> files/openvpn-2.1.init,
1070 + files/up.sh:
1071 + Ensure we work with all bash versions.
1072 +
1073 + 17 Oct 2006; Roy Marples <uberlord@g.o> openvpn-2.0.7.ebuild,
1074 + openvpn-2.1_beta15.ebuild:
1075 + Added ~sparc-fbsd keyword.
1076 +
1077 + 14 Oct 2006; Roy Marples <uberlord@g.o> files/openvpn-2.1.init:
1078 + Quiet stopping.
1079 +
1080 + 11 Oct 2006; Roy Marples <uberlord@g.o>
1081 + +files/openvpn-2.0.7-pam.patch, openvpn-2.0.7.ebuild,
1082 + openvpn-2.1_beta15.ebuild:
1083 + Add a patch so we work with both LinuxPAM and OpenPAM correctly.
1084 +
1085 + 05 Oct 2006; Markus Rothe <corsair@g.o> openvpn-2.1_beta15.ebuild:
1086 + Added ~ppc64
1087 +
1088 + 13 Sep 2006; Roy Marples <uberlord@g.o> -openvpn-2.1_beta14.ebuild,
1089 + openvpn-2.1_beta15.ebuild:
1090 + Fix plugin install, #147308 again.
1091 +
1092 +*openvpn-2.1_beta15 (12 Sep 2006)
1093 +
1094 + 12 Sep 2006; Roy Marples <uberlord@g.o> files/up.sh,
1095 + +openvpn-2.1_beta15.ebuild:
1096 + Version bump, #147308 thanks to Alon Bar-Lev.
1097 + Fix up.sh for FreeBSD.
1098 +
1099 + 10 Sep 2006; Roy Marples <uberlord@g.o> files/openvpn-2.1.init:
1100 + Add FreeBSD support
1101 +
1102 + 08 Jul 2006; Markus Rothe <corsair@g.o> openvpn-2.0.6.ebuild:
1103 + Stable on ppc64
1104 +
1105 + 06 Jul 2006; Roy Marples <uberlord@g.o> files/openvpn-2.1.init,
1106 + files/openvpn.init:
1107 + Allow periods in config names, #139454 thanks to Ed Catmur.
1108 +
1109 +*openvpn-2.0.7 (29 Jun 2006)
1110 +
1111 + 29 Jun 2006; Roy Marples <uberlord@g.o> +openvpn-2.0.7.ebuild:
1112 + Bump, #138250, thanks to Armando Di Cianno.
1113 +
1114 + 15 May 2006; Brent Baude <ranger@g.o> openvpn-2.0.6.ebuild:
1115 + Marking openvpn-2.0.6 ~ppc64 per bug request 133417
1116 +
1117 + 12 May 2006; Roy Marples <uberlord@g.o> files/down.sh, files/up.sh:
1118 + up.sh and down.sh now save and restore resolv.conf if we don't
1119 + have resolvconf installed, #132932.
1120 +
1121 + 10 May 2006; Roy Marples <uberlord@g.o> openvpn-2.1_beta14.ebuild,
1122 + files/up.sh:
1123 + up.sh no longer overwrites resolv.conf if no dns
1124 + information has been given to us by openvpn.
1125 +
1126 + Dropped the smartcard USE flag and opensc dependency as requested by the
1127 + openvpn pcks11 patch author Alon Bar-Lev, #118435.
1128 +
1129 +*openvpn-2.1_beta14 (09 May 2006)
1130 +
1131 + 09 May 2006; Roy Marples <uberlord@g.o> +files/openvpn-2.1.init,
1132 + +files/down.sh, +files/up.sh, +openvpn-2.1_beta14.ebuild:
1133 + New upstream beta release with smartcard support (#118435).
1134 + We now add an openvpn user/group so you can drop root if you wish (#120425).
1135 +
1136 + If you use the remote keyword in your config then you are deemed to be a
1137 + client and we force our up/down scripts to be used. These scripts start/stop
1138 + any services depending on openvpn AND apply any DNS information to resolvconf
1139 + or /etc/resolv.conf directly if resolvconf is not installed.
1140 +
1141 + 05 May 2006; Roy Marples <uberlord@g.o> files/openvpn.init:
1142 + Tweak init script to start before netmount.
1143 +
1144 + 24 Apr 2006; Roy Marples <uberlord@g.o> -openvpn-2.0.5-r2.ebuild,
1145 + openvpn-2.0.6.ebuild:
1146 + Stop installing INSTALL document.
1147 +
1148 + 09 Apr 2006; Fabian Groffen <grobian@g.o> openvpn-2.0.6.ebuild:
1149 + Marked ppc-macos stable (bug #128888)
1150 +
1151 + 08 Apr 2006; Bryan Østergaard <kloeri@g.o openvpn-2.0.6.ebuild:
1152 + Stable on alpha, bug 128888.
1153 +
1154 + 07 Apr 2006; Rene Nussbaumer <killerfox@g.o> openvpn-2.0.6.ebuild:
1155 + Stable on hppa. See bug #128888.
1156 +
1157 + 05 Apr 2006; Andrej Kacian <ticho@g.o> openvpn-2.0.6.ebuild:
1158 + Stable on x86, bug #128888.
1159 +
1160 + 05 Apr 2006; Patrick McLean <chutzpah@g.o> openvpn-2.0.6.ebuild:
1161 + Stable on amd64 (bug 128888).
1162 +
1163 + 05 Apr 2006; Gustavo Zacarias <gustavoz@g.o> openvpn-2.0.6.ebuild:
1164 + Stable on sparc wrt security #128888
1165 +
1166 + 05 Apr 2006; Tobias Scherbaum <dertobi123@g.o>
1167 + openvpn-2.0.6.ebuild:
1168 + ppc stable, bug #128888
1169 +
1170 +*openvpn-2.0.6 (05 Apr 2006)
1171 +
1172 + 05 Apr 2006; Roy Marples <uberlord@g.o> +openvpn-2.0.6.ebuild:
1173 + New upstream release.
1174 +
1175 + 08 Feb 2006; Roy Marples <uberlord@g.o> openvpn-2.0.5-r2.ebuild:
1176 + Marking stable on ppc-macos so I can punt older versions, #117111.
1177 + It's just an init script anyway, so shouldn't affect things.
1178 +
1179 + 07 Feb 2006; Aron Griffis <agriffis@g.o> openvpn-2.0.5-r2.ebuild:
1180 + Mark 2.0.5-r2 stable on alpha
1181 +
1182 + 05 Feb 2006; Guy Martin <gmsoft@g.o> openvpn-2.0.5-r2.ebuild:
1183 + Stable on hppa.
1184 +
1185 + 08 Jan 2006; Carsten Lohrke <carlo@g.o> metadata.xml:
1186 + One maintainer retired, one left.
1187 +
1188 + 05 Jan 2006; Simon Stelling <blubb@g.o> openvpn-2.0.5-r2.ebuild:
1189 + stable on amd64
1190 +
1191 + 02 Jan 2006; Michael Hanselmann <hansmi@g.o>
1192 + openvpn-2.0.5-r2.ebuild:
1193 + Stable on ppc.
1194 +
1195 + 30 Dec 2005; Roy Marples <uberlord@g.o> openvpn-2.0.5-r2.ebuild:
1196 + Stable on x86, #117111.
1197 +
1198 + 30 Dec 2005; Gustavo Zacarias <gustavoz@g.o>
1199 + openvpn-2.0.5-r2.ebuild:
1200 + Stable on sparc wrt #117111
1201 +
1202 + 08 Nov 2005; Roy Marples <uberlord@g.o> -openvpn-2.0.1.ebuild,
1203 + -openvpn-2.0.2.ebuild, -openvpn-2.0.2-r3.ebuild, -openvpn-2.0.4-r1.ebuild,
1204 + -openvpn-2.0.4-r2.ebuild, -openvpn-2.0.5-r1.ebuild:
1205 + Punted a few versions.
1206 +
1207 +*openvpn-2.0.5-r2 (06 Nov 2005)
1208 +
1209 + 06 Nov 2005; Roy Marples <uberlord@g.o> openvpn-2.0.5.ebuild,
1210 + +openvpn-2.0.5-r2.ebuild:
1211 + easyrsa pkitool is now installed, #111635.
1212 + easyrsa no longer gets installed when minimum USE flag is set.
1213 +
1214 + 06 Nov 2005; Simon Stelling <blubb@g.o> openvpn-2.0.5.ebuild:
1215 + stable on amd64 wrt bug 111116
1216 +
1217 + 05 Nov 2005; Bryan Østergaard <kloeri@g.o> openvpn-2.0.5.ebuild:
1218 + Stable on alpha, bug 111116.
1219 +
1220 + 04 Nov 2005; Gustavo Zacarias <gustavoz@g.o> openvpn-2.0.5.ebuild:
1221 + Stable on sparc wrt #111116
1222 +
1223 + 04 Nov 2005; Fabian Groffen <grobian@g.o> openvpn-2.0.5.ebuild:
1224 + Marked ppc-macos for bug #111116 (again)
1225 +
1226 + 04 Nov 2005; Mark Loeser <halcy0n@g.o> openvpn-2.0.5.ebuild:
1227 + Stable on x86; bug #111116
1228 +
1229 + 03 Nov 2005; Michael Hanselmann <hansmi@g.o> openvpn-2.0.5.ebuild:
1230 + Stable on ppc. See bug #111116.
1231 +
1232 +*openvpn-2.0.5-r1 (03 Nov 2005)
1233 +*openvpn-2.0.5 (03 Nov 2005)
1234 +
1235 + 03 Nov 2005; Roy Marples <uberlord@g.o> +openvpn-2.0.5.ebuild,
1236 + +openvpn-2.0.5-r1.ebuild:
1237 + Version bump - fixes some serious issues 2.0.4 had
1238 + 2.0.5 has old init script
1239 + 2.0.5-r1 has new init script
1240 +
1241 + 03 Nov 2005; Roy Marples <uberlord@g.o> openvpn-2.0.4-r1.ebuild,
1242 + openvpn-2.0.4-r2.ebuild:
1243 + easy-rsa now gets installed properly, #111351
1244 +
1245 + 03 Nov 2005; Gustavo Zacarias <gustavoz@g.o>
1246 + openvpn-2.0.4-r1.ebuild:
1247 + Stable on sparc wrt #111116
1248 +
1249 + 02 Nov 2005; Fabian Groffen <grobian@g.o>
1250 + +files/openvpn-2.0.4-darwin.patch, openvpn-2.0.4-r1.ebuild,
1251 + openvpn-2.0.4-r2.ebuild:
1252 + Fixed compilation problem on Darwin and marked ppc-macos (bug #111116)
1253 +
1254 +*openvpn-2.0.4-r2 (02 Nov 2005)
1255 +*openvpn-2.0.4-r1 (02 Nov 2005)
1256 +
1257 + 02 Nov 2005; Roy Marples <uberlord@g.o> -openvpn-2.0.4.ebuild,
1258 + +openvpn-2.0.4-r1.ebuild, +openvpn-2.0.4-r2.ebuild:
1259 + 2.0.4 removed as it had the new init script
1260 + 2.0.4-r1 added with old init script
1261 + 2.0.4-r2 added with new init script
1262 +
1263 + 02 Nov 2005; Roy Marples <uberlord@g.o> openvpn-2.0.4.ebuild:
1264 + Fixed pam issue when building plugins, #111267
1265 +
1266 + 02 Nov 2005; Michael Hanselmann <hansmi@g.o> openvpn-2.0.4.ebuild:
1267 + Stable on ppc.
1268 +
1269 + 02 Nov 2005; Andrej Kacian <ticho@g.o> openvpn-2.0.4.ebuild:
1270 + Stable on x86, security bug #111116.
1271 +
1272 +*openvpn-2.0.4 (02 Nov 2005)
1273 +
1274 + 02 Nov 2005; Roy Marples <uberlord@g.o> metadata.xml,
1275 + +openvpn-2.0.4.ebuild:
1276 + Added myself as a maintainer until luckyduck comes back online
1277 +
1278 + Version bump, wrt bug #111116
1279 +
1280 + Examples flag really now works, #100943
1281 +
1282 + init script now appends the --cd option only when the same option
1283 + is not specified in the config file, #109363
1284 +
1285 + 15 Oct 2005; Roy Marples <uberlord@g.o> openvpn-2.0.2-r3.ebuild:
1286 + plugins now really install to /usr/lib/openvpn
1287 +
1288 +*openvpn-2.0.2-r3 (14 Oct 2005)
1289 +
1290 + 14 Oct 2005; Roy Marples <uberlord@g.o> files/openvpn.init,
1291 + -openvpn-2.0.2-r2.ebuild, +openvpn-2.0.2-r3.ebuild:
1292 + init script now modprobes tun if /dev/tun does not exist and errors
1293 + if tun/tap support is not enabled in the kernel
1294 +
1295 + iproute2 USE flag fixed as --disable-iproute2 also enables it in the Makefile
1296 +
1297 +*openvpn-2.0.2-r2 (14 Oct 2005)
1298 +
1299 + 14 Oct 2005; Roy Marples <uberlord@g.o> files/openvpn.init,
1300 + -openvpn-2.0.2-r1.ebuild, +openvpn-2.0.2-r2.ebuild:
1301 + Rev bump for new init script which stops properly on baselayout-1.11 and
1302 + earlier.
1303 +
1304 + 14 Oct 2005; Roy Marples <uberlord@g.o> openvpn-2.0.2-r1.ebuild:
1305 + Added net-tools as a dependency if iproute2 USE flag is not used.
1306 +
1307 +*openvpn-2.0.2-r1 (13 Oct 2005)
1308 +
1309 + 13 Oct 2005; Roy Marples <uberlord@g.o> +files/openvpn.init,
1310 + +openvpn-2.0.2-r1.ebuild:
1311 + New init script which allows more granular control of seperate vpns, #105439
1312 + Install all docs, #100943
1313 + new iproute2 USE flag, #98782 thanks to Sean Lynn
1314 + new static USE flag, #105479 thanks to Clemens Noss
1315 + new minimal USE flag which decides to build bundled plugins or not, #103711
1316 +
1317 +*openvpn-2.0.2 (19 Sep 2005)
1318 +
1319 + 19 Sep 2005; Seemant Kulleen <seemant@g.o> -openvpn-2.0.ebuild,
1320 + -openvpn-2.0-r1.ebuild, +openvpn-2.0.2.ebuild:
1321 + version bump to newest upstream release. wfm, and luckyduck is missing.
1322 + Closes bug #103913
1323 +
1324 + 15 Sep 2005; Aron Griffis <agriffis@g.o> openvpn-2.0.1.ebuild:
1325 + Mark 2.0.1 stable on alpha
1326 +
1327 + 30 Aug 2005; Gustavo Zacarias <gustavoz@g.o> openvpn-2.0.1.ebuild:
1328 + Stable on sparc wrt #102871
1329 +
1330 + 24 Aug 2005; Olivier Crête <tester@g.o> openvpn-2.0.1.ebuild:
1331 + Stable on x86 per security bug #102871
1332 +
1333 + 21 Aug 2005; Fabian Groffen <grobian@g.o> openvpn-2.0.1.ebuild:
1334 + Stable on ppc-macos (bug #102871)
1335 +
1336 + 21 Aug 2005; Michael Hanselmann <hansmi@g.o> openvpn-2.0.1.ebuild:
1337 + Stable on ppc.
1338 +
1339 + 21 Aug 2005; Luis Medinas <metalgod@g.o> openvpn-2.0.1.ebuild:
1340 + Marked Stable on AMD64. Fixes bug #102871.
1341 +
1342 +*openvpn-2.0.1 (21 Aug 2005)
1343 +
1344 + 21 Aug 2005; petre rodan <kaiowas@g.o> +openvpn-2.0.1.ebuild:
1345 + version bump as per security bug #102871; added selinux RDEPEND
1346 +
1347 + 25 Jun 2005; Jan Brinkmann <luckyduck@g.o> openvpn-2.0-r1.ebuild:
1348 + -r1 installs the initscript again, fixes #96855.
1349 +
1350 + 18 Jun 2005; Jason Wever <weeve@g.o> openvpn-2.0.ebuild:
1351 + Stable on SPARC.
1352 +
1353 + 09 Jun 2005; Jan Brinkmann <luckyduck@g.o> openvpn-2.0-r1.ebuild:
1354 + Minor fixes.
1355 +
1356 +*openvpn-2.0-r1 (30 May 2005)
1357 +
1358 + 30 May 2005; Jan Brinkmann <luckyduck@g.o> files/openvpn,
1359 + +openvpn-2.0-r1.ebuild:
1360 + make use of our initscript again, fixes #94350. the initscript now supports
1361 + checking if a connection is already online, see #92369 for details. thanks
1362 + to Christian Hesse <mail@×××××××××.de> for the suggestion.
1363 +
1364 + 28 May 2005; Jan Brinkmann <luckyduck@g.o> openvpn-2.0.ebuild:
1365 + stable on amd64, ppc and x86
1366 +
1367 + 07 May 2005; Jeffrey Forman <jforman@g.o> openvpn-1.6.0.ebuild:
1368 + openvpn-1.6.0 stable on sparc
1369 +
1370 + 01 May 2005; Jan Brinkmann <luckyduck@g.o> openvpn-1.5.0-r1.ebuild,
1371 + openvpn-1.6.0.ebuild:
1372 + marked 1.6.0 stable on amd64 and x86, some cosmetic changes.
1373 +
1374 + 29 Apr 2005; Jan Brinkmann <luckyduck@g.o> metadata.xml:
1375 + herd -> secure-tunneling
1376 +
1377 + 29 Apr 2005; Jan Brinkmann <luckyduck@g.o> openvpn-2.0.ebuild:
1378 + added a compatibility warning.
1379 +
1380 +*openvpn-2.0 (29 Apr 2005)
1381 +
1382 + 29 Apr 2005; Jan Brinkmann <luckyduck@g.o> metadata.xml,
1383 + -openvpn-1.1.0.ebuild, -openvpn-1.3.1.ebuild, -openvpn-1.3.2.ebuild,
1384 + -openvpn-1.3.2-r1.ebuild, -openvpn-1.4.2.ebuild, -openvpn-1.5.0.ebuild,
1385 + +openvpn-2.0.ebuild:
1386 + added ebuild for 2.0, fixes #50767. also updated metadata.xml, took over
1387 + maintainership. did some cleanup, removed older versions. introduced support
1388 + for the examples useflag.
1389 +
1390 + 05 Feb 2005; <solar@g.o> openvpn-1.5.0-r1.ebuild,
1391 + openvpn-1.6.0.ebuild:
1392 + - q/a fix. os-headers are not needed in RDEPEND
1393 +
1394 + 23 Jan 2005; Daniel Black <dragonheart@g.o> openvpn-1.5.0-r1.ebuild,
1395 + openvpn-1.6.0.ebuild:
1396 + threads is now a global use flags. Changed pthreads to threads.
1397 +
1398 + 29 Dec 2004; Ciaran McCreesh <ciaranm@g.o> :
1399 + Change encoding to UTF-8 for GLEP 31 compliance
1400 +
1401 + 18 Dec 2004; Simon Stelling <blubb@g.o> openvpn-1.6.0.ebuild:
1402 + added ~amd64
1403 +
1404 + 24 Nov 2004; Kito <kito@g.o> openvpn-1.6.0.ebuild:
1405 + added ~ppc-macos. closes bug Bug 72324
1406 +
1407 + 17 Oct 2004; <solar@g.o> openvpn-1.5.0-r1.ebuild,
1408 + openvpn-1.6.0.ebuild:
1409 + added gnuconfig_update for bug #61187
1410 +
1411 +*openvpn-1.6.0 (02 Oct 2004)
1412 +
1413 + 02 Oct 2004; Joshua Charles Campbell <warpzero@g.o> openvpn-1.6.0.ebuild:
1414 + Version bump
1415 +
1416 + 02 Oct 2004; Bryan Østergaard <kloeri@g.o> openvpn-1.5.0-r1.ebuild:
1417 + Keyword ~alpha, bug 65839.
1418 +
1419 + 25 Aug 2004; Sven Wegener <swegener@g.o> openvpn-1.1.0.ebuild,
1420 + openvpn-1.3.1.ebuild, openvpn-1.3.2-r1.ebuild, openvpn-1.3.2.ebuild,
1421 + openvpn-1.4.2.ebuild, openvpn-1.5.0-r1.ebuild, openvpn-1.5.0.ebuild:
1422 + Changed SRC_URI to use mirror:// syntax.
1423 +
1424 + 09 Jul 2004; Travis Tilley <lv@g.o> openvpn-1.5.0-r1.ebuild,
1425 + openvpn-1.5.0.ebuild:
1426 + switch linux-headers dependency to virtual/os-headers
1427 +
1428 + 25 Mar 2004; Jason Wever <weeve@g.o> openvpn-1.5.0-r1.ebuild:
1429 + Marked stable on sparc.
1430 +
1431 +*openvpn-1.5.0-r1 (15 Mar 2004)
1432 +
1433 + 15 Mar 2004; <warpzero@g.o> metadata.xml, openvpn-1.5.0-r1.ebuild;
1434 + Added pthreads support and made the ebuild actually consider its use flags, wow.
1435 +
1436 +*openvpn-1.5.0 (24 Dec 2003)
1437 +
1438 +*openvpn-1.4.2 (03 Aug 2003)
1439 +
1440 + 03 Aug 2003; <warpzero@g.o> metadata.xml, openvpn-1.5.0.ebuild:
1441 + version 1.5.0 added
1442 + fixed init script added. Closes several bugs.
1443 +
1444 +*openvpn-1.4.2 (03 Aug 2003)
1445 +
1446 + 03 Aug 2003; <warpzero@g.o> metadata.xml, openvpn-1.4.2.ebuild:
1447 + ~ppc keyword
1448 +
1449 +*openvpn-1.4.2 (03 Aug 2003)
1450 +
1451 + 03 Aug 2003; <warpzero@g.o> metadata.xml, openvpn-1.4.2.ebuild:
1452 + version 1.4.2 added
1453 +
1454 + 06 Dec 2002; Rodney Rees <manson@g.o> : changed sparc ~sparc keywords
1455 +
1456 +*openvpn-1.3.2-r1 (20 May 2003)
1457 +
1458 + 20 May 2003; Ryan Phillips <rphillips@g.o> openvpn-1.3.2-r1.ebuild :
1459 + Included init script. Bug #20085 Fixed. Submitted by Warp Zero
1460 +
1461 +*openvpn-1.3.2 (31 Jan 2003)
1462 +
1463 + 31 Jan 2003; Ryan Phillips <rphillips@g.o> openvpn-1.3.2 :
1464 +
1465 + new version.
1466 +
1467 +*openvpn-1.3.1 (15 Jul 2002)
1468 +
1469 + 15 Jul 2002; Ryan Phillips <rphillips@g.o> openvpn-1.3.1 :
1470 +
1471 + new version. Thanks to Marko Mikulicic
1472 +
1473 +*openvpn-1.1.0 (26 May 2002)
1474 +
1475 + 09 Jul 2002; phoen][x <phoenix@g.o> openvpn-1.1.0.ebuild :
1476 + Added KEYWORDS.
1477 +
1478 + 26 May 2002; Mike Jones <ashmodai@g.o> ChangeLog, openvpn-1.1.0.ebuild:
1479 + Added initial ChangeLog which should be updated whenever the package is
1480 + updated in any way. This changelog is targetted to users. This means that the
1481 + comments should well explained and written in clean English. The details about
1482 + writing correct changelogs are explained in the skel.ChangeLog file which you
1483 + can find in the root directory of the portage repository.
1484 +
1485
1486 diff --git a/net-misc/openvpn/Manifest b/net-misc/openvpn/Manifest
1487 new file mode 100644
1488 index 0000000..83bfe3b
1489 --- /dev/null
1490 +++ b/net-misc/openvpn/Manifest
1491 @@ -0,0 +1,16 @@
1492 +AUX 2.3.6-disable-compression.patch 579 SHA256 644068d1925a7b2866a4afaef15ebb27f5bbf1b55eed0894d34f7603c230bd9a SHA512 56acdd4716df4f6a0367fd583296718e30d3fa4b6b129159f61f913eba97769943a2354e9b51572314a206f68a20def091a89aec12bc942d94b05369128d3a97 WHIRLPOOL 1fb293d49f63a75cb772c262d9a55a6cb00be0f154387bf4fb3e9be1602038bd70348fad5f1a2b714fa7b45cbcd36a4db2c6f1441f3a00aff7d51732b3629708
1493 +AUX 2.3.6-null-cipher.patch 1531 SHA256 a3f8ac3630c9887d18d21e0ac9781d615cf8dff277c070306b36c5d0faa8a1ac SHA512 0aa288af3c0b43977bf84b099ea28dbf7ab9a1096d76e8f706989570984c70a4c298430eac35b0c80eab8bc05e6072d965c20a9e3689e7448e759abb92c93fb2 WHIRLPOOL cbefb2a1b6d63373890a76d3a6153335f8d05b07e4546893e7a8871c653d39f06941615181308fbf41a07cf702b2a730dfacc6a01840efdbfbeaf301a58362bb
1494 +AUX 2.3.6-vlan-support.patch 32652 SHA256 5b53cd595b77c8c391b9ad4844028b8524b9d6e877a5a6ae36ce82dff0eea2a3 SHA512 a28532cf98c47a79bce3f87683560b3bff7f5ec727d709eaa12543f8c2b4285b8cca49aa69f591d93c8d13ef7ab901f835eec72776cc27da693058293e14627d WHIRLPOOL fe42ad83d82f1e57b9de8a44bc8a03220d3e2f28b797d7144714ced3b34a8d4d7daf66351fbcc712e56599fc6eb5414077c839df8ffd6616eae38c2b6258d724
1495 +AUX 65openvpn 45 SHA256 d5758e39fdc75dcbb5a788b1afa743c3c1f08c63c535aa32c300b965474d765c SHA512 713345092b60d1322d3fa96fd72d69ed82dbfee5031a675114bc60acfdacaf0811f6bf4530cf937ca5a86b3f2665b28951b9087ec91c2c0faf75bdaf1e25bdbb WHIRLPOOL 534e7dcf2ac953e9ec5de05810022471cb26a16806cd036f25d02550e20f8aaa91410bd005bc7a5e4a549d8a40d01ae317be1d1e1e25d91ed989bbbea7ede9d2
1496 +AUX down.sh 943 SHA256 39debebcd8c899f20e6d355cbc8eaab46e28b83a9f6c33a94c065688a4f3d2c7 SHA512 5defd61edf11cc63f3f8f60bef7fa730c4bcdd2545d664bd94666dd3aea80bd9d190263d8835a555e4287a594f6fce0f52426aed49c60233ff637a2a6164a997 WHIRLPOOL c66fd1e016656fe83d7f55b77bf232058397f9cd3054abe13ec006c227afe6746ee4ada310ff43761ec95510f736b8e542f136711d648642eecafe055975c57e
1497 +AUX openvpn-2.1.conf 892 SHA256 330149a83684ddabe413d134d4c8efad4c88b18c2ab67165014deff5f7fffad2 SHA512 982ade883afbe2e656a9cbbe36c31c0e8b4f7bbbe5b63df9f7b834f02a9153032fb7445c85d3e91f62c68a7ddd13c3afbf420fb71cdd13d9c4b69f867bdd9f37 WHIRLPOOL 6ef644826e1e9e2a100e0fa20b5c9190e92c9e08a366dee28dccf3f70fa0593f3c4d271e42db3920630f03704aa2aef8e84d9efbb2b4b6a0d08e74bb340fb0a5
1498 +AUX openvpn-2.1.init 4186 SHA256 d1b1f8a00935d77521bceb62535350444df3470fa45f4d33c3934051a1bb595b SHA512 7ecd0b4dc7341ea0df598752bec8ae6011bea7973ed9dbf17a12c308aed46362e1507fcb3a3bb26049619747f2f819deec1a42c6dce2c13d2a769f1e37735a2f WHIRLPOOL 9d34c438b7d9e45678e2aa48ab42a68b9e2801423688c6280cbb4934a8ef04cbf8a7953a061659f57fb02adf535596ac9313268c29e2dc18cffbf7315681da82
1499 +AUX openvpn.init 1486 SHA256 c4b9e0899fa5ee0b90c5100da7711dc7a6a5658f10042b0feda9e7efb90a11cf SHA512 450595b9ec82ded74c26ed9f73182122e05f53655262a342b195dcedfe63a06a5d9927a3bbe50d0d04f810cc786ac3eb78843877f426c893e165b967bc8ac012 WHIRLPOOL e549221283b4b92c9ada312a746c4ad4c645493c1c844ddaddefecee4c31e17bd4bd8555618408e065c83143e157aaf7e75b44f01abe43f507835df2aa1149d3
1500 +AUX openvpn.service 335 SHA256 a63a6e1505f2b3e20f2c82588dd0c23da9d8c750e1f36fec2ba20a8b5b0c9de1 SHA512 fbd41b80253aaae6750301ac95d8b3bf09e3a70556cc0513792c8e06faa70a716233d134d4928295f381f0f235fcde0eeac9cfa074924b6666a4b46ff7cf91a9 WHIRLPOOL 16f44d10ab03110a21a69716fbac2e64e5376426edd26783d7946d928dd0cc106810126436488843da8e16277d3aa83d208fe50c4aebd9cff86526ce1762b215
1501 +AUX openvpn.tmpfile 39 SHA256 ef3453056a26487d27908d5ced124285403d8e88deb843fccdba9f6724966826 SHA512 659713b35eee340f2b6578796f4335dda391aa635892e802e3f2531f31c9470460b4e4b3be45457f81f3b08b7d60ce15d16f8d70b968fbf24f846ef5f8611a58 WHIRLPOOL 19e4611ffda68a99851921ccaf3a99d04350cd3e0d8833136da151119c267edc383ff96162aa47a2f77171ae908ad011e4119a7a18961ed0bddcbf38d997b976
1502 +AUX up.sh 2865 SHA256 d887ee065261affd849227fa27e092cf66549d824a698f302312d15f787dd840 SHA512 35201b0e60ad20358080007e595eb4f96d186ba8e88f0485c55d164c28e3d78a12f3e09347ba3d76abb9b8b03fb4a53664bd74ab484be1548090022b956925fd WHIRLPOOL 8d25a66d192a6710466d149aec7a1719dfe91558205e8ba7e25b93e58869c8fedc96ba4ce2aedb0595b7e0b63299e6e41be1ba82c6b93ae6bbbb26d409c9bf51
1503 +DIST openvpn-2.3.8.tar.gz 1214843 SHA256 532435eff61c14b44a583f27b72f93e7864e96c95fe51134ec0ad4b1b1107c51 SHA512 b619283d87eea2e47a2f0dfdbf0ffd1d10388fbdaadb33b43c7a2743748a4814f869fad6215d32fab156664d554ae94af456e7bf496890c68e6729b153d76db9 WHIRLPOOL 4868c735ca5e65b34f477457ea38eb6db45fae80563490d1e39ece9bf29b13976dd82d50d054da70c4ee146cb2e88e847bafc3f7ff47112d4494fa0f408d65d0
1504 +EBUILD openvpn-2.3.8-r1.ebuild 4381 SHA256 2192986546297c598950830a4679bb4cce2c89095c1b638a777a1a7c78b59140 SHA512 ea1bf18b97897459bc7f8ae39d8f785b8b9e0cd9826ca934f955e4e566b4b835286a10c834dd1794ec1e9eeeac4f58b6c0f6f51bd7e253fc0140c7778fad8a42 WHIRLPOOL daa7b6e766df85f7ca940d6a18b3c119a1b9772ee2009065b023b71f35db56a35dabbb6041982220b4f951206c971a554dbc3ea0ac1bfe3353a6f5915bd66a2f
1505 +MISC ChangeLog 5210 SHA256 c07b34e233cf871beb74436576e8e2ed35a3f697d019546c8d46704cc81fb8e4 SHA512 5dceca6859e3f9b52e0de28721bd6054d6b76fc46a0c10a9e0f2781f0f2b97d9c81279ce9bc8dabca8bef75f5698d9e1f1febcd6250a97e9e87bbd96e5917d96 WHIRLPOOL 1d3fb678aafdad476d302a2ff66d91a19209eff8a69946f8acb5d9f5d6bb25f4b15a7877d6d17f95e54cf1149bed73205b6f45408f29614b0e721e97e1ac61f5
1506 +MISC ChangeLog-2015 45794 SHA256 5934bd3b7fb69833e6a786bff437d0322694e126d2448b3a72c771aff9888052 SHA512 66728563ecab8aabb1dc5ae24fb141a59573bc6e3bf8baa3a78d40dc4d5dc083a70ad76eef883f6efd968850aeece364d2534512ea00dc7ea349ef9e0d128afc WHIRLPOOL 60cd7cdce8fa00c525ba5814bd151fe043692b70cbdac13cec36644c7c695db3b7c24d444cbf3f6f38246e52c9b2f7e9f766fb13ec07196c40d038c881e9e340
1507 +MISC metadata.xml 988 SHA256 f8d77075b01a7250cfe43ecc06a635ffabe022b9c59eff660a236aff040d84dc SHA512 986f7a5de176f45aeed2e03770cc6b8ac0f1a55f410127c6c7b666255e742a483393db5c85e32f78c2f5e683e8124c3d907acb151245c2a982e587a59e1a4f2c WHIRLPOOL 10e57141519cfeefb7bfa89f0c3a1f4fea64067f8245c123545c85a48934294f694e5d3e888959f215aeccfa97fb54e500b31d4163e76942d80c5d3a6aebdc5f
1508
1509 diff --git a/net-misc/openvpn/files/2.3.6-disable-compression.patch b/net-misc/openvpn/files/2.3.6-disable-compression.patch
1510 new file mode 100644
1511 index 0000000..d9d1c76
1512 --- /dev/null
1513 +++ b/net-misc/openvpn/files/2.3.6-disable-compression.patch
1514 @@ -0,0 +1,18 @@
1515 +https://community.openvpn.net/openvpn/changeset/5d5233778868ddd568140c394adfcfc8e3453245/
1516 +
1517 +--- openvpn-2.3.6/src/openvpn/ssl_openssl.c.orig 2014-11-29 23:00:35.000000000 +0800
1518 ++++ openvpn-2.3.6/src/openvpn/ssl_openssl.c 2015-01-12 21:14:30.186993686 +0800
1519 +@@ -238,6 +238,13 @@
1520 + if (tls_ver_min > TLS_VER_1_2 || tls_ver_max < TLS_VER_1_2)
1521 + sslopt |= SSL_OP_NO_TLSv1_2;
1522 + #endif
1523 ++
1524 ++#ifdef SSL_OP_NO_COMPRESSION
1525 ++ msg (M_WARN, "[Workaround] disable SSL compression");
1526 ++ sslopt |= SSL_OP_NO_COMPRESSION;
1527 ++#endif
1528 ++
1529 ++
1530 + SSL_CTX_set_options (ctx->ctx, sslopt);
1531 + }
1532 +
1533
1534 diff --git a/net-misc/openvpn/files/2.3.6-null-cipher.patch b/net-misc/openvpn/files/2.3.6-null-cipher.patch
1535 new file mode 100644
1536 index 0000000..1e831cf
1537 --- /dev/null
1538 +++ b/net-misc/openvpn/files/2.3.6-null-cipher.patch
1539 @@ -0,0 +1,46 @@
1540 +The "really fix cipher none" patch has been merged to release/2.3 and master:
1541 +
1542 +commit 785838614afc20d362b64907b0212e9a779e2287 (release/2.3)
1543 +commit 98156e90e1e83133a6a6a020db8e7333ada6156b (master)
1544 +
1545 +diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
1546 +index 8749878..4e45df0 100644
1547 +--- a/src/openvpn/crypto_backend.h
1548 ++++ b/src/openvpn/crypto_backend.h
1549 +@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *cipher_kt);
1550 + *
1551 + * @return true iff the cipher is a CBC mode cipher.
1552 + */
1553 +-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
1554 +- __attribute__((nonnull));
1555 ++bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
1556 +
1557 + /**
1558 + * Check if the supplied cipher is a supported OFB or CFB mode cipher.
1559 +@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
1560 + *
1561 + * @return true iff the cipher is a OFB or CFB mode cipher.
1562 + */
1563 +-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
1564 +- __attribute__((nonnull));
1565 ++bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
1566 +
1567 +
1568 + /**
1569 +diff --git a/tests/t_lpback.sh b/tests/t_lpback.sh
1570 +index 8f88ad9..d7792cd 100755
1571 +--- a/tests/t_lpback.sh
1572 ++++ b/tests/t_lpback.sh
1573 +@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/openvpn --show-ciphers | \
1574 + # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
1575 + CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
1576 +
1577 ++# Also test cipher 'none'
1578 ++CIPHERS=${CIPHERS}$(printf "\nnone")
1579 ++
1580 + "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
1581 + set +e
1582 +
1583 +--
1584 +1.9.1
1585 +
1586
1587 diff --git a/net-misc/openvpn/files/2.3.6-vlan-support.patch b/net-misc/openvpn/files/2.3.6-vlan-support.patch
1588 new file mode 100644
1589 index 0000000..e06645d
1590 --- /dev/null
1591 +++ b/net-misc/openvpn/files/2.3.6-vlan-support.patch
1592 @@ -0,0 +1,1005 @@
1593 +diff --git a/configure.ac b/configure.ac
1594 +index 9132468..5646af5 100644
1595 +--- a/configure.ac
1596 ++++ b/configure.ac
1597 +@@ -257,6 +257,12 @@ AC_ARG_ENABLE(
1598 + [enable_systemd="no"]
1599 + )
1600 +
1601 ++AC_ARG_ENABLE(vlan-tagging,
1602 ++ [ --disable-vlan-tagging Disable support for 802.1Q-based VLAN tagging],
1603 ++ [VLAN_TAGGING="$enableval"],
1604 ++ [VLAN_TAGGING="yes"]
1605 ++)
1606 ++
1607 + AC_ARG_WITH(
1608 + [special-build],
1609 + [AS_HELP_STRING([--with-special-build=STRING], [specify special build string])],
1610 +@@ -1160,6 +1166,10 @@ if test "${enable_plugin_auth_pam}" = "yes"; then
1611 + fi
1612 + fi
1613 +
1614 ++if test "$VLAN_TAGGING" = "yes"; then
1615 ++ AC_DEFINE(ENABLE_VLAN_TAGGING, 1, [Enable 802.1Q-based VLAN tagging/untagging])
1616 ++fi
1617 ++
1618 + CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
1619 + AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
1620 +
1621 +diff --git a/doc/openvpn.8 b/doc/openvpn.8
1622 +index a8c189c..e8e222a 100644
1623 +--- a/doc/openvpn.8
1624 ++++ b/doc/openvpn.8
1625 +@@ -3623,6 +3623,109 @@ connection is torn down.
1626 +
1627 + Not implemented on Windows.
1628 + .\"*********************************************************
1629 ++.TP
1630 ++.B \-\-vlan\-tagging
1631 ++Turns the OpenVPN server instance into a switch that understands VLAN-tagging,
1632 ++based on IEEE 802.1Q.
1633 ++
1634 ++The tap device and each of the connecting clients is seen as a port of the
1635 ++switch. All client ports are in untagged mode and the tap device is
1636 ++VLAN-tagged, untagged or accepts both, depending on the
1637 ++.B \-\-vlan\-accept
1638 ++setting.
1639 ++
1640 ++Ethernet frames with a prepended 802.1Q tag are called "tagged". If the VLAN
1641 ++Identifier (VID) field in such a tag is non-zero, the frame is called
1642 ++"VLAN-tagged". If the VID is zero, but the Priority Control Point (PCP) field
1643 ++is non-zero, the frame is called "prio-tagged". If there is no 802.1Q tag, the
1644 ++frame is "untagged".
1645 ++
1646 ++Using the
1647 ++.B \-\-vlan\-pvid v
1648 ++option once per client, each port can be associated with a certain VID. Packets
1649 ++can only be distributed between ports with a matching VID. Therefore, clients
1650 ++with differing VIDs are completely separated from one-another, even if
1651 ++.B \-\-client-to-client
1652 ++is activated.
1653 ++
1654 ++The filtering of packets takes place in the OpenVPN server. Clients do not
1655 ++need support for VLAN tagging.
1656 ++
1657 ++The
1658 ++.B \-\-vlan\-tagging
1659 ++option is off by default. While turned off, OpenVPN
1660 ++does no parsing and accepts any Ethernet frames.
1661 ++
1662 ++The option can only be activated in
1663 ++.B \-\-dev tap
1664 ++mode.
1665 ++
1666 ++.\"*********************************************************
1667 ++.TP
1668 ++.B \-\-vlan\-accept all | tagged | untagged
1669 ++Allows the tap device's VLAN tagging policy to be configured. You can choose
1670 ++between the following modes:
1671 ++
1672 ++.B all
1673 ++(default) -- Admit all frames.
1674 ++.br
1675 ++.B tagged
1676 ++-- Admit only VLAN-tagged frames.
1677 ++.br
1678 ++.B untagged
1679 ++-- Admit only untagged and priority-tagged frames.
1680 ++
1681 ++(Note: Some vendors refer to switch ports running in
1682 ++.B tagged
1683 ++mode as "trunk ports" and switch ports running in
1684 ++.B untagged
1685 ++mode as "access ports".)
1686 ++
1687 ++Incoming untagged or priority-tagged packets from clients are assigned with the
1688 ++client's Port VLAN Identifier (PVID) as their VID. In
1689 ++.B untagged
1690 ++mode, incoming untagged or priority-tagged packets on the tap device are
1691 ++associated with the global
1692 ++.B \-\-vlan\-pvid
1693 ++setting. In
1694 ++.B tagged
1695 ++mode, any incoming untagged or priority-tagged packets are dropped. For
1696 ++VLAN-tagged packets, any priority information is lost as soon as the
1697 ++VLAN-tagging is removed.
1698 ++
1699 ++In
1700 ++.B tagged
1701 ++mode, packets going out through the tap device are VLAN-tagged with the
1702 ++originating client's VID.
1703 ++
1704 ++In
1705 ++.B all
1706 ++mode, incoming tagged packets are handled the same way as in
1707 ++.B tagged
1708 ++mode. Incoming untagged packets are handled as in
1709 ++.B untagged
1710 ++mode. Outgoing packets are tagged, unless the VID matches the global PVID, in
1711 ++which case the packets go out untagged.
1712 ++.\"*********************************************************
1713 ++.TP
1714 ++.B \-\-vlan\-pvid v
1715 ++Specifies which VLAN identifier a "port" is associated with. Not valid without
1716 ++\fB\-\-vlan\-tagging\fR.
1717 ++
1718 ++In client context, the setting specifies which VLAN identifier a client is
1719 ++associated with. In global context, the tap device's VLAN identifier is set.
1720 ++The latter only makes sense in
1721 ++.B \-\-vlan\-accept untagged
1722 ++and
1723 ++.B \-\-vlan\-accept all
1724 ++mode.
1725 ++
1726 ++Valid values for
1727 ++.B v
1728 ++go from 1 through to 4094. Defaults to 1.
1729 ++
1730 ++In some switch implementations, the PVID is also referred to as "Native VLAN".
1731 ++.\"*********************************************************
1732 + .SS Client Mode
1733 + Use client mode when connecting to an OpenVPN server
1734 + which has
1735 +diff --git a/src/openvpn/errlevel.h b/src/openvpn/errlevel.h
1736 +index 3ee4ebc..2ebec47 100644
1737 +--- a/src/openvpn/errlevel.h
1738 ++++ b/src/openvpn/errlevel.h
1739 +@@ -149,6 +149,8 @@
1740 + #define D_PF_DROPPED_BCAST LOGLEV(7, 71, M_DEBUG) /* packet filter dropped a broadcast packet */
1741 + #define D_PF_DEBUG LOGLEV(7, 72, M_DEBUG) /* packet filter debugging, must also define PF_DEBUG in pf.h */
1742 +
1743 ++#define D_VLAN_DEBUG LOGLEV(7, 72, M_DEBUG) /* show VLAN tagging/untagging debug info */
1744 ++
1745 + #define D_HANDSHAKE_VERBOSE LOGLEV(8, 70, M_DEBUG) /* show detailed description of each handshake */
1746 + #define D_TLS_DEBUG_MED LOGLEV(8, 70, M_DEBUG) /* limited info from tls_session routines */
1747 + #define D_INTERVAL LOGLEV(8, 70, M_DEBUG) /* show interval.h debugging info */
1748 +diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
1749 +index ba4ef46..dc9183b 100644
1750 +--- a/src/openvpn/mroute.c
1751 ++++ b/src/openvpn/mroute.c
1752 +@@ -210,12 +210,28 @@ mroute_extract_addr_ipv4 (struct mroute_addr *src,
1753 + return ret;
1754 + }
1755 +
1756 ++static void mroute_copy_ether_to_addr(struct mroute_addr *maddr,
1757 ++ const uint8_t *eth_addr,
1758 ++ uint16_t vid)
1759 ++{
1760 ++ maddr->type = MR_ADDR_ETHER;
1761 ++ maddr->netbits = 0;
1762 ++ memcpy (maddr->addr, eth_addr, 6);
1763 ++#ifdef ENABLE_VLAN_TAGGING
1764 ++ maddr->len = 8;
1765 ++ memcpy (maddr->addr + 6, &vid, 2);
1766 ++#else
1767 ++ maddr->len = 6;
1768 ++#endif
1769 ++}
1770 ++
1771 + unsigned int
1772 + mroute_extract_addr_ether (struct mroute_addr *src,
1773 + struct mroute_addr *dest,
1774 + struct mroute_addr *esrc,
1775 + struct mroute_addr *edest,
1776 +- const struct buffer *buf)
1777 ++ const struct buffer *buf,
1778 ++ uint16_t vid)
1779 + {
1780 + unsigned int ret = 0;
1781 + if (BLEN (buf) >= (int) sizeof (struct openvpn_ethhdr))
1782 +@@ -223,17 +239,11 @@ mroute_extract_addr_ether (struct mroute_addr *src,
1783 + const struct openvpn_ethhdr *eth = (const struct openvpn_ethhdr *) BPTR (buf);
1784 + if (src)
1785 + {
1786 +- src->type = MR_ADDR_ETHER;
1787 +- src->netbits = 0;
1788 +- src->len = 6;
1789 +- memcpy (src->addr, eth->source, 6);
1790 ++ mroute_copy_ether_to_addr(src, eth->source, vid);
1791 + }
1792 + if (dest)
1793 + {
1794 +- dest->type = MR_ADDR_ETHER;
1795 +- dest->netbits = 0;
1796 +- dest->len = 6;
1797 +- memcpy (dest->addr, eth->dest, 6);
1798 ++ mroute_copy_ether_to_addr(dest, eth->dest, vid);
1799 +
1800 + /* ethernet broadcast/multicast packet? */
1801 + if (is_mac_mcast_addr (eth->dest))
1802 +@@ -248,7 +258,16 @@ mroute_extract_addr_ether (struct mroute_addr *src,
1803 + struct buffer b = *buf;
1804 + if (buf_advance (&b, sizeof (struct openvpn_ethhdr)))
1805 + {
1806 +- switch (ntohs (eth->proto))
1807 ++ uint16_t proto = ntohs (eth->proto);
1808 ++ if (proto == OPENVPN_ETH_P_8021Q &&
1809 ++ BLEN (buf) >= (int) sizeof (struct openvpn_8021qhdr))
1810 ++ {
1811 ++ const struct openvpn_8021qhdr *tag = (const struct openvpn_8021qhdr *) BPTR (buf);
1812 ++ proto = ntohs (tag->proto);
1813 ++ buf_advance (&b, SIZE_ETH_TO_8021Q_HDR);
1814 ++ }
1815 ++
1816 ++ switch (proto)
1817 + {
1818 + case OPENVPN_ETH_P_IPV4:
1819 + ret |= (mroute_extract_addr_ipv4 (esrc, edest, &b) << MROUTE_SEC_SHIFT);
1820 +@@ -391,6 +410,9 @@ mroute_addr_print_ex (const struct mroute_addr *ma,
1821 + {
1822 + case MR_ADDR_ETHER:
1823 + buf_printf (&out, "%s", format_hex_ex (ma->addr, 6, 0, 1, ":", gc));
1824 ++#ifdef ENABLE_VLAN_TAGGING
1825 ++ buf_printf (&out, "@%u", *(uint16_t*)(ma->addr + 6));
1826 ++#endif
1827 + break;
1828 + case MR_ADDR_IPV4:
1829 + {
1830 +diff --git a/src/openvpn/mroute.h b/src/openvpn/mroute.h
1831 +index 608f70b..175dd2a 100644
1832 +--- a/src/openvpn/mroute.h
1833 ++++ b/src/openvpn/mroute.h
1834 +@@ -138,7 +138,8 @@ mroute_extract_addr_from_packet (struct mroute_addr *src,
1835 + struct mroute_addr *esrc,
1836 + struct mroute_addr *edest,
1837 + const struct buffer *buf,
1838 +- int tunnel_type)
1839 ++ int tunnel_type,
1840 ++ uint16_t vid)
1841 + {
1842 + unsigned int mroute_extract_addr_ipv4 (struct mroute_addr *src,
1843 + struct mroute_addr *dest,
1844 +@@ -148,13 +149,14 @@ mroute_extract_addr_from_packet (struct mroute_addr *src,
1845 + struct mroute_addr *dest,
1846 + struct mroute_addr *esrc,
1847 + struct mroute_addr *edest,
1848 +- const struct buffer *buf);
1849 ++ const struct buffer *buf,
1850 ++ uint16_t vid);
1851 + unsigned int ret = 0;
1852 + verify_align_4 (buf);
1853 + if (tunnel_type == DEV_TYPE_TUN)
1854 + ret = mroute_extract_addr_ipv4 (src, dest, buf);
1855 + else if (tunnel_type == DEV_TYPE_TAP)
1856 +- ret = mroute_extract_addr_ether (src, dest, esrc, edest, buf);
1857 ++ ret = mroute_extract_addr_ether (src, dest, esrc, edest, buf, vid);
1858 + return ret;
1859 + }
1860 +
1861 +diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
1862 +index 6ddfbb5..36a86a5 100644
1863 +--- a/src/openvpn/multi.c
1864 ++++ b/src/openvpn/multi.c
1865 +@@ -6,6 +6,7 @@
1866 + * packet compression.
1867 + *
1868 + * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@×××××××.net>
1869 ++ * Copyright (C) 2010 Fabian Knittel <fabian.knittel@×××××××.de>
1870 + *
1871 + * This program is free software; you can redistribute it and/or modify
1872 + * it under the terms of the GNU General Public License version 2
1873 +@@ -1956,7 +1957,8 @@ static void
1874 + multi_bcast (struct multi_context *m,
1875 + const struct buffer *buf,
1876 + const struct multi_instance *sender_instance,
1877 +- const struct mroute_addr *sender_addr)
1878 ++ const struct mroute_addr *sender_addr,
1879 ++ uint16_t vid)
1880 + {
1881 + struct hash_iterator hi;
1882 + struct hash_element *he;
1883 +@@ -2001,6 +2003,10 @@ multi_bcast (struct multi_context *m,
1884 + }
1885 + }
1886 + #endif
1887 ++#ifdef ENABLE_VLAN_TAGGING
1888 ++ if (vid != 0 && vid != mi->context.options.vlan_pvid)
1889 ++ continue;
1890 ++#endif
1891 + multi_add_mbuf (m, mi, mb);
1892 + }
1893 + }
1894 +@@ -2179,6 +2185,37 @@ done:
1895 + gc_free (&gc);
1896 + }
1897 +
1898 ++#ifdef ENABLE_VLAN_TAGGING
1899 ++/*
1900 ++ * Decides whether or not to drop an ethernet frame. VLAN-tagged frames are
1901 ++ * dropped. All other frames are accepted.
1902 ++ *
1903 ++ * @param buf The ethernet frame.
1904 ++ * @return Returns true if the frame should be dropped, false otherwise.
1905 ++ */
1906 ++static bool
1907 ++buf_filter_incoming_8021q_vlan_tag (const struct buffer *buf)
1908 ++{
1909 ++ const struct openvpn_8021qhdr *vlanhdr;
1910 ++ uint16_t vid;
1911 ++
1912 ++ if (BLEN (buf) < (int) sizeof (struct openvpn_8021qhdr))
1913 ++ return false; /* Frame too small. */
1914 ++
1915 ++ vlanhdr = (const struct openvpn_8021qhdr *) BPTR (buf);
1916 ++
1917 ++ if (ntohs (vlanhdr->tpid) != OPENVPN_ETH_P_8021Q)
1918 ++ return false; /* Frame is untagged. */
1919 ++
1920 ++ vid = vlanhdr_get_vid (vlanhdr);
1921 ++ if (vid == 0)
1922 ++ return false; /* Frame only priority-tagged. */
1923 ++
1924 ++ msg (D_VLAN_DEBUG, "dropping VLAN-tagged incoming frame, vid: %u", vid);
1925 ++ return true;
1926 ++}
1927 ++#endif
1928 ++
1929 + /*
1930 + * Process packets in the TCP/UDP socket -> TUN/TAP interface direction,
1931 + * i.e. client -> server direction.
1932 +@@ -2254,7 +2291,8 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins
1933 + NULL,
1934 + NULL,
1935 + &c->c2.to_tun,
1936 +- DEV_TYPE_TUN);
1937 ++ DEV_TYPE_TUN,
1938 ++ 0);
1939 +
1940 + /* drop packet if extract failed */
1941 + if (!(mroute_flags & MROUTE_EXTRACT_SUCCEEDED))
1942 +@@ -2284,7 +2322,7 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins
1943 + if (mroute_flags & MROUTE_EXTRACT_MCAST)
1944 + {
1945 + /* for now, treat multicast as broadcast */
1946 +- multi_bcast (m, &c->c2.to_tun, m->pending, NULL);
1947 ++ multi_bcast (m, &c->c2.to_tun, m->pending, NULL, 0);
1948 + }
1949 + else /* possible client to client routing */
1950 + {
1951 +@@ -2321,10 +2359,27 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins
1952 + }
1953 + else if (TUNNEL_TYPE (m->top.c1.tuntap) == DEV_TYPE_TAP)
1954 + {
1955 ++#ifdef ENABLE_VLAN_TAGGING
1956 ++ uint16_t vid = 0;
1957 ++#else
1958 ++ const uint16_t vid = 0;
1959 ++#endif
1960 + #ifdef ENABLE_PF
1961 + struct mroute_addr edest;
1962 + mroute_addr_reset (&edest);
1963 + #endif
1964 ++#ifdef ENABLE_VLAN_TAGGING
1965 ++ if (m->top.options.vlan_tagging)
1966 ++ {
1967 ++ if (buf_filter_incoming_8021q_vlan_tag (&c->c2.to_tun))
1968 ++ {
1969 ++ /* Drop VLAN-tagged frame. */
1970 ++ c->c2.to_tun.len = 0;
1971 ++ }
1972 ++ else
1973 ++ vid = c->options.vlan_pvid;
1974 ++ }
1975 ++#endif
1976 + /* extract packet source and dest addresses */
1977 + mroute_flags = mroute_extract_addr_from_packet (&src,
1978 + &dest,
1979 +@@ -2335,7 +2390,8 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins
1980 + NULL,
1981 + #endif
1982 + &c->c2.to_tun,
1983 +- DEV_TYPE_TAP);
1984 ++ DEV_TYPE_TAP,
1985 ++ vid);
1986 +
1987 + if (mroute_flags & MROUTE_EXTRACT_SUCCEEDED)
1988 + {
1989 +@@ -2346,7 +2402,7 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins
1990 + {
1991 + if (mroute_flags & (MROUTE_EXTRACT_BCAST|MROUTE_EXTRACT_MCAST))
1992 + {
1993 +- multi_bcast (m, &c->c2.to_tun, m->pending, NULL);
1994 ++ multi_bcast (m, &c->c2.to_tun, m->pending, NULL, vid);
1995 + }
1996 + else /* try client-to-client routing */
1997 + {
1998 +@@ -2404,6 +2460,165 @@ multi_process_incoming_link (struct multi_context *m, struct multi_instance *ins
1999 + return ret;
2000 + }
2001 +
2002 ++#ifdef ENABLE_VLAN_TAGGING
2003 ++/*
2004 ++ * For vlan_accept == VAF_ONLY_UNTAGGED_OR_PRIORITY:
2005 ++ * Only untagged frames and frames that are priority-tagged (VID == 0) are
2006 ++ * accepted. (This means that VLAN-tagged frames are dropped.) For frames
2007 ++ * that aren't dropped, the global vlan_pvid is returned as VID.
2008 ++ *
2009 ++ * For vlan_accept == VAF_ONLY_VLAN_TAGGED:
2010 ++ * If a frame is VLAN-tagged the tagging is removed and the embedded VID is
2011 ++ * returned. Any included priority information is lost.
2012 ++ * If a frame isn't VLAN-tagged, the frame is dropped.
2013 ++ *
2014 ++ * For vlan_accept == VAF_ALL:
2015 ++ * Accepts both VLAN-tagged and untagged (or priority-tagged) frames and
2016 ++ * and handles them as described above.
2017 ++ *
2018 ++ * @param c The global context.
2019 ++ * @param buf The ethernet frame.
2020 ++ * @return Returns -1 if the frame is dropped or the VID if it is accepted.
2021 ++ */
2022 ++static int16_t
2023 ++multi_remove_8021q_vlan_tag (const struct context *c, struct buffer *buf)
2024 ++{
2025 ++ struct openvpn_ethhdr eth;
2026 ++ struct openvpn_8021qhdr vlanhdr;
2027 ++ uint16_t vid;
2028 ++ uint16_t pcp;
2029 ++
2030 ++ if (BLEN (buf) < (sizeof (struct openvpn_8021qhdr)))
2031 ++ goto drop;
2032 ++
2033 ++ vlanhdr = *(const struct openvpn_8021qhdr *) BPTR (buf);
2034 ++
2035 ++ if (ntohs (vlanhdr.tpid) != OPENVPN_ETH_P_8021Q)
2036 ++ {
2037 ++ /* Untagged frame. */
2038 ++
2039 ++ if (c->options.vlan_accept == VAF_ONLY_VLAN_TAGGED)
2040 ++ {
2041 ++ /* We only accept vlan-tagged frames, so drop frames without vlan-tag
2042 ++ */
2043 ++ msg (D_VLAN_DEBUG, "dropping frame without vlan-tag (proto/len 0x%04x)",
2044 ++ ntohs (vlanhdr.tpid));
2045 ++ goto drop;
2046 ++ }
2047 ++
2048 ++ msg (D_VLAN_DEBUG, "assuming pvid for frame without vlan-tag, pvid: %u (proto/len 0x%04x)",
2049 ++ c->options.vlan_pvid, ntohs (vlanhdr.tpid));
2050 ++ /* We return the global PVID as the VID for the untagged frame. */
2051 ++ return c->options.vlan_pvid;
2052 ++ }
2053 ++
2054 ++ /* Tagged frame. */
2055 ++
2056 ++ vid = vlanhdr_get_vid (&vlanhdr);
2057 ++ pcp = vlanhdr_get_pcp (&vlanhdr);
2058 ++
2059 ++ if (c->options.vlan_accept == VAF_ONLY_UNTAGGED_OR_PRIORITY)
2060 ++ {
2061 ++ /* We only accept untagged / prio-tagged frames.
2062 ++ */
2063 ++
2064 ++ if (vid != 0)
2065 ++ {
2066 ++ /* VLAN-tagged frame - which isn't acceptable here - so drop it. */
2067 ++ msg (D_VLAN_DEBUG, "dropping frame with vlan-tag, vid: %u (proto/len 0x%04x)",
2068 ++ vid, ntohs (vlanhdr.proto));
2069 ++ goto drop;
2070 ++ }
2071 ++
2072 ++ /* Fall-through for prio-tagged frames. */
2073 ++ }
2074 ++
2075 ++ /* At this point the frame is acceptable to us. It may be prio-tagged and/or
2076 ++ VLAN-tagged. */
2077 ++
2078 ++ if (vid != 0)
2079 ++ {
2080 ++ /* VLAN-tagged frame. Strip the tagging. Any priority information is lost. */
2081 ++
2082 ++ msg (D_VLAN_DEBUG, "removing vlan-tag from frame: vid: %u, wrapped proto/len: 0x%04x",
2083 ++ vid, ntohs (vlanhdr.proto));
2084 ++ memcpy (&eth, &vlanhdr, sizeof (eth));
2085 ++ eth.proto = vlanhdr.proto;
2086 ++
2087 ++ buf_advance (buf, SIZE_ETH_TO_8021Q_HDR);
2088 ++ memcpy (BPTR (buf), &eth, sizeof eth);
2089 ++
2090 ++ return vid;
2091 ++ }
2092 ++ else
2093 ++ {
2094 ++ /* Prio-tagged frame. We assume that the sender knows what it's doing and
2095 ++ don't stript the tagging. */
2096 ++
2097 ++ /* We return the global PVID as the VID for the priority-tagged frame. */
2098 ++ return c->options.vlan_pvid;
2099 ++ }
2100 ++drop:
2101 ++ /* Drop the frame. */
2102 ++ buf->len = 0;
2103 ++ return -1;
2104 ++}
2105 ++
2106 ++/*
2107 ++ * Adds VLAN tagging to a frame. Assumes vlan_accept == VAF_ONLY_VLAN_TAGGED
2108 ++ * or VAF_ALL and a matching PVID.
2109 ++ */
2110 ++void
2111 ++multi_prepend_8021q_vlan_tag (const struct context *c, struct buffer *buf)
2112 ++{
2113 ++ struct openvpn_ethhdr eth;
2114 ++ struct openvpn_8021qhdr *vlanhdr;
2115 ++
2116 ++ /* Frame too small? */
2117 ++ if (BLEN (buf) < (int) sizeof (struct openvpn_ethhdr))
2118 ++ goto drop;
2119 ++
2120 ++ eth = *(const struct openvpn_ethhdr *) BPTR (buf);
2121 ++ if (ntohs (eth.proto) == OPENVPN_ETH_P_8021Q)
2122 ++ {
2123 ++ /* Priority-tagged frame. (VLAN-tagged frames couldn't have reached us
2124 ++ here.) */
2125 ++
2126 ++ /* Frame too small for header type? */
2127 ++ if (BLEN (buf) < (int) (sizeof (struct openvpn_8021qhdr)))
2128 ++ goto drop;
2129 ++
2130 ++ vlanhdr = (struct openvpn_8021qhdr *) BPTR (buf);
2131 ++ }
2132 ++ else
2133 ++ {
2134 ++ /* Untagged frame. */
2135 ++
2136 ++ /* Not enough head room for VLAN tag? */
2137 ++ if (buf_reverse_capacity (buf) < SIZE_ETH_TO_8021Q_HDR)
2138 ++ goto drop;
2139 ++
2140 ++ vlanhdr = (struct openvpn_8021qhdr *) buf_prepend (buf, SIZE_ETH_TO_8021Q_HDR);
2141 ++
2142 ++ /* Initialise VLAN-tag ... */
2143 ++ memcpy (vlanhdr, &eth, sizeof eth);
2144 ++ vlanhdr->tpid = htons (OPENVPN_ETH_P_8021Q);
2145 ++ vlanhdr->proto = eth.proto;
2146 ++ vlanhdr_set_pcp (vlanhdr, 0);
2147 ++ vlanhdr_set_cfi (vlanhdr, 0);
2148 ++ }
2149 ++
2150 ++ vlanhdr_set_vid (vlanhdr, c->options.vlan_pvid);
2151 ++
2152 ++ msg (D_VLAN_DEBUG, "tagging frame: vid %u (wrapping proto/len: %04x)",
2153 ++ c->options.vlan_pvid, vlanhdr->proto);
2154 ++ return;
2155 ++drop:
2156 ++ /* Drop the frame. */
2157 ++ buf->len = 0;
2158 ++}
2159 ++#endif /* ENABLE_VLAN_TAGGING */
2160 ++
2161 + /*
2162 + * Process packets in the TUN/TAP interface -> TCP/UDP socket direction,
2163 + * i.e. server -> client direction.
2164 +@@ -2419,6 +2634,11 @@ multi_process_incoming_tun (struct multi_context *m, const unsigned int mpp_flag
2165 + unsigned int mroute_flags;
2166 + struct mroute_addr src, dest;
2167 + const int dev_type = TUNNEL_TYPE (m->top.c1.tuntap);
2168 ++#ifdef ENABLE_VLAN_TAGGING
2169 ++ int16_t vid = 0;
2170 ++#else
2171 ++ const int16_t vid = 0;
2172 ++#endif
2173 +
2174 + #ifdef ENABLE_PF
2175 + struct mroute_addr esrc, *e1, *e2;
2176 +@@ -2446,6 +2666,15 @@ multi_process_incoming_tun (struct multi_context *m, const unsigned int mpp_flag
2177 + * the appropriate multi_instance object.
2178 + */
2179 +
2180 ++#ifdef ENABLE_VLAN_TAGGING
2181 ++ if (dev_type == DEV_TYPE_TAP && m->top.options.vlan_tagging)
2182 ++ {
2183 ++ if ((vid = multi_remove_8021q_vlan_tag (&m->top,
2184 ++ &m->top.c2.buf)) == -1)
2185 ++ return false;
2186 ++ }
2187 ++#endif
2188 ++
2189 + mroute_flags = mroute_extract_addr_from_packet (&src,
2190 + &dest,
2191 + #ifdef ENABLE_PF
2192 +@@ -2455,7 +2684,8 @@ multi_process_incoming_tun (struct multi_context *m, const unsigned int mpp_flag
2193 + #endif
2194 + NULL,
2195 + &m->top.c2.buf,
2196 +- dev_type);
2197 ++ dev_type,
2198 ++ vid);
2199 +
2200 + if (mroute_flags & MROUTE_EXTRACT_SUCCEEDED)
2201 + {
2202 +@@ -2466,9 +2696,9 @@ multi_process_incoming_tun (struct multi_context *m, const unsigned int mpp_flag
2203 + {
2204 + /* for now, treat multicast as broadcast */
2205 + #ifdef ENABLE_PF
2206 +- multi_bcast (m, &m->top.c2.buf, NULL, e2);
2207 ++ multi_bcast (m, &m->top.c2.buf, NULL, e2, vid);
2208 + #else
2209 +- multi_bcast (m, &m->top.c2.buf, NULL, NULL);
2210 ++ multi_bcast (m, &m->top.c2.buf, NULL, NULL, vid);
2211 + #endif
2212 + }
2213 + else
2214 +@@ -2637,7 +2867,7 @@ gremlin_flood_clients (struct multi_context *m)
2215 + ASSERT (buf_write_u8 (&buf, get_random () & 0xFF));
2216 +
2217 + for (i = 0; i < parm.n_packets; ++i)
2218 +- multi_bcast (m, &buf, NULL, NULL);
2219 ++ multi_bcast (m, &buf, NULL, NULL, 0);
2220 +
2221 + gc_free (&gc);
2222 + }
2223 +diff --git a/src/openvpn/multi.h b/src/openvpn/multi.h
2224 +index 32b89d2..10151e4 100644
2225 +--- a/src/openvpn/multi.h
2226 ++++ b/src/openvpn/multi.h
2227 +@@ -555,6 +555,10 @@ multi_get_timeout (struct multi_context *m, struct timeval *dest)
2228 + static inline bool
2229 + multi_process_outgoing_tun (struct multi_context *m, const unsigned int mpp_flags)
2230 + {
2231 ++#ifdef ENABLE_VLAN_TAGGING
2232 ++ void multi_prepend_8021q_vlan_tag (const struct context *c,
2233 ++ struct buffer *buf);
2234 ++#endif
2235 + struct multi_instance *mi = m->pending;
2236 + bool ret = true;
2237 +
2238 +@@ -565,6 +569,35 @@ multi_process_outgoing_tun (struct multi_context *m, const unsigned int mpp_flag
2239 + mi->context.c2.to_tun.len);
2240 + #endif
2241 + set_prefix (mi);
2242 ++#ifdef ENABLE_VLAN_TAGGING
2243 ++ if (m->top.options.vlan_accept == VAF_ONLY_UNTAGGED_OR_PRIORITY)
2244 ++ {
2245 ++ /* Packets aren't VLAN-tagged on the tap device. */
2246 ++
2247 ++ if (m->top.options.vlan_pvid != mi->context.options.vlan_pvid)
2248 ++ {
2249 ++ /* Packet is coming from the wrong VID, drop it. */
2250 ++ mi->context.c2.to_tun.len = 0;
2251 ++ }
2252 ++ }
2253 ++ else if (m->top.options.vlan_accept == VAF_ALL)
2254 ++ {
2255 ++ /* Packets either need to be VLAN-tagged or not, depending on the
2256 ++ packet's originating VID and the port's native VID (PVID). */
2257 ++
2258 ++ if (m->top.options.vlan_pvid != mi->context.options.vlan_pvid)
2259 ++ {
2260 ++ /* Packets need to be VLAN-tagged, because the packet's VID does not
2261 ++ match the port's PVID. */
2262 ++ multi_prepend_8021q_vlan_tag (&mi->context, &mi->context.c2.to_tun);
2263 ++ }
2264 ++ }
2265 ++ else if (m->top.options.vlan_accept == VAF_ONLY_VLAN_TAGGED)
2266 ++ {
2267 ++ /* All packets on the port (the tap device) need to be VLAN-tagged. */
2268 ++ multi_prepend_8021q_vlan_tag (&mi->context, &mi->context.c2.to_tun);
2269 ++ }
2270 ++#endif
2271 + process_outgoing_tun (&mi->context);
2272 + ret = multi_process_post (m, mi, mpp_flags);
2273 + clear_prefix ();
2274 +diff --git a/src/openvpn/options.c b/src/openvpn/options.c
2275 +index 4ea03d1..c0baf63 100644
2276 +--- a/src/openvpn/options.c
2277 ++++ b/src/openvpn/options.c
2278 +@@ -476,6 +476,11 @@ static const char usage_message[] =
2279 + " sessions to a web server at host:port. dir specifies an\n"
2280 + " optional directory to write origin IP:port data.\n"
2281 + #endif
2282 ++#ifdef ENABLE_VLAN_TAGGING
2283 ++ "--vlan-tagging : Enable 802.1Q-based VLAN tagging.\n"
2284 ++ "--vlan-accept tagged|untagged|all : Set VLAN tagging mode. Default is 'all'.\n"
2285 ++ "--vlan-pvid v : Sets the Port VLAN Identifier. Defaults to 1.\n"
2286 ++#endif
2287 + #endif
2288 + "\n"
2289 + "Client options (when connecting to a multi-client server):\n"
2290 +@@ -845,6 +850,10 @@ init_options (struct options *o, const bool init_gc)
2291 + #ifdef ENABLE_PKCS11
2292 + o->pkcs11_pin_cache_period = -1;
2293 + #endif /* ENABLE_PKCS11 */
2294 ++#ifdef ENABLE_VLAN_TAGGING
2295 ++ o->vlan_accept = VAF_ALL;
2296 ++ o->vlan_pvid = 1;
2297 ++#endif
2298 +
2299 + /* tmp is only used in P2MP server context */
2300 + #if P2MP_SERVER
2301 +@@ -1139,6 +1148,23 @@ dhcp_option_address_parse (const char *name, const char *parm, in_addr_t *array,
2302 +
2303 + #endif
2304 +
2305 ++#ifdef ENABLE_VLAN_TAGGING
2306 ++static const char *
2307 ++print_vlan_accept (enum vlan_acceptable_frames mode)
2308 ++{
2309 ++ switch (mode)
2310 ++ {
2311 ++ case VAF_ONLY_VLAN_TAGGED:
2312 ++ return "tagged";
2313 ++ case VAF_ONLY_UNTAGGED_OR_PRIORITY:
2314 ++ return "untagged";
2315 ++ case VAF_ALL:
2316 ++ return "all";
2317 ++ }
2318 ++ return NULL;
2319 ++}
2320 ++#endif
2321 ++
2322 + #if P2MP
2323 +
2324 + #ifndef ENABLE_SMALL
2325 +@@ -1204,6 +1230,11 @@ show_p2mp_parms (const struct options *o)
2326 + SHOW_STR (port_share_host);
2327 + SHOW_STR (port_share_port);
2328 + #endif
2329 ++#ifdef ENABLE_VLAN_TAGGING
2330 ++ SHOW_BOOL (vlan_tagging);
2331 ++ msg (D_SHOW_PARMS, " vlan_accept = %s", print_vlan_accept (o->vlan_accept));
2332 ++ SHOW_INT (vlan_pvid);
2333 ++#endif
2334 + #endif /* P2MP_SERVER */
2335 +
2336 + SHOW_BOOL (client);
2337 +@@ -2058,6 +2089,17 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
2338 + if ((options->ssl_flags & SSLF_AUTH_USER_PASS_OPTIONAL) && !ccnr)
2339 + msg (M_USAGE, "--auth-user-pass-optional %s", postfix);
2340 + }
2341 ++#ifdef ENABLE_VLAN_TAGGING
2342 ++ if (options->vlan_tagging && dev != DEV_TYPE_TAP)
2343 ++ msg (M_USAGE, "--vlan-tagging must be used with --dev tap");
2344 ++ if (!options->vlan_tagging)
2345 ++ {
2346 ++ if (options->vlan_accept != defaults.vlan_accept)
2347 ++ msg (M_USAGE, "--vlan-accept requires --vlan-tagging");
2348 ++ if (options->vlan_pvid != defaults.vlan_pvid)
2349 ++ msg (M_USAGE, "--vlan-pvid requires --vlan-tagging");
2350 ++ }
2351 ++#endif
2352 + }
2353 + else
2354 + {
2355 +@@ -2104,6 +2146,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
2356 + if (options->port_share_host || options->port_share_port)
2357 + msg (M_USAGE, "--port-share requires TCP server mode (--mode server --proto tcp-server)");
2358 + #endif
2359 ++#ifdef ENABLE_VLAN_TAGGING
2360 ++ if (options->vlan_tagging)
2361 ++ msg (M_USAGE, "--vlan-tagging requires --mode server");
2362 ++#endif
2363 +
2364 + if (options->stale_routes_check_interval)
2365 + msg (M_USAGE, "--stale-routes-check requires --mode server");
2366 +@@ -7023,6 +7069,45 @@ add_option (struct options *options,
2367 + options->use_peer_id = true;
2368 + options->peer_id = atoi(p[1]);
2369 + }
2370 ++#ifdef ENABLE_VLAN_TAGGING
2371 ++ else if (streq (p[0], "vlan-tagging"))
2372 ++ {
2373 ++ VERIFY_PERMISSION (OPT_P_GENERAL);
2374 ++ options->vlan_tagging = true;
2375 ++ }
2376 ++ else if (streq (p[0], "vlan-accept") && p[1])
2377 ++ {
2378 ++ VERIFY_PERMISSION (OPT_P_GENERAL);
2379 ++ if (streq (p[1], "tagged"))
2380 ++ {
2381 ++ options->vlan_accept = VAF_ONLY_VLAN_TAGGED;
2382 ++ }
2383 ++ else if (streq (p[1], "untagged"))
2384 ++ {
2385 ++ options->vlan_accept = VAF_ONLY_UNTAGGED_OR_PRIORITY;
2386 ++ }
2387 ++ else if (streq (p[1], "all"))
2388 ++ {
2389 ++ options->vlan_accept = VAF_ALL;
2390 ++ }
2391 ++ else
2392 ++ {
2393 ++ msg (msglevel, "--vlan-accept must be 'tagged', 'untagged' or 'all'");
2394 ++ goto err;
2395 ++ }
2396 ++ }
2397 ++ else if (streq (p[0], "vlan-pvid") && p[1])
2398 ++ {
2399 ++ VERIFY_PERMISSION (OPT_P_GENERAL|OPT_P_INSTANCE);
2400 ++ options->vlan_pvid = positive_atoi (p[1]);
2401 ++ if (options->vlan_pvid < OPENVPN_8021Q_MIN_VID ||
2402 ++ options->vlan_pvid > OPENVPN_8021Q_MAX_VID)
2403 ++ {
2404 ++ msg (msglevel, "the parameter of --vlan-pvid parameters must be >= %u and <= %u", OPENVPN_8021Q_MIN_VID, OPENVPN_8021Q_MAX_VID);
2405 ++ goto err;
2406 ++ }
2407 ++ }
2408 ++#endif
2409 + else
2410 + {
2411 + int i;
2412 +diff --git a/src/openvpn/options.h b/src/openvpn/options.h
2413 +index 7a8b21e..35fa6b1 100644
2414 +--- a/src/openvpn/options.h
2415 ++++ b/src/openvpn/options.h
2416 +@@ -159,6 +159,15 @@ struct remote_list
2417 + struct remote_entry *array[CONNECTION_LIST_SIZE];
2418 + };
2419 +
2420 ++#ifdef ENABLE_VLAN_TAGGING
2421 ++enum vlan_acceptable_frames
2422 ++{
2423 ++ VAF_ONLY_VLAN_TAGGED,
2424 ++ VAF_ONLY_UNTAGGED_OR_PRIORITY,
2425 ++ VAF_ALL,
2426 ++};
2427 ++#endif
2428 ++
2429 + struct remote_host_store
2430 + {
2431 + # define RH_HOST_LEN 80
2432 +@@ -597,6 +606,12 @@ struct options
2433 +
2434 + bool use_peer_id;
2435 + uint32_t peer_id;
2436 ++
2437 ++#ifdef ENABLE_VLAN_TAGGING
2438 ++ bool vlan_tagging;
2439 ++ enum vlan_acceptable_frames vlan_accept;
2440 ++ uint16_t vlan_pvid;
2441 ++#endif
2442 + };
2443 +
2444 + #define streq(x, y) (!strcmp((x), (y)))
2445 +diff --git a/src/openvpn/proto.c b/src/openvpn/proto.c
2446 +index 7b58e6a..2921a6e 100644
2447 +--- a/src/openvpn/proto.c
2448 ++++ b/src/openvpn/proto.c
2449 +@@ -60,9 +60,22 @@ is_ipv_X ( int tunnel_type, struct buffer *buf, int ip_ver )
2450 + + sizeof (struct openvpn_iphdr)))
2451 + return false;
2452 + eh = (const struct openvpn_ethhdr *) BPTR (buf);
2453 +- if (ntohs (eh->proto) != (ip_ver == 6 ? OPENVPN_ETH_P_IPV6 : OPENVPN_ETH_P_IPV4))
2454 +- return false;
2455 +- offset = sizeof (struct openvpn_ethhdr);
2456 ++ if (ntohs (eh->proto) == OPENVPN_ETH_P_8021Q) {
2457 ++ const struct openvpn_8021qhdr *evh;
2458 ++ if (BLEN (buf) < (int)(sizeof (struct openvpn_8021qhdr)
2459 ++ + sizeof (struct openvpn_iphdr)))
2460 ++ return false;
2461 ++ evh = (const struct openvpn_8021qhdr *) BPTR (buf);
2462 ++ if (ntohs (evh->proto) !=
2463 ++ (ip_ver == 6 ? OPENVPN_ETH_P_IPV6 : OPENVPN_ETH_P_IPV4))
2464 ++ return false;
2465 ++ else
2466 ++ offset = sizeof (struct openvpn_8021qhdr);
2467 ++ } else if (ntohs (eh->proto) !=
2468 ++ (ip_ver == 6 ? OPENVPN_ETH_P_IPV6 : OPENVPN_ETH_P_IPV4))
2469 ++ return false;
2470 ++ else
2471 ++ offset = sizeof (struct openvpn_ethhdr);
2472 + }
2473 + else
2474 + return false;
2475 +diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
2476 +index f91e787..45e885f 100644
2477 +--- a/src/openvpn/proto.h
2478 ++++ b/src/openvpn/proto.h
2479 +@@ -6,6 +6,7 @@
2480 + * packet compression.
2481 + *
2482 + * Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@×××××××.net>
2483 ++ * Copyright (C) 2010 Fabian Knittel <fabian.knittel@×××××××.de>
2484 + *
2485 + * This program is free software; you can redistribute it and/or modify
2486 + * it under the terms of the GNU General Public License version 2
2487 +@@ -61,9 +62,29 @@ struct openvpn_ethhdr
2488 + # define OPENVPN_ETH_P_IPV4 0x0800 /* IPv4 protocol */
2489 + # define OPENVPN_ETH_P_IPV6 0x86DD /* IPv6 protocol */
2490 + # define OPENVPN_ETH_P_ARP 0x0806 /* ARP protocol */
2491 ++# define OPENVPN_ETH_P_8021Q 0x8100 /* 802.1Q protocol */
2492 + uint16_t proto; /* packet type ID field */
2493 + };
2494 +
2495 ++struct openvpn_8021qhdr
2496 ++{
2497 ++ uint8_t dest[OPENVPN_ETH_ALEN]; /* destination ethernet addr */
2498 ++ uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */
2499 ++
2500 ++ uint16_t tpid; /* 802.1Q Tag Protocol Identifier */
2501 ++# define OPENVPN_8021Q_MASK_VID htons (0x0FFF) /* mask VID out of pcp_cfi_vid */
2502 ++# define OPENVPN_8021Q_MASK_PCP htons (0xE000) /* mask PCP out of pcp_cfi_vid */
2503 ++# define OPENVPN_8021Q_MASK_CFI htons (0x1000) /* mask CFI out of pcp_cfi_vid */
2504 ++ uint16_t pcp_cfi_vid; /* bit fields, see IEEE 802.1Q */
2505 ++ uint16_t proto; /* contained packet type ID field */
2506 ++};
2507 ++
2508 ++/*
2509 ++ * Size difference between a regular Ethernet II header and an Ethernet II
2510 ++ * header with additional IEEE 802.1Q tagging.
2511 ++ */
2512 ++#define SIZE_ETH_TO_8021Q_HDR (sizeof (struct openvpn_8021qhdr) - sizeof (struct openvpn_ethhdr))
2513 ++
2514 + struct openvpn_arp {
2515 + # define ARP_MAC_ADDR_TYPE 0x0001
2516 + uint16_t mac_addr_type; /* 0x0001 */
2517 +@@ -234,4 +255,80 @@ void ipv4_packet_size_verify (const uint8_t *data,
2518 + counter_type *errors);
2519 + #endif
2520 +
2521 ++#ifdef ENABLE_VLAN_TAGGING
2522 ++# define OPENVPN_8021Q_MIN_VID 1
2523 ++# define OPENVPN_8021Q_MAX_VID 4094
2524 ++
2525 ++/*
2526 ++ * Retrieve the Priority Code Point (PCP) from the IEEE 802.1Q header.
2527 ++ *
2528 ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging.
2529 ++ * @return Returns the PCP in host byte order.
2530 ++ */
2531 ++static inline uint16_t
2532 ++vlanhdr_get_pcp (const struct openvpn_8021qhdr *hdr)
2533 ++{
2534 ++ return ntohs (hdr->pcp_cfi_vid & OPENVPN_8021Q_MASK_PCP);
2535 ++}
2536 ++/*
2537 ++ * Retrieve the Canonical Format Indicator (CFI) from the IEEE 802.1Q header.
2538 ++ *
2539 ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging.
2540 ++ * @return Returns the CFI in host byte order.
2541 ++ */
2542 ++static inline uint16_t
2543 ++vlanhdr_get_cfi (const struct openvpn_8021qhdr *hdr)
2544 ++{
2545 ++ return ntohs (hdr->pcp_cfi_vid & OPENVPN_8021Q_MASK_CFI);
2546 ++}
2547 ++/*
2548 ++ * Retrieve the VLAN Identifier (VID) from the IEEE 802.1Q header.
2549 ++ *
2550 ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging.
2551 ++ * @return Returns the VID in host byte order.
2552 ++ */
2553 ++static inline uint16_t
2554 ++vlanhdr_get_vid (const struct openvpn_8021qhdr *hdr)
2555 ++{
2556 ++ return ntohs (hdr->pcp_cfi_vid & OPENVPN_8021Q_MASK_VID);
2557 ++}
2558 ++
2559 ++/*
2560 ++ * Set the Priority Code Point (PCP) in an IEEE 802.1Q header.
2561 ++ *
2562 ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging.
2563 ++ * @param pcp The PCP to set (in host byte order).
2564 ++ */
2565 ++static inline void
2566 ++vlanhdr_set_pcp (struct openvpn_8021qhdr *hdr, const uint16_t pcp)
2567 ++{
2568 ++ hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_PCP) |
2569 ++ (htons (pcp) & OPENVPN_8021Q_MASK_PCP);
2570 ++}
2571 ++/*
2572 ++ * Set the Canonical Format Indicator (CFI) in an IEEE 802.1Q header.
2573 ++ *
2574 ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging.
2575 ++ * @param cfi The CFI to set (in host byte order).
2576 ++ */
2577 ++static inline void
2578 ++vlanhdr_set_cfi (struct openvpn_8021qhdr *hdr, const uint16_t cfi)
2579 ++{
2580 ++ hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_CFI) |
2581 ++ (htons (cfi) & OPENVPN_8021Q_MASK_CFI);
2582 ++}
2583 ++/*
2584 ++ * Set the VLAN Identifier (VID) in an IEEE 802.1Q header.
2585 ++ *
2586 ++ * @param hdr Pointer to the Ethernet header with IEEE 802.1Q tagging.
2587 ++ * @param vid The VID to set (in host byte order).
2588 ++ */
2589 ++static inline void
2590 ++vlanhdr_set_vid (struct openvpn_8021qhdr *hdr, const uint16_t vid)
2591 ++{
2592 ++ hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_VID) |
2593 ++ (htons (vid) & OPENVPN_8021Q_MASK_VID);
2594 ++}
2595 ++#endif
2596 ++
2597 + #endif
2598
2599 diff --git a/net-misc/openvpn/files/65openvpn b/net-misc/openvpn/files/65openvpn
2600 new file mode 100644
2601 index 0000000..4ddb034
2602 --- /dev/null
2603 +++ b/net-misc/openvpn/files/65openvpn
2604 @@ -0,0 +1 @@
2605 +CONFIG_PROTECT="/usr/share/openvpn/easy-rsa"
2606
2607 diff --git a/net-misc/openvpn/files/down.sh b/net-misc/openvpn/files/down.sh
2608 new file mode 100644
2609 index 0000000..1c70db0
2610 --- /dev/null
2611 +++ b/net-misc/openvpn/files/down.sh
2612 @@ -0,0 +1,33 @@
2613 +#!/bin/sh
2614 +# Copyright (c) 2006-2007 Gentoo Foundation
2615 +# Distributed under the terms of the GNU General Public License v2
2616 +# Contributed by Roy Marples (uberlord@g.o)
2617 +
2618 +# If we have a service specific script, run this now
2619 +if [ -x /etc/openvpn/"${SVCNAME}"-down.sh ] ; then
2620 + /etc/openvpn/"${SVCNAME}"-down.sh "$@"
2621 +fi
2622 +
2623 +# Restore resolv.conf to how it was
2624 +if [ "${PEER_DNS}" != "no" ]; then
2625 + if [ -x /sbin/resolvconf ] ; then
2626 + /sbin/resolvconf -d "${dev}"
2627 + elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then
2628 + # Important that we copy instead of move incase resolv.conf is
2629 + # a symlink and not an actual file
2630 + cp /etc/resolv.conf-"${dev}".sv /etc/resolv.conf
2631 + rm -f /etc/resolv.conf-"${dev}".sv
2632 + fi
2633 +fi
2634 +
2635 +if [ -n "${SVCNAME}" ]; then
2636 + # Re-enter the init script to start any dependant services
2637 + if /etc/init.d/"${SVCNAME}" --quiet status ; then
2638 + export IN_BACKGROUND=true
2639 + /etc/init.d/"${SVCNAME}" --quiet stop
2640 + fi
2641 +fi
2642 +
2643 +exit 0
2644 +
2645 +# vim: ts=4 :
2646
2647 diff --git a/net-misc/openvpn/files/openvpn-2.1.conf b/net-misc/openvpn/files/openvpn-2.1.conf
2648 new file mode 100644
2649 index 0000000..72510c3
2650 --- /dev/null
2651 +++ b/net-misc/openvpn/files/openvpn-2.1.conf
2652 @@ -0,0 +1,18 @@
2653 +# OpenVPN automatically creates an /etc/resolv.conf (or sends it to
2654 +# resolvconf) if given DNS information by the OpenVPN server.
2655 +# Set PEER_DNS="no" to stop this.
2656 +PEER_DNS="yes"
2657 +
2658 +# OpenVPN can run in many modes. Most people will want the init script
2659 +# to automatically detect the mode and try and apply a good default
2660 +# configuration and setup scripts. However, there are cases where the
2661 +# OpenVPN configuration looks like a client, but it's really a peer or
2662 +# something else. DETECT_CLIENT controls this behaviour.
2663 +DETECT_CLIENT="yes"
2664 +
2665 +# If DETECT_CLIENT is no and you have your own scripts to re-enter the openvpn
2666 +# init script (ie, it first becomes "inactive" and the script then starts the
2667 +# script again to make it "started") then you can state this below.
2668 +# In other words, unless you understand service dependencies and are a
2669 +# competent shell scripter, don't set this.
2670 +RE_ENTER="no"
2671
2672 diff --git a/net-misc/openvpn/files/openvpn-2.1.init b/net-misc/openvpn/files/openvpn-2.1.init
2673 new file mode 100644
2674 index 0000000..d65e6f8
2675 --- /dev/null
2676 +++ b/net-misc/openvpn/files/openvpn-2.1.init
2677 @@ -0,0 +1,133 @@
2678 +#!/sbin/runscript
2679 +# Copyright 1999-2007 Gentoo Foundation
2680 +# Distributed under the terms of the GNU General Public License v2
2681 +
2682 +VPNDIR=${VPNDIR:-/etc/openvpn}
2683 +VPN=${SVCNAME#*.}
2684 +if [ -n "${VPN}" ] && [ ${SVCNAME} != "openvpn" ]; then
2685 + VPNPID="/var/run/openvpn.${VPN}.pid"
2686 +else
2687 + VPNPID="/var/run/openvpn.pid"
2688 +fi
2689 +VPNCONF="${VPNDIR}/${VPN}.conf"
2690 +
2691 +depend() {
2692 + need localmount net
2693 + use dns
2694 + after bootmisc
2695 +}
2696 +
2697 +checkconfig() {
2698 + # Linux has good dynamic tun/tap creation
2699 + if [ $(uname -s) = "Linux" ] ; then
2700 + if [ ! -e /dev/net/tun ]; then
2701 + if ! modprobe tun ; then
2702 + eerror "TUN/TAP support is not available" \
2703 + "in this kernel"
2704 + return 1
2705 + fi
2706 + fi
2707 + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
2708 + ebegin "Detected broken /dev/net/tun symlink, fixing..."
2709 + rm -f /dev/net/tun
2710 + ln -s /dev/misc/net/tun /dev/net/tun
2711 + eend $?
2712 + fi
2713 + return 0
2714 + fi
2715 +
2716 + # Other OS's don't, so we rely on a pre-configured interface
2717 + # per vpn instance
2718 + local ifname=$(sed -n -e 's/[[:space:]]*dev[[:space:]][[:space:]]*\([^[:space:]]*\).*/\1/p' "${VPNCONF}")
2719 + if [ -z ${ifname} ] ; then
2720 + eerror "You need to specify the interface that this openvpn" \
2721 + "instance should use" \
2722 + "by using the dev option in ${VPNCONF}"
2723 + return 1
2724 + fi
2725 +
2726 + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
2727 + # Try and create it
2728 + echo > /dev/"${ifname}" >/dev/null
2729 + fi
2730 + if ! ifconfig "${ifname}" >/dev/null 2>/dev/null ; then
2731 + eerror "${VPNCONF} requires interface ${ifname}" \
2732 + "but that does not exist"
2733 + return 1
2734 + fi
2735 +}
2736 +
2737 +start() {
2738 + # If we are re-called by the openvpn gentoo-up.sh script
2739 + # then we don't actually want to start openvpn
2740 + [ "${IN_BACKGROUND}" = "true" ] && return 0
2741 +
2742 + ebegin "Starting ${SVCNAME}"
2743 +
2744 + checkconfig || return 1
2745 +
2746 + local args="" reenter=${RE_ENTER:-no}
2747 + # If the config file does not specify the cd option, we do
2748 + # But if we specify it, we override the config option which we do not want
2749 + if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then
2750 + args="${args} --cd ${VPNDIR}"
2751 + fi
2752 +
2753 + # We mark the service as inactive and then start it.
2754 + # When we get an authenticated packet from the peer then we run our script
2755 + # which configures our DNS if any and marks us as up.
2756 + if [ "${DETECT_CLIENT:-yes}" = "yes" ] && \
2757 + grep -q "^[ ]*remote[ ].*" "${VPNCONF}" ; then
2758 + reenter="yes"
2759 + args="${args} --up-delay --up-restart"
2760 + args="${args} --script-security 2"
2761 + args="${args} --up /etc/openvpn/up.sh"
2762 + args="${args} --down-pre --down /etc/openvpn/down.sh"
2763 +
2764 + # Warn about setting scripts as we override them
2765 + if grep -Eq "^[ ]*(up|down)[ ].*" "${VPNCONF}" ; then
2766 + ewarn "WARNING: You have defined your own up/down scripts"
2767 + ewarn "As you're running as a client, we now force Gentoo specific"
2768 + ewarn "scripts to be run for up and down events."
2769 + ewarn "These scripts will call /etc/openvpn/${SVCNAME}-{up,down}.sh"
2770 + ewarn "where you can put your own code."
2771 + fi
2772 +
2773 + # Warn about the inability to change ip/route/dns information when
2774 + # dropping privs
2775 + if grep -q "^[ ]*user[ ].*" "${VPNCONF}" ; then
2776 + ewarn "WARNING: You are dropping root privileges!"
2777 + ewarn "As such openvpn may not be able to change ip, routing"
2778 + ewarn "or DNS configuration."
2779 + fi
2780 + else
2781 + # So we're a server. Run as openvpn unless otherwise specified
2782 + grep -q "^[ ]*user[ ].*" "${VPNCONF}" || args="${args} --user openvpn"
2783 + grep -q "^[ ]*group[ ].*" "${VPNCONF}" || args="${args} --group openvpn"
2784 + fi
2785 +
2786 + # Ensure that our scripts get the PEER_DNS variable
2787 + [ -n "${PEER_DNS}" ] && args="${args} --setenv PEER_DNS ${PEER_DNS}"
2788 +
2789 + [ "${reenter}" = "yes" ] && mark_service_inactive "${SVCNAME}"
2790 + start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
2791 + -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon \
2792 + --setenv SVCNAME "${SVCNAME}" ${args}
2793 + eend $? "Check your logs to see why startup failed"
2794 +}
2795 +
2796 +stop() {
2797 + # If we are re-called by the openvpn gentoo-down.sh script
2798 + # then we don't actually want to stop openvpn
2799 + if [ "${IN_BACKGROUND}" = "true" ] ; then
2800 + mark_service_inactive "${SVCNAME}"
2801 + return 0
2802 + fi
2803 +
2804 + ebegin "Stopping ${SVCNAME}"
2805 + start-stop-daemon --stop --quiet \
2806 + --exec /usr/sbin/openvpn --pidfile "${VPNPID}"
2807 + eend $?
2808 +}
2809 +
2810 +# vim: set ts=4 :
2811
2812 diff --git a/net-misc/openvpn/files/openvpn.init b/net-misc/openvpn/files/openvpn.init
2813 new file mode 100644
2814 index 0000000..489ab49
2815 --- /dev/null
2816 +++ b/net-misc/openvpn/files/openvpn.init
2817 @@ -0,0 +1,63 @@
2818 +#!/sbin/runscript
2819 +# Copyright 1999-2007 Gentoo Foundation
2820 +# Distributed under the terms of the GNU General Public License v2
2821 +
2822 +VPNDIR="/etc/openvpn"
2823 +VPN="${SVCNAME#*.}"
2824 +if [ -n "${VPN}" ] && [ "${SVCNAME}" != "openvpn" ]; then
2825 + VPNPID="/var/run/openvpn.${VPN}.pid"
2826 +else
2827 + VPNPID="/var/run/openvpn.pid"
2828 +fi
2829 +VPNCONF="${VPNDIR}/${VPN}.conf"
2830 +
2831 +depend() {
2832 + need localmount net
2833 + before netmount
2834 + after bootmisc
2835 +}
2836 +
2837 +checktundevice() {
2838 + if [ ! -e /dev/net/tun ]; then
2839 + if ! modprobe tun ; then
2840 + eerror "TUN/TAP support is not available in this kernel"
2841 + return 1
2842 + fi
2843 + fi
2844 + if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
2845 + ebegin "Detected broken /dev/net/tun symlink, fixing..."
2846 + rm -f /dev/net/tun
2847 + ln -s /dev/misc/net/tun /dev/net/tun
2848 + eend $?
2849 + fi
2850 +}
2851 +
2852 +start() {
2853 + ebegin "Starting ${SVCNAME}"
2854 +
2855 + checktundevice || return 1
2856 +
2857 + if [ ! -e "${VPNCONF}" ]; then
2858 + eend 1 "${VPNCONF} does not exist"
2859 + return 1
2860 + fi
2861 +
2862 + local args=""
2863 + # If the config file does not specify the cd option, we do
2864 + # But if we specify it, we override the config option which we do not want
2865 + if ! grep -q "^[ ]*cd[ ].*" "${VPNCONF}" ; then
2866 + args="${args} --cd ${VPNDIR}"
2867 + fi
2868 +
2869 + start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
2870 + -- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon ${args}
2871 + eend $? "Check your logs to see why startup failed"
2872 +}
2873 +
2874 +stop() {
2875 + ebegin "Stopping ${SVCNAME}"
2876 + start-stop-daemon --stop --exec /usr/sbin/openvpn --pidfile "${VPNPID}"
2877 + eend $?
2878 +}
2879 +
2880 +# vim: ts=4
2881
2882 diff --git a/net-misc/openvpn/files/openvpn.service b/net-misc/openvpn/files/openvpn.service
2883 new file mode 100644
2884 index 0000000..358dcb7
2885 --- /dev/null
2886 +++ b/net-misc/openvpn/files/openvpn.service
2887 @@ -0,0 +1,12 @@
2888 +[Unit]
2889 +Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
2890 +After=syslog.target network.target
2891 +
2892 +[Service]
2893 +PrivateTmp=true
2894 +Type=forking
2895 +PIDFile=/var/run/openvpn/%i.pid
2896 +ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf
2897 +
2898 +[Install]
2899 +WantedBy=multi-user.target
2900
2901 diff --git a/net-misc/openvpn/files/openvpn.tmpfile b/net-misc/openvpn/files/openvpn.tmpfile
2902 new file mode 100644
2903 index 0000000..d5fca71
2904 --- /dev/null
2905 +++ b/net-misc/openvpn/files/openvpn.tmpfile
2906 @@ -0,0 +1 @@
2907 +D /var/run/openvpn 0710 root openvpn -
2908
2909 diff --git a/net-misc/openvpn/files/up.sh b/net-misc/openvpn/files/up.sh
2910 new file mode 100644
2911 index 0000000..6ce82d6
2912 --- /dev/null
2913 +++ b/net-misc/openvpn/files/up.sh
2914 @@ -0,0 +1,100 @@
2915 +#!/bin/sh
2916 +# Copyright (c) 2006-2007 Gentoo Foundation
2917 +# Distributed under the terms of the GNU General Public License v2
2918 +# Contributed by Roy Marples (uberlord@g.o)
2919 +
2920 +# Setup our resolv.conf
2921 +# Vitally important that we use the domain entry in resolv.conf so we
2922 +# can setup the nameservers are for the domain ONLY in resolvconf if
2923 +# we're using a decent dns cache/forwarder like dnsmasq and NOT nscd/libc.
2924 +# nscd/libc users will get the VPN nameservers before their other ones
2925 +# and will use the first one that responds - maybe the LAN ones?
2926 +# non resolvconf users just the the VPN resolv.conf
2927 +
2928 +# FIXME:- if we have >1 domain, then we have to use search :/
2929 +# We need to add a flag to resolvconf to say
2930 +# "these nameservers should only be used for the listed search domains
2931 +# if other global nameservers are present on other interfaces"
2932 +# This however, will break compatibility with Debians resolvconf
2933 +# A possible workaround would be to just list multiple domain lines
2934 +# and try and let resolvconf handle it
2935 +
2936 +min_route() {
2937 + local n=1
2938 + local m
2939 + local r
2940 +
2941 + eval m="\$route_metric_$n"
2942 + while [ -n "${m}" ]; do
2943 + if [ -z "$r" ] || [ "$r" -gt "$m" ]; then
2944 + r="$m"
2945 + fi
2946 + n="$(($n+1))"
2947 + eval m="\$route_metric_$n"
2948 + done
2949 +
2950 + echo "$r"
2951 +}
2952 +
2953 +if [ "${PEER_DNS}" != "no" ]; then
2954 + NS=
2955 + DOMAIN=
2956 + SEARCH=
2957 + i=1
2958 + while true ; do
2959 + eval opt=\$foreign_option_${i}
2960 + [ -z "${opt}" ] && break
2961 + if [ "${opt}" != "${opt#dhcp-option DOMAIN *}" ] ; then
2962 + if [ -z "${DOMAIN}" ] ; then
2963 + DOMAIN="${opt#dhcp-option DOMAIN *}"
2964 + else
2965 + SEARCH="${SEARCH}${SEARCH:+ }${opt#dhcp-option DOMAIN *}"
2966 + fi
2967 + elif [ "${opt}" != "${opt#dhcp-option DNS *}" ] ; then
2968 + NS="${NS}nameserver ${opt#dhcp-option DNS *}\n"
2969 + fi
2970 + i=$((${i} + 1))
2971 + done
2972 +
2973 + if [ -n "${NS}" ] ; then
2974 + DNS="# Generated by openvpn for interface ${dev}\n"
2975 + if [ -n "${SEARCH}" ] ; then
2976 + DNS="${DNS}search ${DOMAIN} ${SEARCH}\n"
2977 + elif [ -n "${DOMAIN}" ]; then
2978 + DNS="${DNS}domain ${DOMAIN}\n"
2979 + fi
2980 + DNS="${DNS}${NS}"
2981 + if [ -x /sbin/resolvconf ] ; then
2982 + metric="$(min_route)"
2983 + printf "${DNS}" | /sbin/resolvconf -a "${dev}" ${metric:+-m ${metric}}
2984 + else
2985 + # Preserve the existing resolv.conf
2986 + if [ -e /etc/resolv.conf ] ; then
2987 + cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
2988 + fi
2989 + printf "${DNS}" > /etc/resolv.conf
2990 + chmod 644 /etc/resolv.conf
2991 + fi
2992 + fi
2993 +fi
2994 +
2995 +# Below section is Gentoo specific
2996 +# Quick summary - our init scripts are re-entrant and set the SVCNAME env var
2997 +# as we could have >1 openvpn service
2998 +
2999 +if [ -n "${SVCNAME}" ]; then
3000 + # If we have a service specific script, run this now
3001 + if [ -x /etc/openvpn/"${SVCNAME}"-up.sh ] ; then
3002 + /etc/openvpn/"${SVCNAME}"-up.sh "$@"
3003 + fi
3004 +
3005 + # Re-enter the init script to start any dependant services
3006 + if ! /etc/init.d/"${SVCNAME}" --quiet status ; then
3007 + export IN_BACKGROUND=true
3008 + /etc/init.d/${SVCNAME} --quiet start
3009 + fi
3010 +fi
3011 +
3012 +exit 0
3013 +
3014 +# vim: ts=4 :
3015
3016 diff --git a/net-misc/openvpn/metadata.xml b/net-misc/openvpn/metadata.xml
3017 new file mode 100644
3018 index 0000000..7f3d1f9
3019 --- /dev/null
3020 +++ b/net-misc/openvpn/metadata.xml
3021 @@ -0,0 +1,23 @@
3022 +<?xml version="1.0" encoding="UTF-8"?>
3023 +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
3024 +<pkgmetadata>
3025 + <maintainer>
3026 + <email>djc@g.o</email>
3027 + <name>Dirkjan Ochtman</name>
3028 + </maintainer>
3029 + <longdescription>OpenVPN is an easy-to-use, robust and highly
3030 +configurable VPN daemon which can be used to securely link two or more
3031 +networks using an encrypted tunnel.</longdescription>
3032 + <use>
3033 + <flag name="down-root">Enable the down-root plugin</flag>
3034 + <flag name="iproute2">Enabled iproute2 support instead of net-tools</flag>
3035 + <flag name="passwordsave">Enables openvpn to save passwords</flag>
3036 + <flag name="polarssl">Use PolarSSL instead of OpenSSL</flag>
3037 + <flag name="pkcs11">Enable PKCS#11 smartcard support</flag>
3038 + <flag name="plugins">Enable the OpenVPN plugin system</flag>
3039 + <flag name="socks">Enable socks support</flag>
3040 + </use>
3041 + <upstream>
3042 + <remote-id type="cpe">cpe:/a:openvpn:openvpn</remote-id>
3043 + </upstream>
3044 +</pkgmetadata>
3045
3046 diff --git a/net-misc/openvpn/openvpn-2.3.8-r1.ebuild b/net-misc/openvpn/openvpn-2.3.8-r1.ebuild
3047 new file mode 100644
3048 index 0000000..8658417
3049 --- /dev/null
3050 +++ b/net-misc/openvpn/openvpn-2.3.8-r1.ebuild
3051 @@ -0,0 +1,138 @@
3052 +# Copyright 1999-2015 Gentoo Foundation
3053 +# Distributed under the terms of the GNU General Public License v2
3054 +# $Id$
3055 +
3056 +EAPI=5
3057 +
3058 +inherit eutils autotools multilib flag-o-matic user systemd
3059 +
3060 +DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
3061 +SRC_URI="http://swupdate.openvpn.net/community/releases/${P}.tar.gz"
3062 +HOMEPAGE="http://openvpn.net/"
3063 +
3064 +LICENSE="GPL-2"
3065 +SLOT="0"
3066 +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd ~x86-freebsd ~amd64-linux ~arm-linux ~x86-linux"
3067 +IUSE="examples down-root iproute2 libressl +lzo pam passwordsave pkcs11 +plugins polarssl selinux socks +ssl static systemd userland_BSD"
3068 +
3069 +REQUIRED_USE="static? ( !plugins !pkcs11 )
3070 + polarssl? ( ssl !libressl )
3071 + pkcs11? ( ssl )
3072 + !plugins? ( !pam !down-root )"
3073 +
3074 +DEPEND="
3075 + kernel_linux? (
3076 + iproute2? ( sys-apps/iproute2[-minimal] ) !iproute2? ( sys-apps/net-tools )
3077 + )
3078 + pam? ( virtual/pam )
3079 + ssl? (
3080 + !polarssl? (
3081 + !libressl? ( >=dev-libs/openssl-0.9.7:* )
3082 + libressl? ( dev-libs/libressl )
3083 + )
3084 + polarssl? ( >=net-libs/polarssl-1.2.10 )
3085 + )
3086 + lzo? ( >=dev-libs/lzo-1.07 )
3087 + pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
3088 + systemd? ( sys-apps/systemd )"
3089 +RDEPEND="${DEPEND}
3090 + selinux? ( sec-policy/selinux-openvpn )
3091 +"
3092 +
3093 +src_prepare() {
3094 + epatch "${FILESDIR}/2.3.6-vlan-support.patch"
3095 + eautoreconf
3096 +}
3097 +
3098 +src_configure() {
3099 + use static && LDFLAGS="${LDFLAGS} -Xcompiler -static"
3100 + local myconf
3101 + use polarssl && myconf="--with-crypto-library=polarssl"
3102 + econf \
3103 + ${myconf} \
3104 + --docdir="${EPREFIX}/usr/share/doc/${PF}" \
3105 + --with-plugindir="${ROOT}/usr/$(get_libdir)/$PN" \
3106 + $(use_enable passwordsave password-save) \
3107 + $(use_enable ssl) \
3108 + $(use_enable ssl crypto) \
3109 + $(use_enable lzo) \
3110 + $(use_enable pkcs11) \
3111 + $(use_enable plugins) \
3112 + $(use_enable iproute2) \
3113 + $(use_enable socks) \
3114 + $(use_enable pam plugin-auth-pam) \
3115 + $(use_enable down-root plugin-down-root) \
3116 + $(use_enable systemd)
3117 +}
3118 +
3119 +src_install() {
3120 + default
3121 + find "${ED}/usr" -name '*.la' -delete
3122 + # install documentation
3123 + dodoc AUTHORS ChangeLog PORTS README README.IPv6
3124 +
3125 + # Install some helper scripts
3126 + keepdir /etc/openvpn
3127 + exeinto /etc/openvpn
3128 + doexe "${FILESDIR}/up.sh"
3129 + doexe "${FILESDIR}/down.sh"
3130 +
3131 + # Install the init script and config file
3132 + newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
3133 + newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
3134 +
3135 + # install examples, controlled by the respective useflag
3136 + if use examples ; then
3137 + # dodoc does not supportly support directory traversal, #15193
3138 + insinto /usr/share/doc/${PF}/examples
3139 + doins -r sample contrib
3140 + fi
3141 +
3142 + systemd_newtmpfilesd "${FILESDIR}"/${PN}.tmpfile ${PN}.conf
3143 + systemd_newunit distro/systemd/openvpn-client@.service openvpn-client@.service
3144 + systemd_newunit distro/systemd/openvpn-server@.service openvpn-server@.service
3145 +}
3146 +
3147 +pkg_postinst() {
3148 + # Add openvpn user so openvpn servers can drop privs
3149 + # Clients should run as root so they can change ip addresses,
3150 + # dns information and other such things.
3151 + enewgroup openvpn
3152 + enewuser openvpn "" "" "" openvpn
3153 +
3154 + if [ path_exists -o "${ROOT}/etc/openvpn/*/local.conf" ] ; then
3155 + ewarn "WARNING: The openvpn init script has changed"
3156 + ewarn ""
3157 + fi
3158 +
3159 + elog "The openvpn init script expects to find the configuration file"
3160 + elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
3161 + elog ""
3162 + elog "To create more VPNs, simply create a new .conf file for it and"
3163 + elog "then create a symlink to the openvpn init script from a link called"
3164 + elog "openvpn.newconfname - like so"
3165 + elog " cd /etc/openvpn"
3166 + elog " ${EDITOR##*/} foo.conf"
3167 + elog " cd /etc/init.d"
3168 + elog " ln -s openvpn openvpn.foo"
3169 + elog ""
3170 + elog "You can then treat openvpn.foo as any other service, so you can"
3171 + elog "stop one vpn and start another if you need to."
3172 +
3173 + if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
3174 + ewarn ""
3175 + ewarn "WARNING: If you use the remote keyword then you are deemed to be"
3176 + ewarn "a client by our init script and as such we force up,down scripts."
3177 + ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
3178 + ewarn "can move your scripts to."
3179 + fi
3180 +
3181 + if use plugins ; then
3182 + einfo ""
3183 + einfo "plugins have been installed into /usr/$(get_libdir)/${PN}"
3184 + fi
3185 +
3186 + einfo ""
3187 + einfo "OpenVPN 2.3.x no longer includes the easy-rsa suite of utilities."
3188 + einfo "They can now be emerged via app-crypt/easy-rsa."
3189 +}
Report Message
Find on MARC Find on Google Groups