mirror of
https://github.com/openwrt/packages.git
synced 2026-05-31 06:51:51 +08:00
Chen Minqiang
bb02e8b734
Introduce a new `ipv6` proto option for OpenVPN netifd integration and export it to the hotplug environment. IPv6 remains enabled by default, but can now be explicitly disabled per instance. Update the hotplug helper to apply IPv6 addresses and routes only when IPv6 is enabled, allowing cleaner IPv4-only tunnel deployments. Also improve route handling by: - ignoring invalid default gateway values (0.0.0.0 / ::) - replacing fixed `seq` loops with shell-safe while loops - keeping trusted peer host routes conditional on valid gateways Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
159 lines
4.8 KiB
Makefile
159 lines
4.8 KiB
Makefile
|
|
# Copyright (C) 2010-2015 OpenWrt.org
|
|
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=openvpn
|
|
|
|
PKG_VERSION:=2.7.1
|
|
PKG_RELEASE:=2
|
|
|
|
PKG_SOURCE_URL:=\
|
|
https://build.openvpn.net/downloads/releases/ \
|
|
https://swupdate.openvpn.net/community/releases/
|
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
|
PKG_HASH:=9858477ec2894a8a672974d8650dcb1af2eeffb468981a2b619f0fa387081167
|
|
|
|
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
|
|
|
|
PKG_INSTALL:=1
|
|
PKG_FIXUP:=autoreconf
|
|
PKG_BUILD_PARALLEL:=1
|
|
PKG_BUILD_FLAGS:=gc-sections
|
|
PKG_LICENSE:=GPL-2.0
|
|
PKG_CPE_ID:=cpe:/a:openvpn:openvpn
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
|
|
define Package/openvpn/Default
|
|
TITLE:=Open source VPN solution using $(2)
|
|
SECTION:=net
|
|
CATEGORY:=Network
|
|
URL:=http://openvpn.net
|
|
SUBMENU:=VPN
|
|
MENU:=1
|
|
DEPENDS:=+kmod-tun \
|
|
+libcap-ng \
|
|
+OPENVPN_$(1)_ENABLE_LZO:liblzo \
|
|
+OPENVPN_$(1)_ENABLE_LZ4:liblz4 \
|
|
+OPENVPN_$(1)_ENABLE_IPROUTE2:ip \
|
|
+OPENVPN_$(1)_ENABLE_DCO:libnl-genl \
|
|
$(3)
|
|
VARIANT:=$(1)
|
|
PROVIDES:=openvpn openvpn-crypto
|
|
endef
|
|
|
|
Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+PACKAGE_openvpn-openssl:libopenssl)
|
|
Package/openvpn-mbedtls=$(call Package/openvpn/Default,mbedtls,mbedTLS,+PACKAGE_openvpn-mbedtls:libmbedtls)
|
|
Package/openvpn-wolfssl=$(call Package/openvpn/Default,wolfssl,WolfSSL,+PACKAGE_openvpn-wolfssl:libwolfssl)
|
|
|
|
define Package/openvpn/config/Default
|
|
source "$(SOURCE)/Config-$(1).in"
|
|
endef
|
|
|
|
Package/openvpn-openssl/config=$(call Package/openvpn/config/Default,openssl)
|
|
Package/openvpn-mbedtls/config=$(call Package/openvpn/config/Default,mbedtls)
|
|
Package/openvpn-wolfssl/config=$(call Package/openvpn/config/Default,wolfssl)
|
|
|
|
ifeq ($(BUILD_VARIANT),mbedtls)
|
|
CONFIG_OPENVPN_MBEDTLS:=y
|
|
endif
|
|
ifeq ($(BUILD_VARIANT),openssl)
|
|
CONFIG_OPENVPN_OPENSSL:=y
|
|
endif
|
|
ifeq ($(BUILD_VARIANT),wolfssl)
|
|
CONFIG_OPENVPN_WOLFSSL:=y
|
|
endif
|
|
|
|
CONFIGURE_VARS += \
|
|
IPROUTE=/sbin/ip \
|
|
NETSTAT=/sbin/netstat
|
|
|
|
define Build/Configure
|
|
$(call Build/Configure/Default, \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SMALL),--enable-small) \
|
|
--disable-selinux \
|
|
--disable-systemd \
|
|
--disable-plugins \
|
|
--disable-debug \
|
|
--disable-pkcs11 \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZO),--enable,--disable)-lzo \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZ4),--enable,--disable)-lz4 \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_X509_ALT_USERNAME),--enable,--disable)-x509-alt-username \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MANAGEMENT),--enable,--disable)-management \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_FRAGMENT),--enable,--disable)-fragment \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_IPROUTE2),--enable,--disable)-iproute2 \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_PORT_SHARE),--enable,--disable)-port-share \
|
|
$(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_DCO),--enable,--disable)-dco \
|
|
$(if $(CONFIG_OPENVPN_OPENSSL),--with-crypto-library=openssl --with-openssl-engine=no) \
|
|
$(if $(CONFIG_OPENVPN_MBEDTLS),--with-crypto-library=mbedtls) \
|
|
$(if $(CONFIG_OPENVPN_WOLFSSL),--with-crypto-library=wolfssl) \
|
|
)
|
|
endef
|
|
|
|
define Package/openvpn-$(BUILD_VARIANT)/conffiles
|
|
/etc/openvpn.user
|
|
endef
|
|
|
|
define Package/openvpn-$(BUILD_VARIANT)/install
|
|
$(INSTALL_DIR) $(1)/usr/sbin
|
|
$(INSTALL_BIN) \
|
|
$(PKG_INSTALL_DIR)/usr/sbin/openvpn \
|
|
$(1)/usr/sbin/
|
|
|
|
$(INSTALL_DIR) $(1)/lib/netifd/proto
|
|
$(INSTALL_BIN) \
|
|
files/lib/netifd/proto/openvpn.sh \
|
|
$(1)/lib/netifd/proto/
|
|
|
|
$(INSTALL_DIR) $(1)/etc/uci-defaults
|
|
$(INSTALL_BIN) \
|
|
files/etc/uci-defaults/60_openvpn_migrate.sh \
|
|
$(1)/etc/uci-defaults/
|
|
|
|
$(INSTALL_DIR) $(1)/usr/share/openvpn
|
|
$(INSTALL_DATA) \
|
|
files/usr/share/openvpn/openvpn.options \
|
|
$(1)/usr/share/openvpn/
|
|
$(INSTALL_BIN) \
|
|
files/usr/share/openvpn/up.uc \
|
|
files/usr/share/openvpn/down.uc \
|
|
files/usr/share/openvpn/route-pre-down.uc \
|
|
files/usr/share/openvpn/route-up.uc \
|
|
files/usr/share/openvpn/ipchange.uc \
|
|
files/usr/share/openvpn/client-connect.uc \
|
|
files/usr/share/openvpn/client-disconnect.uc \
|
|
files/usr/share/openvpn/client-crresponse.uc \
|
|
files/usr/share/openvpn/auth-user-pass-verify.uc \
|
|
files/usr/share/openvpn/tls-verify.uc \
|
|
$(1)/usr/share/openvpn/
|
|
|
|
$(INSTALL_DIR) $(1)/lib/upgrade/keep.d
|
|
$(INSTALL_DATA) \
|
|
files/lib/upgrade/keep.d/openvpn \
|
|
$(1)/lib/upgrade/keep.d/
|
|
|
|
$(INSTALL_DIR) $(1)/usr/libexec
|
|
$(INSTALL_BIN) \
|
|
files/usr/libexec/openvpn-hotplug \
|
|
$(1)/usr/libexec/
|
|
|
|
$(INSTALL_DIR) $(1)/etc
|
|
$(INSTALL_DATA) \
|
|
files/etc/openvpn.user \
|
|
$(1)/etc/
|
|
|
|
$(INSTALL_DIR) $(1)/etc/hotplug.d/openvpn
|
|
$(INSTALL_DATA) \
|
|
files/etc/hotplug.d/openvpn/01-user \
|
|
$(1)/etc/hotplug.d/openvpn/
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,openvpn-openssl))
|
|
$(eval $(call BuildPackage,openvpn-mbedtls))
|
|
$(eval $(call BuildPackage,openvpn-wolfssl))
|