Import xl2tpd
authorDaniel Golle <daniel@makrotopia.org>
Fri, 13 Jun 2014 15:11:31 +0000 (17:11 +0200)
committerDaniel Golle <daniel@makrotopia.org>
Fri, 13 Jun 2014 15:27:45 +0000 (17:27 +0200)
Use sources on github and add myself as maintainer.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
net/xl2tpd/Makefile [new file with mode: 0644]
net/xl2tpd/README [new file with mode: 0644]
net/xl2tpd/files/l2tp.sh [new file with mode: 0644]
net/xl2tpd/files/options.xl2tpd [new file with mode: 0644]
net/xl2tpd/files/xl2tp-secrets [new file with mode: 0644]
net/xl2tpd/files/xl2tpd.conf [new file with mode: 0644]
net/xl2tpd/files/xl2tpd.conf.sample [new file with mode: 0644]
net/xl2tpd/files/xl2tpd.init [new file with mode: 0644]
net/xl2tpd/patches/100-makefile_opt_flags.patch [new file with mode: 0644]
net/xl2tpd/patches/110-makefile_dont_build_pfc.patch [new file with mode: 0644]

diff --git a/net/xl2tpd/Makefile b/net/xl2tpd/Makefile
new file mode 100644 (file)
index 0000000..7d1f932
--- /dev/null
@@ -0,0 +1,71 @@
+#
+# Copyright (C) 2006-2014 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=xl2tpd
+PKG_VERSION:=1.3.6
+PKG_RELEASE:=1
+PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
+
+PKG_RELEASE=$(PKG_SOURCE_VERSION)
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/xelerance/xl2tpd.git
+PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_SOURCE_VERSION:=5619e1771048e74b729804e8602f409af0f3faea
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/xl2tpd
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=An L2TP (Layer 2 Tunneling Protocol) daemon
+  URL:=http://www.xelerance.com/software/xl2tpd/
+  SUBMENU:=VPN
+  DEPENDS:=+ppp-mod-pppol2tp +ip +resolveip
+endef
+
+define Package/xl2tpd/description
+l2tpd is the open source implementation of the L2TP tunneling protocol (RFC2661).
+It does implement both LAC and LNS role in a L2TP networking architecture. The
+main goal of this protocol is to tunnel PPP frame trough an IP network.
+endef
+
+# XXX: CFLAGS are already set by Build/Compile/Default
+MAKE_FLAGS+= \
+       OFLAGS=""
+
+define Package/xl2tpd/conffiles
+/etc/xl2tpd/xl2tpd.conf
+/etc/xl2tpd/xl2tp-secrets
+/etc/ppp/options.xl2tpd
+endef
+
+define Package/xl2tpd/install
+       $(INSTALL_DIR) $(1)/usr/sbin
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/sbin/xl2tpd $(1)/usr/sbin/
+       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/local/sbin/xl2tpd-control $(1)/usr/sbin/
+
+       $(INSTALL_DIR) $(1)/etc/init.d
+       $(INSTALL_BIN) ./files/xl2tpd.init $(1)/etc/init.d/xl2tpd
+
+       $(INSTALL_DIR) $(1)/etc/xl2tpd
+       $(INSTALL_DATA) ./files/xl2tpd.conf $(1)/etc/xl2tpd/
+       $(INSTALL_CONF) ./files/xl2tp-secrets $(1)/etc/xl2tpd/
+
+       $(INSTALL_DIR) $(1)/etc/ppp
+       $(INSTALL_DATA) ./files/options.xl2tpd $(1)/etc/ppp/
+
+       $(INSTALL_DIR) $(1)/lib/netifd/proto
+       $(INSTALL_BIN) ./files/l2tp.sh $(1)/lib/netifd/proto
+endef
+
+$(eval $(call BuildPackage,xl2tpd))
diff --git a/net/xl2tpd/README b/net/xl2tpd/README
new file mode 100644 (file)
index 0000000..aadc26e
--- /dev/null
@@ -0,0 +1,23 @@
+OpenWRT Package for xl2tpd
+
+xl2tpd is a development from the original l2tpd package originally written by
+Mark Spencer, subsequently forked by Scott Balmos and David Stipp, inherited
+by Jeff McAdams, modified substantially by Jacco de Leeuw and then forked 
+again by Xelerance (after it was abandoned by l2tpd.org).
+
+Rationale for inclusion in OpenWRT:
+
+l2tpd has some serious alignment problems on RISC platforms. It also runs 
+purely in userspace.
+
+Some of the features added in this fork include:
+
+1. IPSec SA reference tracking inconjunction with openswan's IPSec transport
+   mode, which adds support for multiple clients behind the same NAT router
+        and multiple clients on the same internal IP behind different NAT routers.
+
+2. Support for the pppol2tp kernel mode L2TP.
+
+3. Alignment and endian problems resolved.
+
+hcg
diff --git a/net/xl2tpd/files/l2tp.sh b/net/xl2tpd/files/l2tp.sh
new file mode 100644 (file)
index 0000000..867234d
--- /dev/null
@@ -0,0 +1,107 @@
+#!/bin/sh
+
+[ -x /usr/sbin/xl2tpd ] || exit 0
+
+[ -n "$INCLUDE_ONLY" ] || {
+       . /lib/functions.sh
+       . ../netifd-proto.sh
+       init_proto "$@"
+}
+
+proto_l2tp_init_config() {
+       proto_config_add_string "username"
+       proto_config_add_string "password"
+       proto_config_add_string "keepalive"
+       proto_config_add_string "pppd_options"
+       proto_config_add_boolean "ipv6"
+       proto_config_add_int "mtu"
+       proto_config_add_string "server"
+       available=1
+       no_device=1
+}
+
+proto_l2tp_setup() {
+       local config="$1"
+       local iface="$2"
+       local optfile="/tmp/l2tp/options.${config}"
+
+       local ip serv_addr server
+       json_get_var server server && {
+               for ip in $(resolveip -t 5 "$server"); do
+                       ( proto_add_host_dependency "$config" "$ip" )
+                       serv_addr=1
+               done
+       }
+       [ -n "$serv_addr" ] || {
+               echo "Could not resolve server address"
+               sleep 5
+               proto_setup_failed "$config"
+               exit 1
+       }
+
+       if [ ! -p /var/run/xl2tpd/l2tp-control ]; then
+               /etc/init.d/xl2tpd start
+       fi
+
+       json_get_vars ipv6 demand keepalive username password pppd_options
+       [ "$ipv6" = 1 ] || ipv6=""
+       if [ "${demand:-0}" -gt 0 ]; then
+               demand="precompiled-active-filter /etc/ppp/filter demand idle $demand"
+       else
+               demand="persist"
+       fi
+
+       [ -n "$mtu" ] || json_get_var mtu mtu
+
+       local interval="${keepalive##*[, ]}"
+       [ "$interval" != "$keepalive" ] || interval=5
+
+       mkdir -p /tmp/l2tp
+
+       echo "${keepalive:+lcp-echo-interval $interval lcp-echo-failure ${keepalive%%[, ]*}}" > "${optfile}"
+       echo "usepeerdns" >> "${optfile}"
+       echo "nodefaultroute" >> "${optfile}"
+       echo "${username:+user \"$username\" password \"$password\"}" >> "${optfile}"
+       echo "ipparam \"$config\"" >> "${optfile}"
+       echo "ifname \"l2tp-$config\"" >> "${optfile}"
+       echo "ip-up-script /lib/netifd/ppp-up" >> "${optfile}"
+       echo "ipv6-up-script /lib/netifd/ppp-up" >> "${optfile}"
+       echo "ip-down-script /lib/netifd/ppp-down" >> "${optfile}"
+       echo "ipv6-down-script /lib/netifd/ppp-down" >> "${optfile}"
+       # Don't wait for LCP term responses; exit immediately when killed.
+       echo "lcp-max-terminate 0" >> "${optfile}"
+       echo "${ipv6:++ipv6} ${pppd_options}" >> "${optfile}"
+       echo "${mtu:+mtu $mtu mru $mtu}" >> "${optfile}"
+
+       xl2tpd-control add l2tp-${config} pppoptfile=${optfile} lns=${server} redial=yes redial timeout=20
+       xl2tpd-control connect l2tp-${config}
+}
+
+proto_l2tp_teardown() {
+       local interface="$1"
+       local optfile="/tmp/l2tp/options.${interface}"
+
+       case "$ERROR" in
+               11|19)
+                       proto_notify_error "$interface" AUTH_FAILED
+                       proto_block_restart "$interface"
+               ;;
+               2)
+                       proto_notify_error "$interface" INVALID_OPTIONS
+                       proto_block_restart "$interface"
+               ;;
+       esac
+
+       xl2tpd-control disconnect l2tp-${interface}
+       # Wait for interface to go down
+        while [ -d /sys/class/net/l2tp-${interface} ]; do
+               sleep 1
+       done
+
+       xl2tpd-control remove l2tp-${interface}
+       rm -f ${optfile}
+}
+
+[ -n "$INCLUDE_ONLY" ] || {
+       add_protocol l2tp
+}
diff --git a/net/xl2tpd/files/options.xl2tpd b/net/xl2tpd/files/options.xl2tpd
new file mode 100644 (file)
index 0000000..f0fc4f4
--- /dev/null
@@ -0,0 +1,13 @@
+#
+
+lock
+noauth
+debug
+dump
+logfd 2
+logfile /var/log/xl2tpd.log
+noccp
+novj
+novjccomp
+nopcomp
+noaccomp
diff --git a/net/xl2tpd/files/xl2tp-secrets b/net/xl2tpd/files/xl2tp-secrets
new file mode 100644 (file)
index 0000000..0fb513f
--- /dev/null
@@ -0,0 +1,5 @@
+# Secrets for authenticating l2tp tunnels
+# us           them            secret
+# *            marko           blah2
+# zeus         marko           blah
+# *            *               interop
diff --git a/net/xl2tpd/files/xl2tpd.conf b/net/xl2tpd/files/xl2tpd.conf
new file mode 100644 (file)
index 0000000..2423ff6
--- /dev/null
@@ -0,0 +1,23 @@
+[global]
+port = 1701
+auth file = /etc/xl2tpd/xl2tp-secrets
+access control = no
+
+;[lns default]
+;exclusive = yes
+;ip range = 192.168.254.202-192.168.254.210
+;lac = 10.0.1.2
+;hidden bit = no
+;local ip = 192.168.254.200
+;length bit = yes
+;refuse authentication = yes
+;name = VersaLink
+;ppp debug = yes
+;pppoptfile = /etc/ppp/options.xl2tpd
+
+;[lac left]
+;lns = 10.0.1.2
+;refuse authentication = yes
+;name = VersaLink
+;ppp debug = yes
+;pppoptfile = /etc/ppp/options.xl2tpd
diff --git a/net/xl2tpd/files/xl2tpd.conf.sample b/net/xl2tpd/files/xl2tpd.conf.sample
new file mode 100644 (file)
index 0000000..477afa5
--- /dev/null
@@ -0,0 +1,73 @@
+;
+; Sample l2tpd configuration file
+;
+; This example file should give you some idea of how the options for l2tpd
+; should work.  The best place to look for a list of all options is in
+; the source code itself, until I have the time to write better documetation :)
+; Specifically, the file "file.c" contains a list of commands at the end.
+;
+; You most definitely don't have to spell out everything as it is done here
+;
+; [global]                                                                             ; Global parameters:
+; port = 1701                                                                  ; * Bind to port 1701
+; auth file = /etc/xl2tpd/xl2tp-secrets                        ; * Where our challenge secrets are
+; access control = yes                                                 ; * Refuse connections without IP match
+; rand source = dev                                                            ; Source for entropy for random
+;                                                                                              ; numbers, options are:
+;                                                                                              ; dev - reads of /dev/urandom
+;                                                                                              ; sys - uses rand()
+;                                                                                              ; egd - reads from egd socket
+;                                                                                              ; egd is not yet implemented
+;
+; [lns default]                                                                        ; Our fallthrough LNS definition
+; exclusive = no                                                               ; * Only permit one tunnel per host
+; ip range = 192.168.0.1-192.168.0.20                  ; * Allocate from this IP range
+; no ip range = 192.168.0.3-192.168.0.9                        ; * Except these hosts
+; ip range = 192.168.0.5                                               ; * But this one is okay
+; ip range = lac1-lac2                                                 ; * And anything from lac1 to lac2's IP
+; lac = 192.168.1.4 - 192.168.1.8                              ; * These can connect as LAC's
+; no lac = untrusted.marko.net                                 ; * This guy can't connect
+; hidden bit = no                                                              ; * Use hidden AVP's?
+; local ip = 192.168.1.2                                               ; * Our local IP to use
+; length bit = yes                                                             ; * Use length bit in payload?
+; require chap = yes                                                   ; * Require CHAP auth. by peer
+; refuse pap = yes                                                             ; * Refuse PAP authentication
+; refuse chap = no                                                             ; * Refuse CHAP authentication
+; refuse authentication = no                                   ; * Refuse authentication altogether
+; require authentication = yes                                 ; * Require peer to authenticate
+; unix authentication = no                                             ; * Use /etc/passwd for auth.
+; name = myhostname                                                            ; * Report this as our hostname
+; ppp debug = no                                                               ; * Turn on PPP debugging
+; pppoptfile = /etc/ppp/options.xl2tpd.lns             ; * ppp options file
+; call rws = 10                                                                        ; * RWS for call (-1 is valid)
+; tunnel rws = 4                                                               ; * RWS for tunnel (must be > 0)
+; flow bit = yes                                                               ; * Include sequence numbers
+; challenge = yes                                                              ; * Challenge authenticate peer ;
+;
+; [lac marko]                                                                  ; Example VPN LAC definition
+; lns = lns.marko.net                                                  ; * Who is our LNS?
+; lns = lns2.marko.net                                                 ; * A backup LNS (not yet used)
+; redial = yes                                                                 ; * Redial if disconnected?
+; redial timeout = 15                                                  ; * Wait n seconds between redials
+; max redials = 5                                                              ; * Give up after n consecutive failures
+; hidden bit = yes                                                             ; * User hidden AVP's?
+; local ip = 192.168.1.1                                               ; * Force peer to use this IP for us
+; remote ip = 192.168.1.2                                              ; * Force peer to use this as their IP
+; length bit = no                                                              ; * Use length bit in payload?
+; require pap = no                                                             ; * Require PAP auth. by peer
+; require chap = yes                                                   ; * Require CHAP auth. by peer
+; refuse pap = yes                                                             ; * Refuse PAP authentication
+; refuse chap = no                                                             ; * Refuse CHAP authentication
+; refuse authentication = no                                   ; * Refuse authentication altogether
+; require authentication = yes                                 ; * Require peer to authenticate
+; name = marko                                                                 ; * Report this as our hostname
+; ppp debug = no                                                               ; * Turn on PPP debugging
+; pppoptfile = /etc/ppp/options.xl2tpd.marko   ; * ppp options file for this lac
+; call rws = 10                                                                        ; * RWS for call (-1 is valid)
+; tunnel rws = 4                                                               ; * RWS for tunnel (must be > 0)
+; flow bit = yes                                                               ; * Include sequence numbers
+; challenge = yes                                                              ; * Challenge authenticate peer
+;
+; [lac cisco]                                                                  ; Another quick LAC
+; lns = cisco.marko.net                                                        ; * Required, but can take from default
+; require authentication = yes
diff --git a/net/xl2tpd/files/xl2tpd.init b/net/xl2tpd/files/xl2tpd.init
new file mode 100644 (file)
index 0000000..22e8459
--- /dev/null
@@ -0,0 +1,18 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006-2010 OpenWrt.org
+
+START=60
+BIN=xl2tpd
+DEFAULT=/etc/default/$BIN
+RUN_D=/var/run
+PID_F=$RUN_D/$BIN.pid
+
+start() {
+       mkdir -p $RUN_D/$BIN
+       [ -f $DEFAULT ] && . $DEFAULT
+       $BIN $OPTIONS
+}
+
+stop() {
+       [ -f $PID_F ] && kill $(cat $PID_F)
+}
diff --git a/net/xl2tpd/patches/100-makefile_opt_flags.patch b/net/xl2tpd/patches/100-makefile_opt_flags.patch
new file mode 100644 (file)
index 0000000..82e875d
--- /dev/null
@@ -0,0 +1,12 @@
+--- a/Makefile
++++ b/Makefile
+@@ -91,7 +91,8 @@ OSFLAGS+= -DUSE_KERNEL
+ IPFLAGS?= -DIP_ALLOCATION
+-CFLAGS+= $(DFLAGS) -O2 -fno-builtin -Wall -DSANITY $(OSFLAGS) $(IPFLAGS)
++OFLAGS=-O2
++CFLAGS+= $(DFLAGS) $(OFLAGS) -fno-builtin -Wall -DSANITY $(OSFLAGS) $(IPFLAGS)
+ HDRS=l2tp.h avp.h misc.h control.h call.h scheduler.h file.h aaa.h md5.h
+ OBJS=xl2tpd.o pty.o misc.o control.o avp.o call.o network.o avpsend.o scheduler.o file.o aaa.o md5.o
+ SRCS=${OBJS:.o=.c} ${HDRS}
diff --git a/net/xl2tpd/patches/110-makefile_dont_build_pfc.patch b/net/xl2tpd/patches/110-makefile_dont_build_pfc.patch
new file mode 100644 (file)
index 0000000..460a0f1
--- /dev/null
@@ -0,0 +1,43 @@
+--- a/Makefile
++++ b/Makefile
+@@ -107,10 +107,10 @@ BINDIR?=$(DESTDIR)${PREFIX}/bin
+ MANDIR?=$(DESTDIR)${PREFIX}/share/man
+-all: $(EXEC) pfc $(CONTROL_EXEC)
++all: $(EXEC) $(CONTROL_EXEC)
+ clean:
+-      rm -f $(OBJS) $(EXEC) pfc.o pfc $(CONTROL_EXEC)
++      rm -f $(OBJS) $(EXEC) $(CONTROL_EXEC)
+ $(EXEC): $(OBJS) $(HDRS)
+       $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
+@@ -118,14 +118,10 @@ $(EXEC): $(OBJS) $(HDRS)
+ $(CONTROL_EXEC): $(CONTROL_SRCS)
+       $(CC) $(CFLAGS) $(LDFLAGS) $(CONTROL_SRCS) -o $@
+-pfc:
+-      $(CC) $(CFLAGS) -c contrib/pfc.c
+-      $(CC) $(LDFLAGS) -o pfc pfc.o -lpcap $(LDLIBS)
+-
+ romfs:
+       $(ROMFSINST) /bin/$(EXEC)
+-install: ${EXEC} pfc ${CONTROL_EXEC}
++install: ${EXEC} ${CONTROL_EXEC}
+       install -d -m 0755 ${SBINDIR}
+       install -m 0755 $(EXEC) ${SBINDIR}/$(EXEC)
+       install -d -m 0755 ${MANDIR}/man5
+@@ -133,11 +129,6 @@ install: ${EXEC} pfc ${CONTROL_EXEC}
+       install -m 0644 doc/xl2tpd.8 ${MANDIR}/man8/
+       install -m 0644 doc/xl2tpd.conf.5 doc/l2tp-secrets.5 \
+                ${MANDIR}/man5/
+-      # pfc
+-      install -d -m 0755 ${BINDIR}
+-      install -m 0755 pfc ${BINDIR}/pfc
+-      install -d -m 0755 ${MANDIR}/man1
+-      install -m 0644 contrib/pfc.1 ${MANDIR}/man1/
+       # control exec
+       install -d -m 0755 ${SBINDIR}
+       install -m 0755 $(CONTROL_EXEC) ${SBINDIR}/$(CONTROL_EXEC)