From fda1d9570e43b22a351a892d89697346eba76d1a Mon Sep 17 00:00:00 2001 From: Koichiro Iwao Date: Mon, 25 Feb 2019 05:07:08 +0000 Subject: [PATCH] New port: security/softether5: SoftEther VPN 5 (Developer Edition) SoftEther VPN ("SoftEther" means "Software Ethernet") is an open-source cross-platform multi-protocol VPN program, created as an academic project in the University of Tsukuba. Its protocol is very fast and it can be used in very restricted environments, as it's able to transfer packets over DNS and ICMP. A NAT-Traversal function is also available, very useful in case the required ports cannot be opened on the firewall. The supported third party protocols are OpenVPN, L2TP/IPSec and SSTP. This port is a bleeding-edge developer version of SoftEther, not for production use. If you're looking for a solid and stable version, use security/softether (RTM version) or security/softether-devel (stable version) instead. This version is available also on other other than i386/amd64 processors. Users who want to use SoftEther on single board computers such as Raspberry Pi, BeagleBoard or other embedded devices, try this port. WWW: https://www.softether.org --- security/Makefile | 1 + security/softether-devel/Makefile | 2 +- security/softether/Makefile | 2 +- security/softether5/Makefile | 109 ++++++++++++++++++ security/softether5/distinfo | 3 + ...xtra-patch-unrestrict-enterprise-functions | 27 +++++ .../softether5/files/patch-chain-certs-dir | 31 +++++ security/softether5/files/patch-piddir | 29 +++++ .../files/patch-use-system-cpu_features | 18 +++ security/softether5/files/pkg-message.in | 24 ++++ security/softether5/files/softether_bridge.in | 36 ++++++ security/softether5/files/softether_client.in | 36 ++++++ security/softether5/files/softether_server.in | 36 ++++++ security/softether5/pkg-descr | 18 +++ security/softether5/pkg-plist | 20 ++++ 15 files changed, 390 insertions(+), 2 deletions(-) create mode 100644 security/softether5/Makefile create mode 100644 security/softether5/distinfo create mode 100644 security/softether5/files/extra-patch-unrestrict-enterprise-functions create mode 100644 security/softether5/files/patch-chain-certs-dir create mode 100644 security/softether5/files/patch-piddir create mode 100644 security/softether5/files/patch-use-system-cpu_features create mode 100644 security/softether5/files/pkg-message.in create mode 100644 security/softether5/files/softether_bridge.in create mode 100644 security/softether5/files/softether_client.in create mode 100644 security/softether5/files/softether_server.in create mode 100644 security/softether5/pkg-descr create mode 100644 security/softether5/pkg-plist diff --git a/security/Makefile b/security/Makefile index 25771d6fb0e3..62ee41217b9f 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1258,6 +1258,7 @@ SUBDIR += snuffleupagus SUBDIR += softether SUBDIR += softether-devel + SUBDIR += softether5 SUBDIR += softhsm SUBDIR += softhsm2 SUBDIR += sops diff --git a/security/softether-devel/Makefile b/security/softether-devel/Makefile index ce9c484df1ec..6013e42fe441 100644 --- a/security/softether-devel/Makefile +++ b/security/softether-devel/Makefile @@ -36,7 +36,7 @@ OPTIONS_DEFINE= DOCS UNLOCK UNLOCK_DESC= Unlock regional lockout (JP and CN) UNLOCK_EXTRA_PATCHES= ${FILESDIR}/extra-patch-unrestrict-enterprise-functions -CONFLICTS_INSTALL= softether +CONFLICTS_INSTALL= softether-4.* softether5 PORTDOCS= AUTHORS.TXT ChangeLog LICENSE README THIRD_PARTY.TXT WARNING.TXT LOGDIR?= /var/log/softether diff --git a/security/softether/Makefile b/security/softether/Makefile index 7af712102af2..ec7510f91a3a 100644 --- a/security/softether/Makefile +++ b/security/softether/Makefile @@ -36,7 +36,7 @@ OPTIONS_DEFINE= DOCS UNLOCK UNLOCK_DESC= Unlock regional lockout (JP and CN) UNLOCK_EXTRA_PATCHES= ${FILESDIR}/extra-patch-unrestrict-enterprise-functions -CONFLICTS_INSTALL= softether-devel +CONFLICTS_INSTALL= softether-devel-4.* softether5 PORTDOCS= AUTHORS.TXT ChangeLog LICENSE README THIRD_PARTY.TXT WARNING.TXT LOGDIR?= /var/log/softether diff --git a/security/softether5/Makefile b/security/softether5/Makefile new file mode 100644 index 000000000000..6a510f552f2b --- /dev/null +++ b/security/softether5/Makefile @@ -0,0 +1,109 @@ +# $FreeBSD$ + +PORTNAME= softether +DISTVERSION= 5.01.9669 +CATEGORIES= security +PKGNAMESUFFIX= 5 + +MAINTAINER= meta@FreeBSD.org +COMMENT= SoftEther VPN 5 (Developer Edition) + +LICENSE= APACHE20 +LICENSE_FILE= ${WRKSRC}/LICENSE + +BUILD_DEPENDS= ${LOCALBASE}/include/cpu_features_macros.h:devel/cpu_features + +USES+= cmake:noninja dos2unix iconv:wchar_t localbase:ldflags ncurses readline ssl +USE_RC_SUBR= softether_bridge softether_client softether_server +USE_LDCONFIG= yes +USE_GITHUB= yes + +DOS2UNIX_GLOB= *.h *.c + +GH_ACCOUNT= SoftEtherVPN +GH_PROJECT= SoftEtherVPN + +OPTIONS_DEFINE= DOCS UNLOCK + +# Use of some functions in Japan and China is restricted. +# This option Unlocks regional lockout following functions: +# - RADIUS / NT Domain user authentication function +# - RSA certificate user authentication function +# - Deep-inspect packet logging function +# - Source IP address control list function +# - syslog transfer function +UNLOCK_DESC= Unlock regional lockout (JP and CN) +UNLOCK_EXTRA_PATCHES= ${FILESDIR}/extra-patch-unrestrict-enterprise-functions + +PORTDOCS= DISCLAIMER.md WARNING.TXT +CONFLICTS_INSTALL= softether-4.[0-9]* softether-devel-4.[0-9]* + +SE_DBDIR?= /var/db/${PORTNAME} +SE_LOGDIR?= /var/log/${PORTNAME} +PLIST_SUB= SE_DBDIR="${SE_DBDIR}" SE_LOGDIR="${SE_LOGDIR}" +SUB_LIST= SE_DBDIR="${SE_DBDIR}" SE_LOGDIR="${SE_LOGDIR}" +SUB_FILES= pkg-message + +.include + +pre-configure: + # not a GNU configure + @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ./configure + +post-patch: + # SoftEther scatters logs, config files and PID files in PREFIX/libexec + # directory. To write them in the right place, replace it. + ${REINPLACE_CMD} \ + -e "s|@vpn_server_template|${SE_DBDIR}/vpn_server_template|" \ + -e "s|@vpn_server|${SE_DBDIR}/vpn_server|" \ + -e "s|@vpn_bridge|${SE_DBDIR}/vpn_bridge|" \ + -e "s|@vpn_gate_svc|${SE_DBDIR}/vpn_gate_svc|" \ + -e "s|@vpn_gate_relay|${SE_DBDIR}/vpn_gate_relay|" \ + ${WRKSRC}/src/Cedar/Server.c + + ${REINPLACE_CMD} \ + -e "s|@adminip|${SE_DBDIR}/adminip|" \ + -e "s|@etherlogger|${SE_DBDIR}/etherlogger|" \ + -e "s|@vpn_client|${SE_DBDIR}/vpn_client|" \ + -e "s|@vpn_router|${SE_DBDIR}/vpn_router|" \ + -e "s|@custom|${SE_DBDIR}/custom|" \ + -e "s|@backup|${SE_DBDIR}/backup|" \ + -e "s|@save_binary|${SE_DBDIR}/save_binary|" \ + -e "s|@lang|${SE_DBDIR}/lang|" \ + -e "s|@azureserver|${SE_DBDIR}/azureserver|" \ + -e "s|@server_log|${DIR}/server|" \ + -e "s|@security_log|${SE_LOGDIR}/security|" \ + -e "s|@packet_log|${SE_LOGDIR}/packet|" \ + -e "s|@secure_nat_log|${SE_LOGDIR}/secure_nat|" \ + -e "s|@client_log|${SE_LOGDIR}/client|" \ + -e "s|@tiny_log|${SE_LOGDIR}/tiny|" \ + -e "s|@carrier_log|${SE_LOGDIR}/carrier|" \ + -e "s|@etherlogger_log|${SE_LOGDIR}/etherlogger|" \ + ${WRKSRC}/src/Cedar/Cedar.h \ + ${WRKSRC}/src/Cedar/Client.h \ + ${WRKSRC}/src/Cedar/Nat.h \ + ${WRKSRC}/src/Cedar/Server.c \ + ${WRKSRC}/src/Mayaqua/Cfg.c \ + ${WRKSRC}/src/Mayaqua/Cfg.h \ + ${WRKSRC}/src/Mayaqua/Table.h + + ${REINPLACE_CMD} \ + -e "s|abort_error_log\.txt|${SE_LOGDIR}/abort_error_log.txt|" \ + ${WRKSRC}/src/Mayaqua/Kernel.c + + ${REINPLACE_CMD} \ + -e "s|%%SE_DBDIR%%|${SE_DBDIR}|g" \ + ${WRKSRC}/src/Cedar/Protocol.c \ + ${WRKSRC}/src/Mayaqua/Unix.c \ + ${WRKSRC}/src/Mayaqua/Network.c + +post-install: + @${MKDIR} ${STAGEDIR}${SE_LOGDIR} ${STAGEDIR}${SE_DBDIR} + +post-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} +.for doc in ${PORTDOCS} + ${FIND} ${WRKSRC} -name ${doc} -exec ${INSTALL_DATA} {} ${STAGEDIR}${DOCSDIR} \; +.endfor + +.include diff --git a/security/softether5/distinfo b/security/softether5/distinfo new file mode 100644 index 000000000000..85013d26b6f4 --- /dev/null +++ b/security/softether5/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1549591284 +SHA256 (SoftEtherVPN-SoftEtherVPN-5.01.9669_GH0.tar.gz) = e40597094bd551767043fd5a8553ca03bfb5ab3938ea2523414d03b1bb7fddd5 +SIZE (SoftEtherVPN-SoftEtherVPN-5.01.9669_GH0.tar.gz) = 65709105 diff --git a/security/softether5/files/extra-patch-unrestrict-enterprise-functions b/security/softether5/files/extra-patch-unrestrict-enterprise-functions new file mode 100644 index 000000000000..780bbe10f8bd --- /dev/null +++ b/security/softether5/files/extra-patch-unrestrict-enterprise-functions @@ -0,0 +1,27 @@ +--- src/Cedar/Server.c.orig 2019-02-04 04:43:50.000000000 +0900 ++++ src/Cedar/Server.c 2019-02-15 17:50:18.825945000 +0900 +@@ -10566,23 +10566,7 @@ + // + bool SiIsEnterpriseFunctionsRestrictedOnOpenSource(CEDAR *c) + { +- char region[128]; +- bool ret = false; +- // Validate arguments +- if (c == NULL) +- { +- return false; +- } +- +- +- SiGetCurrentRegion(c, region, sizeof(region)); +- +- if (StrCmpi(region, "JP") == 0 || StrCmpi(region, "CN") == 0) +- { +- ret = true; +- } +- +- return ret; ++ return false; + } + + // Update the current region diff --git a/security/softether5/files/patch-chain-certs-dir b/security/softether5/files/patch-chain-certs-dir new file mode 100644 index 000000000000..886d7773f674 --- /dev/null +++ b/security/softether5/files/patch-chain-certs-dir @@ -0,0 +1,31 @@ +--- src/Cedar/Protocol.c.orig 2019-02-03 19:43:50 UTC ++++ src/Cedar/Protocol.c +@@ -58,7 +58,7 @@ bool TryGetRootCertChain(LIST *o, X *x, bool auto_save + wchar_t exedir[MAX_SIZE]; + + GetExeDirW(exedir, sizeof(exedir)); +- CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); ++ CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs"); + MakeDirExW(dirname); + + if (auto_save) +@@ -365,7 +365,7 @@ void AddAllChainCertsToCertList(LIST *o) + + GetExeDirW(exedir, sizeof(exedir)); + +- CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); ++ CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs"); + + MakeDirExW(dirname); + +--- src/Mayaqua/Network.c.orig 2019-02-03 19:43:50 UTC ++++ src/Mayaqua/Network.c +@@ -11520,7 +11520,7 @@ void AddChainSslCertOnDirectory(struct ssl_ctx_st *ctx + + GetExeDirW(exedir, sizeof(exedir)); + +- CombinePathW(dirname, sizeof(dirname), exedir, L"chain_certs"); ++ CombinePathW(dirname, sizeof(dirname), L"/var/db/softether", L"chain_certs"); + + MakeDirExW(dirname); + diff --git a/security/softether5/files/patch-piddir b/security/softether5/files/patch-piddir new file mode 100644 index 000000000000..b91b81fe27b3 --- /dev/null +++ b/security/softether5/files/patch-piddir @@ -0,0 +1,29 @@ +--- src/Mayaqua/Unix.c.orig 2019-02-03 19:43:50 UTC ++++ src/Mayaqua/Unix.c +@@ -774,7 +774,7 @@ void *UnixNewSingleInstance(char *instance_name) + GetExeDir(dir, sizeof(dir)); + + // File name generation +- Format(name, sizeof(name), "%s/.%s", dir, tmp); ++ Format(name, sizeof(name), "/var/db/softether/.%s", tmp); + + fd = open(name, O_WRONLY); + if (fd == -1) +@@ -2194,7 +2194,7 @@ void UnixGenPidFileName(char *name, UINT size) + Md5(hash, exe_name, StrLen(exe_name)); + BinToStr(tmp1, sizeof(tmp1), hash, sizeof(hash)); + +- Format(name, size, "%s/.pid_%s", dir, tmp1); ++ Format(name, size, "/var/db/softether/.pid_%s", tmp1); + } + + // Delete the PID file +@@ -2239,7 +2239,7 @@ void UnixGenCtlFileName(char *name, UINT size) + Md5(hash, exe_name, StrLen(exe_name)); + BinToStr(tmp1, sizeof(tmp1), hash, sizeof(hash)); + +- Format(name, size, "%s/.ctl_%s", dir, tmp1); ++ Format(name, size, "/var/db/softether/.ctl_%s", tmp1); + } + + // Write the CTL file diff --git a/security/softether5/files/patch-use-system-cpu_features b/security/softether5/files/patch-use-system-cpu_features new file mode 100644 index 000000000000..7f03d39f89c3 --- /dev/null +++ b/security/softether5/files/patch-use-system-cpu_features @@ -0,0 +1,18 @@ +--- src/Mayaqua/CMakeLists.txt.orig 2019-02-03 19:43:50 UTC ++++ src/Mayaqua/CMakeLists.txt +@@ -63,14 +63,10 @@ if(UNIX) + + find_library(LIB_RT rt) + +- target_link_libraries(mayaqua PRIVATE OpenSSL::SSL OpenSSL::Crypto Threads::Threads ZLIB::ZLIB) ++ target_link_libraries(mayaqua PRIVATE OpenSSL::SSL OpenSSL::Crypto Threads::Threads ZLIB::ZLIB cpu_features) + + if (CMAKE_SYSTEM_PROCESSOR MATCHES "^(armv7l|aarch64|s390x)$" OR NOT HAVE_SYS_AUXV) + add_definitions(-DSKIP_CPU_FEATURES) +- else() +- add_subdirectory(3rdparty/cpu_features) +- set_property(TARGET cpu_features PROPERTY POSITION_INDEPENDENT_CODE ON) +- target_link_libraries(mayaqua PRIVATE cpu_features) + endif() + + if(LIB_RT) diff --git a/security/softether5/files/pkg-message.in b/security/softether5/files/pkg-message.in new file mode 100644 index 000000000000..29299ccca65f --- /dev/null +++ b/security/softether5/files/pkg-message.in @@ -0,0 +1,24 @@ +************************************************************************** + +To run softether vpn client from startup, run +sysrc softether_client_enable=yes + +To run softether vpn server from startup, run +sysrc softether_server_enable=yes + +To run softether vpn bridge from startup, run +sysrc softether_bridge_enable=yes + +Initial and further configuration of all softether services can be +done either by using a Windows client to connect to the running +services or by vpncmd from command line. + +Please note client and bridge functionality is not fully +supported on FreeBSD right now. + +When removing SoftEther VPN without the desire to reinstall, please +ensure to remove the following dirctories as well: +- %%SE_DBDIR%% +- %%SE_LOGDIR%% + +************************************************************************** diff --git a/security/softether5/files/softether_bridge.in b/security/softether5/files/softether_bridge.in new file mode 100644 index 000000000000..7080fe33b4ab --- /dev/null +++ b/security/softether5/files/softether_bridge.in @@ -0,0 +1,36 @@ +#!/bin/sh + +# PROVIDE: softether_bridge +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable softether_bridge: +# softether_bridge_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable +# +. /etc/rc.subr + +name=softether_bridge +rcvar=softether_bridge_enable +load_rc_config ${name} + +: ${softether_bridge_enable:=NO} + +command="%%PREFIX%%/libexec/softether/vpnbridge/vpnbridge" + +datadir="/var/db/softether" + +start_precmd="${name}_precmd" +start_cmd="${command} start" +stop_cmd="${command} stop" + +softether_bridge_precmd() +{ + if [ ! -d "${datadir}" ]; then + mkdir -p ${datadir} + fi +} + +run_rc_command "$1" diff --git a/security/softether5/files/softether_client.in b/security/softether5/files/softether_client.in new file mode 100644 index 000000000000..b9dc04eceef4 --- /dev/null +++ b/security/softether5/files/softether_client.in @@ -0,0 +1,36 @@ +#!/bin/sh + +# PROVIDE: softether_client +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable softether_client: +# softether_client_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable +# +. /etc/rc.subr + +name=softether_client +rcvar=softether_client_enable +load_rc_config ${name} + +: ${softether_client_enable:=NO} + +command="%%PREFIX%%/libexec/softether/vpnclient/vpnclient" + +datadir="/var/db/softether" + +start_precmd="${name}_precmd" +start_cmd="${command} start" +stop_cmd="${command} stop" + +softether_client_precmd() +{ + if [ ! -d "${datadir}" ]; then + mkdir -p ${datadir} + fi +} + +run_rc_command "$1" diff --git a/security/softether5/files/softether_server.in b/security/softether5/files/softether_server.in new file mode 100644 index 000000000000..6485a3e4e41a --- /dev/null +++ b/security/softether5/files/softether_server.in @@ -0,0 +1,36 @@ +#!/bin/sh + +# PROVIDE: softether_server +# REQUIRE: NETWORKING SERVERS +# BEFORE: DAEMON +# KEYWORD: shutdown + +# +# Add the following lines to /etc/rc.conf to enable softether_server: +# softether_server_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable +# +. /etc/rc.subr + +name=softether_server +rcvar=softether_server_enable +load_rc_config ${name} + +: ${softether_server_enable:=NO} + +command="%%PREFIX%%/libexec/softether/vpnserver/vpnserver" + +datadir="/var/db/softether" + +start_precmd="${name}_precmd" +start_cmd="${command} start" +stop_cmd="${command} stop" + +softether_server_precmd() +{ + if [ ! -d "${datadir}" ]; then + mkdir -p ${datadir} + fi +} + +run_rc_command "$1" diff --git a/security/softether5/pkg-descr b/security/softether5/pkg-descr new file mode 100644 index 000000000000..532d0ff89a71 --- /dev/null +++ b/security/softether5/pkg-descr @@ -0,0 +1,18 @@ +SoftEther VPN ("SoftEther" means "Software Ethernet") is an +open-source cross-platform multi-protocol VPN program, created as an +academic project in the University of Tsukuba. Its protocol is very +fast and it can be used in very restricted environments, as it's able +to transfer packets over DNS and ICMP. A NAT-Traversal function is +also available, very useful in case the required ports cannot be +opened on the firewall. The supported third party protocols are +OpenVPN, L2TP/IPSec and SSTP. + +This port is a bleeding-edge developer version of SoftEther, not for +production use. If you're looking for a solid and stable version, +use security/softether (RTM version) or security/softether-devel +(stable version) instead. This version is available also on other +other than i386/amd64 processors. Users who want to use SoftEther on +single board computers such as Raspberry Pi, BeagleBoard or other +embedded devices, try this port. + +WWW: https://www.softether.org diff --git a/security/softether5/pkg-plist b/security/softether5/pkg-plist new file mode 100644 index 000000000000..36b48fa5a1c2 --- /dev/null +++ b/security/softether5/pkg-plist @@ -0,0 +1,20 @@ +bin/vpnbridge +bin/vpnclient +bin/vpncmd +bin/vpnserver +lib/libcedar.so +lib/libmayaqua.so +libexec/softether/vpnbridge/hamcore.se2 +libexec/softether/vpnbridge/vpnbridge +libexec/softether/vpnclient/hamcore.se2 +libexec/softether/vpnclient/vpnclient +libexec/softether/vpncmd/hamcore.se2 +libexec/softether/vpncmd/vpncmd +libexec/softether/vpnserver/hamcore.se2 +libexec/softether/vpnserver/vpnserver +@dir libexec/softether/vpnbridge +@dir libexec/softether/vpnclient +@dir libexec/softether/vpncmd +@dir libexec/softether/vpnserver +@dir %%SE_DBDIR%% +@dir %%SE_LOGDIR%%