diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000000000000000000000000000000000000..7e0dc3039a8ddcfd8b9361e7131b855467b46527 --- /dev/null +++ b/LICENSE @@ -0,0 +1,19 @@ +Copyright (c) 2020 Dimitri Papadopoulos + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000000000000000000000000000000000000..cf2d7b299f039eccfd9a0c18b8572c15aac3ab9f --- /dev/null +++ b/README.md @@ -0,0 +1,67 @@ +openfortivpn +============ + +We use these files to create the +[_openfortivpn_ snap](https://snapcraft.io/openfortivpn) from the +[_openfortivpn_ sources](https://github.com/adrienverge/openfortivpn). + +openfortivpn is a client for PPP+SSL VPN tunnel services. +It spawns a pppd process and operates the communication between the gateway and +this process. + +It is compatible with Fortinet VPNs. + + +------------ +Installing +------------ + +Install the snap from the [Snap Store](https://snapcraft.io/store): +``` +sudo snap install openfortivpn +``` + +Until the _openfortivpn_ snap is authorized to auto-connect, you need to +connect these two _plugs_ manually: +``` +sudo snap connect openfortivpn:ppp +sudo snap connect openfortivpn:network-control +``` + + +------------ +Examples +------------ + +* Simply connect to a VPN: + ``` + sudo openfortivpn vpn-gateway:8443 --username=foo + ``` + +* Connect to a VPN using an authentication realm: + ``` + sudo openfortivpn vpn-gateway:8443 --username=foo--realm=bar + ``` + +* Don't set IP routes and don't add VPN nameservers to `/etc/resolv.conf`: + ``` + openfortivpn vpn-gateway:8443 -u foo -p bar --no-routes --no-dns --pppd-no-peerdns + ``` + +* Using a config file: + ``` + openfortivpn -c /snap/openfortivpn/common/config + ``` + + With `/var/snap/openfortivpn/common/config` containing: + ``` + host = vpn-gateway + port = 8443 + username = foo + password = bar + set-routes = 0 + set-dns = 0 + pppd-use-peerdns = 0 + # X509 certificate sha256 sum, trust only this one! + trusted-cert = e46d4aff08ba6914e64daa85bc6112a422fa7ce16631bff0b592a28556f993db + ``` diff --git a/snap/gui/icon.svg b/snap/gui/icon.svg new file mode 100644 index 0000000000000000000000000000000000000000..79b66a69b353f791016d79c15e331376a4e9e76f --- /dev/null +++ b/snap/gui/icon.svg @@ -0,0 +1,8 @@ +<?xml version="1.0"?> +<svg version="1.1" id="CEVNI" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="512" height="512"> +<g id="No_passing_outside_the_area_marked" transform="scale(5.12,5.12)"> + <path id="red_square" d="M 2.5 2.5 h95 v95 h-95 Z M 17.5 17.5 v65 h65 v-65 Z" fill="#ed1b2e"/> + <path id="black_triangle_left" d="M 17.5 35 32.20 50 17.5 65 Z" fill="black"/> + <path id="black_triangle_left" d="M 82.5 35 67.80 50 82.5 65 Z" fill="black"/> +</g> +</svg> diff --git a/snap/hooks/install b/snap/hooks/install new file mode 100755 index 0000000000000000000000000000000000000000..a34ad7ccf47ddabe49cea626f42d79fa45f55a44 --- /dev/null +++ b/snap/hooks/install @@ -0,0 +1,7 @@ +#!/bin/sh -e + +OPENFORTIVPN_TEMPLATE="${SNAP}/share/openfortivpn/config.template" +OPENFORTIVPN_CONFIG="${SNAP_COMMON}/config" + +sed -e '3,$ s/^/# /' "$OPENFORTIVPN_TEMPLATE" > "$OPENFORTIVPN_CONFIG" +chmod 600 "$OPENFORTIVPN_CONFIG" diff --git a/snap/hooks/post-refresh b/snap/hooks/post-refresh new file mode 100755 index 0000000000000000000000000000000000000000..69a00fa39dcea766479faac00b7b6c8802cb2d45 --- /dev/null +++ b/snap/hooks/post-refresh @@ -0,0 +1,11 @@ +#!/bin/sh -e + +OPENFORTIVPN_TEMPLATE="${SNAP}/share/openfortivpn/config.template" +OPENFORTIVPN_CONFIG="${SNAP_COMMON}/config" + +if [ -f "$OPENFORTIVPN_CONFIG" ]; then + echo "Existing configuration file will not be overwritten" +else + sed -e '3,$ s/^/# /' "$OPENFORTIVPN_TEMPLATE" > "$OPENFORTIVPN_CONFIG" + chmod 600 "$OPENFORTIVPN_CONFIG" +fi diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 5095ef98ade1d85a28eaf7fb88f5a5a509d1a32c..65c3a277e013efd93b68355a4cc632aec2f3ea2e 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -1,25 +1,65 @@ --- name: openfortivpn -version: git -base: core18 summary: openfortivpn, a PPP+SSL VPN client description: | Openfortivpn is a client for PPP+SSL VPN tunnel services. It spawns a pppd process and operates the communication between the gateway and this process. +license: GPL-3.0 +adopt-info: openfortivpn +base: core18 confinement: strict grade: stable +icon: snap/gui/icon.svg + +architectures: + - build-on: amd64 + +layout: + /usr/sbin/pppd: + bind-file: $SNAP/usr/sbin/pppd + /etc/openfortivpn: + bind: $SNAP_COMMON + apps: openfortivpn: command: openfortivpn - plugs: [network-bind] + plugs: + - network-bind + - ppp + - network-control parts: openfortivpn: + source: https://github.com/adrienverge/openfortivpn.git plugin: autotools - source: . + configflags: + - --with-pppd=/usr/sbin/pppd build-packages: + - git - build-essential - pkg-config - libssl-dev + - libsystemd-dev + stage-packages: + - ppp + stage: + - bin/openfortivpn + - etc/ppp/* + - share/* + - usr/sbin/pppd + - usr/lib + - usr/share/ppp + # Infer version from Git tags: + # * Remove the leading "v" from openfortivpn Git tags. + # * We propose specific Git tags for openfortivpn snaps, if needed. + # Thay have a leading "sv" for "snap version" and we remove this + # leading "sv" too. + # Infer grade from version: + # * Tagged commits are considered "stable". + # * Other commits are considered "devel". + override-pull: | + snapcraftctl pull + version="$(git -C "${SNAPCRAFT_PART_SRC}" describe --tags | sed -e 's/^v//;s/-/+git/;y/-/./')" + snapcraftctl set-version "$version"