diff options
Diffstat (limited to 'security/openvpn-auth-oauth2')
| -rw-r--r-- | security/openvpn-auth-oauth2/Makefile | 28 | ||||
| -rw-r--r-- | security/openvpn-auth-oauth2/distinfo | 5 | ||||
| -rw-r--r-- | security/openvpn-auth-oauth2/files/openvpn_auth_oauth2.in | 148 | ||||
| -rw-r--r-- | security/openvpn-auth-oauth2/pkg-descr | 15 | ||||
| -rw-r--r-- | security/openvpn-auth-oauth2/pkg-plist | 3 |
5 files changed, 199 insertions, 0 deletions
diff --git a/security/openvpn-auth-oauth2/Makefile b/security/openvpn-auth-oauth2/Makefile new file mode 100644 index 000000000000..0d58c182a0d8 --- /dev/null +++ b/security/openvpn-auth-oauth2/Makefile @@ -0,0 +1,28 @@ +PORTNAME= openvpn-auth-oauth2 +DISTVERSIONPREFIX= v +DISTVERSION= 1.23.0 +PORTREVISION= 1 +CATEGORIES= security net net-vpn + +MAINTAINER= otis@FreeBSD.org +COMMENT= Management client for OpenVPN that handles SSO authentication +WWW= https://github.com/jkroepke/openvpn-auth-oauth2 + +LICENSE= MIT +LICENSE_FILE= ${WRKSRC}/LICENSE.txt + +EXTRACT_DEPENDS= ${BUILD_DEPENDS} + +USES= go:1.24,modules + +GO_MODULE= github.com/jkroepke/openvpn-auth-oauth2 + +SUB_FILES= openvpn_auth_oauth2 + +do-install: + ${INSTALL_PROGRAM} ${WRKDIR}/bin/openvpn-auth-oauth2 ${STAGEDIR}${PREFIX}/sbin + ${MKDIR} ${STAGEDIR}${ETCDIR} + ${INSTALL_DATA} ${WRKSRC}/config.example.yaml ${STAGEDIR}${ETCDIR}/openvpn-auth-oauth2.yml.sample + ${INSTALL_SCRIPT} ${WRKDIR}/openvpn_auth_oauth2 ${STAGEDIR}${PREFIX}/etc/rc.d + +.include <bsd.port.mk> diff --git a/security/openvpn-auth-oauth2/distinfo b/security/openvpn-auth-oauth2/distinfo new file mode 100644 index 000000000000..c69fcf7f3670 --- /dev/null +++ b/security/openvpn-auth-oauth2/distinfo @@ -0,0 +1,5 @@ +TIMESTAMP = 1747749448 +SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.23.0/v1.23.0.mod) = 3cfe3d6fcb9c2dadd04584a4dee41a867c33b720a91127efaaa501fd11726f2b +SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.23.0/v1.23.0.mod) = 1899 +SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.23.0/v1.23.0.zip) = 984bf33860740e9d4f3896db38bfea064a2b21553c85c8c0ea98856933c64b71 +SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.23.0/v1.23.0.zip) = 1850633 diff --git a/security/openvpn-auth-oauth2/files/openvpn_auth_oauth2.in b/security/openvpn-auth-oauth2/files/openvpn_auth_oauth2.in new file mode 100644 index 000000000000..40015f4a8e4a --- /dev/null +++ b/security/openvpn-auth-oauth2/files/openvpn_auth_oauth2.in @@ -0,0 +1,148 @@ +#!/bin/sh + +# PROVIDE: openvpn_auth_oauth2 +# REQUIRE: FILESYSTEMS defaultroute netwait resolv +# BEFORE: NETWORKING +# KEYWORD: shutdown + +# Add the following line to /etc/rc.conf to enable openvpn_auth_oauth2: +# +# openvpn_auth_oauth2_enable="YES" +# +# You also can set alternative config with +# openvpn_auth_oauth2_config="/path/to/config" +# +# Multiple profiles are supported with +# +# openvpn_auth_oauth2_profiles="name1 name2" +# openvpn_auth_oauth2_name1_enable="YES" +# openvpn_auth_oauth2_name1_config="/path/to/config1" +# openvpn_auth_oauth2_name2_enable="YES" +# openvpn_auth_oauth2_name2_config="/path/to/config2" +# + +. /etc/rc.subr + +name=openvpn_auth_oauth2 +rcvar=openvpn_auth_oauth2_enable +desc="Single sign-on for OpenVPN" + +eval ": \${${name}_enable:=\"NO\"}" +eval ": \${${name}_config:=%%ETCDIR%%/openvpn-auth-oauth2.yml}" +load_rc_config "${name}" + +_openvpn_auth_oauth2="%%PREFIX%%/sbin/openvpn-auth-oauth2" +_common_daemon_args=-Sfc +_piddir=/var/run/openvpn-auth-oauth2 + +# Set PID file +pidfile="${_piddir}/openvpn-auth-oauth2.pid" + +required_files=${openvpn_auth_oauth2_config} +command=/usr/sbin/daemon +command_args="${_common_daemon_args} -p ${pidfile} -t ${name} \ +${_openvpn_auth_oauth2} --config ${openvpn_auth_oauth2_config}" +procname="${_openvpn_auth_oauth2}" +extra_commands=reload +reload_cmd=openvpn_auth_oauth2_reload +start_precmd="[ -d ${_piddir} ] || /usr/bin/install -d ${_piddir}" + +openvpn_auth_oauth2_reload() +{ + if [ "x${openvpn_auth_oauth2_profiles}" != "x" -a "x$1" != "x" ]; then + for profile in ${openvpn_auth_oauth2_profiles}; do + eval _enable="\${openvpn_auth_oauth2_${profile}_enable}" + case "x${_enable:-${openvpn_auth_oauth2_enable}}" in + x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee]) + continue + ;; + x[Yy][Ee][Ss]) + ;; + *) + if test -z "$_enable"; then + _var=openvpn_auth_oauth2_enable + else + _var=openvpn_auth_oauth2_"${profile}"_enable + fi + echo "Bad value" \ + "'${_enable:-${openvpn_auth_oauth2_enable}}'" \ + "for ${_var}. " \ + "Profile ${profile} skipped." + continue + ;; + esac + echo "===> openvpn-auth-oauth2 profile: ${profile}" + pidfile="${_piddir}/openvpn-auth-oauth2-${profile}.pid" + kill -HUP `cat ${pidfile}` + retcode="$?" + if [ "0${retcode}" -ne 0 ]; then + failed="${profile} (${retcode}) ${failed:-}" + else + success="${profile} ${success:-}" + fi + done + exit 0 + else + echo "===> openvpn-auth-outh2 profile ${profile} reloading" + kill -HUP `cat ${pidfile}` + fi +} + +if [ -n "$2" ]; then + profile="$2" + if [ "x${openvpn_auth_oauth2_profiles}" != "x" ]; then + eval openvpn_auth_oauth2_config="\${openvpn_auth_oauth2_${profile}_config:-%%ETCDIR%%/openvpn-auth-oauth2-${profile}.yml}" + if [ "x${openvpn_auth_oauth2_config}" = "x" ]; then + echo "You must define a configuration file (openvpn_auth_oauth2_${profile}_config)" + exit 1 + fi + + pidfile="${_piddir}/openvpn-auth-oauth2-${profile}.pid" + + [ -f ${pidfile} ] || /usr/bin/install /dev/null "${pidfile}" + + required_files="${openvpn_auth_oauth2_config}" + eval openvpn_auth_oauth2_enable="\${openvpn_auth_oauth2_${profile}_enable:-${openvpn_auth_oauth2_enable}}" + command_args="${_common_daemon_args} -t ${name}-${profile} -p ${pidfile} \ + ${_openvpn_auth_oauth2} \ + --config ${openvpn_auth_oauth2_config}" + else + echo "$0: extra argument ignored" + fi +else + if [ "x${openvpn_auth_oauth2_profiles}" != "x" -a "x$1" != "x" ]; then + for profile in ${openvpn_auth_oauth2_profiles}; do + eval _enable="\${openvpn_auth_oauth2_${profile}_enable}" + case "x${_enable:-${openvpn_auth_oauth2_enable}}" in + x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee]) + continue + ;; + x[Yy][Ee][Ss]) + ;; + *) + if test -z "$_enable"; then + _var=openvpn_auth_oauth2_enable + else + _var=openvpn_auth_oauth2_"${profile}"_enable + fi + echo "Bad value" \ + "'${_enable:-${openvpn_auth_oauth2_enable}}'" \ + "for ${_var}. " \ + "Profile ${profile} skipped." + continue + ;; + esac + echo "===> openvpn-auth-oauth2 profile: ${profile}" + %%PREFIX%%/etc/rc.d/openvpn_auth_oauth2 $1 ${profile} + retcode="$?" + if [ "0${retcode}" -ne 0 ]; then + failed="${profile} (${retcode}) ${failed:-}" + else + success="${profile} ${success:-}" + fi + done + exit 0 + fi +fi + +run_rc_command "$1" diff --git a/security/openvpn-auth-oauth2/pkg-descr b/security/openvpn-auth-oauth2/pkg-descr new file mode 100644 index 000000000000..52e575e966a1 --- /dev/null +++ b/security/openvpn-auth-oauth2/pkg-descr @@ -0,0 +1,15 @@ +openvpn-auth-oauth2 is a management client for OpenVPN that handles the single +sign-on (SSO) authentication against various OIDC providers. This project aims +to simplify the process of integrating OpenVPN with OIDC providers such as: + +- Microsoft Entra ID (Azure AD) +- GitHub +- Okta +- Google Workspace +- Zittal +- Digitalocean +- Keycloak +- any other OIDC compatible auth server + +For comprehensive documentation, point the browser to: +https://github.com/jkroepke/openvpn-auth-oauth2/wiki/Configuration diff --git a/security/openvpn-auth-oauth2/pkg-plist b/security/openvpn-auth-oauth2/pkg-plist new file mode 100644 index 000000000000..c96f261f8393 --- /dev/null +++ b/security/openvpn-auth-oauth2/pkg-plist @@ -0,0 +1,3 @@ +@sample %%ETCDIR%%/openvpn-auth-oauth2.yml.sample +etc/rc.d/openvpn_auth_oauth2 +sbin/openvpn-auth-oauth2 |