aboutsummaryrefslogtreecommitdiffstats

OpenVPN-NL

This is an overlay voor the Gentoo Linux distribution, it provides ebuilds for OpenVPN-NL.

Why this overlay?

When i was experimenting with hardware security tokens and OpenVPN i got really bad performance, tunnel setup took multiple minutes. When i found OpenVPN-NL and tried it, it worked a lot better. So i initually created this overlay for personal use, and now hope it will be useful for others too. My forum topic on this subject can be found here.

What is in this overlay?

This overlay carries a single package: net-vpn/openvpn-nl. OpenVPN-NL is modified version of OpenVPN made by and for the Dutch government (hence the -NL). The modifications to both mbed TLS and OpenVPN include disabling of insecure configurations and ciphers. I did a full diff on the packages and their originals and there's no backdoor-ish stuff. Of course you don't have to beleve me, all the source is out there.

The package has a single USE flag: the use-expanded CPU_FLAGS_X86 flag aes. The official way of using OpenVPN-NL prohibits using hardware accelerated crypto, for private use you can of course change that. If this flag is set it will enable AES-NI support in mbet TLS, allowing hardware acceleration.

All files and directories with "openvpn" in their names have been renamed to "openvpn-nl", this ensures the OpenVPN and OpenVPN-NL can both be installed at the same time.

You might notice that the package does not specify any dependencies, this is because they are not specified and we'll have to find out while we're going. On my system I also have OpenVPN installed which will take care of most dependencies.

How to use this overlay?

First you'll have to clone this overlay on a place you like, a common place these days is /var/db/repos. So cd into that directory and use git clone https://code.pa4wdh.nl.eu.org/gentoo/openvpn-nl, this will create a directory called openvpn-nl with the overlay in it.

Next you have to make portage aware of the repo, for that you'll have to create a config file under /etc/portage/repos.conf. Create a file called openvpn-nl.conf and give it these contents: 

[openvpn-nl]
location = /var/db/repos/openvpn-nl
sync-type = git
sync-uri = https://code.pa4wdh.nl.eu.org/gentoo/openvpn-nl

If you placed the overlay on a different place than /var/db/repos make sure to adapt the location line to your needs.

What can i do with this?

For me this is the best way to get OpenVPN running with hardware crypto tokens. If that's what you like, or if you'd simply like to run OpenVPN-NL instead of OpenVPN on Gentoo, this is the easiest way.

If you have any feedback on this overlay, you're quite likely to find me on the Gentoo forums.

Have fun!

generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 18:49:59 +0000