diff options
Diffstat (limited to 'README.html')
| -rw-r--r-- | README.html | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/README.html b/README.html new file mode 100644 index 0000000..ffd1b46 --- /dev/null +++ b/README.html @@ -0,0 +1,75 @@ +<h1>OpenVPN-NL</h1> +<p> + This is an overlay voor the Gentoo Linux distribution, it provides ebuilds for + <a href="https://openvpn.fox-it.com">OpenVPN-NL</a>. +</p> +<h2>Why this overlay?</h2> +<p> + When i was experimenting with hardware security tokens and OpenVPN i got + really bad performance, tunnel setup took multiple minutes. When i found + OpenVPN-NL and tried it, it worked a lot better. So i initually + created this overlay for personal use, and now hope it will be useful for + others too. My forum topic on this subject can be found + <a href="https://forums.gentoo.org/viewtopic-t-1114346.html">here</a>. +</p> +<h2>What is in this overlay?</h2> +<p> + This overlay carries a single package: net-vpn/openvpn-nl. OpenVPN-NL is + modified version of OpenVPN made by and for the Dutch government (hence the + -NL). The modifications to both mbed TLS and OpenVPN include disabling of + insecure configurations and ciphers. I did a full diff on the packages and + their originals and there's no backdoor-ish stuff. Of course you don't have + to beleve me, all the source is out there. +</p> +<p> + The package has a single USE flag: the use-expanded CPU_FLAGS_X86 flag aes. + The official way of using OpenVPN-NL prohibits using hardware accelerated + crypto, for private use you can of course change that. If this flag is set it + will enable AES-NI support in mbet TLS, allowing hardware acceleration. +</p> +<p> + All files and directories with "openvpn" in their names have been + renamed to "openvpn-nl", this ensures the OpenVPN and OpenVPN-NL + can both be installed at the same time. +</p> +<p> + You might notice that the package does not specify any dependencies, this is + because they are not specified and we'll have to find out while we're going. + On my system I also have OpenVPN installed which will take care of most + dependencies. +</p> +<h2>How to use this overlay?</h2> +<p> + First you'll have to clone this overlay on a place you like, a common place + these days is <b>/var/db/repos</b>. So cd into that directory and use + <b>git clone https://code.pa4wdh.nl.eu.org/gentoo/openvpn-nl</b>, this will + create a directory called openvpn-nl with the overlay in it. +</p> +<p> + Next you have to make portage aware of the repo, for that you'll have to + create a config file under <b>/etc/portage/repos.conf</b>. Create a file + called <b>openvpn-nl.conf</b> and give it these contents: +</p> +<pre> +[openvpn-nl] +location = /var/db/repos/openvpn-nl +sync-type = git +sync-uri = https://code.pa4wdh.nl.eu.org/gentoo/openvpn-nl +</pre> +<p> + If you placed the overlay on a different place than <b>/var/db/repos</b> make + sure to adapt the <b>location</b> line to your needs. +</p> +<h2>What can i do with this?</h2> +<p> + For me this is the best way to get OpenVPN running with hardware crypto + tokens. If that's what you like, or if you'd simply like to run OpenVPN-NL + instead of OpenVPN on Gentoo, this is the easiest way. +</p> +<p> + If you have any feedback on this overlay, you're quite likely to find me on + the <a href="https://forums.gentoo.org">Gentoo forums</a>. +</p> +<p> + Have fun! +</p> |