From 78bc7df2f58c6b4dc88dd44fea373db80014a8e6 Mon Sep 17 00:00:00 2001
From: PA4WDH
Date: Wed, 21 Jul 2021 11:13:08 +0200
Subject: Initial commit

---
 README.html | 75 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 75 insertions(+)
 create mode 100644 README.html

(limited to 'README.html')
diff --git a/README.html b/README.html
new file mode 100644
index 0000000..ffd1b46
--- /dev/null
+++ b/README.html
@@ -0,0 +1,75 @@
+<h1>OpenVPN-NL</h1>
+<p>
+ This is an overlay voor the Gentoo Linux distribution, it provides ebuilds for
+ <a href="https://openvpn.fox-it.com">OpenVPN-NL</a>.
+</p>
+<h2>Why this overlay?</h2>
+<p>
+ When i was experimenting with hardware security tokens and OpenVPN i got
+ really bad performance, tunnel setup took multiple minutes. When i found
+ OpenVPN-NL and tried it, it worked a lot better. So i initually
+ created this overlay for personal use, and now hope it will be useful for
+ others too. My forum topic on this subject can be found
+ <a href="https://forums.gentoo.org/viewtopic-t-1114346.html">here</a>.
+</p>
+<h2>What is in this overlay?</h2>
+<p>
+ This overlay carries a single package: net-vpn/openvpn-nl. OpenVPN-NL is
+ modified version of OpenVPN made by and for the Dutch government (hence the
+ -NL). The modifications to both mbed TLS and OpenVPN include disabling of
+ insecure configurations and ciphers. I did a full diff on the packages and
+ their originals and there's no backdoor-ish stuff. Of course you don't have
+ to beleve me, all the source is out there.
+</p>
+<p>
+ The package has a single USE flag: the use-expanded CPU_FLAGS_X86 flag aes.
+ The official way of using OpenVPN-NL prohibits using hardware accelerated
+ crypto, for private use you can of course change that. If this flag is set it
+ will enable AES-NI support in mbet TLS, allowing hardware acceleration.
+</p>
+<p>
+ All files and directories with &quot;openvpn&quot; in their names have been
+ renamed to &quot;openvpn-nl&quot;, this ensures the OpenVPN and OpenVPN-NL
+ can both be installed at the same time.
+</p>
+<p>
+ You might notice that the package does not specify any dependencies, this is
+ because they are not specified and we'll have to find out while we're going.
+ On my system I also have OpenVPN installed which will take care of most
+ dependencies.
+</p>
+<h2>How to use this overlay?</h2>
+<p>
+ First you'll have to clone this overlay on a place you like, a common place
+ these days is <b>/var/db/repos</b>. So cd into that directory and use
+ <b>git clone https://code.pa4wdh.nl.eu.org/gentoo/openvpn-nl</b>, this will
+ create a directory called openvpn-nl with the overlay in it.
+</p>
+<p>
+ Next you have to make portage aware of the repo, for that you'll have to
+ create a config file under <b>/etc/portage/repos.conf</b>. Create a file
+ called <b>openvpn-nl.conf</b> and give it these contents:
+</p>
+<pre>
+[openvpn-nl]
+location = /var/db/repos/openvpn-nl
+sync-type = git
+sync-uri = https://code.pa4wdh.nl.eu.org/gentoo/openvpn-nl
+</pre>
+<p>
+ If you placed the overlay on a different place than <b>/var/db/repos</b> make
+ sure to adapt the <b>location</b> line to your needs.
+</p>
+<h2>What can i do with this?</h2>
+<p>
+ For me this is the best way to get OpenVPN running with hardware crypto
+ tokens. If that's what you like, or if you'd simply like to run OpenVPN-NL
+ instead of OpenVPN on Gentoo, this is the easiest way.
+</p>
+<p>
+ If you have any feedback on this overlay, you're quite likely to find me on
+ the <a href="https://forums.gentoo.org">Gentoo forums</a>.
+</p>
+<p>
+ Have fun!
+</p>
-- 
cgit v1.2.3

