git: aa25ca5ebaae - main - security/openvpn-auth-oauth2: Add new port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 20 May 2025 15:52:21 UTC
The branch main has been updated by otis:
URL: https://cgit.FreeBSD.org/ports/commit/?id=aa25ca5ebaae827e7d064b746ce5d692ad02cf54
commit aa25ca5ebaae827e7d064b746ce5d692ad02cf54
Author: Juraj Lutter <otis@FreeBSD.org>
AuthorDate: 2025-05-20 15:01:01 +0000
Commit: Juraj Lutter <otis@FreeBSD.org>
CommitDate: 2025-05-20 15:52:06 +0000
security/openvpn-auth-oauth2: Add new port
openvpn-auth-oauth2 handles the single sign-on (SSO) authentication
for OpenVPN servers. Authentication can be performed against
various identity providers, among others also Microsoft Entra ID,
GitHub, Okta, Google, Keycloak and other OIDC-compliant providers.
Docs are at https://github.com/jkroepke/openvpn-auth-oauth2
---
security/Makefile | 1 +
security/openvpn-auth-oauth2/Makefile | 27 ++++
security/openvpn-auth-oauth2/distinfo | 5 +
.../files/openvpn_auth_oauth2.in | 148 +++++++++++++++++++++
security/openvpn-auth-oauth2/pkg-descr | 15 +++
security/openvpn-auth-oauth2/pkg-plist | 3 +
6 files changed, 199 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index 2e976acf904a..b742b84e77e2 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -462,6 +462,7 @@
SUBDIR += openvpn
SUBDIR += openvpn-admin
SUBDIR += openvpn-auth-ldap
+ SUBDIR += openvpn-auth-oauth2
SUBDIR += openvpn-auth-radius
SUBDIR += openvpn-auth-script
SUBDIR += openvpn-devel
diff --git a/security/openvpn-auth-oauth2/Makefile b/security/openvpn-auth-oauth2/Makefile
new file mode 100644
index 000000000000..c342db717442
--- /dev/null
+++ b/security/openvpn-auth-oauth2/Makefile
@@ -0,0 +1,27 @@
+PORTNAME= openvpn-auth-oauth2
+DISTVERSIONPREFIX= v
+DISTVERSION= 1.23.0
+CATEGORIES= security net net-vpn
+
+MAINTAINER= otis@FreeBSD.org
+COMMENT= Management client for OpenVPN that handles SSO authentication
+WWW= https://github.com/jkroepke/openvpn-auth-oauth2
+
+LICENSE= MIT
+LICENSE_FILE= ${WRKSRC}/LICENSE.txt
+
+EXTRACT_DEPENDS= ${BUILD_DEPENDS}
+
+USES= go:1.24,modules
+
+GO_MODULE= github.com/jkroepke/openvpn-auth-oauth2
+
+SUB_FILES= openvpn_auth_oauth2
+
+do-install:
+ ${INSTALL_PROGRAM} ${WRKDIR}/bin/openvpn-auth-oauth2 ${STAGEDIR}${PREFIX}/sbin
+ ${MKDIR} ${STAGEDIR}${ETCDIR}
+ ${INSTALL_DATA} ${WRKSRC}/config.example.yaml ${STAGEDIR}${ETCDIR}/openvpn-auth-oauth2.yml.sample
+ ${INSTALL_SCRIPT} ${WRKDIR}/openvpn_auth_oauth2 ${STAGEDIR}${PREFIX}/etc/rc.d
+
+.include <bsd.port.mk>
diff --git a/security/openvpn-auth-oauth2/distinfo b/security/openvpn-auth-oauth2/distinfo
new file mode 100644
index 000000000000..c69fcf7f3670
--- /dev/null
+++ b/security/openvpn-auth-oauth2/distinfo
@@ -0,0 +1,5 @@
+TIMESTAMP = 1747749448
+SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.23.0/v1.23.0.mod) = 3cfe3d6fcb9c2dadd04584a4dee41a867c33b720a91127efaaa501fd11726f2b
+SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.23.0/v1.23.0.mod) = 1899
+SHA256 (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.23.0/v1.23.0.zip) = 984bf33860740e9d4f3896db38bfea064a2b21553c85c8c0ea98856933c64b71
+SIZE (go/security_openvpn-auth-oauth2/openvpn-auth-oauth2-v1.23.0/v1.23.0.zip) = 1850633
diff --git a/security/openvpn-auth-oauth2/files/openvpn_auth_oauth2.in b/security/openvpn-auth-oauth2/files/openvpn_auth_oauth2.in
new file mode 100644
index 000000000000..40015f4a8e4a
--- /dev/null
+++ b/security/openvpn-auth-oauth2/files/openvpn_auth_oauth2.in
@@ -0,0 +1,148 @@
+#!/bin/sh
+
+# PROVIDE: openvpn_auth_oauth2
+# REQUIRE: FILESYSTEMS defaultroute netwait resolv
+# BEFORE: NETWORKING
+# KEYWORD: shutdown
+
+# Add the following line to /etc/rc.conf to enable openvpn_auth_oauth2:
+#
+# openvpn_auth_oauth2_enable="YES"
+#
+# You also can set alternative config with
+# openvpn_auth_oauth2_config="/path/to/config"
+#
+# Multiple profiles are supported with
+#
+# openvpn_auth_oauth2_profiles="name1 name2"
+# openvpn_auth_oauth2_name1_enable="YES"
+# openvpn_auth_oauth2_name1_config="/path/to/config1"
+# openvpn_auth_oauth2_name2_enable="YES"
+# openvpn_auth_oauth2_name2_config="/path/to/config2"
+#
+
+. /etc/rc.subr
+
+name=openvpn_auth_oauth2
+rcvar=openvpn_auth_oauth2_enable
+desc="Single sign-on for OpenVPN"
+
+eval ": \${${name}_enable:=\"NO\"}"
+eval ": \${${name}_config:=%%ETCDIR%%/openvpn-auth-oauth2.yml}"
+load_rc_config "${name}"
+
+_openvpn_auth_oauth2="%%PREFIX%%/sbin/openvpn-auth-oauth2"
+_common_daemon_args=-Sfc
+_piddir=/var/run/openvpn-auth-oauth2
+
+# Set PID file
+pidfile="${_piddir}/openvpn-auth-oauth2.pid"
+
+required_files=${openvpn_auth_oauth2_config}
+command=/usr/sbin/daemon
+command_args="${_common_daemon_args} -p ${pidfile} -t ${name} \
+${_openvpn_auth_oauth2} --config ${openvpn_auth_oauth2_config}"
+procname="${_openvpn_auth_oauth2}"
+extra_commands=reload
+reload_cmd=openvpn_auth_oauth2_reload
+start_precmd="[ -d ${_piddir} ] || /usr/bin/install -d ${_piddir}"
+
+openvpn_auth_oauth2_reload()
+{
+ if [ "x${openvpn_auth_oauth2_profiles}" != "x" -a "x$1" != "x" ]; then
+ for profile in ${openvpn_auth_oauth2_profiles}; do
+ eval _enable="\${openvpn_auth_oauth2_${profile}_enable}"
+ case "x${_enable:-${openvpn_auth_oauth2_enable}}" in
+ x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee])
+ continue
+ ;;
+ x[Yy][Ee][Ss])
+ ;;
+ *)
+ if test -z "$_enable"; then
+ _var=openvpn_auth_oauth2_enable
+ else
+ _var=openvpn_auth_oauth2_"${profile}"_enable
+ fi
+ echo "Bad value" \
+ "'${_enable:-${openvpn_auth_oauth2_enable}}'" \
+ "for ${_var}. " \
+ "Profile ${profile} skipped."
+ continue
+ ;;
+ esac
+ echo "===> openvpn-auth-oauth2 profile: ${profile}"
+ pidfile="${_piddir}/openvpn-auth-oauth2-${profile}.pid"
+ kill -HUP `cat ${pidfile}`
+ retcode="$?"
+ if [ "0${retcode}" -ne 0 ]; then
+ failed="${profile} (${retcode}) ${failed:-}"
+ else
+ success="${profile} ${success:-}"
+ fi
+ done
+ exit 0
+ else
+ echo "===> openvpn-auth-outh2 profile ${profile} reloading"
+ kill -HUP `cat ${pidfile}`
+ fi
+}
+
+if [ -n "$2" ]; then
+ profile="$2"
+ if [ "x${openvpn_auth_oauth2_profiles}" != "x" ]; then
+ eval openvpn_auth_oauth2_config="\${openvpn_auth_oauth2_${profile}_config:-%%ETCDIR%%/openvpn-auth-oauth2-${profile}.yml}"
+ if [ "x${openvpn_auth_oauth2_config}" = "x" ]; then
+ echo "You must define a configuration file (openvpn_auth_oauth2_${profile}_config)"
+ exit 1
+ fi
+
+ pidfile="${_piddir}/openvpn-auth-oauth2-${profile}.pid"
+
+ [ -f ${pidfile} ] || /usr/bin/install /dev/null "${pidfile}"
+
+ required_files="${openvpn_auth_oauth2_config}"
+ eval openvpn_auth_oauth2_enable="\${openvpn_auth_oauth2_${profile}_enable:-${openvpn_auth_oauth2_enable}}"
+ command_args="${_common_daemon_args} -t ${name}-${profile} -p ${pidfile} \
+ ${_openvpn_auth_oauth2} \
+ --config ${openvpn_auth_oauth2_config}"
+ else
+ echo "$0: extra argument ignored"
+ fi
+else
+ if [ "x${openvpn_auth_oauth2_profiles}" != "x" -a "x$1" != "x" ]; then
+ for profile in ${openvpn_auth_oauth2_profiles}; do
+ eval _enable="\${openvpn_auth_oauth2_${profile}_enable}"
+ case "x${_enable:-${openvpn_auth_oauth2_enable}}" in
+ x|x[Nn][Oo]|x[Nn][Oo][Nn][Ee])
+ continue
+ ;;
+ x[Yy][Ee][Ss])
+ ;;
+ *)
+ if test -z "$_enable"; then
+ _var=openvpn_auth_oauth2_enable
+ else
+ _var=openvpn_auth_oauth2_"${profile}"_enable
+ fi
+ echo "Bad value" \
+ "'${_enable:-${openvpn_auth_oauth2_enable}}'" \
+ "for ${_var}. " \
+ "Profile ${profile} skipped."
+ continue
+ ;;
+ esac
+ echo "===> openvpn-auth-oauth2 profile: ${profile}"
+ %%PREFIX%%/etc/rc.d/openvpn_auth_oauth2 $1 ${profile}
+ retcode="$?"
+ if [ "0${retcode}" -ne 0 ]; then
+ failed="${profile} (${retcode}) ${failed:-}"
+ else
+ success="${profile} ${success:-}"
+ fi
+ done
+ exit 0
+ fi
+fi
+
+run_rc_command "$1"
diff --git a/security/openvpn-auth-oauth2/pkg-descr b/security/openvpn-auth-oauth2/pkg-descr
new file mode 100644
index 000000000000..52e575e966a1
--- /dev/null
+++ b/security/openvpn-auth-oauth2/pkg-descr
@@ -0,0 +1,15 @@
+openvpn-auth-oauth2 is a management client for OpenVPN that handles the single
+sign-on (SSO) authentication against various OIDC providers. This project aims
+to simplify the process of integrating OpenVPN with OIDC providers such as:
+
+- Microsoft Entra ID (Azure AD)
+- GitHub
+- Okta
+- Google Workspace
+- Zittal
+- Digitalocean
+- Keycloak
+- any other OIDC compatible auth server
+
+For comprehensive documentation, point the browser to:
+https://github.com/jkroepke/openvpn-auth-oauth2/wiki/Configuration
diff --git a/security/openvpn-auth-oauth2/pkg-plist b/security/openvpn-auth-oauth2/pkg-plist
new file mode 100644
index 000000000000..c96f261f8393
--- /dev/null
+++ b/security/openvpn-auth-oauth2/pkg-plist
@@ -0,0 +1,3 @@
+@sample %%ETCDIR%%/openvpn-auth-oauth2.yml.sample
+etc/rc.d/openvpn_auth_oauth2
+sbin/openvpn-auth-oauth2