1 files changed, 60 insertions, 9 deletions

diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index e06a83bbd5..4a26ced824 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -12,6 +12,8 @@
 ;;; Copyright © 2019 Rutger Helling <[email protected]>
 ;;; Copyright © 2019 Ricardo Wurmus <[email protected]>
 ;;; Copyright © 2020 Brice Waegeneire <[email protected]>
+;;; Copyright © 2020 Ryan Prior <[email protected]>
+;;; Copyright © 2020 Ivan Kozlov <[email protected]>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -55,6 +57,8 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages python-xyz)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages samba)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xml))
 
@@ -257,7 +261,9 @@ the user specifically asks to proxy, so the @dfn{VPN} interface no longer
    (build-system gnu-build-system)
    (propagated-inputs
     `(("libxml2" ,libxml2)
-      ("gnutls" ,gnutls-3.6.13)
+      ;; XXX ‘DTLS is insecure in GnuTLS v3.6.3 through v3.6.12.’
+      ;; See <https://gitlab.com/gnutls/gnutls/-/issues/960>.
+      ("gnutls" ,gnutls-3.6.14)
       ("zlib" ,zlib)))
    (inputs
     `(("lz4" ,lz4)
@@ -282,7 +288,7 @@ and probably others.")
 (define-public openvpn
   (package
     (name "openvpn")
-    (version "2.4.8")
+    (version "2.4.9")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -290,7 +296,7 @@ and probably others.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "149z3agjy03i66mcj5bplim2mh45s2ps1wmxbxczyzw0nxmsd37v"))))
+                "1qpbllwlha7cffsd5dlddb8rl22g9rar5zflkz1wrcllhvfkl7v4"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-iproute2=yes")))
@@ -311,6 +317,40 @@ security protocol that utilizes SSL/TLS for key exchange.  It is capable of
 traversing network address translators (@dfn{NAT}s) and firewalls.")
     (license license:gpl2)))
 
+(define-public protonvpn-cli
+  (package
+    (name "protonvpn-cli")
+    (version "2.2.2")
+    (source
+     (origin
+       ;; PyPI has a ".whl" file but not a proper source release.
+       ;; Thus, fetch code from Git.
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/ProtonVPN/linux-cli.git")
+             (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "0ixjb02kj4z79whm1izd8mrn2h0rp9cmw4im1qvp93rahqxdd4n8"))))
+    (build-system python-build-system)
+    (arguments '(#:tests? #f)) ; no tests in repo
+    (native-inputs
+     `(("docopt" ,python-docopt)))
+    (inputs
+     `(("pythondialog" ,python-pythondialog)
+       ("requests" ,python-requests)))
+    (propagated-inputs
+     `(("openvpn" ,openvpn)))
+    (synopsis "Command-line client for ProtonVPN")
+    (description
+     "This is the official command-line interface for ProtonVPN, a secure
+point-to-point virtual private networking (VPN) service with a gratis tier.
+It can automatically find and connect to the fastest servers or use Tor over
+VPN.  The gratis tier offers unlimited bandwidth for up to 10 devices.")
+    (home-page "https://github.com/ProtonVPN/linux-cli")
+    (license license:gpl3+)))
+
 (define-public tinc
   (package
     (name "tinc")
@@ -461,7 +501,7 @@ The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
 (define-public wireguard-linux-compat
   (package
     (name "wireguard-linux-compat")
-    (version "1.0.20200401")
+    (version "1.0.20200520")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://git.zx2c4.com/wireguard-linux-compat/"
@@ -469,7 +509,7 @@ The peer-to-peer VPN implements a Layer 2 (Ethernet) network between the peers
                                   ".tar.xz"))
               (sha256
                (base32
-                "0ymprz3h4b92wlcqm5k5vmcgap8pjv202bgkdx0axmp12n1lmyvx"))))
+                "1hvpbfpdd3v2k27ypa1y1j422irx7hxpz87f50s28jvkxx5sxrqn"))))
     (build-system linux-module-build-system)
     (outputs '("out"
                "kernel-patch"))
@@ -515,7 +555,7 @@ WireGuard was added to Linux 5.6.")
 (define-public wireguard-tools
   (package
     (name "wireguard-tools")
-    (version "1.0.20200206")
+    (version "1.0.20200513")
     (source
      (origin
        (method git-fetch)
@@ -524,7 +564,7 @@ WireGuard was added to Linux 5.6.")
              (commit (string-append "v" version))))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "0ivc08lds5w39a6f2xdfih9wlk5g724hl3kpdvxvh5yff4l84qb7"))))
+        (base32 "1yk8hng0qw2rf76hnawjbdpjssmah88bd5fk20h1c0j1yazlx0a9"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags
@@ -605,9 +645,20 @@ public keys and can roam across IP addresses.")
      `(#:make-flags (list (string-append "PREFIX=" %output)
                           "CC=gcc")
        #:phases (modify-phases %standard-phases
-                  (delete 'configure))  ; no configure script
+                  (delete 'configure) ;no configure script
+                  (add-before 'build 'setup-environment
+                    (lambda* (#:key inputs #:allow-other-keys)
+                      (setenv "CFLAGS"
+                              (string-append "-DPPD=\""
+                                             (assoc-ref inputs "ppp")
+                                             "/sbin/pppd\""))
+                      (setenv "KERNELSRC"
+                              (assoc-ref inputs "linux-libre-headers"))
+                      #t)))
        #:tests? #f))                    ; no tests provided
-    (inputs `(("libpcap" ,libpcap)))
+    (inputs `(("libpcap" ,libpcap)
+              ("linux-libre-headers" ,linux-libre-headers)
+              ("ppp" ,ppp)))
     (home-page "https://www.xelerance.com/software/xl2tpd/")
     (synopsis "Layer 2 Tunnelling Protocol Daemon (RFC 2661)")
     (description