%global _hardened_build 1 %global debug_package %{nil} %define dkms_name ovpn %define repo_name ovpn-backports Name: %{repo_name} Version: 20250505 Release: 1%{?dist} Summary: OpenVPN Data Channel Offload kernel accelerator License: GPLv2 URL: https://github.com/OpenVPN/%{repo_name} Source0: https://github.com/OpenVPN/%{repo_name}/archive/refs/tags/v%{version}.tar.gz Source1: dkms.conf.in BuildArch: noarch BuildRequires: make BuildRequires: kernel-devel %description OpenVPN Data Channel Offload kernel module %package -n kmod-%{dkms_name} Summary: OpenVPN Data Channel Offload kernel accelerator (DKMS package) Requires: dkms >= 1.95 Requires: kernel-devel >= 4.18.0 Requires: kernel >= 4.18.0 %description -n kmod-%{dkms_name} This package contains an kernel module to accelerate OpenVPN traffic by doing the data channel encryption and decryption directly in the kernel space and put it directly unto a virtual network interface. By avoiding going via the user-space (which the traditional TUN/TAP devices requires), the encrypted data path from the remote host to the unencrypted data on the local virtual interface is shorter and more direct. Beware that the %{dkms_name} kernel module does not support all the same data channel ciphers OpenVPN may support using a TUN/TAP device. This is because all the encryption/decryption of data channel packets utilizes the crypto API available directly in the Linux kernel and does not involve OpenSSL. Only the control channel packets are handled in user-space, where OpenSSL is used for the TLS packet handling. This is a backport of the ovpn module available in Linux 6.16 or newer. You need a matching dco-enabled OpenVPN to use this, this version requires OpenVPN 2.7 or newer. It is not compatible with the DCO support in OpenVPN 2.6. %prep %autosetup %build # Nothing to build %install if [ "%{buildroot}" != "/" ]; then rm -rf %{buildroot} fi mkdir -p %{buildroot}/%{_prefix}/src/ mkdir -p %{buildroot}/%{_datarootdir}/%{module_name} cp -rv ../%{repo_name}-%{version} %{buildroot}/%{_prefix}/src rm -f %{buildroot}/%{_prefix}/src/%{dkms_name}-%{version}/.gitignore # Prepare dkms.conf cat %{SOURCE1} | sed -e 's/@@VERSION@@/%{version}.%{release}/' > %{buildroot}/%{_prefix}/src/%{repo_name}-%{version}/dkms.conf # Rename source dir to the module name and package version including distro release tag mv %{buildroot}/%{_prefix}/src/%{repo_name}-%{version} %{buildroot}/%{_prefix}/src/%{dkms_name}-%{version}.%{release} mkdir -p %{buildroot}/%{_pkgdocdir} install -m644 README.md %{buildroot}/%{_pkgdocdir} if [ -f "%{name}-%{version}.dkms.tar.gz" ]; then install -m 644 %{dkms_name}-%{version}.dkms.tar.gz %{buildroot}/%{_datarootdir}/%{dkms_name} fi %clean if [ "%{buildroot}" != "/" ]; then rm -rf %{buildroot} fi %post -n kmod-%{dkms_name} # we cannot use %%{_libdir} as that points at /usr/lib64 on 64-bit platforms for POSTINST in %{_prefix}/lib/dkms/common.postinst %{_datarootdir}/%{dkms_name}/postinst; do if [ -f $POSTINST ]; then $POSTINST %{dkms_name} %{version}.%{release} %{_datarootdir}/%{dkms_name} exit $? fi echo "WARNING: $POSTINST does not exist." done echo -e "ERROR: DKMS version is too old and %{dkms_name} was not" echo -e "built with legacy DKMS support." echo -e "You must either rebuild %{dkms_name} with legacy postinst" echo -e "support or upgrade DKMS to a more current version." exit 1 %preun -n kmod-%{dkms_name} echo -e echo -e "Uninstall of %{dkms_name} module (version %{version}.%{release}) beginning:" dkms remove -m %{dkms_name} -v %{version}.%{release} --all --rpm_safe_upgrade exit 0 %files -n kmod-%{dkms_name} %{_pkgdocdir} %{_prefix}/src/%{dkms_name}-%{version}.%{release} %changelog * Tue May 06 2025 OpenVPN CI - 20250505 - Update to tag v20250505 * Thu May 01 2025 OpenVPN CI - 20250430 - Update to tag v20250430 * Mon Apr 28 2025 Frank Lichtenheld - 20250423 - New package based on ovpn backports from Linux kernel (net-next for now)