diff --git a/vpnc-script b/vpnc-script index 4cf934f..bc026ab 100644 --- a/vpnc-script +++ b/vpnc-script @@ -97,7 +97,7 @@ HOOKS_DIR=/etc/vpnc # OpenConnect v9.0+ provides VPNPID, so we don't need to determine it. if [ -z "$VPNPID" ]; then VPNPID=$PPID - PCMD=`ps -c -o command= -p $PPID` + PCMD=`ps -c -o cmd= -p $PPID` case "$PCMD" in *sh) VPNPID=`ps -o ppid= -p $PPID` ;; esac @@ -156,10 +156,7 @@ else fi RESOLVEDENABLED=0 -# detect usage of systemd-resolved via nss-resolve... -grep '^hosts' /etc/nsswitch.conf 2>/dev/null | grep resolve >/dev/null 2>&1 || \ -# or via nss-dns with /etc/resolv.conf under control of systemd-resolved -(grep '^hosts' /etc/nsswitch.conf 2>/dev/null | grep dns >/dev/null 2>&1 && readlink /etc/resolv.conf | grep -e '/run/systemd/resolve/stub-resolv.conf$' -e '/usr/lib/systemd/resolv.conf$' -e '/run/systemd/resolve/resolv.conf$' >/dev/null 2>&1) +grep '^hosts' /etc/nsswitch.conf 2>/dev/null|grep resolve >/dev/null 2>&1 if [ $? = 0 ];then command resolvectl status >/dev/null 2>&1 || command systemd-resolve --status >/dev/null 2>&1 if [ $? = 0 ];then @@ -298,23 +295,18 @@ if [ -n "$IPROUTE" ]; then # after dead-peer detection, but no change in the underlying network devices). $IPROUTE $FAMILY route add `echo "$VPNGATEWAY $LINE" | fix_ip_get_output` 2>/dev/null done - if [ $FAMILY != -4 ]; then - $IPROUTE $FAMILY route flush cache 2>/dev/null - fi + $IPROUTE $FAMILY route flush cache 2>/dev/null } del_vpngateway_route() { - echo "$VPNGATEWAY" | grep -q : && FAMILY=-6 || FAMILY=-4 - $IPROUTE route $route_syntax_del "$VPNGATEWAY" - if [ $FAMILY != -4 ]; then - $IPROUTE $FAMILY route flush cache 2>/dev/null - fi + $IPROUTE route flush cache 2>/dev/null } set_default_route() { $IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE" $IPROUTE route replace default dev "$TUNDEV" + $IPROUTE route flush cache 2>/dev/null } set_network_route() { @@ -328,6 +320,7 @@ if [ -n "$IPROUTE" ]; then else $IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" fi + $IPROUTE route flush cache 2>/dev/null } set_exclude_route() { @@ -336,10 +329,14 @@ if [ -n "$IPROUTE" ]; then NETWORK="$1" NETMASK="$2" NETMASKLEN="$3" + + echo "$1" | grep -q : && FAMILY=-6 || FAMILY=-4 + list_non_loopback_routes "$NETWORK/$NETMASKLEN" | while read LINE ; do - $IPROUTE route add `echo "$NETWORK/$NETMASKLEN $LINE" | fix_ip_get_output` 2>/dev/null + $IPROUTE $FAMILY route add `echo "$NETWORK/$NETMASKLEN $LINE" | fix_ip_get_output` 2>/dev/null done + $IPROUTE $FAMILY route flush cache 2>/dev/null } del_exclude_route() { @@ -349,11 +346,13 @@ if [ -n "$IPROUTE" ]; then NETMASK="$2" NETMASKLEN="$3" $IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" + $IPROUTE route flush cache 2>/dev/null } reset_default_route() { if [ -s "$DEFAULT_ROUTE_FILE" ]; then $IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"` + $IPROUTE route flush cache 2>/dev/null rm -f -- "$DEFAULT_ROUTE_FILE" fi } @@ -364,6 +363,7 @@ if [ -n "$IPROUTE" ]; then NETMASKLEN="$3" NETDEV="$4" $IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$NETDEV" + $IPROUTE route flush cache 2>/dev/null } set_ipv6_default_route() { @@ -419,7 +419,7 @@ else # use route command # - remove lines containing IPv6 addresses (':') # - remove lines for link-local routes (https://superuser.com/a/1067742) # - remove lines containing $TUNDEV (we don't want loopback) - netstat -r -n | awk '/:/ { next; } /link#/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; } /[[:space:]]'"$TUNDEV"'([[:space:]]|$)/ { next; }' + netstat -r -n | awk '/:/ { next; } /link#/ { next; } /[[:space:]]'"$TUNDEV"'([[:space:]]|$)/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; }' } set_vpngateway_route() { @@ -484,7 +484,7 @@ else # use route command reset_default_route() { if [ -s "$DEFAULT_ROUTE_FILE" ]; then - route $route_syntax_del default $route_syntax_gw `get_default_gw` $route_syntax_interface + route $route_syntax_del default $route_syntax_gw "`get_default_gw`" $route_syntax_interface route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"` rm -f -- "$DEFAULT_ROUTE_FILE" fi @@ -690,10 +690,6 @@ search $DOMAINS" close EOF fi - # For newer MacOS versions it is needed to set DNS - ACTIVE_INTERFACE=`route -n get default | grep interface | awk '{print $2}'` - ACTIVE_NETWORK_SERVICE=`networksetup -listnetworkserviceorder | grep -B 1 "$ACTIVE_INTERFACE" | head -n 1 | awk '/\([0-9]+\)/{ print }'|cut -d " " -f2-` - networksetup -setdnsservers "$ACTIVE_NETWORK_SERVICE" $INTERNAL_IP4_DNS ;; esac fi @@ -723,22 +719,17 @@ restore_resolvconf_generic() { # to list of used DNS servers if [ -n "$CISCO_SPLIT_INC" ]; then SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'` - SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}'` - FILTERED_SERVICE_DNS=`echo "$SERVICE_DNS" | grep -Fv "$(echo $INTERNAL_IP4_DNS | tr ' ' '\n')" | xargs` - if [ -n "$FILTERED_SERVICE_DNS" ]; then + SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs` + if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then scutil >/dev/null 2>&1 <<-EOF open get State:/Network/Service/$SERVICE/DNS - d.add ServerAddresses * ${FILTERED_SERVICE_DNS} + d.add ServerAddresses * ${SERVICE_DNS##$INTERNAL_IP4_DNS} set State:/Network/Service/$SERVICE/DNS close EOF fi fi - # For newer MacOS versions it is needed to unset DNS - ACTIVE_INTERFACE=`route -n get default | grep interface | awk '{print $2}'` - ACTIVE_NETWORK_SERVICE=`networksetup -listnetworkserviceorder | grep -B 1 "$ACTIVE_INTERFACE" | head -n 1 | awk '/\([0-9]+\)/{ print }'|cut -d " " -f2-` - networksetup -setdnsservers "$ACTIVE_NETWORK_SERVICE" Empty ;; esac fi @@ -792,7 +783,6 @@ modify_resolvconf_openwrt() { restore_resolvconf_openwrt() { remove_dns $OPENWRT_INTERFACE } - # === resolv.conf handling via /sbin/resolvconf (Debian, Ubuntu, Gentoo)) ========= modify_resolvconf_manager() { @@ -812,8 +802,6 @@ restore_resolvconf_manager() { /sbin/resolvconf -d $TUNDEV } -# === resolv.conf handling via systemd-resolved ========= - AF_INET=2 get_if_index() { @@ -907,11 +895,6 @@ modify_resolvconf_unbound() { /usr/sbin/unbound-control forward_add +i ${CISCO_DEF_DOMAIN} ${INTERNAL_IP4_DNS} /usr/sbin/unbound-control flush_requestlist /usr/sbin/unbound-control flush_zone ${CISCO_DEF_DOMAIN} - # flush infra cache - for i in $INTERNAL_IP4_DNS ; do - /usr/sbin/unbound-control flush_infra "$i" - done - fi } @@ -923,7 +906,7 @@ restore_resolvconf_unbound() { fi } -# === resolv.conf handling via resolvd (OpenBSD) ========= +# === resolv.conf handling via resolvd ========= modify_resolvconf_resolvd() { /sbin/route nameserver $TUNDEV $INTERNAL_IP4_DNS $INTERNAL_IP6_DNS @@ -1023,6 +1006,10 @@ do_connect() { fi i=`expr $i + 1` done + for i in $INTERNAL_IP4_DNS ; do + echo "$i" | grep : >/dev/null || \ + set_network_route "$i" "255.255.255.255" "32" "$TUNDEV" + done elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then set_default_route fi @@ -1038,6 +1025,11 @@ do_connect() { fi i=`expr $i + 1` done + for i in $INTERNAL_IP4_DNS ; do + if echo "$i" | grep : >/dev/null; then + set_ipv6_network_route "$i" "128" "$TUNDEV" + fi + done elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then set_ipv6_default_route fi @@ -1063,6 +1055,9 @@ do_disconnect() { fi i=`expr $i + 1` done + for i in $INTERNAL_IP4_DNS ; do + del_network_route "$i" "255.255.255.255" "32" "$TUNDEV" + done else reset_default_route fi @@ -1101,6 +1096,9 @@ do_disconnect() { fi i=`expr $i + 1` done + for i in $INTERNAL_IP6_DNS ; do + del_ipv6_network_route "$i" "128" "$TUNDEV" + done elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then reset_ipv6_default_route fi diff --git a/vpnc-script.spec b/vpnc-script.spec index 9c57b1a..d0a115a 100644 --- a/vpnc-script.spec +++ b/vpnc-script.spec @@ -1,17 +1,16 @@ -%global git_date 20230907 -%global git_commit_hash 5b9e7e4c +%global git_date 20220404 +%global git_commit_hash 40a8c62c Name: vpnc-script Version: %{git_date} -Release: %autorelease -e git%{git_commit_hash} +Release: 1.git%{git_commit_hash}%{?dist} Summary: Routing setup script for vpnc and openconnect BuildArch: noarch Requires: iproute Requires: which -# Automatically converted from old format: GPLv2+ - review is highly recommended. -License: GPL-2.0-or-later +License: GPLv2+ URL: https://gitlab.com/openconnect/vpnc-scripts/ Source0: vpnc-script @@ -35,4 +34,71 @@ install -m 0755 vpnc-script \ %{_sysconfdir}/vpnc/vpnc-script %changelog -%autochangelog +* Mon Apr 04 2022 Nikos Mavrogiannopoulos - 20220404-1.git40a8c62c +- Updated to latest upstream version + +* Sat Jan 22 2022 Fedora Release Engineering - 20201205-4.gitcdbd5b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Jul 23 2021 Fedora Release Engineering - 20201205-3.gitcdbd5b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Wed Jan 27 2021 Fedora Release Engineering - 20201205-2.gitcdbd5b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sat Dec 05 2020 Nikos Mavrogiannopoulos +- Updated to latest upstream vpnc-script + +* Tue Sep 29 2020 Nikos Mavrogiannopoulos +- Updated to latest upstream vpnc-script + +* Wed Jul 29 2020 Fedora Release Engineering - 20171004-8.git6f87b0f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jan 31 2020 Fedora Release Engineering - 20171004-7.git6f87b0f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Jul 27 2019 Fedora Release Engineering - 20171004-6.git6f87b0f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Feb 03 2019 Fedora Release Engineering - 20171004-5.git6f87b0f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sat Dec 01 2018 James Hennessy +- Fixed issue where vpnc-script is using resolvconf on systems where "resolve" isn't enabled in /etc/nsswitch. + +* Sat Jul 14 2018 Fedora Release Engineering - 20171004-3.git6f87b0f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Feb 09 2018 Fedora Release Engineering - 20171004-2.git6f87b0f +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Oct 5 2017 Nikos Mavrogiannopoulos - 20171004-1.git6f87b0f +- Fixed issue with systemd-resolved (#1497750) + +* Mon Aug 21 2017 Nikos Mavrogiannopoulos - 20170821-1.git6f87b0f +- new upstream release +- removed dependency on net-tools and added on iproute (#1481164) + +* Thu Jul 27 2017 Fedora Release Engineering - 20140805-6.gitdf5808b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Sat Feb 11 2017 Fedora Release Engineering - 20140805-5.gitdf5808b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Feb 05 2016 Fedora Release Engineering - 20140805-4.gitdf5808b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jun 19 2015 Fedora Release Engineering - 20140805-3.gitdf5808b +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Nov 20 2014 Nikos Mavrogiannopoulos - 20140805-2.gitdf5808b +- Added dependency on which (#1068899) +- Added dependency on net-tools (#1007363) + +* Wed Oct 01 2014 Nikos Mavrogiannopoulos - 20140805-1.gitdf5808b +- new upstream release (includes unbound patch) + +* Tue Aug 05 2014 Nikos Mavrogiannopoulos - 20140705-1.git6201ebd +- new package +