Compare commits
1 commit
| Author | SHA1 | Date | |
|---|---|---|---|
|
09b80834f1 |
2 changed files with 253 additions and 53 deletions
297
vpnc-script
297
vpnc-script
|
|
@ -21,7 +21,7 @@
|
|||
################
|
||||
#
|
||||
# List of parameters passed through environment
|
||||
#* reason -- why this script was called, one of: pre-init connect disconnect reconnect
|
||||
#* reason -- why this script was called, one of: pre-init connect disconnect reconnect attempt-reconnect
|
||||
#* VPNGATEWAY -- vpn gateway address (always present)
|
||||
#* TUNDEV -- tunnel device (always present)
|
||||
#* INTERNAL_IP4_ADDRESS -- address (always present)
|
||||
|
|
@ -36,6 +36,7 @@
|
|||
#* INTERNAL_IP6_DNS -- IPv6 list of dns servers
|
||||
#* CISCO_DEF_DOMAIN -- default domain name
|
||||
#* CISCO_BANNER -- banner from server
|
||||
#* CISCO_SPLIT_DNS -- dns search domain list
|
||||
#* CISCO_SPLIT_INC -- number of networks in split-network-list
|
||||
#* CISCO_SPLIT_INC_%d_ADDR -- network address
|
||||
#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
|
||||
|
|
@ -88,9 +89,6 @@ if [ ! -d "/var/run/vpnc" ]; then
|
|||
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc
|
||||
fi
|
||||
|
||||
# stupid SunOS: no blubber in /usr/local/bin ... (on stdout)
|
||||
IPROUTE="`which ip 2> /dev/null | grep '^/'`"
|
||||
|
||||
if ifconfig --help 2>&1 | grep BusyBox > /dev/null; then
|
||||
ifconfig_syntax_inet=""
|
||||
else
|
||||
|
|
@ -98,11 +96,15 @@ else
|
|||
fi
|
||||
|
||||
if [ "$OS" = "Linux" ]; then
|
||||
IPROUTE="`which ip 2> /dev/null | grep '^/'`"
|
||||
ifconfig_syntax_ptp="pointopoint"
|
||||
route_syntax_gw="gw"
|
||||
route_syntax_del="del"
|
||||
route_syntax_netmask="netmask"
|
||||
else
|
||||
# iproute2 is Linux only; if `which ip` returns something on another OS, it's likely an unrelated tool
|
||||
# (see https://github.com/dlenski/openconnect/issues/132#issuecomment-470475009)
|
||||
IPROUTE=""
|
||||
ifconfig_syntax_ptp=""
|
||||
route_syntax_gw=""
|
||||
route_syntax_del="delete"
|
||||
|
|
@ -116,7 +118,7 @@ else
|
|||
ifconfig_syntax_ptpv6=""
|
||||
fi
|
||||
|
||||
grep ^hosts /etc/nsswitch.conf|grep resolve >/dev/null 2>&1
|
||||
grep ^hosts /etc/nsswitch.conf 2>/dev/null|grep resolve >/dev/null 2>&1
|
||||
if [ $? = 0 ];then
|
||||
RESOLVEDENABLED=1
|
||||
else
|
||||
|
|
@ -124,21 +126,30 @@ else
|
|||
fi
|
||||
|
||||
if [ -r /etc/openwrt_release ] && [ -n "$OPENWRT_INTERFACE" ]; then
|
||||
. /etc/functions.sh
|
||||
. /etc/functions.sh
|
||||
include /lib/network
|
||||
MODIFYRESOLVCONF=modify_resolvconf_openwrt
|
||||
RESTORERESOLVCONF=restore_resolvconf_openwrt
|
||||
elif [ -x /usr/bin/busctl ] && [ ${RESOLVEDENABLED} = 1 ]; then # For systemd-resolved (version 229 and above)
|
||||
elif [ -x /usr/bin/resolvectl ] && [ ${RESOLVEDENABLED} = 1 ]; then
|
||||
# For systemd-resolved (version 239 and above)
|
||||
MODIFYRESOLVCONF=modify_resolved_manager
|
||||
RESTORERESOLVCONF=restore_resolved_manager
|
||||
elif [ -x /sbin/resolvconf -a "$(basename $(readlink /sbin/resolvconf))" != 'resolvectl' ]; then
|
||||
elif [ -x /usr/bin/busctl ] && [ ${RESOLVEDENABLED} = 1 ]; then
|
||||
# For systemd-resolved (version 229 and above)
|
||||
MODIFYRESOLVCONF=modify_resolved_manager_old
|
||||
RESTORERESOLVCONF=restore_resolved_manager_old
|
||||
elif [ -x /sbin/resolvconf ]; then
|
||||
# Optional tool on Debian, Ubuntu, Gentoo and FreeBSD
|
||||
MODIFYRESOLVCONF=modify_resolvconf_manager
|
||||
RESTORERESOLVCONF=restore_resolvconf_manager
|
||||
elif [ -x /sbin/netconfig ]; then # tool on Suse after 11.1
|
||||
elif [ -x /sbin/netconfig ] && [ ! -f /etc/slackware-version ]; then
|
||||
# tool on Suse after 11.1
|
||||
# Slackware's netconfig is an unrelated tool that should not be invoked here
|
||||
# (see https://www.linuxquestions.org/questions/slackware-14/vpnc-on-slackware-14-2-is-bringing-up-network-configuration-dialog-each-time-4175595447/#post5646866)
|
||||
MODIFYRESOLVCONF=modify_resolvconf_suse_netconfig
|
||||
RESTORERESOLVCONF=restore_resolvconf_suse_netconfig
|
||||
elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1
|
||||
elif [ -x /sbin/modify_resolvconf ]; then
|
||||
# Mandatory tool on Suse earlier than 11.1
|
||||
MODIFYRESOLVCONF=modify_resolvconf_suse
|
||||
RESTORERESOLVCONF=restore_resolvconf_suse
|
||||
elif [ -x /usr/sbin/unbound-control ] && /usr/sbin/unbound-control status > /dev/null 2>&1; then
|
||||
|
|
@ -188,7 +199,7 @@ do_ifconfig() {
|
|||
fi
|
||||
|
||||
if [ -n "$INTERNAL_IP4_NETMASK" ]; then
|
||||
set_network_route $INTERNAL_IP4_NETADDR $INTERNAL_IP4_NETMASK $INTERNAL_IP4_NETMASKLEN
|
||||
set_network_route "$INTERNAL_IP4_NETADDR" "$INTERNAL_IP4_NETMASK" "$INTERNAL_IP4_NETMASKLEN" "$TUNDEV"
|
||||
fi
|
||||
|
||||
# If the netmask is provided, it contains the address _and_ netmask
|
||||
|
|
@ -205,7 +216,7 @@ do_ifconfig() {
|
|||
# OpenVPN does the same (gives dest_address for Legacy IP
|
||||
# but not for IPv6).
|
||||
# Only Solaris needs it; hence $ifconfig_syntax_ptpv6
|
||||
ifconfig "$TUNDEV" inet6 $INTERNAL_IP6_NETMASK $ifconfig_syntax_ptpv6 mtu $MTU up
|
||||
ifconfig "$TUNDEV" inet6 $INTERNAL_IP6_NETMASK $ifconfig_syntax_ptpv6 mtu $MTU up
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
|
@ -226,37 +237,63 @@ destroy_tun_device() {
|
|||
if [ -n "$IPROUTE" ]; then
|
||||
fix_ip_get_output () {
|
||||
sed -e 's/ /\n/g' | \
|
||||
sed -ne '1p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}'
|
||||
sed -ne "1 s|\$|${1}|p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}"
|
||||
}
|
||||
|
||||
set_vpngateway_route() {
|
||||
$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
|
||||
$IPROUTE route flush cache
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
del_vpngateway_route() {
|
||||
$IPROUTE route $route_syntax_del "$VPNGATEWAY"
|
||||
$IPROUTE route flush cache
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
set_default_route() {
|
||||
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
|
||||
$IPROUTE route replace default dev "$TUNDEV"
|
||||
$IPROUTE route flush cache
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
set_network_route() {
|
||||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
NETMASKLEN="$3"
|
||||
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
|
||||
$IPROUTE route flush cache
|
||||
NETDEV="$4"
|
||||
NETGW="$5"
|
||||
if [ -n "$NETGW" ]; then
|
||||
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" via "$NETGW"
|
||||
else
|
||||
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||
fi
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
set_exclude_route() {
|
||||
# add explicit route to keep current routing for this target
|
||||
# (keep traffic separate from VPN tunnel)
|
||||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
NETMASKLEN="$3"
|
||||
$IPROUTE route add `$IPROUTE route get "$NETWORK" | fix_ip_get_output "/$NETMASKLEN"`
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
del_exclude_route() {
|
||||
# FIXME: In theory, this could delete existing routes which are
|
||||
# identical to split-exclude routes specificed by VPNGATEWAY
|
||||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
NETMASKLEN="$3"
|
||||
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN"
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
reset_default_route() {
|
||||
if [ -s "$DEFAULT_ROUTE_FILE" ]; then
|
||||
$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
|
||||
$IPROUTE route flush cache
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
rm -f -- "$DEFAULT_ROUTE_FILE"
|
||||
fi
|
||||
}
|
||||
|
|
@ -265,40 +302,67 @@ if [ -n "$IPROUTE" ]; then
|
|||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
NETMASKLEN="$3"
|
||||
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
|
||||
$IPROUTE route flush cache
|
||||
NETDEV="$4"
|
||||
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
set_ipv6_default_route() {
|
||||
# We don't save/restore IPv6 default route; just add a higher-priority one.
|
||||
$IPROUTE -6 route add default dev "$TUNDEV" metric 1
|
||||
$IPROUTE -6 route flush cache
|
||||
$IPROUTE -6 route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
set_ipv6_network_route() {
|
||||
NETWORK="$1"
|
||||
NETMASKLEN="$2"
|
||||
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
|
||||
$IPROUTE route flush cache
|
||||
NETDEV="$3"
|
||||
NETGW="$4"
|
||||
if [ -n "$NETGW" ]; then
|
||||
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" via "$NETGW"
|
||||
else
|
||||
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||
fi
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
set_ipv6_exclude_route() {
|
||||
# add explicit route to keep current routing for this target
|
||||
# (keep traffic separate from VPN tunnel)
|
||||
NETWORK="$1"
|
||||
NETMASKLEN="$2"
|
||||
$IPROUTE -6 route add `$IPROUTE route get "$NETWORK" | fix_ip_get_output "/$NETMASKLEN"`
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
reset_ipv6_default_route() {
|
||||
$IPROUTE -6 route del default dev "$TUNDEV"
|
||||
$IPROUTE route flush cache
|
||||
$IPROUTE route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
del_ipv6_network_route() {
|
||||
NETWORK="$1"
|
||||
NETMASKLEN="$2"
|
||||
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
|
||||
$IPROUTE -6 route flush cache
|
||||
NETDEV="$3"
|
||||
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||
$IPROUTE -6 route flush cache 2>/dev/null
|
||||
}
|
||||
|
||||
del_ipv6_exclude_route() {
|
||||
# FIXME: In theory, this could delete existing routes which are
|
||||
# identical to split-exclude routes specificed by VPNGATEWAY
|
||||
NETWORK="$1"
|
||||
NETMASKLEN="$2"
|
||||
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN"
|
||||
$IPROUTE -6 route flush cache 2>/dev/null
|
||||
}
|
||||
else # use route command
|
||||
get_default_gw() {
|
||||
# isn't -n supposed to give --numeric output?
|
||||
# apperently not...
|
||||
# Get rid of lines containing IPv6 addresses (':')
|
||||
netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
|
||||
# Get rid of lines for link-local routes (https://superuser.com/a/1067742)
|
||||
netstat -r -n | awk '/:/ { next; } /link\#/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
|
||||
}
|
||||
|
||||
set_vpngateway_route() {
|
||||
|
|
@ -320,8 +384,34 @@ else # use route command
|
|||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
NETMASKLEN="$3"
|
||||
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
||||
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface
|
||||
if [ -n "$5" ]; then
|
||||
NETGW="$5"
|
||||
else
|
||||
NETGW="$INTERNAL_IP4_ADDRESS"
|
||||
fi
|
||||
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$NETGW" $route_syntax_interface
|
||||
}
|
||||
|
||||
set_exclude_route() {
|
||||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
NETMASKLEN="$3"
|
||||
if [ -z "$DEFAULTGW" ]; then
|
||||
DEFAULTGW="`get_default_gw`"
|
||||
fi
|
||||
# Add explicit route to keep traffic for this target separate
|
||||
# from tunnel. FIXME: We use default gateway - this is our best
|
||||
# guess in absence of "ip" command to query effective route.
|
||||
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$DEFAULTGW" $route_syntax_interface
|
||||
}
|
||||
|
||||
del_exclude_route() {
|
||||
# FIXME: This can delete existing routes in case they're
|
||||
# identical to split-exclude routes specified by VPNGATEWAY
|
||||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
NETMASKLEN="$3"
|
||||
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK"
|
||||
}
|
||||
|
||||
reset_default_route() {
|
||||
|
|
@ -333,16 +423,15 @@ else # use route command
|
|||
}
|
||||
|
||||
del_network_route() {
|
||||
case "$OS" in
|
||||
Linux|NetBSD|OpenBSD|Darwin|SunOS) # and probably others...
|
||||
# routes are deleted automatically on device shutdown
|
||||
return
|
||||
;;
|
||||
esac
|
||||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
NETMASKLEN="$3"
|
||||
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
|
||||
if [ -n "$5" ]; then
|
||||
NETGW="$5"
|
||||
else
|
||||
NETGW="$INTERNAL_IP4_ADDRESS"
|
||||
fi
|
||||
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$NETGW"
|
||||
}
|
||||
|
||||
set_ipv6_default_route() {
|
||||
|
|
@ -352,7 +441,23 @@ else # use route command
|
|||
set_ipv6_network_route() {
|
||||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
route add -inet6 -net "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS" $route_syntax_interface
|
||||
if [ -n "$4" ]; then
|
||||
NETGW="$4"
|
||||
else
|
||||
NETGW="$INTERNAL_IP6_ADDRESS"
|
||||
fi
|
||||
|
||||
route add -inet6 -net "$NETWORK/$NETMASK" "$NETGW" $route_syntax_interface
|
||||
:
|
||||
}
|
||||
|
||||
set_ipv6_exclude_route() {
|
||||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
# Add explicit route to keep traffic for this target separate
|
||||
# from tunnel. FIXME: We use default gateway - this is our best
|
||||
# guess in absence of "ip" command to query effective route.
|
||||
route add -inet6 -net "$NETWORK/$NETMASK" "`get_default_gw`" $route_syntax_interface
|
||||
:
|
||||
}
|
||||
|
||||
|
|
@ -364,7 +469,19 @@ else # use route command
|
|||
del_ipv6_network_route() {
|
||||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
route $route_syntax_del -inet6 "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS"
|
||||
if [ -n "$4" ]; then
|
||||
NETGW="$4"
|
||||
else
|
||||
NETGW="$INTERNAL_IP6_ADDRESS"
|
||||
fi
|
||||
route $route_syntax_del -inet6 "$NETWORK/$NETMASK" "$NETGW"
|
||||
:
|
||||
}
|
||||
|
||||
del_ipv6_exclude_route() {
|
||||
NETWORK="$1"
|
||||
NETMASK="$2"
|
||||
route $route_syntax_del -inet6 "$NETWORK/$NETMASK"
|
||||
:
|
||||
}
|
||||
|
||||
|
|
@ -578,7 +695,7 @@ nameserver $i"
|
|||
done
|
||||
if [ -n "$CISCO_DEF_DOMAIN" ]; then
|
||||
NEW_RESOLVCONF="$NEW_RESOLVCONF
|
||||
domain $CISCO_DEF_DOMAIN"
|
||||
search $CISCO_DEF_DOMAIN"
|
||||
fi
|
||||
echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
|
||||
}
|
||||
|
|
@ -614,6 +731,14 @@ busctl_set_nameservers() {
|
|||
busctl_call SetLinkDNS 'ia(iay)' ${args}
|
||||
}
|
||||
|
||||
resolvectl_set_nameservers() {
|
||||
local if_index addresses
|
||||
if_index=$1
|
||||
shift
|
||||
addresses="$@"
|
||||
/usr/bin/resolvectl dns $if_index $addresses
|
||||
}
|
||||
|
||||
busctl_set_search() {
|
||||
local if_index domains args domain
|
||||
if_index=$1
|
||||
|
|
@ -626,7 +751,25 @@ busctl_set_search() {
|
|||
busctl_call SetLinkDomains 'ia(sb)' ${args}
|
||||
}
|
||||
|
||||
resolvectl_set_search() {
|
||||
local if_index domains
|
||||
if_index=$1
|
||||
shift
|
||||
domains="$@"
|
||||
/usr/bin/resolvectl domain $if_index $domains
|
||||
}
|
||||
|
||||
modify_resolved_manager() {
|
||||
local if_index split_dns_list
|
||||
if_index=$(get_if_index $TUNDEV)
|
||||
split_dns_list=$(echo $CISCO_SPLIT_DNS | tr ',' ' ')
|
||||
resolvectl_set_nameservers $if_index $INTERNAL_IP4_DNS
|
||||
if [ -n "$CISCO_DEF_DOMAIN" ] || [ -n "$split_dns_list" ]; then
|
||||
resolvectl_set_search $if_index $CISCO_DEF_DOMAIN $split_dns_list
|
||||
fi
|
||||
}
|
||||
|
||||
modify_resolved_manager_old() {
|
||||
local if_index
|
||||
if_index=$(get_if_index $TUNDEV)
|
||||
busctl_set_nameservers $if_index $INTERNAL_IP4_DNS
|
||||
|
|
@ -636,6 +779,12 @@ modify_resolved_manager() {
|
|||
}
|
||||
|
||||
restore_resolved_manager() {
|
||||
local if_index
|
||||
if_index=$(get_if_index $TUNDEV)
|
||||
/usr/bin/resolvectl revert $if_index
|
||||
}
|
||||
|
||||
restore_resolved_manager_old() {
|
||||
local if_index
|
||||
if_index=$(get_if_index $TUNDEV)
|
||||
busctl_call RevertLink 'i' $if_index
|
||||
|
|
@ -732,6 +881,26 @@ do_connect() {
|
|||
|
||||
set_vpngateway_route
|
||||
do_ifconfig
|
||||
if [ -n "$CISCO_SPLIT_EXC" ]; then
|
||||
i=0
|
||||
while [ $i -lt $CISCO_SPLIT_EXC ] ; do
|
||||
eval NETWORK="\${CISCO_SPLIT_EXC_${i}_ADDR}"
|
||||
eval NETMASK="\${CISCO_SPLIT_EXC_${i}_MASK}"
|
||||
eval NETMASKLEN="\${CISCO_SPLIT_EXC_${i}_MASKLEN}"
|
||||
set_exclude_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
||||
i=`expr $i + 1`
|
||||
done
|
||||
fi
|
||||
if [ -n "$CISCO_IPV6_SPLIT_EXC" ]; then
|
||||
# untested
|
||||
i=0
|
||||
while [ $i -lt $CISCO_IPV6_SPLIT_EXC ] ; do
|
||||
eval NETWORK="\${CISCO_IPV6_SPLIT_EXC_${i}_ADDR}"
|
||||
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_EXC_${i}_MASKLEN}"
|
||||
set_ipv6_exclude_route "$NETWORK" "$NETMASKLEN"
|
||||
i=`expr $i + 1`
|
||||
done
|
||||
fi
|
||||
if [ -n "$CISCO_SPLIT_INC" ]; then
|
||||
i=0
|
||||
while [ $i -lt $CISCO_SPLIT_INC ] ; do
|
||||
|
|
@ -739,7 +908,7 @@ do_connect() {
|
|||
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
|
||||
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
|
||||
if [ "$NETWORK" != "0.0.0.0" ]; then
|
||||
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
||||
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" "$TUNDEV"
|
||||
else
|
||||
set_default_route
|
||||
fi
|
||||
|
|
@ -747,7 +916,7 @@ do_connect() {
|
|||
done
|
||||
for i in $INTERNAL_IP4_DNS ; do
|
||||
echo "$i" | grep : >/dev/null || \
|
||||
set_network_route "$i" "255.255.255.255" "32"
|
||||
set_network_route "$i" "255.255.255.255" "32" "$TUNDEV"
|
||||
done
|
||||
elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
|
||||
set_default_route
|
||||
|
|
@ -757,16 +926,16 @@ do_connect() {
|
|||
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
|
||||
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
|
||||
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
|
||||
if [ $NETMASKLEN -lt 128 ]; then
|
||||
set_ipv6_network_route "$NETWORK" "$NETMASKLEN"
|
||||
else
|
||||
if [ $NETMASKLEN -eq 0 ]; then
|
||||
set_ipv6_default_route
|
||||
else
|
||||
set_ipv6_network_route "$NETWORK" "$NETMASKLEN" "$TUNDEV"
|
||||
fi
|
||||
i=`expr $i + 1`
|
||||
done
|
||||
for i in $INTERNAL_IP4_DNS ; do
|
||||
if echo "$i" | grep : >/dev/null; then
|
||||
set_ipv6_network_route "$i" "128"
|
||||
set_ipv6_network_route "$i" "128" "$TUNDEV"
|
||||
fi
|
||||
done
|
||||
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
|
||||
|
|
@ -788,18 +957,38 @@ do_disconnect() {
|
|||
if [ "$NETWORK" != "0.0.0.0" ]; then
|
||||
# FIXME: This doesn't restore previously overwritten
|
||||
# routes.
|
||||
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
||||
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" "$TUNDEV"
|
||||
else
|
||||
reset_default_route
|
||||
fi
|
||||
i=`expr $i + 1`
|
||||
done
|
||||
for i in $INTERNAL_IP4_DNS ; do
|
||||
del_network_route "$i" "255.255.255.255" "32"
|
||||
del_network_route "$i" "255.255.255.255" "32" "$TUNDEV"
|
||||
done
|
||||
else
|
||||
reset_default_route
|
||||
fi
|
||||
if [ -n "$CISCO_SPLIT_EXC" ]; then
|
||||
i=0
|
||||
while [ $i -lt $CISCO_SPLIT_EXC ] ; do
|
||||
eval NETWORK="\${CISCO_SPLIT_EXC_${i}_ADDR}"
|
||||
eval NETMASK="\${CISCO_SPLIT_EXC_${i}_MASK}"
|
||||
eval NETMASKLEN="\${CISCO_SPLIT_EXC_${i}_MASKLEN}"
|
||||
del_exclude_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
||||
i=`expr $i + 1`
|
||||
done
|
||||
fi
|
||||
if [ -n "$CISCO_IPV6_SPLIT_EXC" ]; then
|
||||
# untested
|
||||
i=0
|
||||
while [ $i -lt $CISCO_IPV6_SPLIT_EXC ] ; do
|
||||
eval NETWORK="\${CISCO_IPV6_SPLIT_EXC_${i}_ADDR}"
|
||||
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_EXC_${i}_MASKLEN}"
|
||||
del_ipv6_exclude_route "$NETWORK" "$NETMASKLEN"
|
||||
i=`expr $i + 1`
|
||||
done
|
||||
fi
|
||||
if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
|
||||
i=0
|
||||
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
|
||||
|
|
@ -808,12 +997,12 @@ do_disconnect() {
|
|||
if [ $NETMASKLEN -eq 0 ]; then
|
||||
reset_ipv6_default_route
|
||||
else
|
||||
del_ipv6_network_route "$NETWORK" "$NETMASKLEN"
|
||||
del_ipv6_network_route "$NETWORK" "$NETMASKLEN" "$TUNDEV"
|
||||
fi
|
||||
i=`expr $i + 1`
|
||||
done
|
||||
for i in $INTERNAL_IP6_DNS ; do
|
||||
del_ipv6_network_route "$i" "128"
|
||||
del_ipv6_network_route "$i" "128" "$TUNDEV"
|
||||
done
|
||||
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
|
||||
reset_ipv6_default_route
|
||||
|
|
@ -874,7 +1063,15 @@ case "$reason" in
|
|||
do_disconnect
|
||||
run_hooks post-disconnect
|
||||
;;
|
||||
attempt-reconnect)
|
||||
# Invoked before each attempt to re-establish the session.
|
||||
# If the underlying physical connection changed, we might
|
||||
# be left with a route to the VPN server through the VPN
|
||||
# itself, which would need to be fixed.
|
||||
run_hooks attempt-reconnect
|
||||
;;
|
||||
reconnect)
|
||||
# After successfully re-establishing the session.
|
||||
run_hooks reconnect
|
||||
;;
|
||||
*)
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
%global git_date 20171004
|
||||
%global git_commit_hash 6f87b0f
|
||||
%global git_date 20200918
|
||||
%global git_commit_hash 3885f8
|
||||
|
||||
Name: vpnc-script
|
||||
Version: %{git_date}
|
||||
Release: 8.git%{git_commit_hash}%{?dist}
|
||||
Release: 1.git%{git_commit_hash}%{?dist}
|
||||
|
||||
Summary: Routing setup script for vpnc and openconnect
|
||||
BuildArch: noarch
|
||||
|
|
@ -34,6 +34,9 @@ install -m 0755 vpnc-script \
|
|||
%{_sysconfdir}/vpnc/vpnc-script
|
||||
|
||||
%changelog
|
||||
* Tue Sep 29 2020 Nikos Mavrogiannopoulos <nmav@redhat.com>
|
||||
- Updated to latest upstream vpnc-script
|
||||
|
||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-8.git6f87b0f
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue