Compare commits
1 commit
| Author | SHA1 | Date | |
|---|---|---|---|
|
09b80834f1 |
2 changed files with 253 additions and 53 deletions
297
vpnc-script
297
vpnc-script
|
|
@ -21,7 +21,7 @@
|
||||||
################
|
################
|
||||||
#
|
#
|
||||||
# List of parameters passed through environment
|
# List of parameters passed through environment
|
||||||
#* reason -- why this script was called, one of: pre-init connect disconnect reconnect
|
#* reason -- why this script was called, one of: pre-init connect disconnect reconnect attempt-reconnect
|
||||||
#* VPNGATEWAY -- vpn gateway address (always present)
|
#* VPNGATEWAY -- vpn gateway address (always present)
|
||||||
#* TUNDEV -- tunnel device (always present)
|
#* TUNDEV -- tunnel device (always present)
|
||||||
#* INTERNAL_IP4_ADDRESS -- address (always present)
|
#* INTERNAL_IP4_ADDRESS -- address (always present)
|
||||||
|
|
@ -36,6 +36,7 @@
|
||||||
#* INTERNAL_IP6_DNS -- IPv6 list of dns servers
|
#* INTERNAL_IP6_DNS -- IPv6 list of dns servers
|
||||||
#* CISCO_DEF_DOMAIN -- default domain name
|
#* CISCO_DEF_DOMAIN -- default domain name
|
||||||
#* CISCO_BANNER -- banner from server
|
#* CISCO_BANNER -- banner from server
|
||||||
|
#* CISCO_SPLIT_DNS -- dns search domain list
|
||||||
#* CISCO_SPLIT_INC -- number of networks in split-network-list
|
#* CISCO_SPLIT_INC -- number of networks in split-network-list
|
||||||
#* CISCO_SPLIT_INC_%d_ADDR -- network address
|
#* CISCO_SPLIT_INC_%d_ADDR -- network address
|
||||||
#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
|
#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
|
||||||
|
|
@ -88,9 +89,6 @@ if [ ! -d "/var/run/vpnc" ]; then
|
||||||
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc
|
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# stupid SunOS: no blubber in /usr/local/bin ... (on stdout)
|
|
||||||
IPROUTE="`which ip 2> /dev/null | grep '^/'`"
|
|
||||||
|
|
||||||
if ifconfig --help 2>&1 | grep BusyBox > /dev/null; then
|
if ifconfig --help 2>&1 | grep BusyBox > /dev/null; then
|
||||||
ifconfig_syntax_inet=""
|
ifconfig_syntax_inet=""
|
||||||
else
|
else
|
||||||
|
|
@ -98,11 +96,15 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$OS" = "Linux" ]; then
|
if [ "$OS" = "Linux" ]; then
|
||||||
|
IPROUTE="`which ip 2> /dev/null | grep '^/'`"
|
||||||
ifconfig_syntax_ptp="pointopoint"
|
ifconfig_syntax_ptp="pointopoint"
|
||||||
route_syntax_gw="gw"
|
route_syntax_gw="gw"
|
||||||
route_syntax_del="del"
|
route_syntax_del="del"
|
||||||
route_syntax_netmask="netmask"
|
route_syntax_netmask="netmask"
|
||||||
else
|
else
|
||||||
|
# iproute2 is Linux only; if `which ip` returns something on another OS, it's likely an unrelated tool
|
||||||
|
# (see https://github.com/dlenski/openconnect/issues/132#issuecomment-470475009)
|
||||||
|
IPROUTE=""
|
||||||
ifconfig_syntax_ptp=""
|
ifconfig_syntax_ptp=""
|
||||||
route_syntax_gw=""
|
route_syntax_gw=""
|
||||||
route_syntax_del="delete"
|
route_syntax_del="delete"
|
||||||
|
|
@ -116,7 +118,7 @@ else
|
||||||
ifconfig_syntax_ptpv6=""
|
ifconfig_syntax_ptpv6=""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
grep ^hosts /etc/nsswitch.conf|grep resolve >/dev/null 2>&1
|
grep ^hosts /etc/nsswitch.conf 2>/dev/null|grep resolve >/dev/null 2>&1
|
||||||
if [ $? = 0 ];then
|
if [ $? = 0 ];then
|
||||||
RESOLVEDENABLED=1
|
RESOLVEDENABLED=1
|
||||||
else
|
else
|
||||||
|
|
@ -124,21 +126,30 @@ else
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -r /etc/openwrt_release ] && [ -n "$OPENWRT_INTERFACE" ]; then
|
if [ -r /etc/openwrt_release ] && [ -n "$OPENWRT_INTERFACE" ]; then
|
||||||
. /etc/functions.sh
|
. /etc/functions.sh
|
||||||
include /lib/network
|
include /lib/network
|
||||||
MODIFYRESOLVCONF=modify_resolvconf_openwrt
|
MODIFYRESOLVCONF=modify_resolvconf_openwrt
|
||||||
RESTORERESOLVCONF=restore_resolvconf_openwrt
|
RESTORERESOLVCONF=restore_resolvconf_openwrt
|
||||||
elif [ -x /usr/bin/busctl ] && [ ${RESOLVEDENABLED} = 1 ]; then # For systemd-resolved (version 229 and above)
|
elif [ -x /usr/bin/resolvectl ] && [ ${RESOLVEDENABLED} = 1 ]; then
|
||||||
|
# For systemd-resolved (version 239 and above)
|
||||||
MODIFYRESOLVCONF=modify_resolved_manager
|
MODIFYRESOLVCONF=modify_resolved_manager
|
||||||
RESTORERESOLVCONF=restore_resolved_manager
|
RESTORERESOLVCONF=restore_resolved_manager
|
||||||
elif [ -x /sbin/resolvconf -a "$(basename $(readlink /sbin/resolvconf))" != 'resolvectl' ]; then
|
elif [ -x /usr/bin/busctl ] && [ ${RESOLVEDENABLED} = 1 ]; then
|
||||||
|
# For systemd-resolved (version 229 and above)
|
||||||
|
MODIFYRESOLVCONF=modify_resolved_manager_old
|
||||||
|
RESTORERESOLVCONF=restore_resolved_manager_old
|
||||||
|
elif [ -x /sbin/resolvconf ]; then
|
||||||
# Optional tool on Debian, Ubuntu, Gentoo and FreeBSD
|
# Optional tool on Debian, Ubuntu, Gentoo and FreeBSD
|
||||||
MODIFYRESOLVCONF=modify_resolvconf_manager
|
MODIFYRESOLVCONF=modify_resolvconf_manager
|
||||||
RESTORERESOLVCONF=restore_resolvconf_manager
|
RESTORERESOLVCONF=restore_resolvconf_manager
|
||||||
elif [ -x /sbin/netconfig ]; then # tool on Suse after 11.1
|
elif [ -x /sbin/netconfig ] && [ ! -f /etc/slackware-version ]; then
|
||||||
|
# tool on Suse after 11.1
|
||||||
|
# Slackware's netconfig is an unrelated tool that should not be invoked here
|
||||||
|
# (see https://www.linuxquestions.org/questions/slackware-14/vpnc-on-slackware-14-2-is-bringing-up-network-configuration-dialog-each-time-4175595447/#post5646866)
|
||||||
MODIFYRESOLVCONF=modify_resolvconf_suse_netconfig
|
MODIFYRESOLVCONF=modify_resolvconf_suse_netconfig
|
||||||
RESTORERESOLVCONF=restore_resolvconf_suse_netconfig
|
RESTORERESOLVCONF=restore_resolvconf_suse_netconfig
|
||||||
elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1
|
elif [ -x /sbin/modify_resolvconf ]; then
|
||||||
|
# Mandatory tool on Suse earlier than 11.1
|
||||||
MODIFYRESOLVCONF=modify_resolvconf_suse
|
MODIFYRESOLVCONF=modify_resolvconf_suse
|
||||||
RESTORERESOLVCONF=restore_resolvconf_suse
|
RESTORERESOLVCONF=restore_resolvconf_suse
|
||||||
elif [ -x /usr/sbin/unbound-control ] && /usr/sbin/unbound-control status > /dev/null 2>&1; then
|
elif [ -x /usr/sbin/unbound-control ] && /usr/sbin/unbound-control status > /dev/null 2>&1; then
|
||||||
|
|
@ -188,7 +199,7 @@ do_ifconfig() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$INTERNAL_IP4_NETMASK" ]; then
|
if [ -n "$INTERNAL_IP4_NETMASK" ]; then
|
||||||
set_network_route $INTERNAL_IP4_NETADDR $INTERNAL_IP4_NETMASK $INTERNAL_IP4_NETMASKLEN
|
set_network_route "$INTERNAL_IP4_NETADDR" "$INTERNAL_IP4_NETMASK" "$INTERNAL_IP4_NETMASKLEN" "$TUNDEV"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# If the netmask is provided, it contains the address _and_ netmask
|
# If the netmask is provided, it contains the address _and_ netmask
|
||||||
|
|
@ -205,7 +216,7 @@ do_ifconfig() {
|
||||||
# OpenVPN does the same (gives dest_address for Legacy IP
|
# OpenVPN does the same (gives dest_address for Legacy IP
|
||||||
# but not for IPv6).
|
# but not for IPv6).
|
||||||
# Only Solaris needs it; hence $ifconfig_syntax_ptpv6
|
# Only Solaris needs it; hence $ifconfig_syntax_ptpv6
|
||||||
ifconfig "$TUNDEV" inet6 $INTERNAL_IP6_NETMASK $ifconfig_syntax_ptpv6 mtu $MTU up
|
ifconfig "$TUNDEV" inet6 $INTERNAL_IP6_NETMASK $ifconfig_syntax_ptpv6 mtu $MTU up
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -226,37 +237,63 @@ destroy_tun_device() {
|
||||||
if [ -n "$IPROUTE" ]; then
|
if [ -n "$IPROUTE" ]; then
|
||||||
fix_ip_get_output () {
|
fix_ip_get_output () {
|
||||||
sed -e 's/ /\n/g' | \
|
sed -e 's/ /\n/g' | \
|
||||||
sed -ne '1p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}'
|
sed -ne "1 s|\$|${1}|p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}"
|
||||||
}
|
}
|
||||||
|
|
||||||
set_vpngateway_route() {
|
set_vpngateway_route() {
|
||||||
$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
|
$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
del_vpngateway_route() {
|
del_vpngateway_route() {
|
||||||
$IPROUTE route $route_syntax_del "$VPNGATEWAY"
|
$IPROUTE route $route_syntax_del "$VPNGATEWAY"
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
set_default_route() {
|
set_default_route() {
|
||||||
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
|
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
|
||||||
$IPROUTE route replace default dev "$TUNDEV"
|
$IPROUTE route replace default dev "$TUNDEV"
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
set_network_route() {
|
set_network_route() {
|
||||||
NETWORK="$1"
|
NETWORK="$1"
|
||||||
NETMASK="$2"
|
NETMASK="$2"
|
||||||
NETMASKLEN="$3"
|
NETMASKLEN="$3"
|
||||||
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
|
NETDEV="$4"
|
||||||
$IPROUTE route flush cache
|
NETGW="$5"
|
||||||
|
if [ -n "$NETGW" ]; then
|
||||||
|
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" via "$NETGW"
|
||||||
|
else
|
||||||
|
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||||
|
fi
|
||||||
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
|
set_exclude_route() {
|
||||||
|
# add explicit route to keep current routing for this target
|
||||||
|
# (keep traffic separate from VPN tunnel)
|
||||||
|
NETWORK="$1"
|
||||||
|
NETMASK="$2"
|
||||||
|
NETMASKLEN="$3"
|
||||||
|
$IPROUTE route add `$IPROUTE route get "$NETWORK" | fix_ip_get_output "/$NETMASKLEN"`
|
||||||
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
|
del_exclude_route() {
|
||||||
|
# FIXME: In theory, this could delete existing routes which are
|
||||||
|
# identical to split-exclude routes specificed by VPNGATEWAY
|
||||||
|
NETWORK="$1"
|
||||||
|
NETMASK="$2"
|
||||||
|
NETMASKLEN="$3"
|
||||||
|
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN"
|
||||||
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
reset_default_route() {
|
reset_default_route() {
|
||||||
if [ -s "$DEFAULT_ROUTE_FILE" ]; then
|
if [ -s "$DEFAULT_ROUTE_FILE" ]; then
|
||||||
$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
|
$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
rm -f -- "$DEFAULT_ROUTE_FILE"
|
rm -f -- "$DEFAULT_ROUTE_FILE"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
@ -265,40 +302,67 @@ if [ -n "$IPROUTE" ]; then
|
||||||
NETWORK="$1"
|
NETWORK="$1"
|
||||||
NETMASK="$2"
|
NETMASK="$2"
|
||||||
NETMASKLEN="$3"
|
NETMASKLEN="$3"
|
||||||
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
|
NETDEV="$4"
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||||
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
set_ipv6_default_route() {
|
set_ipv6_default_route() {
|
||||||
# We don't save/restore IPv6 default route; just add a higher-priority one.
|
# We don't save/restore IPv6 default route; just add a higher-priority one.
|
||||||
$IPROUTE -6 route add default dev "$TUNDEV" metric 1
|
$IPROUTE -6 route add default dev "$TUNDEV" metric 1
|
||||||
$IPROUTE -6 route flush cache
|
$IPROUTE -6 route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
set_ipv6_network_route() {
|
set_ipv6_network_route() {
|
||||||
NETWORK="$1"
|
NETWORK="$1"
|
||||||
NETMASKLEN="$2"
|
NETMASKLEN="$2"
|
||||||
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
|
NETDEV="$3"
|
||||||
$IPROUTE route flush cache
|
NETGW="$4"
|
||||||
|
if [ -n "$NETGW" ]; then
|
||||||
|
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" via "$NETGW"
|
||||||
|
else
|
||||||
|
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||||
|
fi
|
||||||
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
|
set_ipv6_exclude_route() {
|
||||||
|
# add explicit route to keep current routing for this target
|
||||||
|
# (keep traffic separate from VPN tunnel)
|
||||||
|
NETWORK="$1"
|
||||||
|
NETMASKLEN="$2"
|
||||||
|
$IPROUTE -6 route add `$IPROUTE route get "$NETWORK" | fix_ip_get_output "/$NETMASKLEN"`
|
||||||
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
reset_ipv6_default_route() {
|
reset_ipv6_default_route() {
|
||||||
$IPROUTE -6 route del default dev "$TUNDEV"
|
$IPROUTE -6 route del default dev "$TUNDEV"
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
del_ipv6_network_route() {
|
del_ipv6_network_route() {
|
||||||
NETWORK="$1"
|
NETWORK="$1"
|
||||||
NETMASKLEN="$2"
|
NETMASKLEN="$2"
|
||||||
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
|
NETDEV="$3"
|
||||||
$IPROUTE -6 route flush cache
|
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||||
|
$IPROUTE -6 route flush cache 2>/dev/null
|
||||||
|
}
|
||||||
|
|
||||||
|
del_ipv6_exclude_route() {
|
||||||
|
# FIXME: In theory, this could delete existing routes which are
|
||||||
|
# identical to split-exclude routes specificed by VPNGATEWAY
|
||||||
|
NETWORK="$1"
|
||||||
|
NETMASKLEN="$2"
|
||||||
|
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN"
|
||||||
|
$IPROUTE -6 route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
else # use route command
|
else # use route command
|
||||||
get_default_gw() {
|
get_default_gw() {
|
||||||
# isn't -n supposed to give --numeric output?
|
# isn't -n supposed to give --numeric output?
|
||||||
# apperently not...
|
# apperently not...
|
||||||
# Get rid of lines containing IPv6 addresses (':')
|
# Get rid of lines containing IPv6 addresses (':')
|
||||||
netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
|
# Get rid of lines for link-local routes (https://superuser.com/a/1067742)
|
||||||
|
netstat -r -n | awk '/:/ { next; } /link\#/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
|
||||||
}
|
}
|
||||||
|
|
||||||
set_vpngateway_route() {
|
set_vpngateway_route() {
|
||||||
|
|
@ -320,8 +384,34 @@ else # use route command
|
||||||
NETWORK="$1"
|
NETWORK="$1"
|
||||||
NETMASK="$2"
|
NETMASK="$2"
|
||||||
NETMASKLEN="$3"
|
NETMASKLEN="$3"
|
||||||
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
if [ -n "$5" ]; then
|
||||||
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface
|
NETGW="$5"
|
||||||
|
else
|
||||||
|
NETGW="$INTERNAL_IP4_ADDRESS"
|
||||||
|
fi
|
||||||
|
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$NETGW" $route_syntax_interface
|
||||||
|
}
|
||||||
|
|
||||||
|
set_exclude_route() {
|
||||||
|
NETWORK="$1"
|
||||||
|
NETMASK="$2"
|
||||||
|
NETMASKLEN="$3"
|
||||||
|
if [ -z "$DEFAULTGW" ]; then
|
||||||
|
DEFAULTGW="`get_default_gw`"
|
||||||
|
fi
|
||||||
|
# Add explicit route to keep traffic for this target separate
|
||||||
|
# from tunnel. FIXME: We use default gateway - this is our best
|
||||||
|
# guess in absence of "ip" command to query effective route.
|
||||||
|
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$DEFAULTGW" $route_syntax_interface
|
||||||
|
}
|
||||||
|
|
||||||
|
del_exclude_route() {
|
||||||
|
# FIXME: This can delete existing routes in case they're
|
||||||
|
# identical to split-exclude routes specified by VPNGATEWAY
|
||||||
|
NETWORK="$1"
|
||||||
|
NETMASK="$2"
|
||||||
|
NETMASKLEN="$3"
|
||||||
|
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK"
|
||||||
}
|
}
|
||||||
|
|
||||||
reset_default_route() {
|
reset_default_route() {
|
||||||
|
|
@ -333,16 +423,15 @@ else # use route command
|
||||||
}
|
}
|
||||||
|
|
||||||
del_network_route() {
|
del_network_route() {
|
||||||
case "$OS" in
|
|
||||||
Linux|NetBSD|OpenBSD|Darwin|SunOS) # and probably others...
|
|
||||||
# routes are deleted automatically on device shutdown
|
|
||||||
return
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
NETWORK="$1"
|
NETWORK="$1"
|
||||||
NETMASK="$2"
|
NETMASK="$2"
|
||||||
NETMASKLEN="$3"
|
NETMASKLEN="$3"
|
||||||
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
|
if [ -n "$5" ]; then
|
||||||
|
NETGW="$5"
|
||||||
|
else
|
||||||
|
NETGW="$INTERNAL_IP4_ADDRESS"
|
||||||
|
fi
|
||||||
|
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$NETGW"
|
||||||
}
|
}
|
||||||
|
|
||||||
set_ipv6_default_route() {
|
set_ipv6_default_route() {
|
||||||
|
|
@ -352,7 +441,23 @@ else # use route command
|
||||||
set_ipv6_network_route() {
|
set_ipv6_network_route() {
|
||||||
NETWORK="$1"
|
NETWORK="$1"
|
||||||
NETMASK="$2"
|
NETMASK="$2"
|
||||||
route add -inet6 -net "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS" $route_syntax_interface
|
if [ -n "$4" ]; then
|
||||||
|
NETGW="$4"
|
||||||
|
else
|
||||||
|
NETGW="$INTERNAL_IP6_ADDRESS"
|
||||||
|
fi
|
||||||
|
|
||||||
|
route add -inet6 -net "$NETWORK/$NETMASK" "$NETGW" $route_syntax_interface
|
||||||
|
:
|
||||||
|
}
|
||||||
|
|
||||||
|
set_ipv6_exclude_route() {
|
||||||
|
NETWORK="$1"
|
||||||
|
NETMASK="$2"
|
||||||
|
# Add explicit route to keep traffic for this target separate
|
||||||
|
# from tunnel. FIXME: We use default gateway - this is our best
|
||||||
|
# guess in absence of "ip" command to query effective route.
|
||||||
|
route add -inet6 -net "$NETWORK/$NETMASK" "`get_default_gw`" $route_syntax_interface
|
||||||
:
|
:
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -364,7 +469,19 @@ else # use route command
|
||||||
del_ipv6_network_route() {
|
del_ipv6_network_route() {
|
||||||
NETWORK="$1"
|
NETWORK="$1"
|
||||||
NETMASK="$2"
|
NETMASK="$2"
|
||||||
route $route_syntax_del -inet6 "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS"
|
if [ -n "$4" ]; then
|
||||||
|
NETGW="$4"
|
||||||
|
else
|
||||||
|
NETGW="$INTERNAL_IP6_ADDRESS"
|
||||||
|
fi
|
||||||
|
route $route_syntax_del -inet6 "$NETWORK/$NETMASK" "$NETGW"
|
||||||
|
:
|
||||||
|
}
|
||||||
|
|
||||||
|
del_ipv6_exclude_route() {
|
||||||
|
NETWORK="$1"
|
||||||
|
NETMASK="$2"
|
||||||
|
route $route_syntax_del -inet6 "$NETWORK/$NETMASK"
|
||||||
:
|
:
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -578,7 +695,7 @@ nameserver $i"
|
||||||
done
|
done
|
||||||
if [ -n "$CISCO_DEF_DOMAIN" ]; then
|
if [ -n "$CISCO_DEF_DOMAIN" ]; then
|
||||||
NEW_RESOLVCONF="$NEW_RESOLVCONF
|
NEW_RESOLVCONF="$NEW_RESOLVCONF
|
||||||
domain $CISCO_DEF_DOMAIN"
|
search $CISCO_DEF_DOMAIN"
|
||||||
fi
|
fi
|
||||||
echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
|
echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
|
||||||
}
|
}
|
||||||
|
|
@ -614,6 +731,14 @@ busctl_set_nameservers() {
|
||||||
busctl_call SetLinkDNS 'ia(iay)' ${args}
|
busctl_call SetLinkDNS 'ia(iay)' ${args}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resolvectl_set_nameservers() {
|
||||||
|
local if_index addresses
|
||||||
|
if_index=$1
|
||||||
|
shift
|
||||||
|
addresses="$@"
|
||||||
|
/usr/bin/resolvectl dns $if_index $addresses
|
||||||
|
}
|
||||||
|
|
||||||
busctl_set_search() {
|
busctl_set_search() {
|
||||||
local if_index domains args domain
|
local if_index domains args domain
|
||||||
if_index=$1
|
if_index=$1
|
||||||
|
|
@ -626,7 +751,25 @@ busctl_set_search() {
|
||||||
busctl_call SetLinkDomains 'ia(sb)' ${args}
|
busctl_call SetLinkDomains 'ia(sb)' ${args}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resolvectl_set_search() {
|
||||||
|
local if_index domains
|
||||||
|
if_index=$1
|
||||||
|
shift
|
||||||
|
domains="$@"
|
||||||
|
/usr/bin/resolvectl domain $if_index $domains
|
||||||
|
}
|
||||||
|
|
||||||
modify_resolved_manager() {
|
modify_resolved_manager() {
|
||||||
|
local if_index split_dns_list
|
||||||
|
if_index=$(get_if_index $TUNDEV)
|
||||||
|
split_dns_list=$(echo $CISCO_SPLIT_DNS | tr ',' ' ')
|
||||||
|
resolvectl_set_nameservers $if_index $INTERNAL_IP4_DNS
|
||||||
|
if [ -n "$CISCO_DEF_DOMAIN" ] || [ -n "$split_dns_list" ]; then
|
||||||
|
resolvectl_set_search $if_index $CISCO_DEF_DOMAIN $split_dns_list
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
modify_resolved_manager_old() {
|
||||||
local if_index
|
local if_index
|
||||||
if_index=$(get_if_index $TUNDEV)
|
if_index=$(get_if_index $TUNDEV)
|
||||||
busctl_set_nameservers $if_index $INTERNAL_IP4_DNS
|
busctl_set_nameservers $if_index $INTERNAL_IP4_DNS
|
||||||
|
|
@ -636,6 +779,12 @@ modify_resolved_manager() {
|
||||||
}
|
}
|
||||||
|
|
||||||
restore_resolved_manager() {
|
restore_resolved_manager() {
|
||||||
|
local if_index
|
||||||
|
if_index=$(get_if_index $TUNDEV)
|
||||||
|
/usr/bin/resolvectl revert $if_index
|
||||||
|
}
|
||||||
|
|
||||||
|
restore_resolved_manager_old() {
|
||||||
local if_index
|
local if_index
|
||||||
if_index=$(get_if_index $TUNDEV)
|
if_index=$(get_if_index $TUNDEV)
|
||||||
busctl_call RevertLink 'i' $if_index
|
busctl_call RevertLink 'i' $if_index
|
||||||
|
|
@ -732,6 +881,26 @@ do_connect() {
|
||||||
|
|
||||||
set_vpngateway_route
|
set_vpngateway_route
|
||||||
do_ifconfig
|
do_ifconfig
|
||||||
|
if [ -n "$CISCO_SPLIT_EXC" ]; then
|
||||||
|
i=0
|
||||||
|
while [ $i -lt $CISCO_SPLIT_EXC ] ; do
|
||||||
|
eval NETWORK="\${CISCO_SPLIT_EXC_${i}_ADDR}"
|
||||||
|
eval NETMASK="\${CISCO_SPLIT_EXC_${i}_MASK}"
|
||||||
|
eval NETMASKLEN="\${CISCO_SPLIT_EXC_${i}_MASKLEN}"
|
||||||
|
set_exclude_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
||||||
|
i=`expr $i + 1`
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
if [ -n "$CISCO_IPV6_SPLIT_EXC" ]; then
|
||||||
|
# untested
|
||||||
|
i=0
|
||||||
|
while [ $i -lt $CISCO_IPV6_SPLIT_EXC ] ; do
|
||||||
|
eval NETWORK="\${CISCO_IPV6_SPLIT_EXC_${i}_ADDR}"
|
||||||
|
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_EXC_${i}_MASKLEN}"
|
||||||
|
set_ipv6_exclude_route "$NETWORK" "$NETMASKLEN"
|
||||||
|
i=`expr $i + 1`
|
||||||
|
done
|
||||||
|
fi
|
||||||
if [ -n "$CISCO_SPLIT_INC" ]; then
|
if [ -n "$CISCO_SPLIT_INC" ]; then
|
||||||
i=0
|
i=0
|
||||||
while [ $i -lt $CISCO_SPLIT_INC ] ; do
|
while [ $i -lt $CISCO_SPLIT_INC ] ; do
|
||||||
|
|
@ -739,7 +908,7 @@ do_connect() {
|
||||||
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
|
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
|
||||||
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
|
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
|
||||||
if [ "$NETWORK" != "0.0.0.0" ]; then
|
if [ "$NETWORK" != "0.0.0.0" ]; then
|
||||||
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" "$TUNDEV"
|
||||||
else
|
else
|
||||||
set_default_route
|
set_default_route
|
||||||
fi
|
fi
|
||||||
|
|
@ -747,7 +916,7 @@ do_connect() {
|
||||||
done
|
done
|
||||||
for i in $INTERNAL_IP4_DNS ; do
|
for i in $INTERNAL_IP4_DNS ; do
|
||||||
echo "$i" | grep : >/dev/null || \
|
echo "$i" | grep : >/dev/null || \
|
||||||
set_network_route "$i" "255.255.255.255" "32"
|
set_network_route "$i" "255.255.255.255" "32" "$TUNDEV"
|
||||||
done
|
done
|
||||||
elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
|
elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
|
||||||
set_default_route
|
set_default_route
|
||||||
|
|
@ -757,16 +926,16 @@ do_connect() {
|
||||||
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
|
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
|
||||||
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
|
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
|
||||||
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
|
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
|
||||||
if [ $NETMASKLEN -lt 128 ]; then
|
if [ $NETMASKLEN -eq 0 ]; then
|
||||||
set_ipv6_network_route "$NETWORK" "$NETMASKLEN"
|
|
||||||
else
|
|
||||||
set_ipv6_default_route
|
set_ipv6_default_route
|
||||||
|
else
|
||||||
|
set_ipv6_network_route "$NETWORK" "$NETMASKLEN" "$TUNDEV"
|
||||||
fi
|
fi
|
||||||
i=`expr $i + 1`
|
i=`expr $i + 1`
|
||||||
done
|
done
|
||||||
for i in $INTERNAL_IP4_DNS ; do
|
for i in $INTERNAL_IP4_DNS ; do
|
||||||
if echo "$i" | grep : >/dev/null; then
|
if echo "$i" | grep : >/dev/null; then
|
||||||
set_ipv6_network_route "$i" "128"
|
set_ipv6_network_route "$i" "128" "$TUNDEV"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
|
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
|
||||||
|
|
@ -788,18 +957,38 @@ do_disconnect() {
|
||||||
if [ "$NETWORK" != "0.0.0.0" ]; then
|
if [ "$NETWORK" != "0.0.0.0" ]; then
|
||||||
# FIXME: This doesn't restore previously overwritten
|
# FIXME: This doesn't restore previously overwritten
|
||||||
# routes.
|
# routes.
|
||||||
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" "$TUNDEV"
|
||||||
else
|
else
|
||||||
reset_default_route
|
reset_default_route
|
||||||
fi
|
fi
|
||||||
i=`expr $i + 1`
|
i=`expr $i + 1`
|
||||||
done
|
done
|
||||||
for i in $INTERNAL_IP4_DNS ; do
|
for i in $INTERNAL_IP4_DNS ; do
|
||||||
del_network_route "$i" "255.255.255.255" "32"
|
del_network_route "$i" "255.255.255.255" "32" "$TUNDEV"
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
reset_default_route
|
reset_default_route
|
||||||
fi
|
fi
|
||||||
|
if [ -n "$CISCO_SPLIT_EXC" ]; then
|
||||||
|
i=0
|
||||||
|
while [ $i -lt $CISCO_SPLIT_EXC ] ; do
|
||||||
|
eval NETWORK="\${CISCO_SPLIT_EXC_${i}_ADDR}"
|
||||||
|
eval NETMASK="\${CISCO_SPLIT_EXC_${i}_MASK}"
|
||||||
|
eval NETMASKLEN="\${CISCO_SPLIT_EXC_${i}_MASKLEN}"
|
||||||
|
del_exclude_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
|
||||||
|
i=`expr $i + 1`
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
if [ -n "$CISCO_IPV6_SPLIT_EXC" ]; then
|
||||||
|
# untested
|
||||||
|
i=0
|
||||||
|
while [ $i -lt $CISCO_IPV6_SPLIT_EXC ] ; do
|
||||||
|
eval NETWORK="\${CISCO_IPV6_SPLIT_EXC_${i}_ADDR}"
|
||||||
|
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_EXC_${i}_MASKLEN}"
|
||||||
|
del_ipv6_exclude_route "$NETWORK" "$NETMASKLEN"
|
||||||
|
i=`expr $i + 1`
|
||||||
|
done
|
||||||
|
fi
|
||||||
if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
|
if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
|
||||||
i=0
|
i=0
|
||||||
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
|
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
|
||||||
|
|
@ -808,12 +997,12 @@ do_disconnect() {
|
||||||
if [ $NETMASKLEN -eq 0 ]; then
|
if [ $NETMASKLEN -eq 0 ]; then
|
||||||
reset_ipv6_default_route
|
reset_ipv6_default_route
|
||||||
else
|
else
|
||||||
del_ipv6_network_route "$NETWORK" "$NETMASKLEN"
|
del_ipv6_network_route "$NETWORK" "$NETMASKLEN" "$TUNDEV"
|
||||||
fi
|
fi
|
||||||
i=`expr $i + 1`
|
i=`expr $i + 1`
|
||||||
done
|
done
|
||||||
for i in $INTERNAL_IP6_DNS ; do
|
for i in $INTERNAL_IP6_DNS ; do
|
||||||
del_ipv6_network_route "$i" "128"
|
del_ipv6_network_route "$i" "128" "$TUNDEV"
|
||||||
done
|
done
|
||||||
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
|
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
|
||||||
reset_ipv6_default_route
|
reset_ipv6_default_route
|
||||||
|
|
@ -874,7 +1063,15 @@ case "$reason" in
|
||||||
do_disconnect
|
do_disconnect
|
||||||
run_hooks post-disconnect
|
run_hooks post-disconnect
|
||||||
;;
|
;;
|
||||||
|
attempt-reconnect)
|
||||||
|
# Invoked before each attempt to re-establish the session.
|
||||||
|
# If the underlying physical connection changed, we might
|
||||||
|
# be left with a route to the VPN server through the VPN
|
||||||
|
# itself, which would need to be fixed.
|
||||||
|
run_hooks attempt-reconnect
|
||||||
|
;;
|
||||||
reconnect)
|
reconnect)
|
||||||
|
# After successfully re-establishing the session.
|
||||||
run_hooks reconnect
|
run_hooks reconnect
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
|
|
||||||
|
|
@ -1,9 +1,9 @@
|
||||||
%global git_date 20171004
|
%global git_date 20200918
|
||||||
%global git_commit_hash 6f87b0f
|
%global git_commit_hash 3885f8
|
||||||
|
|
||||||
Name: vpnc-script
|
Name: vpnc-script
|
||||||
Version: %{git_date}
|
Version: %{git_date}
|
||||||
Release: 8.git%{git_commit_hash}%{?dist}
|
Release: 1.git%{git_commit_hash}%{?dist}
|
||||||
|
|
||||||
Summary: Routing setup script for vpnc and openconnect
|
Summary: Routing setup script for vpnc and openconnect
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
@ -34,6 +34,9 @@ install -m 0755 vpnc-script \
|
||||||
%{_sysconfdir}/vpnc/vpnc-script
|
%{_sysconfdir}/vpnc/vpnc-script
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Sep 29 2020 Nikos Mavrogiannopoulos <nmav@redhat.com>
|
||||||
|
- Updated to latest upstream vpnc-script
|
||||||
|
|
||||||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-8.git6f87b0f
|
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-8.git6f87b0f
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue