rpms/vpnc-script
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f43
rpms:main
rpms:f42
rpms:epel10
rpms:epel10.0
rpms:epel10.1
rpms:f41
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:epel8
rpms:epel9
rpms:f36
rpms:epel8-playground
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f24
rpms:f25
rpms:f23
rpms:f22
...
pull from: rpms:f39
Branches Tags
rpms:f43
rpms:main
rpms:rawhide
rpms:f42
rpms:epel10
rpms:epel10.0
rpms:epel10.1
rpms:f41
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:epel8
rpms:epel9
rpms:f36
rpms:epel8-playground
rpms:f35
rpms:f34
rpms:f33
rpms:f32
rpms:f31
rpms:f30
rpms:f29
rpms:f28
rpms:f27
rpms:f26
rpms:f24
rpms:f25
rpms:f23
rpms:f22
Sign in to create a new pull request.

1 commit
rawhide ... f39

Author SHA1 Message Date
Nikos Mavrogiannopoulos
7d1b309285 Updated to latest release and use auto macros 
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
 2023-09-07 09:50:47 +02:00
2 changed files with 33 additions and 103 deletions
Download patch file Download diff file Expand all files Collapse all files

49
vpnc-script
View file

@ -97,7 +97,7 @@ HOOKS_DIR=/etc/vpnc
# OpenConnect v9.0+ provides VPNPID, so we don't need to determine it. # OpenConnect v9.0+ provides VPNPID, so we don't need to determine it.
if [ -z "$VPNPID" ]; then if [ -z "$VPNPID" ]; then
VPNPID=$PPID VPNPID=$PPID
PCMD=`ps -c -o cmd= -p $PPID` PCMD=`ps -c -o command= -p $PPID`
case "$PCMD" in case "$PCMD" in
*sh) VPNPID=`ps -o ppid= -p $PPID` ;; *sh) VPNPID=`ps -o ppid= -p $PPID` ;;
esac esac
@ -156,7 +156,10 @@ else
fi fi
RESOLVEDENABLED=0 RESOLVEDENABLED=0
grep '^hosts' /etc/nsswitch.conf 2>/dev/null|grep resolve >/dev/null 2>&1 # detect usage of systemd-resolved via nss-resolve...
grep '^hosts' /etc/nsswitch.conf 2>/dev/null | grep resolve >/dev/null 2>&1 || \
# or via nss-dns with /etc/resolv.conf under control of systemd-resolved
(grep '^hosts' /etc/nsswitch.conf 2>/dev/null | grep dns >/dev/null 2>&1 && readlink /etc/resolv.conf | grep -e '/run/systemd/resolve/stub-resolv.conf$' -e '/usr/lib/systemd/resolv.conf$' -e '/run/systemd/resolve/resolv.conf$' >/dev/null 2>&1)
if [ $? = 0 ];then if [ $? = 0 ];then
command resolvectl status >/dev/null 2>&1 || command systemd-resolve --status >/dev/null 2>&1 command resolvectl status >/dev/null 2>&1 || command systemd-resolve --status >/dev/null 2>&1
if [ $? = 0 ];then if [ $? = 0 ];then
@ -295,18 +298,23 @@ if [ -n "$IPROUTE" ]; then
# after dead-peer detection, but no change in the underlying network devices). # after dead-peer detection, but no change in the underlying network devices).
$IPROUTE $FAMILY route add `echo "$VPNGATEWAY $LINE" | fix_ip_get_output` 2>/dev/null $IPROUTE $FAMILY route add `echo "$VPNGATEWAY $LINE" | fix_ip_get_output` 2>/dev/null
done done
$IPROUTE $FAMILY route flush cache 2>/dev/null if [ $FAMILY != -4 ]; then
$IPROUTE $FAMILY route flush cache 2>/dev/null
fi
} }
del_vpngateway_route() { del_vpngateway_route() {
echo "$VPNGATEWAY" | grep -q : && FAMILY=-6 || FAMILY=-4
$IPROUTE route $route_syntax_del "$VPNGATEWAY" $IPROUTE route $route_syntax_del "$VPNGATEWAY"
$IPROUTE route flush cache 2>/dev/null if [ $FAMILY != -4 ]; then
$IPROUTE $FAMILY route flush cache 2>/dev/null
fi
} }
set_default_route() { set_default_route() {
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE" $IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
$IPROUTE route replace default dev "$TUNDEV" $IPROUTE route replace default dev "$TUNDEV"
$IPROUTE route flush cache 2>/dev/null
} }
set_network_route() { set_network_route() {
@ -320,7 +328,6 @@ if [ -n "$IPROUTE" ]; then
else else
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" $IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
fi fi
$IPROUTE route flush cache 2>/dev/null
} }
set_exclude_route() { set_exclude_route() {
@ -329,14 +336,10 @@ if [ -n "$IPROUTE" ]; then
NETWORK="$1" NETWORK="$1"
NETMASK="$2" NETMASK="$2"
NETMASKLEN="$3" NETMASKLEN="$3"
echo "$1" | grep -q : && FAMILY=-6 || FAMILY=-4
list_non_loopback_routes "$NETWORK/$NETMASKLEN" | list_non_loopback_routes "$NETWORK/$NETMASKLEN" |
while read LINE ; do while read LINE ; do
$IPROUTE $FAMILY route add `echo "$NETWORK/$NETMASKLEN $LINE" | fix_ip_get_output` 2>/dev/null $IPROUTE route add `echo "$NETWORK/$NETMASKLEN $LINE" | fix_ip_get_output` 2>/dev/null
done done
$IPROUTE $FAMILY route flush cache 2>/dev/null
} }
del_exclude_route() { del_exclude_route() {
@ -346,13 +349,11 @@ if [ -n "$IPROUTE" ]; then
NETMASK="$2" NETMASK="$2"
NETMASKLEN="$3" NETMASKLEN="$3"
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" $IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN"
$IPROUTE route flush cache 2>/dev/null
} }
reset_default_route() { reset_default_route() {
if [ -s "$DEFAULT_ROUTE_FILE" ]; then if [ -s "$DEFAULT_ROUTE_FILE" ]; then
$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"` $IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
$IPROUTE route flush cache 2>/dev/null
rm -f -- "$DEFAULT_ROUTE_FILE" rm -f -- "$DEFAULT_ROUTE_FILE"
fi fi
} }
@ -363,7 +364,6 @@ if [ -n "$IPROUTE" ]; then
NETMASKLEN="$3" NETMASKLEN="$3"
NETDEV="$4" NETDEV="$4"
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$NETDEV" $IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
$IPROUTE route flush cache 2>/dev/null
} }
set_ipv6_default_route() { set_ipv6_default_route() {
@ -419,7 +419,7 @@ else # use route command
# - remove lines containing IPv6 addresses (':') # - remove lines containing IPv6 addresses (':')
# - remove lines for link-local routes (https://superuser.com/a/1067742) # - remove lines for link-local routes (https://superuser.com/a/1067742)
# - remove lines containing $TUNDEV (we don't want loopback) # - remove lines containing $TUNDEV (we don't want loopback)
netstat -r -n | awk '/:/ { next; } /link#/ { next; } /[[:space:]]'"$TUNDEV"'([[:space:]]|$)/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; }' netstat -r -n | awk '/:/ { next; } /link#/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; } /[[:space:]]'"$TUNDEV"'([[:space:]]|$)/ { next; }'
} }
set_vpngateway_route() { set_vpngateway_route() {
@ -484,7 +484,7 @@ else # use route command
reset_default_route() { reset_default_route() {
if [ -s "$DEFAULT_ROUTE_FILE" ]; then if [ -s "$DEFAULT_ROUTE_FILE" ]; then
route $route_syntax_del default $route_syntax_gw "`get_default_gw`" $route_syntax_interface route $route_syntax_del default $route_syntax_gw `get_default_gw` $route_syntax_interface
route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"` route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"`
rm -f -- "$DEFAULT_ROUTE_FILE" rm -f -- "$DEFAULT_ROUTE_FILE"
fi fi
@ -723,12 +723,13 @@ restore_resolvconf_generic() {
# to list of used DNS servers # to list of used DNS servers
if [ -n "$CISCO_SPLIT_INC" ]; then if [ -n "$CISCO_SPLIT_INC" ]; then
SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'` SERVICE=`echo "show State:/Network/Global/IPv4" | scutil | grep -oE '[a-fA-F0-9]{8}-([a-fA-F0-9]{4}-){3}[a-fA-F0-9]{12}'`
SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}' | xargs` SERVICE_DNS=`echo "show State:/Network/Service/$SERVICE/DNS" | scutil | grep -oE '([0-9]{1,3}[\.]){3}[0-9]{1,3}'`
if [ X"$SERVICE_DNS" != X"$INTERNAL_IP4_DNS" ]; then FILTERED_SERVICE_DNS=`echo "$SERVICE_DNS" | grep -Fv "$(echo $INTERNAL_IP4_DNS | tr ' ' '\n')" | xargs`
if [ -n "$FILTERED_SERVICE_DNS" ]; then
scutil >/dev/null 2>&1 <<-EOF scutil >/dev/null 2>&1 <<-EOF
open open
get State:/Network/Service/$SERVICE/DNS get State:/Network/Service/$SERVICE/DNS
d.add ServerAddresses * ${SERVICE_DNS##$INTERNAL_IP4_DNS} d.add ServerAddresses * ${FILTERED_SERVICE_DNS}
set State:/Network/Service/$SERVICE/DNS set State:/Network/Service/$SERVICE/DNS
close close
EOF EOF
@ -791,6 +792,7 @@ modify_resolvconf_openwrt() {
restore_resolvconf_openwrt() { restore_resolvconf_openwrt() {
remove_dns $OPENWRT_INTERFACE remove_dns $OPENWRT_INTERFACE
} }
# === resolv.conf handling via /sbin/resolvconf (Debian, Ubuntu, Gentoo)) ========= # === resolv.conf handling via /sbin/resolvconf (Debian, Ubuntu, Gentoo)) =========
modify_resolvconf_manager() { modify_resolvconf_manager() {
@ -810,6 +812,8 @@ restore_resolvconf_manager() {
/sbin/resolvconf -d $TUNDEV /sbin/resolvconf -d $TUNDEV
} }
# === resolv.conf handling via systemd-resolved =========
AF_INET=2 AF_INET=2
get_if_index() { get_if_index() {
@ -903,6 +907,11 @@ modify_resolvconf_unbound() {
/usr/sbin/unbound-control forward_add +i ${CISCO_DEF_DOMAIN} ${INTERNAL_IP4_DNS} /usr/sbin/unbound-control forward_add +i ${CISCO_DEF_DOMAIN} ${INTERNAL_IP4_DNS}
/usr/sbin/unbound-control flush_requestlist /usr/sbin/unbound-control flush_requestlist
/usr/sbin/unbound-control flush_zone ${CISCO_DEF_DOMAIN} /usr/sbin/unbound-control flush_zone ${CISCO_DEF_DOMAIN}
# flush infra cache
for i in $INTERNAL_IP4_DNS ; do
/usr/sbin/unbound-control flush_infra "$i"
done
fi fi
} }
@ -914,7 +923,7 @@ restore_resolvconf_unbound() {
fi fi
} }
# === resolv.conf handling via resolvd ========= # === resolv.conf handling via resolvd (OpenBSD) =========
modify_resolvconf_resolvd() { modify_resolvconf_resolvd() {
/sbin/route nameserver $TUNDEV $INTERNAL_IP4_DNS $INTERNAL_IP6_DNS /sbin/route nameserver $TUNDEV $INTERNAL_IP4_DNS $INTERNAL_IP6_DNS

87
vpnc-script.spec
View file

@ -1,9 +1,9 @@
%global git_date 20220509 %global git_date 20230907
%global git_commit_hash e52f8e66 %global git_commit_hash 5b9e7e4c
Name: vpnc-script Name: vpnc-script
Version: %{git_date} Version: %{git_date}
Release: 4.git%{git_commit_hash}%{?dist} Release: %autorelease -e git%{git_commit_hash}
Summary: Routing setup script for vpnc and openconnect Summary: Routing setup script for vpnc and openconnect
BuildArch: noarch BuildArch: noarch
@ -34,83 +34,4 @@ install -m 0755 vpnc-script \
%{_sysconfdir}/vpnc/vpnc-script %{_sysconfdir}/vpnc/vpnc-script
%changelog %changelog
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 20220509-4.gite52f8e66 %autochangelog
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 20220509-3.gite52f8e66
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 20220509-2.gite52f8e66
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jul 06 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 20220509-1.gite52f8e66
- Updated to latest upstream version
* Mon Apr 04 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 20220404-1.git40a8c62c
- Updated to latest upstream version
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 20201205-4.gitcdbd5b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20201205-3.gitcdbd5b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 20201205-2.gitcdbd5b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Dec 05 2020 Nikos Mavrogiannopoulos <nmav@redhat.com>
- Updated to latest upstream vpnc-script
* Tue Sep 29 2020 Nikos Mavrogiannopoulos <nmav@redhat.com>
- Updated to latest upstream vpnc-script
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-8.git6f87b0f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-7.git6f87b0f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-6.git6f87b0f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-5.git6f87b0f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Dec 01 2018 James Hennessy <jphxxxx@gmail.com>
- Fixed issue where vpnc-script is using resolvconf on systems where "resolve" isn't enabled in /etc/nsswitch.
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-3.git6f87b0f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 20171004-2.git6f87b0f
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Oct 5 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20171004-1.git6f87b0f
- Fixed issue with systemd-resolved (#1497750)
* Mon Aug 21 2017 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20170821-1.git6f87b0f
- new upstream release
- removed dependency on net-tools and added on iproute (#1481164)
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20140805-6.gitdf5808b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 20140805-5.gitdf5808b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 20140805-4.gitdf5808b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 20140805-3.gitdf5808b
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Thu Nov 20 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140805-2.gitdf5808b
- Added dependency on which (#1068899)
- Added dependency on net-tools (#1007363)
* Wed Oct 01 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140805-1.gitdf5808b
- new upstream release (includes unbound patch)
* Tue Aug 05 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 20140705-1.git6201ebd
- new package