Chakra_Linux/core
1
0
Fork 0
mirror of https://gitdl.cn/https://github.com/chakralinux/core.git synced 2025-02-03 12:57:14 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

gpg: update + rebuild/update pkgs depending on it

Browse Source 
crda: update to 3.13
gnutls: update to 3.3.11
cryptsetup: update to 1.6.6
libgcrypt: update to 1.6.2
libgpg-error: update to 1.17
libxslt: rebuild
systemd: rebuild
vpnc: fixed + rebuilt
This commit is contained in:
Samir Benmendil 2014-12-12 06:03:50 +00:00
parent eb8ca286eb
commit e4a26edd15
17 changed files with 1083 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
crda/0001-Makefile-Don-t-run-ldconfig.patch Normal file
View File

@ -0,0 +1,24 @@
From 15bc8065e9dc5485c650c528f8d80f7536e378d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20B=C3=A4chler?= <thomas@archlinux.org>
Date: Fri, 21 Feb 2014 20:30:24 +0100
Subject: [PATCH] Makefile: Don't run ldconfig
---
Makefile | 1 -
1 file changed, 1 deletion(-)
diff --git a/Makefile b/Makefile
index 80f4946..c003195 100644
--- a/Makefile
+++ b/Makefile
@@ -130,7 +130,6 @@ install-libreg:
$(NQ) ' INSTALL libreg'
$(Q)mkdir -p $(DESTDIR)/$(LIBDIR)
$(Q)cp $(LIBREG) $(DESTDIR)/$(LIBDIR)/
- $(Q)ldconfig
%.o: %.c regdb.h $(LIBREG)
$(NQ) ' CC ' $@
--
1.9.0

55
crda/0001-Makefile-Link-libreg.so-against-the-crypto-library.patch Normal file
View File

@ -0,0 +1,55 @@
From e2e519730c33de4503ac5dda28863d029e3cf578 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20B=C3=A4chler?= <thomas@archlinux.org>
Date: Fri, 21 Feb 2014 20:15:32 +0100
Subject: [PATCH] Makefile: Link libreg.so against the crypto library.
---
Makefile | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/Makefile b/Makefile
index 1f25509..80f4946 100644
--- a/Makefile
+++ b/Makefile
@@ -33,6 +33,7 @@ LDLIBS += $(LDLIBREG)
LDLIBS += -lm
LIBREG += libreg.so
LDFLAGS += -L ./
+LIBREG_LDFLAGS += -lm
all: all_noverify verify
@@ -40,17 +41,19 @@ all_noverify: $(LIBREG) crda intersect regdbdump db2rd optimize
ifeq ($(USE_OPENSSL),1)
CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl`
-LDLIBS += `pkg-config --libs openssl`
+LDCRYPTOLIB := `pkg-config --libs openssl`
$(LIBREG): keys-ssl.c
else
CFLAGS += -DUSE_GCRYPT
-LDLIBS += -lgcrypt
+LDCRYPTOLIB := -lgcrypt
$(LIBREG): keys-gcrypt.c
endif
+LDLIBS += $(LDCRYPTOLIB)
+LIBREG_LDFLAGS += $(LDCRYPTOLIB)
MKDIR ?= mkdir -p
INSTALL ?= install
@@ -116,7 +119,7 @@ keys-%.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem)
$(LIBREG): regdb.h reglib.h reglib.c
$(NQ) ' CC ' $@
- $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ -shared -Wl,-soname,$(LIBREG) $^
+ $(Q)$(CC) $(CFLAGS) $(CPPFLAGS) -o $@ -shared -Wl,-soname,$(LIBREG) $^ $(LIBREG_LDFLAGS)
install-libreg-headers:
$(NQ) ' INSTALL libreg-headers'
--
1.9.0

52
crda/0001-crda-Fix-the-linking-order-to-avoid-compilation-erro.patch Normal file
View File

@ -0,0 +1,52 @@
From fefefdb2c52c8fbedbb339b4badb8226cad7e7e0 Mon Sep 17 00:00:00 2001
From: Krishna Chaitanya <chaitanya.mgit@gmail.com>
Date: Mon, 16 Dec 2013 21:57:39 +0530
Subject: [PATCH] crda: Fix the linking order to avoid compilation error
While linking the crda.o and libreg.so, first put crda.o
and then -lreg. This fixed the below error:
GEN keys-gcrypt.c
Trusted pubkeys: pubkeys/linville.key.pub.pem
CC libreg.so
CC crda.o
LD crda
crda.o: In function `main':
crda/crda.c:196: undefined reference to `reglib_get_rd_alpha2'
collect2: ld returned 1 exit status
make: *** [crda] Error 1
Note: This still doesn't fix the below error (will send another mail)
CHK /usr/lib/crda/regulatory.bin
Database signature verification failed.
Invalid or empty regulatory file, note: a binary regulatory file should be used.
make: *** [verify] Error 234
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
Signed-off-by: Chaitanya T K <chaitanya.mgit@gmail.com>
---
Makefile | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index 4a351c6..0b2f0d7 100644
--- a/Makefile
+++ b/Makefile
@@ -28,10 +28,11 @@ RUNTIME_PUBKEY_DIR?=/etc/wireless-regdb/pubkeys
CFLAGS += -O2 -fpic
CFLAGS += -std=gnu99 -Wall -Werror -pedantic
CFLAGS += -Wall -g
-LDLIBS += -lm
LDLIBREG += -lreg
+LDLIBS += $(LDLIBREG)
+LDLIBS += -lm
LIBREG += libreg.so
-LDFLAGS += -L ./ $(LDLIBREG)
+LDFLAGS += -L ./
all: all_noverify verify
--
1.9.0

37
crda/0002-crda-Add-DESTDIR-support-in-install-libreg-rules-in-.patch Normal file
View File

@ -0,0 +1,37 @@
From 2cabb2588da56735369131b709f191453c080be0 Mon Sep 17 00:00:00 2001
From: "John W. Linville" <linville@tuxdriver.com>
Date: Fri, 14 Feb 2014 13:58:44 -0500
Subject: [PATCH 2/2] crda: Add DESTDIR support in install-libreg* rules in
Makefile
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Luis R. Rodriguez <mcgrof@do-not-panic.com>
---
Makefile | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/Makefile b/Makefile
index 0b2f0d7..1f25509 100644
--- a/Makefile
+++ b/Makefile
@@ -120,13 +120,13 @@ $(LIBREG): regdb.h reglib.h reglib.c
install-libreg-headers:
$(NQ) ' INSTALL libreg-headers'
- $(Q)mkdir -p $(INCLUDE_DIR)
- $(Q)cp *.h $(INCLUDE_DIR)/
+ $(Q)mkdir -p $(DESTDIR)/$(INCLUDE_DIR)
+ $(Q)cp *.h $(DESTDIR)/$(INCLUDE_DIR)/
install-libreg:
$(NQ) ' INSTALL libreg'
- $(Q)mkdir -p $(LIBDIR)
- $(Q)cp $(LIBREG) $(LIBDIR)/
+ $(Q)mkdir -p $(DESTDIR)/$(LIBDIR)
+ $(Q)cp $(LIBREG) $(DESTDIR)/$(LIBDIR)/
$(Q)ldconfig
%.o: %.c regdb.h $(LIBREG)
--
1.9.0

49
crda/PKGBUILD
View File

@ -1,40 +1,53 @@
#
# Core Packages for Chakra, part of chakra-project.org
#
# maintainer abveritas@chakra-project.org
# Maintainer: Samir Benmendil <ram-z[at]chakraos[dot]org>
# Contributor: Thomas Bächler <thomas@archlinux.org>
pkgname=crda
pkgver=1.1.3
pkgver=3.13
pkgrel=1
pkgdesc="Central Regulatory Domain Agent"
arch=('x86_64')
pkgdesc="Central Regulatory Domain Agent for wireless networks"
arch=(i686 x86_64)
url="http://wireless.kernel.org/en/developers/Regulatory/CRDA"
license=('custom')
depends=('wireless-regdb' 'libnl' 'libgcrypt' 'systemd' 'iw')
makedepends=('python-m2crypto')
makedepends=('python2-m2crypto')
install=crda.install
source=("http://wireless.kernel.org/download/crda/${pkgname}-${pkgver}.tar.bz2"
'set-wireless-regdom')
md5sums=('29579185e06a75675507527243d28e5c'
'65c93f2ff2eb1b29d9e9fa102ae2dd45')
source=(https://kernel.org/pub/software/network/crda/${pkgname}-${pkgver}.tar.xz
set-wireless-regdom
0001-crda-Fix-the-linking-order-to-avoid-compilation-erro.patch
0002-crda-Add-DESTDIR-support-in-install-libreg-rules-in-.patch
0001-Makefile-Link-libreg.so-against-the-crypto-library.patch
0001-Makefile-Don-t-run-ldconfig.patch)
sha256sums=('2f85da7ab0170b140d6ed62596c8f268d4a7dedecf84cac7182ada979742ff59'
'603ce97da5cce3f5337e99007ce04e2f295bb33a36b308794884011f7bcabaf3'
'8920b5988eb1befe13f88ce5c0dbbf30c294796d613681a2b0925f6f8534c51b'
'ced0a372b06ffd64f90be77d7267c9d8cc10413bc017c3154b7208dbf69be3cb'
'96b2068b27202f8bc78009869520e396cb3f3ac7a826efef06d0fc41047f2520'
'ff52990cf9295e5cebcf07ebbf2a96e225d97088573edcc898b29ce33a0fb663')
build() {
msg "Compiling crda ..."
prepare() {
cd "${srcdir}"/${pkgname}-${pkgver}
sed 's|^#!/usr/bin/env python|#!/usr/bin/python2|' -i utils/key2pub.py
make crda regdbdump
patch -p1 -i "${srcdir}"/0001-crda-Fix-the-linking-order-to-avoid-compilation-erro.patch
patch -p1 -i "${srcdir}"/0002-crda-Add-DESTDIR-support-in-install-libreg-rules-in-.patch
patch -p1 -i "${srcdir}"/0001-Makefile-Link-libreg.so-against-the-crypto-library.patch
patch -p1 -i "${srcdir}"/0001-Makefile-Don-t-run-ldconfig.patch
}
build() {
cd "${srcdir}"/${pkgname}-${pkgver}
make
}
package() {
# Install crda, regdbdump and udev rules
cd "${srcdir}"/${pkgname}-${pkgver}
make DESTDIR="${pkgdir}" UDEV_RULE_DIR=/usr/lib/udev/rules.d/ SBINDIR=/usr/bin/ install
# Adjust paths in udev rule file
sed 's|/sbin/crda|/usr/bin/crda|' -i "${pkgdir}"/usr/lib/udev/rules.d/85-regulatory.rules
# This rule automatically sets the regulatory domain when cfg80211 is loaded
echo 'ACTION=="add" SUBSYSTEM=="module", DEVPATH=="/module/cfg80211", RUN+="/usr/bin/set-wireless-regdom"' >> "${pkgdir}"/usr/lib/udev/rules.d/85-regulatory.rules
install -D -m644 "${srcdir}"/${pkgname}-${pkgver}/LICENSE "${pkgdir}"/usr/share/licenses/crda/LICENSE
install -D -m755 "${srcdir}"/set-wireless-regdom "${pkgdir}"/usr/bin/set-wireless-regdom
}

3
crda/crda.install
View File

@ -1,6 +1,5 @@
## arg 1: the new package version
post_install() {
echo "Uncomment the right regulatory domain in /etc/conf.d/wireless-regdom."
echo "It will automatically be set when necessary."
echo "It will automatically be set on boot."
}

24
cryptsetup/PKGBUILD
View File

@ -1,10 +1,9 @@
#
# Core Packages for Chakra, part of chakra-project.org
#
# maintainer abveritas@chakra-project.org
pkgname=cryptsetup
pkgver=1.6.2
pkgver=1.6.6
pkgrel=1
pkgdesc="Userspace setup tool for transparent encryption of block devices using the Linux 2.6 cryptoapi"
arch=('i686' 'x86_64')
@ -12,20 +11,22 @@ license=('GPL')
url="http://code.google.com/p/cryptsetup/"
groups=('base')
depends=('device-mapper' 'libgcrypt' 'popt' 'util-linux')
conflicts=('mkinitcpio<0.5.99')
options=('!libtool' '!emptydirs')
source=(http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2
http://cryptsetup.googlecode.com/files/${pkgname}-${pkgver}.tar.bz2.asc
options=('!emptydirs')
source=(https://www.kernel.org/pub/linux/utils/cryptsetup/v1.6/${pkgname}-${pkgver}.tar.xz
encrypt_hook
encrypt_install)
sha256sums=('15723f0198303d4bcb99d480b7a773918e2d319f0348457988c063bdd03e109a'
'SKIP'
encrypt_install
sd_encrypt)
sha256sums=('2d2ce28e4e1137dd599d87884b62ef6dbf14fd7848b2a2bf7d61cf125fbd8e6f'
'4406f8dc83f4f1b408e49d557515f721d91b358355c71fbe51f74ab27e5c84ff'
'00c2da113d23d05fc13c4929e38a25111ba23a49da86e835d9fb55d45c7aaee2')
'00c2da113d23d05fc13c4929e38a25111ba23a49da86e835d9fb55d45c7aaee2'
'd442304e6a78b3513ebc53be3fe2f1276a7df470c8da701b3ece971d59979bdd')
build() {
cd "${srcdir}"/$pkgname-${pkgver}
./configure --prefix=/usr --disable-static --enable-cryptsetup-reencrypt
./configure \
--prefix=/usr \
--disable-static \
--enable-cryptsetup-reencrypt
make
}
@ -35,4 +36,5 @@ package() {
# install hook
install -D -m644 "${srcdir}"/encrypt_hook "${pkgdir}"/usr/lib/initcpio/hooks/encrypt
install -D -m644 "${srcdir}"/encrypt_install "${pkgdir}"/usr/lib/initcpio/install/encrypt
install -D -m644 "${srcdir}"/sd_encrypt "${pkgdir}"/usr/lib/initcpio/install/sd-encrypt
}

42
cryptsetup/sd_encrypt Normal file
View File

@ -0,0 +1,42 @@
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_binary "dmsetup"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_systemd_unit cryptsetup.target
add_binary /usr/lib/systemd/system-generators/systemd-cryptsetup-generator
add_binary /usr/lib/systemd/systemd-cryptsetup
add_systemd_unit systemd-ask-password-console.path
add_systemd_unit systemd-ask-password-console.service
[[ -f /etc/crypttab.initramfs ]] && add_file /etc/crypttab.initramfs /etc/crypttab
}
help() {
cat <<HELPEOF
This hook allows for an encrypted root device with systemd initramfs.
See the manpage of systemd-cryptsetup-generator(8) for available kernel
command line options. Alternatively, if the file /etc/crypttab.initramfs
exists, it will be added to the initramfs as /etc/crypttab. See the
crypttab(5) manpage for more information on crypttab syntax.
HELPEOF
}
# vim: set ft=sh ts=4 sw=4 et:

7
gnutls/PKGBUILD
View File

@ -1,16 +1,16 @@
# Maintainer: almack[at]chakraos[dot]org>
pkgname=gnutls
pkgver=3.3.10
pkgver=3.3.11
pkgrel=1
pkgdesc="A library which provides a secure layer over a reliable transport layer"
arch=('x86_64')
license=('GPL3' 'LGPL2.1')
url="http://www.gnu.org/software/gnutls/"
install=gnutls.install
depends=('gcc-libs' 'libtasn1' 'readline' 'zlib' 'libgcrypt' 'texinfo' 'nettle')
depends=('gcc-libs' 'libidn' 'libtasn1' 'readline' 'zlib' 'nettle' 'p11-kit')
source=(ftp://ftp.gnutls.org/gcrypt/gnutls/v3.3/${pkgname}-${pkgver}.tar.xz{,.sig})
md5sums=('c0a72b2c0553fe1c4992e30835808012'
md5sums=('b657e3010c10cae2244e7ce79ee3d446'
'SKIP')
build() {
@ -19,7 +19,6 @@ build() {
./configure --prefix=/usr \
--with-zlib \
--disable-guile \
--disable-valgrind-tests \
--disable-static
make
}

13
libgcrypt/PKGBUILD
View File

@ -4,7 +4,7 @@
# maintainer almack@chakraos.org
pkgname=libgcrypt
pkgver=1.6.1
pkgver=1.6.2
pkgrel=1
pkgdesc="a general purpose crypto library based on the code used"
arch=('x86_64')
@ -12,15 +12,22 @@ url="http://www.gnupg.org"
license=('LGPL')
depends=('libgpg-error')
source=("ftp://ftp.gnupg.org/gcrypt/${pkgname}/${pkgname}-${pkgver}.tar.bz2")
sha1sums=('f03d9b63ac3b17a6972fc11150d136925b702f02')
sha1sums=('cc31aca87e4a3769cb86884a3f5982b2cc8eb7ec')
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
./configure --prefix=/usr --disable-padlock-support --disable-static
./configure --prefix=/usr \
--disable-static \
--disable-padlock-support
make
}
check() {
cd "${srcdir}/${pkgname}-${pkgver}"
make check
}
package() {
cd "${srcdir}/${pkgname}-${pkgver}"

10
libgpg-error/PKGBUILD
View File

@ -4,7 +4,7 @@
# maintainer abveritas@chakra-project.org
pkgname=libgpg-error
pkgver=1.12
pkgver=1.17
pkgrel=1
pkgdesc="Support library for libgcrypt"
arch=(i686 x86_64)
@ -13,7 +13,8 @@ license=('LGPL')
depends=('glibc' 'sh')
options=(!libtool)
source=("ftp://ftp.gnupg.org/gcrypt/libgpg-error/${pkgname}-${pkgver}.tar.bz2")
sha1sums=('259f359cd1440b21840c3a78e852afd549c709b8')
install=libgpg-error.install
sha1sums=('ba5858b2947e7272dd197c87bac9f32caf29b256')
build() {
cd "${srcdir}"/${pkgname}-${pkgver}
@ -22,6 +23,11 @@ build() {
make
}
check() {
cd "${srcdir}"/${pkgname}-${pkgver}
make check
}
package() {
cd "${srcdir}"/${pkgname}-${pkgver}

20
libgpg-error/libgpg-error.install Normal file
View File

@ -0,0 +1,20 @@
infodir=usr/share/info
filelist=(gpgrt.info)
post_install() {
[[ -x usr/bin/install-info ]] || return 0
for file in "${filelist[@]}"; do
install-info "$infodir/$file.gz" "$infodir/dir" 2> /dev/null
done
}
post_upgrade() {
post_install "$1"
}
pre_remove() {
[[ -x usr/bin/install-info ]] || return 0
for file in "${filelist[@]}"; do
install-info --delete "$infodir/$file.gz" "$infodir/dir" 2> /dev/null
done
}

2
libxslt/PKGBUILD
View File

@ -2,7 +2,7 @@
pkgname=libxslt
pkgver=1.1.28
pkgrel=2
pkgrel=3
pkgdesc="XML stylesheet transformation library"
arch=('x86_64')
url="http://xmlsoft.org/XSLT/"

2
systemd/PKGBUILD
View File

@ -1,7 +1,7 @@
# maintainer: Fabian Kosmale <inkane@chakra-project.org>
pkgname=systemd
pkgver=218
pkgrel=1
pkgrel=2
_fedora_patch=ea19761321f4e7f5e2cbdd66fe38388c93790c20
pkgdesc="A system and service manager for Linux"
arch=('x86_64')

40
vpnc/PKGBUILD
View File

@ -6,42 +6,28 @@
pkgname=vpnc
pkgver=0.5.3.1
_svnver=.svn527
_svnver=527
_git=d2c5a77f3f0ea6ad80fc59158127d63ede81a6cb
pkgrel=2
pkgdesc="VPN client for cisco3000 VPN Concentrators"
url="http://www.unix-ag.uni-kl.de/~massar/vpnc/"
license=('GPL')
depends=('libgcrypt' 'openssl' 'iproute2')
optdepends=('openresolv: Let vpnc manage resolv.conf')
makedepends=('subversion')
arch=('x86_64')
source=("vpnc-.svn527.tar.xz" # need to urn mktarball first
source=("$pkgname::svn+http://svn.unix-ag.uni-kl.de/vpnc/trunk/#revision=$_svnver"
"http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/$_git:/vpnc-script"
'vpnc.conf')
md5sums=('7d3ed0f51d6f18d78d3b96fbf1ac62e8'
'vpnc.conf'
'vpnc@.service')
md5sums=('SKIP'
'70198474faf36a84beaa11136f6c4d9c'
'a3f4e0cc682f437e310a1c86ae198e45')
'a3f4e0cc682f437e310a1c86ae198e45'
'09cfded435c43dd2adb5a8863bd74cfc')
backup=(etc/vpnc/default.conf)
mktarball() {
# before building run
# source PKGBUILD && mktarball
[[ -d tarball ]] || mkdir tarball
pushd tarball
svn co http://svn.unix-ag.uni-kl.de/vpnc/trunk
_svnrev=$(cd trunk >/dev/null; svn info | awk '/^Revision:/ { print $2 }')
find trunk/ -type d -name .svn -exec rm -rf {} +
mv trunk "$pkgname-$_vpncver.svn$_svnrev"
tar cJf "../$pkgname-$_vpncver.svn$_svnrev.tar.xz" "$pkgname-$_vpncver.svn$_svnrev/"
popd
rm -rf tarball
}
build() {
cd $srcdir/$pkgname-$_svnver
cd $pkgname
# Build hybrid support
sed -i 's|^#OPENSSL|OPENSSL|g' Makefile
@ -53,10 +39,12 @@ build() {
}
package() {
cd "$pkgname-$_svnver"
cd $pkgname
make DESTDIR="$pkgdir" PREFIX=/usr install
install -Dm644 "$srcdir"/vpnc.conf "$pkgdir"/etc/vpnc/default.conf
install -Dm755 "$srcdir"/vpnc-script "$pkgdir"/etc/vpnc/vpnc-script
install -Dm644 "$srcdir"/vpnc@.service "$pkgdir"/usr/lib/systemd/system/vpnc@.service
}

759
vpnc/vpnc-script Normal file
View File

@ -0,0 +1,759 @@
#!/bin/sh
#
# Originally part of vpnc source code:
# © 2005-2012 Maurice Massar, Jörg Mayer, Antonio Borneo et al.
# © 2009-2012 David Woodhouse <dwmw2@infradead.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
################
#
# List of parameters passed through environment
#* reason -- why this script was called, one of: pre-init connect disconnect reconnect
#* VPNGATEWAY -- vpn gateway address (always present)
#* TUNDEV -- tunnel device (always present)
#* INTERNAL_IP4_ADDRESS -- address (always present)
#* INTERNAL_IP4_MTU -- mtu (often unset)
#* INTERNAL_IP4_NETMASK -- netmask (often unset)
#* INTERNAL_IP4_NETMASKLEN -- netmask length (often unset)
#* INTERNAL_IP4_NETADDR -- address of network (only present if netmask is set)
#* INTERNAL_IP4_DNS -- list of dns servers
#* INTERNAL_IP4_NBNS -- list of wins servers
#* INTERNAL_IP6_ADDRESS -- IPv6 address
#* INTERNAL_IP6_NETMASK -- IPv6 netmask
#* INTERNAL_IP6_DNS -- IPv6 list of dns servers
#* CISCO_DEF_DOMAIN -- default domain name
#* CISCO_BANNER -- banner from server
#* CISCO_SPLIT_INC -- number of networks in split-network-list
#* CISCO_SPLIT_INC_%d_ADDR -- network address
#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
#* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24)
#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0)
#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0)
#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0)
#* CISCO_IPV6_SPLIT_INC -- number of networks in IPv6 split-network-list
#* CISCO_IPV6_SPLIT_INC_%d_ADDR -- IPv6 network address
#* CISCO_IPV6_SPLIT_INC_$%d_MASKLEN -- IPv6 subnet masklen
# FIXMEs:
# Section A: route handling
# 1) The 3 values CISCO_SPLIT_INC_%d_PROTOCOL/SPORT/DPORT are currently being ignored
# In order to use them, we'll probably need os specific solutions
# * Linux: iptables -t mangle -I PREROUTING <conditions> -j ROUTE --oif $TUNDEV
# This would be an *alternative* to changing the routes (and thus 2) and 3)
# shouldn't be relevant at all)
# 2) There are two different functions to set routes: generic routes and the
# default route. Why isn't the defaultroute handled via the generic route case?
# 3) In the split tunnel case, all routes but the default route might get replaced
# without getting restored later. We should explicitely check and save them just
# like the defaultroute
# 4) Replies to a dhcp-server should never be sent into the tunnel
# Section B: Split DNS handling
# 1) Maybe dnsmasq can do something like that
# 2) Parse dns packets going out via tunnel and redirect them to original dns-server
#env | sort
#set -x
# =========== script (variable) setup ====================================
PATH=/sbin:/usr/sbin:$PATH
OS="`uname -s`"
HOOKS_DIR=/etc/vpnc
DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
SCRIPTNAME=`basename $0`
# some systems, eg. Darwin & FreeBSD, prune /var/run on boot
if [ ! -d "/var/run/vpnc" ]; then
mkdir -p /var/run/vpnc
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc
fi
# stupid SunOS: no blubber in /usr/local/bin ... (on stdout)
IPROUTE="`which ip 2> /dev/null | grep '^/'`"
if ifconfig --help 2>&1 | grep BusyBox > /dev/null; then
ifconfig_syntax_inet=""
else
ifconfig_syntax_inet="inet"
fi
if [ "$OS" = "Linux" ]; then
ifconfig_syntax_ptp="pointopoint"
route_syntax_gw="gw"
route_syntax_del="del"
route_syntax_netmask="netmask"
else
ifconfig_syntax_ptp=""
route_syntax_gw=""
route_syntax_del="delete"
route_syntax_netmask="-netmask"
fi
if [ "$OS" = "SunOS" ]; then
route_syntax_interface="-interface"
ifconfig_syntax_ptpv6="$INTERNAL_IP6_ADDRESS"
else
route_syntax_interface=""
ifconfig_syntax_ptpv6=""
fi
if [ -r /etc/openwrt_release ] && [ -n "$OPENWRT_INTERFACE" ]; then
. /etc/functions.sh
include /lib/network
MODIFYRESOLVCONF=modify_resolvconf_openwrt
RESTORERESOLVCONF=restore_resolvconf_openwrt
elif [ -x /sbin/resolvconf ] && [ "$OS" != "FreeBSD" ]; then # Optional tool on Debian, Ubuntu, Gentoo - but not FreeBSD, it seems to work different
MODIFYRESOLVCONF=modify_resolvconf_manager
RESTORERESOLVCONF=restore_resolvconf_manager
elif [ -x /sbin/netconfig ]; then # tool on Suse after 11.1
MODIFYRESOLVCONF=modify_resolvconf_suse_netconfig
RESTORERESOLVCONF=restore_resolvconf_suse_netconfig
elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1
MODIFYRESOLVCONF=modify_resolvconf_suse
RESTORERESOLVCONF=restore_resolvconf_suse
else # Generic for any OS
MODIFYRESOLVCONF=modify_resolvconf_generic
RESTORERESOLVCONF=restore_resolvconf_generic
fi
# =========== script hooks =================================================
run_hooks() {
HOOK="$1"
if [ -d ${HOOKS_DIR}/${HOOK}.d ]; then
for script in ${HOOKS_DIR}/${HOOK}.d/* ; do
[ -f $script ] && . $script
done
fi
}
# =========== tunnel interface handling ====================================
do_ifconfig() {
if [ -n "$INTERNAL_IP4_MTU" ]; then
MTU=$INTERNAL_IP4_MTU
elif [ -n "$IPROUTE" ]; then
MTUDEV=`$IPROUTE route get "$VPNGATEWAY" | sed -ne 's/^.*dev \([a-z0-9]*\).*$/\1/p'`
MTU=`$IPROUTE link show "$MTUDEV" | sed -ne 's/^.*mtu \([[:digit:]]\+\).*$/\1/p'`
if [ -n "$MTU" ]; then
MTU=`expr $MTU - 88`
fi
fi
if [ -z "$MTU" ]; then
MTU=1412
fi
# Point to point interface require a netmask of 255.255.255.255 on some systems
if [ -n "$IPROUTE" ]; then
$IPROUTE link set dev "$TUNDEV" up mtu "$MTU"
$IPROUTE addr add "$INTERNAL_IP4_ADDRESS/32" peer "$INTERNAL_IP4_ADDRESS" dev "$TUNDEV"
else
ifconfig "$TUNDEV" ${ifconfig_syntax_inet} "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu ${MTU} up
fi
if [ -n "$INTERNAL_IP4_NETMASK" ]; then
set_network_route $INTERNAL_IP4_NETADDR $INTERNAL_IP4_NETMASK $INTERNAL_IP4_NETMASKLEN
fi
# If the netmask is provided, it contains the address _and_ netmask
if [ -n "$INTERNAL_IP6_ADDRESS" ] && [ -z "$INTERNAL_IP6_NETMASK" ]; then
INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128"
fi
if [ -n "$INTERNAL_IP6_NETMASK" ]; then
if [ -n "$IPROUTE" ]; then
$IPROUTE -6 addr add $INTERNAL_IP6_NETMASK dev $TUNDEV
else
# Unlike for Legacy IP, we don't specify the dest_address
# here on *BSD. OpenBSD for one will refuse to accept
# incoming packets to that address if we do.
# OpenVPN does the same (gives dest_address for Legacy IP
# but not for IPv6).
# Only Solaris needs it; hence $ifconfig_syntax_ptpv6
ifconfig "$TUNDEV" inet6 $INTERNAL_IP6_NETMASK $ifconfig_syntax_ptpv6 mtu $MTU up
fi
fi
}
destroy_tun_device() {
case "$OS" in
NetBSD|OpenBSD) # and probably others...
ifconfig "$TUNDEV" destroy
;;
FreeBSD)
ifconfig "$TUNDEV" destroy > /dev/null 2>&1 &
;;
esac
}
# =========== route handling ====================================
if [ -n "$IPROUTE" ]; then
fix_ip_get_output () {
sed -e 's/ /\n/g' | \
sed -ne '1p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}'
}
set_vpngateway_route() {
$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
$IPROUTE route flush cache
}
del_vpngateway_route() {
$IPROUTE route $route_syntax_del "$VPNGATEWAY"
$IPROUTE route flush cache
}
set_default_route() {
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
$IPROUTE route replace default dev "$TUNDEV"
$IPROUTE route flush cache
}
set_network_route() {
NETWORK="$1"
NETMASK="$2"
NETMASKLEN="$3"
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
$IPROUTE route flush cache
}
reset_default_route() {
if [ -s "$DEFAULT_ROUTE_FILE" ]; then
$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
$IPROUTE route flush cache
rm -f -- "$DEFAULT_ROUTE_FILE"
fi
}
del_network_route() {
NETWORK="$1"
NETMASK="$2"
NETMASKLEN="$3"
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
$IPROUTE route flush cache
}
set_ipv6_default_route() {
# We don't save/restore IPv6 default route; just add a higher-priority one.
$IPROUTE -6 route add default dev "$TUNDEV" metric 1
$IPROUTE -6 route flush cache
}
set_ipv6_network_route() {
NETWORK="$1"
NETMASKLEN="$2"
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
$IPROUTE route flush cache
}
reset_ipv6_default_route() {
$IPROUTE -6 route del default dev "$TUNDEV"
$IPROUTE route flush cache
}
del_ipv6_network_route() {
NETWORK="$1"
NETMASKLEN="$2"
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
$IPROUTE -6 route flush cache
}
else # use route command
get_default_gw() {
# isn't -n supposed to give --numeric output?
# apperently not...
# Get rid of lines containing IPv6 addresses (':')
netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
}
set_vpngateway_route() {
route add -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw`"
}
del_vpngateway_route() {
route $route_syntax_del -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw`"
}
set_default_route() {
DEFAULTGW="`get_default_gw`"
echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE"
route $route_syntax_del default $route_syntax_gw "$DEFAULTGW"
route add default $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface
}
set_network_route() {
NETWORK="$1"
NETMASK="$2"
NETMASKLEN="$3"
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface
}
reset_default_route() {
if [ -s "$DEFAULT_ROUTE_FILE" ]; then
route $route_syntax_del default $route_syntax_gw "`get_default_gw`" $route_syntax_interface
route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"`
rm -f -- "$DEFAULT_ROUTE_FILE"
fi
}
del_network_route() {
case "$OS" in
Linux|NetBSD|OpenBSD|Darwin|SunOS) # and probably others...
# routes are deleted automatically on device shutdown
return
;;
esac
NETWORK="$1"
NETMASK="$2"
NETMASKLEN="$3"
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
}
set_ipv6_default_route() {
route add -inet6 default "$INTERNAL_IP6_ADDRESS" $route_syntax_interface
}
set_ipv6_network_route() {
NETWORK="$1"
NETMASK="$2"
route add -inet6 -net "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS" $route_syntax_interface
:
}
reset_ipv6_default_route() {
route $route_syntax_del -inet6 default "$INTERNAL_IP6_ADDRESS"
:
}
del_ipv6_network_route() {
NETWORK="$1"
NETMASK="$2"
route $route_syntax_del -inet6 "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS"
:
}
fi
# =========== resolv.conf handling ====================================
# =========== resolv.conf handling for any OS =========================
modify_resolvconf_generic() {
grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 || cp -- /etc/resolv.conf "$RESOLV_CONF_BACKUP"
NEW_RESOLVCONF="#@VPNC_GENERATED@ -- this file is generated by vpnc
# and will be overwritten by vpnc
# as long as the above mark is intact"
# Remember the original value of CISCO_DEF_DOMAIN we need it later
CISCO_DEF_DOMAIN_ORIG="$CISCO_DEF_DOMAIN"
# Don't step on INTERNAL_IP4_DNS value, use a temporary variable
INTERNAL_IP4_DNS_TEMP="$INTERNAL_IP4_DNS"
exec 6< "$RESOLV_CONF_BACKUP"
while read LINE <&6 ; do
case "$LINE" in
nameserver*)
if [ -n "$INTERNAL_IP4_DNS_TEMP" ]; then
read ONE_NAMESERVER INTERNAL_IP4_DNS_TEMP <<-EOF
$INTERNAL_IP4_DNS_TEMP
EOF
LINE="nameserver $ONE_NAMESERVER"
else
LINE=""
fi
;;
search*)
if [ -n "$CISCO_DEF_DOMAIN" ]; then
LINE="$LINE $CISCO_DEF_DOMAIN"
CISCO_DEF_DOMAIN=""
fi
;;
domain*)
if [ -n "$CISCO_DEF_DOMAIN" ]; then
LINE="domain $CISCO_DEF_DOMAIN"
CISCO_DEF_DOMAIN=""
fi
;;
esac
NEW_RESOLVCONF="$NEW_RESOLVCONF
$LINE"
done
exec 6<&-
for i in $INTERNAL_IP4_DNS_TEMP ; do
NEW_RESOLVCONF="$NEW_RESOLVCONF
nameserver $i"
done
if [ -n "$CISCO_DEF_DOMAIN" ]; then
NEW_RESOLVCONF="$NEW_RESOLVCONF
search $CISCO_DEF_DOMAIN"
fi
echo "$NEW_RESOLVCONF" > /etc/resolv.conf
if [ "$OS" = "Darwin" ]; then
case "`uname -r`" in
# Skip for pre-10.4 systems
4.*|5.*|6.*|7.*)
;;
# 10.4 and later require use of scutil for DNS to work properly
*)
OVERRIDE_PRIMARY=""
if [ -n "$CISCO_SPLIT_INC" ]; then
if [ $CISCO_SPLIT_INC -lt 1 ]; then
# Must override for correct default route
# Cannot use multiple DNS matching in this case
OVERRIDE_PRIMARY='d.add OverridePrimary # 1'
fi
fi
# Uncomment the following if/fi pair to use multiple
# DNS matching when available. When multiple DNS matching
# is present, anything reading the /etc/resolv.conf file
# directly will probably not work as intended.
#if [ -z "$CISCO_DEF_DOMAIN_ORIG" ]; then
# Cannot use multiple DNS matching without a domain
OVERRIDE_PRIMARY='d.add OverridePrimary # 1'
#fi
scutil >/dev/null 2>&1 <<-EOF
open
d.init
d.add ServerAddresses * $INTERNAL_IP4_DNS
set State:/Network/Service/$TUNDEV/DNS
d.init
# next line overrides the default gateway and breaks split routing
# d.add Router $INTERNAL_IP4_ADDRESS
d.add Addresses * $INTERNAL_IP4_ADDRESS
d.add SubnetMasks * 255.255.255.255
d.add InterfaceName $TUNDEV
$OVERRIDE_PRIMARY
set State:/Network/Service/$TUNDEV/IPv4
close
EOF
if [ -n "$CISCO_DEF_DOMAIN_ORIG" ]; then
scutil >/dev/null 2>&1 <<-EOF
open
get State:/Network/Service/$TUNDEV/DNS
d.add DomainName $CISCO_DEF_DOMAIN_ORIG
d.add SearchDomains * $CISCO_DEF_DOMAIN_ORIG
d.add SupplementalMatchDomains * $CISCO_DEF_DOMAIN_ORIG
set State:/Network/Service/$TUNDEV/DNS
close
EOF
fi
;;
esac
fi
}
restore_resolvconf_generic() {
if [ ! -f "$RESOLV_CONF_BACKUP" ]; then
return
fi
grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 && cat "$RESOLV_CONF_BACKUP" > /etc/resolv.conf
rm -f -- "$RESOLV_CONF_BACKUP"
if [ "$OS" = "Darwin" ]; then
case "`uname -r`" in
# Skip for pre-10.4 systems
4.*|5.*|6.*|7.*)
;;
# 10.4 and later require use of scutil for DNS to work properly
*)
scutil >/dev/null 2>&1 <<-EOF
open
remove State:/Network/Service/$TUNDEV/IPv4
remove State:/Network/Service/$TUNDEV/DNS
close
EOF
;;
esac
fi
}
# === resolv.conf handling via /sbin/netconfig (Suse 11.1) =====================
# Suse provides a script that modifies resolv.conf. Use it because it will
# restart/reload all other services that care about it (e.g. lwresd). [unclear if this is still true, but probably --mlk]
modify_resolvconf_suse_netconfig()
{
/sbin/netconfig modify -s vpnc -i "$TUNDEV" <<-EOF
INTERFACE='$TUNDEV'
DNSSERVERS='$INTERNAL_IP4_DNS'
DNSDOMAIN='$CISCO_DEF_DOMAIN'
EOF
}
# Restore resolv.conf to old contents on Suse
restore_resolvconf_suse_netconfig()
{
/sbin/netconfig remove -s vpnc -i "$TUNDEV"
}
# === resolv.conf handling via /sbin/modify_resolvconf (Suse) =====================
# Suse provides a script that modifies resolv.conf. Use it because it will
# restart/reload all other services that care about it (e.g. lwresd).
modify_resolvconf_suse()
{
FULL_SCRIPTNAME=`readlink -f $0`
RESOLV_OPTS=''
test -n "$INTERNAL_IP4_DNS" && RESOLV_OPTS="-n \"$INTERNAL_IP4_DNS\""
test -n "$CISCO_DEF_DOMAIN" && RESOLV_OPTS="$RESOLV_OPTS -d $CISCO_DEF_DOMAIN"
test -n "$RESOLV_OPTS" && eval /sbin/modify_resolvconf modify -s vpnc -p $SCRIPTNAME -f $FULL_SCRIPTNAME -e $TUNDEV $RESOLV_OPTS -t \"This file was created by $SCRIPTNAME\"
}
# Restore resolv.conf to old contents on Suse
restore_resolvconf_suse()
{
FULL_SCRIPTNAME=`readlink -f $0`
/sbin/modify_resolvconf restore -s vpnc -p $SCRIPTNAME -f $FULL_SCRIPTNAME -e $TUNDEV
}
# === resolv.conf handling via UCI (OpenWRT) =========
modify_resolvconf_openwrt() {
add_dns $OPENWRT_INTERFACE $INTERNAL_IP4_DNS
}
restore_resolvconf_openwrt() {
remove_dns $OPENWRT_INTERFACE
}
# === resolv.conf handling via /sbin/resolvconf (Debian, Ubuntu, Gentoo)) =========
modify_resolvconf_manager() {
NEW_RESOLVCONF=""
for i in $INTERNAL_IP4_DNS; do
NEW_RESOLVCONF="$NEW_RESOLVCONF
nameserver $i"
done
if [ -n "$CISCO_DEF_DOMAIN" ]; then
NEW_RESOLVCONF="$NEW_RESOLVCONF
domain $CISCO_DEF_DOMAIN"
fi
echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
}
restore_resolvconf_manager() {
/sbin/resolvconf -d $TUNDEV
}
# ========= Toplevel state handling =======================================
kernel_is_2_6_or_above() {
case `uname -r` in
1.*|2.[012345]*)
return 1
;;
*)
return 0
;;
esac
}
do_pre_init() {
if [ "$OS" = "Linux" ]; then
if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
:
else # can't open /dev/net/tun
test -e /proc/sys/kernel/modprobe && `cat /proc/sys/kernel/modprobe` tun 2>/dev/null
# fix for broken devfs in kernel 2.6.x
if [ "`readlink /dev/net/tun`" = misc/net/tun \
-a ! -e /dev/net/misc/net/tun -a -e /dev/misc/net/tun ] ; then
ln -sf /dev/misc/net/tun /dev/net/tun
fi
# make sure tun device exists
if [ ! -e /dev/net/tun ]; then
mkdir -p /dev/net
mknod -m 0640 /dev/net/tun c 10 200
[ -x /sbin/restorecon ] && /sbin/restorecon /dev/net/tun
fi
# workaround for a possible latency caused by udev, sleep max. 10s
if kernel_is_2_6_or_above ; then
for x in `seq 100` ; do
(exec 6<> /dev/net/tun) > /dev/null 2>&1 && break;
sleep 0.1
done
fi
fi
elif [ "$OS" = "FreeBSD" ]; then
if ! kldstat -q -m if_tun > /dev/null; then
kldload if_tun
fi
if ! ifconfig $TUNDEV > /dev/null; then
ifconfig $TUNDEV create
fi
elif [ "$OS" = "GNU/kFreeBSD" ]; then
if [ ! -e /dev/tun ]; then
kldload if_tun
fi
elif [ "$OS" = "NetBSD" ]; then
:
elif [ "$OS" = "OpenBSD" ]; then
if ! ifconfig $TUNDEV > /dev/null; then
ifconfig $TUNDEV create
fi
:
elif [ "$OS" = "SunOS" ]; then
:
elif [ "$OS" = "Darwin" ]; then
:
fi
}
do_connect() {
if [ -n "$CISCO_BANNER" ]; then
echo "Connect Banner:"
echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
echo
fi
set_vpngateway_route
do_ifconfig
if [ -n "$CISCO_SPLIT_INC" ]; then
i=0
while [ $i -lt $CISCO_SPLIT_INC ] ; do
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
if [ $NETWORK != "0.0.0.0" ]; then
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
else
set_default_route
fi
i=`expr $i + 1`
done
for i in $INTERNAL_IP4_DNS ; do
echo "$i" | grep : >/dev/null || \
set_network_route "$i" "255.255.255.255" "32"
done
elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
set_default_route
fi
if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
i=0
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
if [ $NETMASKLEN -lt 128 ]; then
set_ipv6_network_route "$NETWORK" "$NETMASKLEN"
else
set_ipv6_default_route
fi
i=`expr $i + 1`
done
for i in $INTERNAL_IP4_DNS ; do
if echo "$i" | grep : >/dev/null; then
set_ipv6_network_route "$i" "128"
fi
done
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
set_ipv6_default_route
fi
if [ -n "$INTERNAL_IP4_DNS" ]; then
$MODIFYRESOLVCONF
fi
}
do_disconnect() {
if [ -n "$CISCO_SPLIT_INC" ]; then
i=0
while [ $i -lt $CISCO_SPLIT_INC ] ; do
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
if [ $NETWORK != "0.0.0.0" ]; then
# FIXME: This doesn't restore previously overwritten
# routes.
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
else
reset_default_route
fi
i=`expr $i + 1`
done
for i in $INTERNAL_IP4_DNS ; do
del_network_route "$i" "255.255.255.255" "32"
done
else
reset_default_route
fi
if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
i=0
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
if [ $NETMASKLEN -eq 0 ]; then
reset_ipv6_default_route
else
del_ipv6_network_route "$NETWORK" "$NETMASKLEN"
fi
i=`expr $i + 1`
done
for i in $INTERNAL_IP6_DNS ; do
del_ipv6_network_route "$i" "128"
done
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
reset_ipv6_default_route
fi
del_vpngateway_route
if [ -n "$INTERNAL_IP4_DNS" ]; then
$RESTORERESOLVCONF
fi
destroy_tun_device
}
#### Main
if [ -z "$reason" ]; then
echo "this script must be called from vpnc" 1>&2
exit 1
fi
case "$reason" in
pre-init)
run_hooks pre-init
do_pre_init
;;
connect)
run_hooks connect
do_connect
run_hooks post-connect
;;
disconnect)
run_hooks disconnect
do_disconnect
run_hooks post-disconnect
;;
reconnect)
run_hooks reconnect
;;
*)
echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2
exit 1
;;
esac
exit 0

10
vpnc/vpnc@.service Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=VPNC connection to %i
[Service]
Type=forking
ExecStart=/usr/bin/vpnc --pid-file=/run/vpnc@%i.pid /etc/vpnc/%i.conf
PIDFile=/run/vpnc@%i.pid
[Install]
WantedBy=multi-user.target