#!/bin/sh | |
# List of parameters passed through environment | |
#* reason -- why this script was called, one of: pre-init connect disconnect | |
#* VPNGATEWAY -- vpn gateway address (always present) | |
#* TUNDEV -- tunnel device (always present) | |
#* INTERNAL_IP4_ADDRESS -- address (always present) | |
#* INTERNAL_IP4_MTU -- mtu (often unset) | |
#* INTERNAL_IP4_NETMASK -- netmask (often unset) | |
#* INTERNAL_IP4_NETMASKLEN -- netmask length (often unset) | |
#* INTERNAL_IP4_NETADDR -- address of network (only present if netmask is set) | |
#* INTERNAL_IP4_DNS -- list of dns servers | |
#* INTERNAL_IP4_NBNS -- list of wins servers | |
#* INTERNAL_IP6_ADDRESS -- IPv6 address | |
#* INTERNAL_IP6_NETMASK -- IPv6 netmask | |
#* INTERNAL_IP6_DNS -- IPv6 list of dns servers | |
#* CISCO_DEF_DOMAIN -- default domain name | |
#* CISCO_BANNER -- banner from server | |
#* CISCO_SPLIT_DNS -- comma-separated list of domain names with split DNS | |
#* CISCO_SPLIT_INC -- number of networks in split-network-list | |
#* CISCO_SPLIT_INC_%d_ADDR -- network address | |
#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0) | |
#* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24) | |
#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0) | |
#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0) | |
#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0) | |
#* CISCO_IPV6_SPLIT_INC -- number of networks in IPv6 split-network-list | |
#* CISCO_IPV6_SPLIT_INC_%d_ADDR -- IPv6 network address | |
#* CISCO_IPV6_SPLIT_INC_$%d_MASKLEN -- IPv6 subnet masklen | |
# FIXMEs: | |
# Section A: route handling | |
# 1) The 3 values CISCO_SPLIT_INC_%d_PROTOCOL/SPORT/DPORT are currently being ignored | |
# In order to use them, we'll probably need os specific solutions | |
# * Linux: iptables -t mangle -I PREROUTING <conditions> -j ROUTE --oif $TUNDEV | |
# This would be an *alternative* to changing the routes (and thus 2) and 3) | |
# shouldn't be relevant at all) | |
# 2) There are two different functions to set routes: generic routes and the | |
# default route. Why isn't the defaultroute handled via the generic route case? | |
# 3) In the split tunnel case, all routes but the default route might get replaced | |
# without getting restored later. We should explicitely check and save them just | |
# like the defaultroute | |
# 4) Replies to a dhcp-server should never be sent into the tunnel | |
# Section B: Split DNS handling | |
# 1) Maybe dnsmasq can do something like that | |
# 2) Parse dns packets going out via tunnel and redirect them to original dns-server | |
#env | sort | |
#set -x | |
# =========== script (variable) setup ==================================== | |
PATH=/sbin:/usr/sbin:$PATH | |
OS="`uname -s`" | |
DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute | |
RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup | |
SCRIPTNAME=`basename $0` | |
# some systems, eg. Darwin & FreeBSD, prune /var/run on boot | |
if [ ! -d "/var/run/vpnc" ]; then | |
mkdir -p /var/run/vpnc | |
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc | |
fi | |
# stupid SunOS: no blubber in /usr/local/bin ... (on stdout) | |
IPROUTE="`which ip | grep '^/'`" 2> /dev/null | |
if [ "$OS" = "Linux" ]; then | |
ifconfig_syntax_ptp="pointopoint" | |
route_syntax_gw="gw" | |
route_syntax_del="del" | |
route_syntax_netmask="netmask" | |
else | |
ifconfig_syntax_ptp="" | |
route_syntax_gw="" | |
route_syntax_del="delete" | |
route_syntax_netmask="-netmask" | |
fi | |
if [ "$OS" = "SunOS" ]; then | |
route_syntax_interface="-interface" | |
ifconfig_syntax_ptpv6="$INTERNAL_IP6_ADDRESS" | |
else | |
route_syntax_interface="" | |
ifconfig_syntax_ptpv6="" | |
fi | |
if [ -x /sbin/resolvconf ]; then # Optional tool on Debian, Ubuntu, Gentoo | |
MODIFYRESOLVCONF=modify_resolvconf_manager | |
RESTORERESOLVCONF=restore_resolvconf_manager | |
elif [ -x /sbin/netconfig ]; then # tool on Suse after 11.1 | |
MODIFYRESOLVCONF=modify_resolvconf_suse_netconfig | |
RESTORERESOLVCONF=restore_resolvconf_suse_netconfig | |
elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1 | |
MODIFYRESOLVCONF=modify_resolvconf_suse | |
RESTORERESOLVCONF=restore_resolvconf_suse | |
else # Generic for any OS | |
MODIFYRESOLVCONF=modify_resolvconf_generic | |
RESTORERESOLVCONF=restore_resolvconf_generic | |
fi | |
# =========== tunnel interface handling ==================================== | |
do_ifconfig() { | |
if [ -n "$INTERNAL_IP4_MTU" ]; then | |
MTU=$INTERNAL_IP4_MTU | |
elif [ -n "$IPROUTE" ]; then | |
MTUDEV=$($IPROUTE route get "$VPNGATEWAY" | sed -ne 's/^.*dev \([a-z0-9]*\).*$/\1/p') | |
MTU=$($IPROUTE link show "$MTUDEV" | sed -ne 's/^.*mtu \([[:digit:]]\+\).*$/\1/p') | |
if [ -n "$MTU" ]; then | |
MTU=$(( $MTU - 88 )) | |
fi | |
fi | |
if [ -z "$MTU" ]; then | |
MTU=1412 | |
fi | |
# Point to point interface require a netmask of 255.255.255.255 on some systems | |
if [ -n "$IPROUTE" ]; then | |
$IPROUTE link set dev "$TUNDEV" up mtu "$MTU" | |
$IPROUTE addr add "$INTERNAL_IP4_ADDRESS/255.255.255.255" peer "$INTERNAL_IP4_ADDRESS" dev "$TUNDEV" | |
else | |
ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu ${MTU} up | |
fi | |
if [ -n "$INTERNAL_IP4_NETMASK" ]; then | |
set_network_route $INTERNAL_IP4_NETADDR $INTERNAL_IP4_NETMASK $INTERNAL_IP4_NETMASKLEN | |
fi | |
# If the netmask is provided, it contains the address _and_ netmask | |
if [ -n "$INTERNAL_IP6_ADDRESS" ] && [ -z "$INTERNAL_IP6_NETMASK" ]; then | |
INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128" | |
fi | |
if [ -n "$INTERNAL_IP6_NETMASK" ]; then | |
if [ -n "$IPROUTE" ]; then | |
$IPROUTE -6 addr add $INTERNAL_IP6_NETMASK dev $TUNDEV | |
else | |
# Unlike for Legacy IP, we don't specify the dest_address | |
# here on *BSD. OpenBSD for one will refuse to accept | |
# incoming packets to that address if we do. | |
# OpenVPN does the same (gives dest_address for Legacy IP | |
# but not for IPv6). | |
# Only Solaris needs it; hence $ifconfig_syntax_ptpv6 | |
ifconfig "$TUNDEV" inet6 $INTERNAL_IP6_NETMASK $ifconfig_syntax_ptpv6 mtu $MTU up | |
fi | |
fi | |
} | |
destroy_tun_device() { | |
case "$OS" in | |
NetBSD|FreeBSD) # and probably others... | |
ifconfig "$TUNDEV" destroy | |
;; | |
esac | |
} | |
# =========== route handling ==================================== | |
if [ -n "$IPROUTE" ]; then | |
fix_ip_get_output () { | |
sed -e 's/ /\n/g' | \ | |
sed -ne '1p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}' | |
} | |
set_vpngateway_route() { | |
$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output` | |
$IPROUTE route flush cache | |
} | |
del_vpngateway_route() { | |
$IPROUTE route $route_syntax_del "$VPNGATEWAY" | |
$IPROUTE route flush cache | |
} | |
set_default_route() { | |
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE" | |
$IPROUTE route replace default dev "$TUNDEV" | |
$IPROUTE route flush cache | |
} | |
set_network_route() { | |
NETWORK="$1" | |
NETMASK="$2" | |
NETMASKLEN="$3" | |
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV" | |
$IPROUTE route flush cache | |
} | |
reset_default_route() { | |
if [ -s "$DEFAULT_ROUTE_FILE" ]; then | |
$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"` | |
$IPROUTE route flush cache | |
rm -f -- "$DEFAULT_ROUTE_FILE" | |
fi | |
} | |
del_network_route() { | |
NETWORK="$1" | |
NETMASK="$2" | |
NETMASKLEN="$3" | |
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$TUNDEV" | |
$IPROUTE route flush cache | |
} | |
set_ipv6_default_route() { | |
# We don't save/restore IPv6 default route; just add a higher-priority one. | |
$IPROUTE -6 route add default dev "$TUNDEV" metric 1 | |
$IPROUTE -6 route flush cache | |
} | |
set_ipv6_network_route() { | |
NETWORK="$1" | |
NETMASKLEN="$2" | |
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV" | |
$IPROUTE route flush cache | |
} | |
reset_ipv6_default_route() { | |
$IPROUTE -6 route del default dev "$TUNDEV" | |
$IPROUTE route flush cache | |
} | |
del_ipv6_network_route() { | |
NETWORK="$1" | |
NETMASKLEN="$2" | |
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV" | |
$IPROUTE -6 route flush cache | |
} | |
else # use route command | |
get_default_gw() { | |
# isn't -n supposed to give --numeric output? | |
# apperently not... | |
# Get rid of lines containing IPv6 addresses (':') | |
netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }' | |
} | |
set_vpngateway_route() { | |
route add -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw`" | |
} | |
del_vpngateway_route() { | |
route $route_syntax_del -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw`" | |
} | |
set_default_route() { | |
DEFAULTGW="`get_default_gw`" | |
echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE" | |
route $route_syntax_del default $route_syntax_gw "$DEFAULTGW" | |
route add default $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface | |
} | |
set_network_route() { | |
NETWORK="$1" | |
NETMASK="$2" | |
NETMASKLEN="$3" | |
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" | |
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface | |
} | |
reset_default_route() { | |
if [ -s "$DEFAULT_ROUTE_FILE" ]; then | |
route $route_syntax_del default $route_syntax_gw "`get_default_gw`" $route_syntax_interface | |
route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"` | |
rm -f -- "$DEFAULT_ROUTE_FILE" | |
fi | |
} | |
del_network_route() { | |
case "$OS" in | |
Linux|NetBSD|Darwin|SunOS) # and probably others... | |
# routes are deleted automatically on device shutdown | |
return | |
;; | |
esac | |
NETWORK="$1" | |
NETMASK="$2" | |
NETMASKLEN="$3" | |
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS" | |
} | |
set_ipv6_default_route() { | |
route add -inet6 default "$INTERNAL_IP6_ADDRESS" $route_syntax_interface | |
} | |
set_ipv6_network_route() { | |
NETWORK="$1" | |
NETMASK="$2" | |
route add -inet6 -net "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS" $route_syntax_interface | |
: | |
} | |
reset_ipv6_default_route() { | |
route $route_syntax_del -inet6 default "$INTERNAL_IP6_ADDRESS" | |
: | |
} | |
del_ipv6_network_route() { | |
NETWORK="$1" | |
NETMASK="$2" | |
route $route_syntax_del -inet6 "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS" | |
: | |
} | |
fi | |
# =========== resolv.conf handling ==================================== | |
# =========== resolv.conf handling for any OS ========================= | |
modify_resolvconf_generic() { | |
grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 || cp -- /etc/resolv.conf "$RESOLV_CONF_BACKUP" | |
NEW_RESOLVCONF="#@VPNC_GENERATED@ -- this file is generated by vpnc | |
# and will be overwritten by vpnc | |
# as long as the above mark is intact" | |
# Remember the original value of CISCO_DEF_DOMAIN we need it later | |
CISCO_DEF_DOMAIN_ORIG="$CISCO_DEF_DOMAIN" | |
# Don't step on INTERNAL_IP4_DNS value, use a temporary variable | |
INTERNAL_IP4_DNS_TEMP="$INTERNAL_IP4_DNS" | |
exec 6< "$RESOLV_CONF_BACKUP" | |
while read LINE <&6 ; do | |
case "$LINE" in | |
nameserver*) | |
if [ -n "$INTERNAL_IP4_DNS_TEMP" ]; then | |
read ONE_NAMESERVER INTERNAL_IP4_DNS_TEMP <<-EOF | |
$INTERNAL_IP4_DNS_TEMP | |
EOF | |
LINE="nameserver $ONE_NAMESERVER" | |
else | |
LINE="" | |
fi | |
;; | |
search*) | |
if [ -n "$CISCO_DEF_DOMAIN" ]; then | |
LINE="$LINE $CISCO_DEF_DOMAIN" | |
CISCO_DEF_DOMAIN="" | |
fi | |
;; | |
domain*) | |
if [ -n "$CISCO_DEF_DOMAIN" ]; then | |
LINE="domain $CISCO_DEF_DOMAIN" | |
CISCO_DEF_DOMAIN="" | |
fi | |
;; | |
esac | |
NEW_RESOLVCONF="$NEW_RESOLVCONF | |
$LINE" | |
done | |
exec 6<&- | |
for i in $INTERNAL_IP4_DNS_TEMP ; do | |
NEW_RESOLVCONF="$NEW_RESOLVCONF | |
nameserver $i" | |
done | |
if [ -n "$CISCO_DEF_DOMAIN" ]; then | |
NEW_RESOLVCONF="$NEW_RESOLVCONF | |
search $CISCO_DEF_DOMAIN" | |
fi | |
echo "$NEW_RESOLVCONF" > /etc/resolv.conf | |
if [ "$OS" = "Darwin" ]; then | |
case "`uname -r`" in | |
# Skip for pre-10.4 systems | |
4.*|5.*|6.*|7.*) | |
;; | |
# 10.4 and later require use of scutil for DNS to work properly | |
*) | |
OVERRIDE_PRIMARY="" | |
if [ -n "$CISCO_SPLIT_INC" ]; then | |
if [ $CISCO_SPLIT_INC -lt 1 ]; then | |
# Must override for correct default route | |
# Cannot use multiple DNS matching in this case | |
OVERRIDE_PRIMARY='d.add OverridePrimary # 1' | |
fi | |
fi | |
# Uncomment the following if/fi pair to use multiple | |
# DNS matching when available. When multiple DNS matching | |
# is present, anything reading the /etc/resolv.conf file | |
# directly will probably not work as intended. | |
#if [ -z "$CISCO_DEF_DOMAIN_ORIG" ]; then | |
# Cannot use multiple DNS matching without a domain | |
OVERRIDE_PRIMARY='d.add OverridePrimary # 1' | |
#fi | |
scutil >/dev/null 2>&1 <<-EOF | |
open | |
d.init | |
d.add ServerAddresses * $INTERNAL_IP4_DNS | |
set State:/Network/Service/$TUNDEV/DNS | |
d.init | |
# next line overrides the default gateway and breaks split routing | |
# d.add Router $INTERNAL_IP4_ADDRESS | |
d.add Addresses * $INTERNAL_IP4_ADDRESS | |
d.add SubnetMasks * 255.255.255.255 | |
d.add InterfaceName $TUNDEV | |
$OVERRIDE_PRIMARY | |
set State:/Network/Service/$TUNDEV/IPv4 | |
close | |
EOF | |
if [ -n "$CISCO_DEF_DOMAIN_ORIG" ]; then | |
scutil >/dev/null 2>&1 <<-EOF | |
open | |
get State:/Network/Service/$TUNDEV/DNS | |
d.add DomainName $CISCO_DEF_DOMAIN_ORIG | |
d.add SearchDomains * $CISCO_DEF_DOMAIN_ORIG | |
d.add SupplementalMatchDomains * $CISCO_DEF_DOMAIN_ORIG | |
set State:/Network/Service/$TUNDEV/DNS | |
close | |
EOF | |
fi | |
;; | |
esac | |
fi | |
} | |
restore_resolvconf_generic() { | |
if [ ! -e "$RESOLV_CONF_BACKUP" ]; then | |
return | |
fi | |
grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 && cat "$RESOLV_CONF_BACKUP" > /etc/resolv.conf | |
rm -f -- "$RESOLV_CONF_BACKUP" | |
if [ "$OS" = "Darwin" ]; then | |
case "`uname -r`" in | |
# Skip for pre-10.4 systems | |
4.*|5.*|6.*|7.*) | |
;; | |
# 10.4 and later require use of scutil for DNS to work properly | |
*) | |
scutil >/dev/null 2>&1 <<-EOF | |
open | |
remove State:/Network/Service/$TUNDEV/IPv4 | |
remove State:/Network/Service/$TUNDEV/DNS | |
close | |
EOF | |
;; | |
esac | |
fi | |
} | |
# === resolv.conf handling via /sbin/netconfig (Suse 11.1) ===================== | |
# Suse provides a script that modifies resolv.conf. Use it because it will | |
# restart/reload all other services that care about it (e.g. lwresd). [unclear if this is still true, but probably --mlk] | |
modify_resolvconf_suse_netconfig() | |
{ | |
/sbin/netconfig modify -s vpnc -i "$TUNDEV" <<-EOF | |
INTERFACE='$TUNDEV' | |
DNSSERVERS='$INTERNAL_IP4_DNS' | |
DNSDOMAIN='$CISCO_DEF_DOMAIN' | |
EOF | |
} | |
# Restore resolv.conf to old contents on Suse | |
restore_resolvconf_suse_netconfig() | |
{ | |
/sbin/netconfig remove -s vpnc -i "$TUNDEV" | |
} | |
# === resolv.conf handling via /sbin/modify_resolvconf (Suse) ===================== | |
# Suse provides a script that modifies resolv.conf. Use it because it will | |
# restart/reload all other services that care about it (e.g. lwresd). | |
modify_resolvconf_suse() | |
{ | |
FULL_SCRIPTNAME=`readlink -f $0` | |
RESOLV_OPTS='' | |
test -n "$INTERNAL_IP4_DNS" && RESOLV_OPTS="-n \"$INTERNAL_IP4_DNS\"" | |
test -n "$CISCO_DEF_DOMAIN" && RESOLV_OPTS="$RESOLV_OPTS -d $CISCO_DEF_DOMAIN" | |
test -n "$RESOLV_OPTS" && eval /sbin/modify_resolvconf modify -s vpnc -p $SCRIPTNAME -f $FULL_SCRIPTNAME -e $TUNDEV $RESOLV_OPTS -t \"This file was created by $SCRIPTNAME\" | |
} | |
# Restore resolv.conf to old contents on Suse | |
restore_resolvconf_suse() | |
{ | |
FULL_SCRIPTNAME=`readlink -f $0` | |
/sbin/modify_resolvconf restore -s vpnc -p $SCRIPTNAME -f $FULL_SCRIPTNAME -e $TUNDEV | |
} | |
# === resolv.conf handling via /sbin/resolvconf (Debian, Ubuntu, Gentoo)) ========= | |
modify_resolvconf_manager() { | |
NEW_RESOLVCONF="" | |
for i in $INTERNAL_IP4_DNS; do | |
NEW_RESOLVCONF="$NEW_RESOLVCONF | |
nameserver $i" | |
done | |
if [ -n "$CISCO_DEF_DOMAIN" ]; then | |
NEW_RESOLVCONF="$NEW_RESOLVCONF | |
domain $CISCO_DEF_DOMAIN" | |
fi | |
echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV | |
} | |
restore_resolvconf_manager() { | |
/sbin/resolvconf -d $TUNDEV | |
} | |
# ========= Toplevel state handling ======================================= | |
kernel_is_2_6_or_above() { | |
case `uname -r` in | |
1.*|2.[012345]*) | |
return 1 | |
;; | |
*) | |
return 0 | |
;; | |
esac | |
} | |
do_pre_init() { | |
if [ "$OS" = "Linux" ]; then | |
if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then | |
: | |
else # can't open /dev/net/tun | |
test -e /proc/sys/kernel/modprobe && `cat /proc/sys/kernel/modprobe` tun 2>/dev/null | |
# fix for broken devfs in kernel 2.6.x | |
if [ "`readlink /dev/net/tun`" = misc/net/tun \ | |
-a ! -e /dev/net/misc/net/tun -a -e /dev/misc/net/tun ] ; then | |
ln -sf /dev/misc/net/tun /dev/net/tun | |
fi | |
# make sure tun device exists | |
if [ ! -e /dev/net/tun ]; then | |
mkdir -p /dev/net | |
mknod -m 0640 /dev/net/tun c 10 200 | |
[ -x /sbin/restorecon ] && /sbin/restorecon /dev/net/tun | |
fi | |
# workaround for a possible latency caused by udev, sleep max. 10s | |
if kernel_is_2_6_or_above ; then | |
for x in `seq 100` ; do | |
(exec 6<> /dev/net/tun) > /dev/null 2>&1 && break; | |
sleep 0.1 | |
done | |
fi | |
fi | |
elif [ "$OS" = "FreeBSD" ]; then | |
if [ ! -e /dev/tun ]; then | |
kldload if_tun | |
fi | |
elif [ "$OS" = "GNU/kFreeBSD" ]; then | |
if [ ! -e /dev/tun ]; then | |
kldload if_tun | |
fi | |
elif [ "$OS" = "NetBSD" ]; then | |
: | |
elif [ "$OS" = "OpenBSD" ]; then | |
: | |
elif [ "$OS" = "SunOS" ]; then | |
: | |
elif [ "$OS" = "Darwin" ]; then | |
: | |
fi | |
} | |
do_connect() { | |
# Debian specific, insert your code there to avoid modification of | |
# conffiles like this script | |
if [ -r /etc/vpnc/vpnc-script-connect-action ] ; then | |
. /etc/vpnc/vpnc-script-connect-action | |
fi | |
# backwards compatibility mapping for old extensions | |
if test "$TARGET_NETWORKS" ; then | |
i=0 | |
for network in $TARGET_NETWORKS ; do | |
eval CISCO_SPLIT_INC_${i}_ADDR=`echo $network | cut -f1 -d/` | |
eval CISCO_SPLIT_INC_${i}_MASKLEN=`echo $network | cut -f2 -d/` | |
eval CISCO_SPLIT_INC_${i}_MASK=$( perl -e '$ARGV[0]=~s,.*/,,;$m=(2**$ARGV[0]-1)<<(32-$ARGV[0]);printf "%d.%d.%d.%d\n", $m>>24 & 0xff, $m>>16 & 0xff, $m>>8 & 0xff, $m & 0xff;' $network ) | |
eval CISCO_SPLIT_INC_${i}_PROTOCOL=0 | |
eval CISCO_SPLIT_INC_${i}_SPORT=0 | |
eval CISCO_SPLIT_INC_${i}_DPORT=0 | |
i=`expr $i + 1` | |
done | |
CISCO_SPLIT_INC=$i | |
fi | |
## end Debian specific | |
if [ -n "$CISCO_BANNER" ]; then | |
echo "Connect Banner:" | |
echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done | |
echo | |
fi | |
set_vpngateway_route | |
do_ifconfig | |
if [ -n "$CISCO_SPLIT_INC" ]; then | |
i=0 | |
while [ $i -lt $CISCO_SPLIT_INC ] ; do | |
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}" | |
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}" | |
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}" | |
if [ $NETWORK != "0.0.0.0" ]; then | |
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" | |
else | |
set_default_route | |
fi | |
i=`expr $i + 1` | |
done | |
for i in $INTERNAL_IP4_DNS ; do | |
if ! echo "$i" | grep : >/dev/null; then | |
set_network_route "$i" "255.255.255.255" "32" | |
fi | |
done | |
elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then | |
set_default_route | |
fi | |
if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then | |
i=0 | |
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do | |
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}" | |
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}" | |
if [ $NETMASKLEN -lt 128 ]; then | |
set_ipv6_network_route "$NETWORK" "$NETMASKLEN" | |
else | |
set_ipv6_default_route | |
fi | |
i=`expr $i + 1` | |
done | |
for i in $INTERNAL_IP4_DNS ; do | |
if echo "$i" | grep : >/dev/null; then | |
set_ipv6_network_route "$i" "128" | |
fi | |
done | |
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then | |
set_ipv6_default_route | |
fi | |
case "$DNS_UPDATE" in | |
*no|*NO|*No|*nO) | |
;; | |
*) | |
if [ -n "$INTERNAL_IP4_DNS" ]; then | |
$MODIFYRESOLVCONF | |
fi | |
;; | |
esac | |
if [ -r /etc/vpnc/vpnc-script-post-connect-action ] ; then | |
. /etc/vpnc/vpnc-script-post-connect-action | |
fi | |
} | |
do_disconnect() { | |
# Debian specific, insert your code there to avoid modification of | |
# conffiles like this script | |
if [ -r /etc/vpnc/vpnc-script-disconnect-action ] ; then | |
. /etc/vpnc/vpnc-script-disconnect-action | |
fi | |
if [ -n "$CISCO_SPLIT_INC" ]; then | |
i=0 | |
while [ $i -lt $CISCO_SPLIT_INC ] ; do | |
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}" | |
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}" | |
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}" | |
if [ $NETWORK != "0.0.0.0" ]; then | |
# FIXME: This doesn't restore previously overwritten | |
# routes. | |
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" | |
else | |
reset_default_route | |
fi | |
i=`expr $i + 1` | |
done | |
for i in $INTERNAL_IP4_DNS ; do | |
del_network_route "$i" "255.255.255.255" "32" | |
done | |
else | |
reset_default_route | |
fi | |
if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then | |
i=0 | |
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do | |
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}" | |
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}" | |
if [ $NETMASKLEN -eq 0 ]; then | |
reset_ipv6_default_route | |
else | |
del_ipv6_network_route "$NETWORK" "$NETMASKLEN" | |
fi | |
i=`expr $i + 1` | |
done | |
for i in $INTERNAL_IP6_DNS ; do | |
del_ipv6_network_route "$i" "128" | |
done | |
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then | |
reset_ipv6_default_route | |
fi | |
del_vpngateway_route | |
case "$DNS_UPDATE" in | |
*no|*NO|*No|*nO) | |
;; | |
*) | |
if [ -n "$INTERNAL_IP4_DNS" ]; then | |
$RESTORERESOLVCONF | |
fi | |
;; | |
esac | |
if [ -r /etc/vpnc/vpnc-script-post-disconnect-action ] ; then | |
. /etc/vpnc/vpnc-script-post-disconnect-action | |
fi | |
destroy_tun_device | |
} | |
#### Main | |
if [ -z "$reason" ]; then | |
echo "this script must be called from vpnc" 1>&2 | |
exit 1 | |
fi | |
case "$reason" in | |
pre-init) | |
do_pre_init | |
;; | |
connect) | |
do_connect | |
;; | |
disconnect) | |
do_disconnect | |
;; | |
*) | |
echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2 | |
exit 1 | |
;; | |
esac | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment