Ubuntu's default vpnc-script

vpnc-script
Shell
      
        
          
          
            #!/bin/sh
# List of parameters passed through environment
#* reason                       -- why this script was called, one of: pre-init connect disconnect
#* VPNGATEWAY                   -- vpn gateway address (always present)
#* TUNDEV                       -- tunnel device (always present)
#* INTERNAL_IP4_ADDRESS         -- address (always present)
#* INTERNAL_IP4_MTU             -- mtu (often unset)
#* INTERNAL_IP4_NETMASK         -- netmask (often unset)
#* INTERNAL_IP4_NETMASKLEN      -- netmask length (often unset)
#* INTERNAL_IP4_NETADDR         -- address of network (only present if netmask is set)
#* INTERNAL_IP4_DNS             -- list of dns servers
#* INTERNAL_IP4_NBNS            -- list of wins servers
#* INTERNAL_IP6_ADDRESS         -- IPv6 address
#* INTERNAL_IP6_NETMASK         -- IPv6 netmask
#* INTERNAL_IP6_DNS             -- IPv6 list of dns servers
#* CISCO_DEF_DOMAIN             -- default domain name
#* CISCO_BANNER                 -- banner from server
#* CISCO_SPLIT_DNS              -- comma-separated list of domain names with split DNS
#* CISCO_SPLIT_INC              -- number of networks in split-network-list
#* CISCO_SPLIT_INC_%d_ADDR      -- network address
#* CISCO_SPLIT_INC_%d_MASK      -- subnet mask (for example: 255.255.255.0)
#* CISCO_SPLIT_INC_%d_MASKLEN   -- subnet masklen (for example: 24)
#* CISCO_SPLIT_INC_%d_PROTOCOL  -- protocol (often just 0)
#* CISCO_SPLIT_INC_%d_SPORT     -- source port (often just 0)
#* CISCO_SPLIT_INC_%d_DPORT     -- destination port (often just 0)
#* CISCO_IPV6_SPLIT_INC         -- number of networks in IPv6 split-network-list
#* CISCO_IPV6_SPLIT_INC_%d_ADDR -- IPv6 network address
#* CISCO_IPV6_SPLIT_INC_$%d_MASKLEN -- IPv6 subnet masklen
 
# FIXMEs:
 
# Section A: route handling
 
# 1) The 3 values CISCO_SPLIT_INC_%d_PROTOCOL/SPORT/DPORT are currently being ignored
#   In order to use them, we'll probably need os specific solutions
#   * Linux: iptables -t mangle -I PREROUTING <conditions> -j ROUTE --oif $TUNDEV
#       This would be an *alternative* to changing the routes (and thus 2) and 3)
#       shouldn't be relevant at all)
# 2) There are two different functions to set routes: generic routes and the
#   default route. Why isn't the defaultroute handled via the generic route case?
# 3) In the split tunnel case, all routes but the default route might get replaced
#   without getting restored later. We should explicitely check and save them just
#   like the defaultroute
# 4) Replies to a dhcp-server should never be sent into the tunnel
 
# Section B: Split DNS handling
 
# 1) Maybe dnsmasq can do something like that
# 2) Parse dns packets going out via tunnel and redirect them to original dns-server
 
#env | sort
#set -x
 
# =========== script (variable) setup ====================================
 
PATH=/sbin:/usr/sbin:$PATH
 
OS="`uname -s`"
 
DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
SCRIPTNAME=`basename $0`
 
# some systems, eg. Darwin & FreeBSD, prune /var/run on boot
if [ ! -d "/var/run/vpnc" ]; then
	mkdir -p /var/run/vpnc
	[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc
fi
 
# stupid SunOS: no blubber in /usr/local/bin ... (on stdout)
IPROUTE="`which ip | grep '^/'`" 2> /dev/null
 
if [ "$OS" = "Linux" ]; then
	ifconfig_syntax_ptp="pointopoint"
	route_syntax_gw="gw"
	route_syntax_del="del"
	route_syntax_netmask="netmask"
else
	ifconfig_syntax_ptp=""
	route_syntax_gw=""
	route_syntax_del="delete"
	route_syntax_netmask="-netmask"
fi
if [ "$OS" = "SunOS" ]; then
	route_syntax_interface="-interface"
	ifconfig_syntax_ptpv6="$INTERNAL_IP6_ADDRESS"
else
	route_syntax_interface=""
	ifconfig_syntax_ptpv6=""
fi
 
if [ -x /sbin/resolvconf ]; then # Optional tool on Debian, Ubuntu, Gentoo
	MODIFYRESOLVCONF=modify_resolvconf_manager
	RESTORERESOLVCONF=restore_resolvconf_manager
elif [ -x /sbin/netconfig ]; then # tool on Suse after 11.1
	MODIFYRESOLVCONF=modify_resolvconf_suse_netconfig
	RESTORERESOLVCONF=restore_resolvconf_suse_netconfig
elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1
	MODIFYRESOLVCONF=modify_resolvconf_suse
	RESTORERESOLVCONF=restore_resolvconf_suse
else # Generic for any OS
	MODIFYRESOLVCONF=modify_resolvconf_generic
	RESTORERESOLVCONF=restore_resolvconf_generic
fi
 
# =========== tunnel interface handling ====================================
 
do_ifconfig() {
	if [ -n "$INTERNAL_IP4_MTU" ]; then
		MTU=$INTERNAL_IP4_MTU
	elif [ -n "$IPROUTE" ]; then
		MTUDEV=$($IPROUTE route get "$VPNGATEWAY" | sed -ne 's/^.*dev \([a-z0-9]*\).*$/\1/p')
		MTU=$($IPROUTE link show "$MTUDEV" | sed -ne 's/^.*mtu \([[:digit:]]\+\).*$/\1/p')
		if [ -n "$MTU" ]; then
			MTU=$(( $MTU - 88 ))
		fi
	fi
 
	if [ -z "$MTU" ]; then
		MTU=1412
	fi
 
	# Point to point interface require a netmask of 255.255.255.255 on some systems
	if [ -n "$IPROUTE" ]; then
		$IPROUTE link set dev "$TUNDEV" up mtu "$MTU"
		$IPROUTE addr add "$INTERNAL_IP4_ADDRESS/255.255.255.255" peer "$INTERNAL_IP4_ADDRESS" dev "$TUNDEV"
	else
		ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu ${MTU} up
	fi
 
	if [ -n "$INTERNAL_IP4_NETMASK" ]; then
		set_network_route $INTERNAL_IP4_NETADDR $INTERNAL_IP4_NETMASK $INTERNAL_IP4_NETMASKLEN
	fi
 
	# If the netmask is provided, it contains the address _and_ netmask
	if [ -n "$INTERNAL_IP6_ADDRESS" ] && [ -z "$INTERNAL_IP6_NETMASK" ]; then
	    INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128"
	fi
	if [ -n "$INTERNAL_IP6_NETMASK" ]; then
	    if [ -n "$IPROUTE" ]; then
		$IPROUTE -6 addr add $INTERNAL_IP6_NETMASK dev $TUNDEV
	    else
		# Unlike for Legacy IP, we don't specify the dest_address
		# here on *BSD. OpenBSD for one will refuse to accept
		# incoming packets to that address if we do.
		# OpenVPN does the same (gives dest_address for Legacy IP
		# but not for IPv6).
		# Only Solaris needs it; hence $ifconfig_syntax_ptpv6
	        ifconfig "$TUNDEV" inet6 $INTERNAL_IP6_NETMASK $ifconfig_syntax_ptpv6 mtu $MTU up
	    fi
	fi
}
 
destroy_tun_device() {
	case "$OS" in
	NetBSD|FreeBSD) # and probably others...
		ifconfig "$TUNDEV" destroy
		;;
	esac
}
 
# =========== route handling ====================================
 
if [ -n "$IPROUTE" ]; then
	fix_ip_get_output () {
		sed -e 's/ /\n/g' | \
		    sed -ne '1p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}'
	}
 
	set_vpngateway_route() {
		$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
		$IPROUTE route flush cache
	}
 
	del_vpngateway_route() {
		$IPROUTE route $route_syntax_del "$VPNGATEWAY"
		$IPROUTE route flush cache
	}
 
	set_default_route() {
		$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
		$IPROUTE route replace default dev "$TUNDEV"
		$IPROUTE route flush cache
	}
 
	set_network_route() {
		NETWORK="$1"
		NETMASK="$2"
		NETMASKLEN="$3"
		$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
		$IPROUTE route flush cache
	}
 
	reset_default_route() {
		if [ -s "$DEFAULT_ROUTE_FILE" ]; then
			$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
			$IPROUTE route flush cache
			rm -f -- "$DEFAULT_ROUTE_FILE"
		fi
	}
 
	del_network_route() {
		NETWORK="$1"
		NETMASK="$2"
		NETMASKLEN="$3"
		$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
		$IPROUTE route flush cache
	}
 
	set_ipv6_default_route() {
		# We don't save/restore IPv6 default route; just add a higher-priority one.
		$IPROUTE -6 route add default dev "$TUNDEV" metric 1
		$IPROUTE -6 route flush cache
	}
 
	set_ipv6_network_route() {
		NETWORK="$1"
		NETMASKLEN="$2"
		$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
		$IPROUTE route flush cache
	}
 
	reset_ipv6_default_route() {
		$IPROUTE -6 route del default dev "$TUNDEV"
		$IPROUTE route flush cache
	}
 
	del_ipv6_network_route() {
		NETWORK="$1"
		NETMASKLEN="$2"
		$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
		$IPROUTE -6 route flush cache
	}
else # use route command
	get_default_gw() {
		# isn't -n supposed to give --numeric output?
		# apperently not...
		# Get rid of lines containing IPv6 addresses (':')
		netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
	}
 
	set_vpngateway_route() {
		route add -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw`"
	}
 
	del_vpngateway_route() {
		route $route_syntax_del -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw`"
	}
 
	set_default_route() {
		DEFAULTGW="`get_default_gw`"
		echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE"
		route $route_syntax_del default $route_syntax_gw "$DEFAULTGW"
		route add default $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface
	}
 
	set_network_route() {
		NETWORK="$1"
		NETMASK="$2"
		NETMASKLEN="$3"
		del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
		route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface
	}
 
	reset_default_route() {
		if [ -s "$DEFAULT_ROUTE_FILE" ]; then
			route $route_syntax_del default $route_syntax_gw "`get_default_gw`" $route_syntax_interface
			route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"`
			rm -f -- "$DEFAULT_ROUTE_FILE"
		fi
	}
 
	del_network_route() {
		case "$OS" in
		Linux|NetBSD|Darwin|SunOS) # and probably others...
			# routes are deleted automatically on device shutdown
			return
			;;
		esac
		NETWORK="$1"
		NETMASK="$2"
		NETMASKLEN="$3"
		route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
	}
 
	set_ipv6_default_route() {
		route add -inet6 default "$INTERNAL_IP6_ADDRESS" $route_syntax_interface
	}
 
	set_ipv6_network_route() {
		NETWORK="$1"
		NETMASK="$2"
		route add -inet6 -net "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS" $route_syntax_interface
		:
	}
 
	reset_ipv6_default_route() {
		route $route_syntax_del -inet6 default "$INTERNAL_IP6_ADDRESS"
		:
	}
 
	del_ipv6_network_route() {
		NETWORK="$1"
		NETMASK="$2"
		route $route_syntax_del -inet6 "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS"
		:
	}
 
fi
 
# =========== resolv.conf handling ====================================
 
# =========== resolv.conf handling for any OS =========================
 
modify_resolvconf_generic() {
	grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 || cp -- /etc/resolv.conf "$RESOLV_CONF_BACKUP"
	NEW_RESOLVCONF="#@VPNC_GENERATED@ -- this file is generated by vpnc
# and will be overwritten by vpnc
# as long as the above mark is intact"
 
	# Remember the original value of CISCO_DEF_DOMAIN we need it later
	CISCO_DEF_DOMAIN_ORIG="$CISCO_DEF_DOMAIN"
	# Don't step on INTERNAL_IP4_DNS value, use a temporary variable
	INTERNAL_IP4_DNS_TEMP="$INTERNAL_IP4_DNS"
	exec 6< "$RESOLV_CONF_BACKUP"
	while read LINE <&6 ; do
		case "$LINE" in
			nameserver*)
				if [ -n "$INTERNAL_IP4_DNS_TEMP" ]; then
					read ONE_NAMESERVER INTERNAL_IP4_DNS_TEMP <<-EOF
	$INTERNAL_IP4_DNS_TEMP
EOF
					LINE="nameserver $ONE_NAMESERVER"
				else
					LINE=""
				fi
				;;
			search*)
				if [ -n "$CISCO_DEF_DOMAIN" ]; then
					LINE="$LINE $CISCO_DEF_DOMAIN"
					CISCO_DEF_DOMAIN=""
				fi
				;;
			domain*)
				if [ -n "$CISCO_DEF_DOMAIN" ]; then
					LINE="domain $CISCO_DEF_DOMAIN"
					CISCO_DEF_DOMAIN=""
				fi
				;;
		esac
		NEW_RESOLVCONF="$NEW_RESOLVCONF
$LINE"
	done
	exec 6<&-
 
	for i in $INTERNAL_IP4_DNS_TEMP ; do
		NEW_RESOLVCONF="$NEW_RESOLVCONF
nameserver $i"
	done
	if [ -n "$CISCO_DEF_DOMAIN" ]; then
		NEW_RESOLVCONF="$NEW_RESOLVCONF
search $CISCO_DEF_DOMAIN"
	fi
	echo "$NEW_RESOLVCONF" > /etc/resolv.conf
 
	if [ "$OS" = "Darwin" ]; then
		case "`uname -r`" in
			# Skip for pre-10.4 systems
			4.*|5.*|6.*|7.*)
				;;
			# 10.4 and later require use of scutil for DNS to work properly
			*)
				OVERRIDE_PRIMARY=""
				if [ -n "$CISCO_SPLIT_INC" ]; then
					if [ $CISCO_SPLIT_INC -lt 1 ]; then
						# Must override for correct default route
						# Cannot use multiple DNS matching in this case
						OVERRIDE_PRIMARY='d.add OverridePrimary # 1'
					fi
				fi
				# Uncomment the following if/fi pair to use multiple
				# DNS matching when available.  When multiple DNS matching
				# is present, anything reading the /etc/resolv.conf file
				# directly will probably not work as intended.
				#if [ -z "$CISCO_DEF_DOMAIN_ORIG" ]; then
					# Cannot use multiple DNS matching without a domain
					OVERRIDE_PRIMARY='d.add OverridePrimary # 1'
				#fi
				scutil >/dev/null 2>&1 <<-EOF
					open
					d.init
					d.add ServerAddresses * $INTERNAL_IP4_DNS
					set State:/Network/Service/$TUNDEV/DNS
					d.init
					# next line overrides the default gateway and breaks split routing
					# d.add Router $INTERNAL_IP4_ADDRESS
					d.add Addresses * $INTERNAL_IP4_ADDRESS
					d.add SubnetMasks * 255.255.255.255
					d.add InterfaceName $TUNDEV
					$OVERRIDE_PRIMARY
					set State:/Network/Service/$TUNDEV/IPv4
					close
				EOF
				if [ -n "$CISCO_DEF_DOMAIN_ORIG" ]; then
					scutil >/dev/null 2>&1 <<-EOF
						open
						get State:/Network/Service/$TUNDEV/DNS
						d.add DomainName $CISCO_DEF_DOMAIN_ORIG
						d.add SearchDomains * $CISCO_DEF_DOMAIN_ORIG
						d.add SupplementalMatchDomains * $CISCO_DEF_DOMAIN_ORIG
						set State:/Network/Service/$TUNDEV/DNS
						close
					EOF
				fi
				;;
		esac
	fi
}
 
restore_resolvconf_generic() {
	if [ ! -e "$RESOLV_CONF_BACKUP" ]; then
		return
	fi
	grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 && cat "$RESOLV_CONF_BACKUP" > /etc/resolv.conf
	rm -f -- "$RESOLV_CONF_BACKUP"
 
	if [ "$OS" = "Darwin" ]; then
		case "`uname -r`" in
			# Skip for pre-10.4 systems
			4.*|5.*|6.*|7.*)
				;;
			# 10.4 and later require use of scutil for DNS to work properly
			*)
				scutil >/dev/null 2>&1 <<-EOF
					open
					remove State:/Network/Service/$TUNDEV/IPv4
					remove State:/Network/Service/$TUNDEV/DNS
					close
				EOF
				;;
		esac
	fi
}
# === resolv.conf handling via /sbin/netconfig (Suse 11.1) =====================
 
# Suse provides a script that modifies resolv.conf. Use it because it will
# restart/reload all other services that care about it (e.g. lwresd).  [unclear if this is still true, but probably --mlk]
 
modify_resolvconf_suse_netconfig()
{
	/sbin/netconfig modify -s vpnc -i "$TUNDEV" <<-EOF
		INTERFACE='$TUNDEV'
		DNSSERVERS='$INTERNAL_IP4_DNS'
		DNSDOMAIN='$CISCO_DEF_DOMAIN'
		EOF
}
# Restore resolv.conf to old contents on Suse
restore_resolvconf_suse_netconfig()
{
	/sbin/netconfig remove -s vpnc -i "$TUNDEV"
}
 
# === resolv.conf handling via /sbin/modify_resolvconf (Suse) =====================
 
# Suse provides a script that modifies resolv.conf. Use it because it will
# restart/reload all other services that care about it (e.g. lwresd).
 
modify_resolvconf_suse()
{
	FULL_SCRIPTNAME=`readlink -f $0`
	RESOLV_OPTS=''
	test -n "$INTERNAL_IP4_DNS" && RESOLV_OPTS="-n \"$INTERNAL_IP4_DNS\""
	test -n "$CISCO_DEF_DOMAIN" && RESOLV_OPTS="$RESOLV_OPTS -d $CISCO_DEF_DOMAIN"
	test -n "$RESOLV_OPTS" && eval /sbin/modify_resolvconf modify -s vpnc -p $SCRIPTNAME -f $FULL_SCRIPTNAME -e $TUNDEV $RESOLV_OPTS -t \"This file was created by $SCRIPTNAME\"
}
 
# Restore resolv.conf to old contents on Suse
restore_resolvconf_suse()
{
	FULL_SCRIPTNAME=`readlink -f $0`
	/sbin/modify_resolvconf restore -s vpnc -p $SCRIPTNAME -f $FULL_SCRIPTNAME -e $TUNDEV
}
 
# === resolv.conf handling via /sbin/resolvconf (Debian, Ubuntu, Gentoo)) =========
 
modify_resolvconf_manager() {
	NEW_RESOLVCONF=""
	for i in $INTERNAL_IP4_DNS; do
		NEW_RESOLVCONF="$NEW_RESOLVCONF
nameserver $i"
	done
	if [ -n "$CISCO_DEF_DOMAIN" ]; then
		NEW_RESOLVCONF="$NEW_RESOLVCONF
domain $CISCO_DEF_DOMAIN"
	fi
	echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
}
 
restore_resolvconf_manager() {
	/sbin/resolvconf -d $TUNDEV
}
 
# ========= Toplevel state handling  =======================================
 
kernel_is_2_6_or_above() {
	case `uname -r` in
		1.*|2.[012345]*)
			return 1
			;;
		*)
			return 0
			;;
	esac
}
 
do_pre_init() {
	if [ "$OS" = "Linux" ]; then
		if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
			:
		else # can't open /dev/net/tun
			test -e /proc/sys/kernel/modprobe && `cat /proc/sys/kernel/modprobe` tun 2>/dev/null
			# fix for broken devfs in kernel 2.6.x
			if [ "`readlink /dev/net/tun`" = misc/net/tun \
				-a ! -e /dev/net/misc/net/tun -a -e /dev/misc/net/tun ] ; then
				ln -sf /dev/misc/net/tun /dev/net/tun
			fi
			# make sure tun device exists
			if [ ! -e /dev/net/tun ]; then
				mkdir -p /dev/net
				mknod -m 0640 /dev/net/tun c 10 200
				[ -x /sbin/restorecon ] && /sbin/restorecon /dev/net/tun
			fi
			# workaround for a possible latency caused by udev, sleep max. 10s
			if kernel_is_2_6_or_above ; then
				for x in `seq 100` ; do
					(exec 6<> /dev/net/tun) > /dev/null 2>&1 && break;
					sleep 0.1
				done
			fi
		fi
	elif [ "$OS" = "FreeBSD" ]; then
		if [ ! -e /dev/tun ]; then
			kldload if_tun
		fi
	elif [ "$OS" = "GNU/kFreeBSD" ]; then
		if [ ! -e /dev/tun ]; then
			kldload if_tun
		fi
	elif [ "$OS" = "NetBSD" ]; then
		:
	elif [ "$OS" = "OpenBSD" ]; then
		:
	elif [ "$OS" = "SunOS" ]; then
		:
	elif [ "$OS" = "Darwin" ]; then
		:
	fi
}
 
do_connect() {
      # Debian specific, insert your code there to avoid modification of
      # conffiles like this script
      if [ -r /etc/vpnc/vpnc-script-connect-action ] ; then
	 . /etc/vpnc/vpnc-script-connect-action
      fi
      # backwards compatibility mapping for old extensions
      if test "$TARGET_NETWORKS" ; then
	 i=0
	 for network in $TARGET_NETWORKS ; do
	    eval CISCO_SPLIT_INC_${i}_ADDR=`echo $network | cut -f1 -d/`
	    eval CISCO_SPLIT_INC_${i}_MASKLEN=`echo $network | cut -f2 -d/`
	    eval CISCO_SPLIT_INC_${i}_MASK=$( perl -e '$ARGV[0]=~s,.*/,,;$m=(2**$ARGV[0]-1)<<(32-$ARGV[0]);printf "%d.%d.%d.%d\n", $m>>24 & 0xff, $m>>16 & 0xff, $m>>8 & 0xff, $m & 0xff;' $network )
	    eval CISCO_SPLIT_INC_${i}_PROTOCOL=0
	    eval CISCO_SPLIT_INC_${i}_SPORT=0
	    eval CISCO_SPLIT_INC_${i}_DPORT=0
	    i=`expr $i + 1`
	 done
	 CISCO_SPLIT_INC=$i
      fi
      ## end Debian specific
 
	if [ -n "$CISCO_BANNER" ]; then
		echo "Connect Banner:"
		echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
		echo
	fi
 
	set_vpngateway_route
	do_ifconfig
	if [ -n "$CISCO_SPLIT_INC" ]; then
		i=0
		while [ $i -lt $CISCO_SPLIT_INC ] ; do
			eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
			eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
			eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
			if [ $NETWORK != "0.0.0.0" ]; then
				set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
			else
				set_default_route
			fi
			i=`expr $i + 1`
		done
		for i in $INTERNAL_IP4_DNS ; do
			if ! echo "$i" | grep : >/dev/null; then
				set_network_route "$i" "255.255.255.255" "32"
			fi
		done
	elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
		set_default_route
	fi
	if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
		i=0
		while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
			eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
			eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
			if [ $NETMASKLEN -lt 128 ]; then
				set_ipv6_network_route "$NETWORK" "$NETMASKLEN"
			else
				set_ipv6_default_route
			fi
			i=`expr $i + 1`
		done
		for i in $INTERNAL_IP4_DNS ; do
			if echo "$i" | grep : >/dev/null; then
				set_ipv6_network_route "$i" "128"
			fi
		done
	elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
		set_ipv6_default_route
	fi
 
	case "$DNS_UPDATE" in
	   *no|*NO|*No|*nO)
	   ;;
	   *)
	   if [ -n "$INTERNAL_IP4_DNS" ]; then
	      $MODIFYRESOLVCONF
	   fi
	   ;;
	esac
 
	if [ -r /etc/vpnc/vpnc-script-post-connect-action ] ; then
	   . /etc/vpnc/vpnc-script-post-connect-action
	fi
 
}
 
do_disconnect() {
 
	# Debian specific, insert your code there to avoid modification of
	# conffiles like this script
	if [ -r /etc/vpnc/vpnc-script-disconnect-action ] ; then
	   . /etc/vpnc/vpnc-script-disconnect-action
	fi
 
	if [ -n "$CISCO_SPLIT_INC" ]; then
		i=0
		while [ $i -lt $CISCO_SPLIT_INC ] ; do
			eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
			eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
			eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
			if [ $NETWORK != "0.0.0.0" ]; then
				# FIXME: This doesn't restore previously overwritten
				#        routes.
				del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
			else
				reset_default_route
			fi
			i=`expr $i + 1`
		done
		for i in $INTERNAL_IP4_DNS ; do
			del_network_route "$i" "255.255.255.255" "32"
		done
	else
		reset_default_route
	fi
	if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
		i=0
		while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
			eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
			eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
			if [ $NETMASKLEN -eq 0 ]; then
				reset_ipv6_default_route
			else
				del_ipv6_network_route "$NETWORK" "$NETMASKLEN"
			fi
			i=`expr $i + 1`
		done
		for i in $INTERNAL_IP6_DNS ; do
			del_ipv6_network_route "$i" "128"
		done
	elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
		reset_ipv6_default_route
	fi
 
	del_vpngateway_route
 
	case "$DNS_UPDATE" in
	   *no|*NO|*No|*nO)
	   ;;
	   *)
	   if [ -n "$INTERNAL_IP4_DNS" ]; then
	      $RESTORERESOLVCONF
	   fi
	   ;;
	esac
	if [ -r /etc/vpnc/vpnc-script-post-disconnect-action ] ; then
	   . /etc/vpnc/vpnc-script-post-disconnect-action
	fi
	destroy_tun_device
}
 
#### Main
 
if [ -z "$reason" ]; then
	echo "this script must be called from vpnc" 1>&2
	exit 1
fi
 
case "$reason" in
	pre-init)
		do_pre_init
		;;
	connect)
		do_connect
		;;
	disconnect)
		do_disconnect
		;;
	*)
		echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2
		exit 1
		;;
esac
 
exit 0

          
        

    
Please sign in to comment on this gist.
public git2samus / vpnc-script Created 2013-06-09

public

git2samus / vpnc-script

Created 2013-06-09
