proto_config_add_string "server"
proto_config_add_int "port"
proto_config_add_string "username"
- proto_config_add_string "cookie"
+ proto_config_add_string "serverhash"
+ proto_config_add_string "authgroup"
proto_config_add_string "password"
no_device=1
available=1
proto_openconnect_setup() {
local config="$1"
- json_get_vars server port username cookie password
+ json_get_vars server port username serverhash authgroup password vgroup
grep -q tun /proc/modules || insmod tun
+ logger -t openconnect "initializing..."
serv_addr=
for ip in $(resolveip -t 5 "$server"); do
proto_add_host_dependency "$config" "$server"
serv_addr=1
done
[ -n "$serv_addr" ] || {
- echo "Could not resolve server address"
+ logger -t openconnect "Could not resolve server address"
sleep 5
proto_setup_failed "$config"
exit 1
[ -n "$port" ] && port=":$port"
- cmdline="$server$port -i vpn-$config --no-cert-check --non-inter --syslog --script /lib/netifd/vpnc-script"
+ cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
- [ -n "$cookie" ] && append cmdline "-C $cookie"
+ [ -f /etc/openconnect/ca.pem ] && append cmdline "--cafile /etc/openconnect/ca.pem"
+ [ -f /etc/openconnect/user-cert.pem ] && append cmdline "-c /etc/openconnect/user-cert.pem"
+ [ -f /etc/openconnect/user-key.pem ] && append cmdline "--sslkey /etc/openconnect/user-key.pem"
+ [ -n "$serverhash" ] && append cmdline "--servercert=$serverhash"
+ [ -n "$authgroup" ] && append cmdline "--authgroup $authgroup"
[ -n "$username" ] && append cmdline "-u $username"
[ -n "$password" ] && {
umask 077
}
proto_export INTERFACE="$config"
- proto_run_command "$config" /usr/sbin/openconnect $cmdline <$pwfile
+ logger -t openconnect "executing 'openconnect $cmdline'"
+
+ if [ -f "$pwfile" ];then
+ proto_run_command "$config" /usr/sbin/openconnect $cmdline <$pwfile
+ else
+ proto_run_command "$config" /usr/sbin/openconnect $cmdline
+ fi
}
proto_openconnect_teardown() {
+ pwfile="/var/run/openconnect-$config.passwd"
+
+ rm -f $pwfile
+ logger -t openconnect "bringing down openconnect"
proto_kill_command "$config"
}
do_connect() {
if [ -n "$CISCO_BANNER" ]; then
- echo "Connect Banner:"
- echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
- echo
+ logger -t openconnect "Connect Banner:"
+ logger -t openconnect "$CISCO_BANNER" | while read LINE ; do logger -t openconnect "|" "$LINE" ; done
fi
proto_init_update "$TUNDEV" 1
#### Main
if [ -z "$reason" ]; then
- echo "this script must be called from vpnc" 1>&2
+ logger -t openconnect "this script must be called from vpnc" 1>&2
exit 1
fi
if [ -z "$INTERFACE" ]; then
- echo "this script must be called for an active interface"
+ logger -t openconnect "this script must be called for an active interface"
exit 1
fi
reconnect)
;;
*)
- echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2
+ logger -t openconnect "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2
exit 1
;;
esac
projects / feed / packages.git / commitdiff