rpms
/
ocserv
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ship a default ocserv-script, which will put connecting clients into the internal firewall zone.

Browse Source
epel9
Nikos Mavrogiannopoulos 10 years ago
parent 7152f9c08c
commit fcf19fcfac
3 changed files with 22 additions and 5 deletions
Show Stats Download Patch File Download Diff File

10
ocserv-script
Unescape View File

@ -0,0 +1,10 @@
#!/bin/sh
if [ "$REASON" = "connect" ];then
# add the user's interface into the internal zone
firewall-cmd --zone=internal --add-interface=$DEVICE
else
firewall-cmd --zone=internal --remove-interface=$DEVICE
fi
exit 0

7
ocserv.conf
Unescape View File

@ -151,8 +151,8 @@ rekey-method = ssl
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP # DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client), # in the P-t-P connection), IP_REMOTE (the VPN IP of the client),
# ID (a unique numeric ID); REASON may be "connect" or "disconnect". # ID (a unique numeric ID); REASON may be "connect" or "disconnect".
#connect-script = /usr/bin/myscript #connect-script = /usr/bin/ocserv-script
#disconnect-script = /usr/bin/myscript #disconnect-script = /usr/bin/ocserv-script
# UTMP # UTMP
use-utmp = true use-utmp = true
@ -285,8 +285,7 @@ route = 192.168.1.0/255.255.255.0
#default-select-group = DEFAULT #default-select-group = DEFAULT
# Instead of specifying manually all the allowed groups, you may instruct # Instead of specifying manually all the allowed groups, you may instruct
# ocserv to scan all available groups and include the full list. That # ocserv to scan all available groups and include the full list.
# option is only functional on plain authentication.
#auto-select-group = true #auto-select-group = true
# The system command to use to setup a route. %R will be replaced with the # The system command to use to setup a route. %R will be replaced with the

10
ocserv.spec
Unescape View File

@ -1,6 +1,6 @@
Name: ocserv Name: ocserv
Version: 0.8.4 Version: 0.8.4
Release: 1%{?dist} Release: 2%{?dist}
Summary: OpenConnect SSL VPN server Summary: OpenConnect SSL VPN server
# For a breakdown of the licensing, see PACKAGE-LICENSING # For a breakdown of the licensing, see PACKAGE-LICENSING
@ -14,6 +14,7 @@ Source3: ocserv-pamd.conf
Source4: PACKAGE-LICENSING Source4: PACKAGE-LICENSING
Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig
Source7: ocserv-genkey Source7: ocserv-genkey
Source8: ocserv-script
# Taken from upstream: # Taken from upstream:
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09 # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
@ -111,6 +112,8 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/
install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/ install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/
mkdir -p %{buildroot}/%{_sbindir} mkdir -p %{buildroot}/%{_sbindir}
install -p -m 755 %{SOURCE7} %{buildroot}/%{_sbindir} install -p -m 755 %{SOURCE7} %{buildroot}/%{_sbindir}
mkdir -p %{buildroot}/%{_bindir}
install -p -m 755 %{SOURCE8} %{buildroot}/%{_bindir}
%make_install %make_install
%clean %clean
@ -132,12 +135,17 @@ rm -rf %{buildroot}
%{_mandir}/man8/ocpasswd.8* %{_mandir}/man8/ocpasswd.8*
%{_bindir}/ocpasswd %{_bindir}/ocpasswd
%{_bindir}/occtl %{_bindir}/occtl
%{_bindir}/ocserv-script
%{_sbindir}/ocserv %{_sbindir}/ocserv
%{_sbindir}/ocserv-genkey %{_sbindir}/ocserv-genkey
%{_unitdir}/ocserv.service %{_unitdir}/ocserv.service
%{_localstatedir}/lib/ocserv/profile.xml %{_localstatedir}/lib/ocserv/profile.xml
%changelog %changelog
* Thu Sep 09 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-2
- Ship a default ocserv-script, which will put connecting clients
into the internal firewall zone.
* Thu Aug 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-1 * Thu Aug 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-1
- New upstream release - New upstream release

Write Preview
Loading…
Cancel
Save