@ -21,7 +21,7 @@
################
################
#
#
# List of parameters passed through environment
# List of parameters passed through environment
#* reason -- why this script was called, one of: pre-init connect disconnect reconnect
#* reason -- why this script was called, one of: pre-init connect disconnect reconnect attempt-reconnect
#* VPNGATEWAY -- vpn gateway address (always present)
#* VPNGATEWAY -- vpn gateway address (always present)
#* TUNDEV -- tunnel device (always present)
#* TUNDEV -- tunnel device (always present)
#* INTERNAL_IP4_ADDRESS -- address (always present)
#* INTERNAL_IP4_ADDRESS -- address (always present)
@ -36,6 +36,7 @@
#* INTERNAL_IP6_DNS -- IPv6 list of dns servers
#* INTERNAL_IP6_DNS -- IPv6 list of dns servers
#* CISCO_DEF_DOMAIN -- default domain name
#* CISCO_DEF_DOMAIN -- default domain name
#* CISCO_BANNER -- banner from server
#* CISCO_BANNER -- banner from server
#* CISCO_SPLIT_DNS -- dns search domain list
#* CISCO_SPLIT_INC -- number of networks in split-network-list
#* CISCO_SPLIT_INC -- number of networks in split-network-list
#* CISCO_SPLIT_INC_%d_ADDR -- network address
#* CISCO_SPLIT_INC_%d_ADDR -- network address
#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
@ -88,9 +89,6 @@ if [ ! -d "/var/run/vpnc" ]; then
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc
fi
fi
# stupid SunOS: no blubber in /usr/local/bin ... (on stdout)
IPROUTE="`which ip 2> /dev/null | grep '^/'`"
if ifconfig --help 2>&1 | grep BusyBox > /dev/null; then
if ifconfig --help 2>&1 | grep BusyBox > /dev/null; then
ifconfig_syntax_inet=""
ifconfig_syntax_inet=""
else
else
@ -98,11 +96,15 @@ else
fi
fi
if [ "$OS" = "Linux" ]; then
if [ "$OS" = "Linux" ]; then
IPROUTE="`which ip 2> /dev/null | grep '^/'`"
ifconfig_syntax_ptp="pointopoint"
ifconfig_syntax_ptp="pointopoint"
route_syntax_gw="gw"
route_syntax_gw="gw"
route_syntax_del="del"
route_syntax_del="del"
route_syntax_netmask="netmask"
route_syntax_netmask="netmask"
else
else
# iproute2 is Linux only; if `which ip` returns something on another OS, it's likely an unrelated tool
# (see https://github.com/dlenski/openconnect/issues/132#issuecomment-470475009)
IPROUTE=""
ifconfig_syntax_ptp=""
ifconfig_syntax_ptp=""
route_syntax_gw=""
route_syntax_gw=""
route_syntax_del="delete"
route_syntax_del="delete"
@ -116,7 +118,7 @@ else
ifconfig_syntax_ptpv6=""
ifconfig_syntax_ptpv6=""
fi
fi
grep ^hosts /etc/nsswitch.conf|grep resolve >/dev/null 2>&1
grep ^hosts /etc/nsswitch.conf 2>/dev/null |grep resolve >/dev/null 2>&1
if [ $? = 0 ];then
if [ $? = 0 ];then
RESOLVEDENABLED=1
RESOLVEDENABLED=1
else
else
@ -128,17 +130,26 @@ if [ -r /etc/openwrt_release ] && [ -n "$OPENWRT_INTERFACE" ]; then
include /lib/network
include /lib/network
MODIFYRESOLVCONF=modify_resolvconf_openwrt
MODIFYRESOLVCONF=modify_resolvconf_openwrt
RESTORERESOLVCONF=restore_resolvconf_openwrt
RESTORERESOLVCONF=restore_resolvconf_openwrt
elif [ -x /usr/bin/busctl ] && [ ${RESOLVEDENABLED} = 1 ]; then # For systemd-resolved (version 229 and above)
elif [ -x /usr/bin/resolvectl ] && [ ${RESOLVEDENABLED} = 1 ]; then
# For systemd-resolved (version 239 and above)
MODIFYRESOLVCONF=modify_resolved_manager
MODIFYRESOLVCONF=modify_resolved_manager
RESTORERESOLVCONF=restore_resolved_manager
RESTORERESOLVCONF=restore_resolved_manager
elif [ -x /sbin/resolvconf -a "$(basename $(readlink /sbin/resolvconf))" != 'resolvectl' ]; then
elif [ -x /usr/bin/busctl ] && [ ${RESOLVEDENABLED} = 1 ]; then
# For systemd-resolved (version 229 and above)
MODIFYRESOLVCONF=modify_resolved_manager_old
RESTORERESOLVCONF=restore_resolved_manager_old
elif [ -x /sbin/resolvconf ]; then
# Optional tool on Debian, Ubuntu, Gentoo and FreeBSD
# Optional tool on Debian, Ubuntu, Gentoo and FreeBSD
MODIFYRESOLVCONF=modify_resolvconf_manager
MODIFYRESOLVCONF=modify_resolvconf_manager
RESTORERESOLVCONF=restore_resolvconf_manager
RESTORERESOLVCONF=restore_resolvconf_manager
elif [ -x /sbin/netconfig ]; then # tool on Suse after 11.1
elif [ -x /sbin/netconfig ] && [ ! -f /etc/slackware-version ]; then
# tool on Suse after 11.1
# Slackware's netconfig is an unrelated tool that should not be invoked here
# (see https://www.linuxquestions.org/questions/slackware-14/vpnc-on-slackware-14-2-is-bringing-up-network-configuration-dialog-each-time-4175595447/#post5646866)
MODIFYRESOLVCONF=modify_resolvconf_suse_netconfig
MODIFYRESOLVCONF=modify_resolvconf_suse_netconfig
RESTORERESOLVCONF=restore_resolvconf_suse_netconfig
RESTORERESOLVCONF=restore_resolvconf_suse_netconfig
elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1
elif [ -x /sbin/modify_resolvconf ]; then
# Mandatory tool on Suse earlier than 11.1
MODIFYRESOLVCONF=modify_resolvconf_suse
MODIFYRESOLVCONF=modify_resolvconf_suse
RESTORERESOLVCONF=restore_resolvconf_suse
RESTORERESOLVCONF=restore_resolvconf_suse
elif [ -x /usr/sbin/unbound-control ] && /usr/sbin/unbound-control status > /dev/null 2>&1; then
elif [ -x /usr/sbin/unbound-control ] && /usr/sbin/unbound-control status > /dev/null 2>&1; then
@ -188,7 +199,7 @@ do_ifconfig() {
fi
fi
if [ -n "$INTERNAL_IP4_NETMASK" ]; then
if [ -n "$INTERNAL_IP4_NETMASK" ]; then
set_network_route $INTERNAL_IP4_NETADDR $INTERNAL_IP4_NETMASK $INTERNAL_IP4_NETMASKLEN
set_network_route " $INTERNAL_IP4_NETADDR" " $INTERNAL_IP4_NETMASK" " $INTERNAL_IP4_NETMASKLEN" "$TUNDEV"
fi
fi
# If the netmask is provided, it contains the address _and_ netmask
# If the netmask is provided, it contains the address _and_ netmask
@ -226,37 +237,63 @@ destroy_tun_device() {
if [ -n "$IPROUTE" ]; then
if [ -n "$IPROUTE" ]; then
fix_ip_get_output () {
fix_ip_get_output () {
sed -e 's/ /\n/g' | \
sed -e 's/ /\n/g' | \
sed -ne '1p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}'
sed -ne "1 s|\$|${1}|p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}"
}
}
set_vpngateway_route() {
set_vpngateway_route() {
$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
$IPROUTE route flush cache
$IPROUTE route flush cache 2>/dev/null
}
}
del_vpngateway_route() {
del_vpngateway_route() {
$IPROUTE route $route_syntax_del "$VPNGATEWAY"
$IPROUTE route $route_syntax_del "$VPNGATEWAY"
$IPROUTE route flush cache
$IPROUTE route flush cache 2>/dev/null
}
}
set_default_route() {
set_default_route() {
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
$IPROUTE route replace default dev "$TUNDEV"
$IPROUTE route replace default dev "$TUNDEV"
$IPROUTE route flush cache
$IPROUTE route flush cache 2>/dev/null
}
}
set_network_route() {
set_network_route() {
NETWORK="$1"
NETWORK="$1"
NETMASK="$2"
NETMASK="$2"
NETMASKLEN="$3"
NETMASKLEN="$3"
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
NETDEV="$4"
$IPROUTE route flush cache
NETGW="$5"
if [ -n "$NETGW" ]; then
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" via "$NETGW"
else
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
fi
$IPROUTE route flush cache 2>/dev/null
}
set_exclude_route() {
# add explicit route to keep current routing for this target
# (keep traffic separate from VPN tunnel)
NETWORK="$1"
NETMASK="$2"
NETMASKLEN="$3"
$IPROUTE route add `$IPROUTE route get "$NETWORK" | fix_ip_get_output "/$NETMASKLEN"`
$IPROUTE route flush cache 2>/dev/null
}
del_exclude_route() {
# FIXME: In theory, this could delete existing routes which are
# identical to split-exclude routes specificed by VPNGATEWAY
NETWORK="$1"
NETMASK="$2"
NETMASKLEN="$3"
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN"
$IPROUTE route flush cache 2>/dev/null
}
}
reset_default_route() {
reset_default_route() {
if [ -s "$DEFAULT_ROUTE_FILE" ]; then
if [ -s "$DEFAULT_ROUTE_FILE" ]; then
$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
$IPROUTE route flush cache
$IPROUTE route flush cache 2>/dev/null
rm -f -- "$DEFAULT_ROUTE_FILE"
rm -f -- "$DEFAULT_ROUTE_FILE"
fi
fi
}
}
@ -265,40 +302,67 @@ if [ -n "$IPROUTE" ]; then
NETWORK="$1"
NETWORK="$1"
NETMASK="$2"
NETMASK="$2"
NETMASKLEN="$3"
NETMASKLEN="$3"
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
NETDEV="$4"
$IPROUTE route flush cache
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
$IPROUTE route flush cache 2>/dev/null
}
}
set_ipv6_default_route() {
set_ipv6_default_route() {
# We don't save/restore IPv6 default route; just add a higher-priority one.
# We don't save/restore IPv6 default route; just add a higher-priority one.
$IPROUTE -6 route add default dev "$TUNDEV" metric 1
$IPROUTE -6 route add default dev "$TUNDEV" metric 1
$IPROUTE -6 route flush cache
$IPROUTE -6 route flush cache 2>/dev/null
}
}
set_ipv6_network_route() {
set_ipv6_network_route() {
NETWORK="$1"
NETWORK="$1"
NETMASKLEN="$2"
NETMASKLEN="$2"
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
NETDEV="$3"
$IPROUTE route flush cache
NETGW="$4"
if [ -n "$NETGW" ]; then
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV" via "$NETGW"
else
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
fi
$IPROUTE route flush cache 2>/dev/null
}
set_ipv6_exclude_route() {
# add explicit route to keep current routing for this target
# (keep traffic separate from VPN tunnel)
NETWORK="$1"
NETMASKLEN="$2"
$IPROUTE -6 route add `$IPROUTE route get "$NETWORK" | fix_ip_get_output "/$NETMASKLEN"`
$IPROUTE route flush cache 2>/dev/null
}
}
reset_ipv6_default_route() {
reset_ipv6_default_route() {
$IPROUTE -6 route del default dev "$TUNDEV"
$IPROUTE -6 route del default dev "$TUNDEV"
$IPROUTE route flush cache
$IPROUTE route flush cache 2>/dev/null
}
}
del_ipv6_network_route() {
del_ipv6_network_route() {
NETWORK="$1"
NETWORK="$1"
NETMASKLEN="$2"
NETMASKLEN="$2"
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
NETDEV="$3"
$IPROUTE -6 route flush cache
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
$IPROUTE -6 route flush cache 2>/dev/null
}
del_ipv6_exclude_route() {
# FIXME: In theory, this could delete existing routes which are
# identical to split-exclude routes specificed by VPNGATEWAY
NETWORK="$1"
NETMASKLEN="$2"
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN"
$IPROUTE -6 route flush cache 2>/dev/null
}
}
else # use route command
else # use route command
get_default_gw() {
get_default_gw() {
# isn't -n supposed to give --numeric output?
# isn't -n supposed to give --numeric output?
# apperently not...
# apperently not...
# Get rid of lines containing IPv6 addresses (':')
# Get rid of lines containing IPv6 addresses (':')
netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
# Get rid of lines for link-local routes (https://superuser.com/a/1067742)
netstat -r -n | awk '/:/ { next; } /link\#/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
}
}
set_vpngateway_route() {
set_vpngateway_route() {
@ -320,8 +384,34 @@ else # use route command
NETWORK="$1"
NETWORK="$1"
NETMASK="$2"
NETMASK="$2"
NETMASKLEN="$3"
NETMASKLEN="$3"
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
if [ -n "$5" ]; then
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface
NETGW="$5"
else
NETGW="$INTERNAL_IP4_ADDRESS"
fi
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$NETGW" $route_syntax_interface
}
set_exclude_route() {
NETWORK="$1"
NETMASK="$2"
NETMASKLEN="$3"
if [ -z "$DEFAULTGW" ]; then
DEFAULTGW="`get_default_gw`"
fi
# Add explicit route to keep traffic for this target separate
# from tunnel. FIXME: We use default gateway - this is our best
# guess in absence of "ip" command to query effective route.
route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$DEFAULTGW" $route_syntax_interface
}
del_exclude_route() {
# FIXME: This can delete existing routes in case they're
# identical to split-exclude routes specified by VPNGATEWAY
NETWORK="$1"
NETMASK="$2"
NETMASKLEN="$3"
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK"
}
}
reset_default_route() {
reset_default_route() {
@ -333,16 +423,15 @@ else # use route command
}
}
del_network_route() {
del_network_route() {
case "$OS" in
Linux|NetBSD|OpenBSD|Darwin|SunOS) # and probably others...
# routes are deleted automatically on device shutdown
return
;;
esac
NETWORK="$1"
NETWORK="$1"
NETMASK="$2"
NETMASK="$2"
NETMASKLEN="$3"
NETMASKLEN="$3"
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
if [ -n "$5" ]; then
NETGW="$5"
else
NETGW="$INTERNAL_IP4_ADDRESS"
fi
route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$NETGW"
}
}
set_ipv6_default_route() {
set_ipv6_default_route() {
@ -352,7 +441,23 @@ else # use route command
set_ipv6_network_route() {
set_ipv6_network_route() {
NETWORK="$1"
NETWORK="$1"
NETMASK="$2"
NETMASK="$2"
route add -inet6 -net "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS" $route_syntax_interface
if [ -n "$4" ]; then
NETGW="$4"
else
NETGW="$INTERNAL_IP6_ADDRESS"
fi
route add -inet6 -net "$NETWORK/$NETMASK" "$NETGW" $route_syntax_interface
:
}
set_ipv6_exclude_route() {
NETWORK="$1"
NETMASK="$2"
# Add explicit route to keep traffic for this target separate
# from tunnel. FIXME: We use default gateway - this is our best
# guess in absence of "ip" command to query effective route.
route add -inet6 -net "$NETWORK/$NETMASK" "`get_default_gw`" $route_syntax_interface
:
:
}
}
@ -364,7 +469,19 @@ else # use route command
del_ipv6_network_route() {
del_ipv6_network_route() {
NETWORK="$1"
NETWORK="$1"
NETMASK="$2"
NETMASK="$2"
route $route_syntax_del -inet6 "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS"
if [ -n "$4" ]; then
NETGW="$4"
else
NETGW="$INTERNAL_IP6_ADDRESS"
fi
route $route_syntax_del -inet6 "$NETWORK/$NETMASK" "$NETGW"
:
}
del_ipv6_exclude_route() {
NETWORK="$1"
NETMASK="$2"
route $route_syntax_del -inet6 "$NETWORK/$NETMASK"
:
:
}
}
@ -578,7 +695,7 @@ nameserver $i"
done
done
if [ -n "$CISCO_DEF_DOMAIN" ]; then
if [ -n "$CISCO_DEF_DOMAIN" ]; then
NEW_RESOLVCONF="$NEW_RESOLVCONF
NEW_RESOLVCONF="$NEW_RESOLVCONF
domain $CISCO_DEF_DOMAIN"search $CISCO_DEF_DOMAIN"
fi
fi
echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
}
}
@ -614,6 +731,14 @@ busctl_set_nameservers() {
busctl_call SetLinkDNS 'ia(iay)' ${args}
busctl_call SetLinkDNS 'ia(iay)' ${args}
}
}
resolvectl_set_nameservers() {
local if_index addresses
if_index=$1
shift
addresses="$@"
/usr/bin/resolvectl dns $if_index $addresses
}
busctl_set_search() {
busctl_set_search() {
local if_index domains args domain
local if_index domains args domain
if_index=$1
if_index=$1
@ -626,7 +751,25 @@ busctl_set_search() {
busctl_call SetLinkDomains 'ia(sb)' ${args}
busctl_call SetLinkDomains 'ia(sb)' ${args}
}
}
resolvectl_set_search() {
local if_index domains
if_index=$1
shift
domains="$@"
/usr/bin/resolvectl domain $if_index $domains
}
modify_resolved_manager() {
modify_resolved_manager() {
local if_index split_dns_list
if_index=$(get_if_index $TUNDEV)
split_dns_list=$(echo $CISCO_SPLIT_DNS | tr ',' ' ')
resolvectl_set_nameservers $if_index $INTERNAL_IP4_DNS
if [ -n "$CISCO_DEF_DOMAIN" ] || [ -n "$split_dns_list" ]; then
resolvectl_set_search $if_index $CISCO_DEF_DOMAIN $split_dns_list
fi
}
modify_resolved_manager_old() {
local if_index
local if_index
if_index=$(get_if_index $TUNDEV)
if_index=$(get_if_index $TUNDEV)
busctl_set_nameservers $if_index $INTERNAL_IP4_DNS
busctl_set_nameservers $if_index $INTERNAL_IP4_DNS
@ -636,6 +779,12 @@ modify_resolved_manager() {
}
}
restore_resolved_manager() {
restore_resolved_manager() {
local if_index
if_index=$(get_if_index $TUNDEV)
/usr/bin/resolvectl revert $if_index
}
restore_resolved_manager_old() {
local if_index
local if_index
if_index=$(get_if_index $TUNDEV)
if_index=$(get_if_index $TUNDEV)
busctl_call RevertLink 'i' $if_index
busctl_call RevertLink 'i' $if_index
@ -732,6 +881,26 @@ do_connect() {
set_vpngateway_route
set_vpngateway_route
do_ifconfig
do_ifconfig
if [ -n "$CISCO_SPLIT_EXC" ]; then
i=0
while [ $i -lt $CISCO_SPLIT_EXC ] ; do
eval NETWORK="\${CISCO_SPLIT_EXC_${i}_ADDR}"
eval NETMASK="\${CISCO_SPLIT_EXC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_EXC_${i}_MASKLEN}"
set_exclude_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
i=`expr $i + 1`
done
fi
if [ -n "$CISCO_IPV6_SPLIT_EXC" ]; then
# untested
i=0
while [ $i -lt $CISCO_IPV6_SPLIT_EXC ] ; do
eval NETWORK="\${CISCO_IPV6_SPLIT_EXC_${i}_ADDR}"
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_EXC_${i}_MASKLEN}"
set_ipv6_exclude_route "$NETWORK" "$NETMASKLEN"
i=`expr $i + 1`
done
fi
if [ -n "$CISCO_SPLIT_INC" ]; then
if [ -n "$CISCO_SPLIT_INC" ]; then
i=0
i=0
while [ $i -lt $CISCO_SPLIT_INC ] ; do
while [ $i -lt $CISCO_SPLIT_INC ] ; do
@ -739,7 +908,7 @@ do_connect() {
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
if [ "$NETWORK" != "0.0.0.0" ]; then
if [ "$NETWORK" != "0.0.0.0" ]; then
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" "$TUNDEV"
else
else
set_default_route
set_default_route
fi
fi
@ -747,7 +916,7 @@ do_connect() {
done
done
for i in $INTERNAL_IP4_DNS ; do
for i in $INTERNAL_IP4_DNS ; do
echo "$i" | grep : >/dev/null || \
echo "$i" | grep : >/dev/null || \
set_network_route "$i" "255.255.255.255" "32"
set_network_route "$i" "255.255.255.255" "32" "$TUNDEV"
done
done
elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
set_default_route
set_default_route
@ -757,16 +926,16 @@ do_connect() {
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
if [ $NETMASKLEN -lt 128 ]; then
if [ $NETMASKLEN -eq 0 ]; then
set_ipv6_network_route "$NETWORK" "$NETMASKLEN"
else
set_ipv6_default_route
set_ipv6_default_route
else
set_ipv6_network_route "$NETWORK" "$NETMASKLEN" "$TUNDEV"
fi
fi
i=`expr $i + 1`
i=`expr $i + 1`
done
done
for i in $INTERNAL_IP4_DNS ; do
for i in $INTERNAL_IP4_DNS ; do
if echo "$i" | grep : >/dev/null; then
if echo "$i" | grep : >/dev/null; then
set_ipv6_network_route "$i" "128"
set_ipv6_network_route "$i" "128" "$TUNDEV"
fi
fi
done
done
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
@ -788,18 +957,38 @@ do_disconnect() {
if [ "$NETWORK" != "0.0.0.0" ]; then
if [ "$NETWORK" != "0.0.0.0" ]; then
# FIXME: This doesn't restore previously overwritten
# FIXME: This doesn't restore previously overwritten
# routes.
# routes.
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN" "$TUNDEV"
else
else
reset_default_route
reset_default_route
fi
fi
i=`expr $i + 1`
i=`expr $i + 1`
done
done
for i in $INTERNAL_IP4_DNS ; do
for i in $INTERNAL_IP4_DNS ; do
del_network_route "$i" "255.255.255.255" "32"
del_network_route "$i" "255.255.255.255" "32" "$TUNDEV"
done
done
else
else
reset_default_route
reset_default_route
fi
fi
if [ -n "$CISCO_SPLIT_EXC" ]; then
i=0
while [ $i -lt $CISCO_SPLIT_EXC ] ; do
eval NETWORK="\${CISCO_SPLIT_EXC_${i}_ADDR}"
eval NETMASK="\${CISCO_SPLIT_EXC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_EXC_${i}_MASKLEN}"
del_exclude_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
i=`expr $i + 1`
done
fi
if [ -n "$CISCO_IPV6_SPLIT_EXC" ]; then
# untested
i=0
while [ $i -lt $CISCO_IPV6_SPLIT_EXC ] ; do
eval NETWORK="\${CISCO_IPV6_SPLIT_EXC_${i}_ADDR}"
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_EXC_${i}_MASKLEN}"
del_ipv6_exclude_route "$NETWORK" "$NETMASKLEN"
i=`expr $i + 1`
done
fi
if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
i=0
i=0
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
@ -808,12 +997,12 @@ do_disconnect() {
if [ $NETMASKLEN -eq 0 ]; then
if [ $NETMASKLEN -eq 0 ]; then
reset_ipv6_default_route
reset_ipv6_default_route
else
else
del_ipv6_network_route "$NETWORK" "$NETMASKLEN"
del_ipv6_network_route "$NETWORK" "$NETMASKLEN" "$TUNDEV"
fi
fi
i=`expr $i + 1`
i=`expr $i + 1`
done
done
for i in $INTERNAL_IP6_DNS ; do
for i in $INTERNAL_IP6_DNS ; do
del_ipv6_network_route "$i" "128"
del_ipv6_network_route "$i" "128" "$TUNDEV"
done
done
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
reset_ipv6_default_route
reset_ipv6_default_route
@ -874,7 +1063,15 @@ case "$reason" in
do_disconnect
do_disconnect
run_hooks post-disconnect
run_hooks post-disconnect
;;
;;
attempt-reconnect)
# Invoked before each attempt to re-establish the session.
# If the underlying physical connection changed, we might
# be left with a route to the VPN server through the VPN
# itself, which would need to be fixed.
run_hooks attempt-reconnect
;;
reconnect)
reconnect)
# After successfully re-establishing the session.
run_hooks reconnect
run_hooks reconnect
;;
;;
*)
*)
Nikos Mavrogiannopoulos
4 years ago