+++ /dev/null
-#
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=openconnect
-PKG_VERSION:=5.03
-PKG_RELEASE:=1
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/
-PKG_MD5SUM:=ff43ed1dbaccd2537fd7c5bfb04295a6
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/openconnect/config
- source "$(SOURCE)/Config.in"
-endef
-
-define Package/openconnect
- SECTION:=net
- CATEGORY:=Network
- DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls
- TITLE:=VPN client for Cisco's AnyConnect SSL VPN
- URL:=http://www.infradead.org/openconnect/
- SUBMENU:=VPN
-endef
-
-define Package/openconnect/description
- A VPN client compatible with Cisco's AnyConnect SSL VPN and ocserv.
-
- OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
- supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800, 2800,
- 3800, 7200 Series and Cisco 7301 Routers.
-endef
-
-CONFIGURE_ARGS += \
- --disable-shared \
- --with-vpnc-script=/lib/netifd/vpnc-script
-
-ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y)
-CONFIGURE_ARGS += \
- --without-gnutls
-endif
-
-define Package/openconnect/install
- $(INSTALL_DIR) $(1)/lib/netifd/proto
- $(INSTALL_BIN) ./files/openconnect.sh $(1)/lib/netifd/proto/
- $(INSTALL_BIN) ./files/vpnc-script $(1)/lib/netifd/
- $(INSTALL_DIR) $(1)/usr/sbin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/openconnect $(1)/usr/sbin/
-endef
-
-$(eval $(call BuildPackage,openconnect))
+++ /dev/null
-#!/bin/sh
-. /lib/functions.sh
-. ../netifd-proto.sh
-init_proto "$@"
-
-proto_openconnect_init_config() {
- proto_config_add_string "server"
- proto_config_add_int "port"
- proto_config_add_string "username"
- proto_config_add_string "cookie"
- proto_config_add_string "password"
- no_device=1
- available=1
-}
-
-proto_openconnect_setup() {
- local config="$1"
-
- json_get_vars server port username cookie password
-
- grep -q tun /proc/modules || insmod tun
-
- serv_addr=
- for ip in $(resolveip -t 5 "$server"); do
- proto_add_host_dependency "$config" "$server"
- serv_addr=1
- done
- [ -n "$serv_addr" ] || {
- echo "Could not resolve server address"
- sleep 5
- proto_setup_failed "$config"
- exit 1
- }
-
- [ -n "$port" ] && port=":$port"
-
- cmdline="$server$port -i vpn-$config --no-cert-check --non-inter --syslog --script /lib/netifd/vpnc-script"
-
- [ -n "$cookie" ] && append cmdline "-C $cookie"
- [ -n "$username" ] && append cmdline "-u $username"
- [ -n "$password" ] && {
- umask 077
- pwfile="/var/run/openconnect-$config.passwd"
- echo "$password" > "$pwfile"
- append cmdline "--passwd-on-stdin"
- }
-
- proto_export INTERFACE="$config"
- proto_run_command "$config" /usr/sbin/openconnect $cmdline <$pwfile
-}
-
-proto_openconnect_teardown() {
- proto_kill_command "$config"
-}
-
-add_protocol openconnect
+++ /dev/null
-#!/bin/sh
-# List of parameters passed through environment
-#* reason -- why this script was called, one of: pre-init connect disconnect
-#* VPNGATEWAY -- vpn gateway address (always present)
-#* TUNDEV -- tunnel device (always present)
-#* INTERNAL_IP4_ADDRESS -- address (always present)
-#* INTERNAL_IP4_MTU -- mtu (often unset)
-#* INTERNAL_IP4_NETMASK -- netmask (often unset)
-#* INTERNAL_IP4_NETMASKLEN -- netmask length (often unset)
-#* INTERNAL_IP4_NETADDR -- address of network (only present if netmask is set)
-#* INTERNAL_IP4_DNS -- list of dns servers
-#* INTERNAL_IP4_NBNS -- list of wins servers
-#* INTERNAL_IP6_ADDRESS -- IPv6 address
-#* INTERNAL_IP6_NETMASK -- IPv6 netmask
-#* INTERNAL_IP6_DNS -- IPv6 list of dns servers
-#* CISCO_DEF_DOMAIN -- default domain name
-#* CISCO_BANNER -- banner from server
-#* CISCO_SPLIT_INC -- number of networks in split-network-list
-#* CISCO_SPLIT_INC_%d_ADDR -- network address
-#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
-#* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24)
-#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0)
-#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0)
-#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0)
-#* CISCO_IPV6_SPLIT_INC -- number of networks in IPv6 split-network-list
-#* CISCO_IPV6_SPLIT_INC_%d_ADDR -- IPv6 network address
-#* CISCO_IPV6_SPLIT_INC_$%d_MASKLEN -- IPv6 subnet masklen
-
-# FIXMEs:
-
-# Section A: route handling
-
-# 1) The 3 values CISCO_SPLIT_INC_%d_PROTOCOL/SPORT/DPORT are currently being ignored
-# In order to use them, we'll probably need os specific solutions
-# * Linux: iptables -t mangle -I PREROUTING <conditions> -j ROUTE --oif $TUNDEV
-# This would be an *alternative* to changing the routes (and thus 2) and 3)
-# shouldn't be relevant at all)
-# 2) There are two different functions to set routes: generic routes and the
-# default route. Why isn't the defaultroute handled via the generic route case?
-# 3) In the split tunnel case, all routes but the default route might get replaced
-# without getting restored later. We should explicitely check and save them just
-# like the defaultroute
-# 4) Replies to a dhcp-server should never be sent into the tunnel
-
-# Section B: Split DNS handling
-
-# 1) Maybe dnsmasq can do something like that
-# 2) Parse dns packets going out via tunnel and redirect them to original dns-server
-
-do_connect() {
- if [ -n "$CISCO_BANNER" ]; then
- echo "Connect Banner:"
- echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
- echo
- fi
-
- proto_init_update "$TUNDEV" 1
-
- if [ -n "$INTERNAL_IP4_MTU" ]; then
- MTU=$INTERNAL_IP4_MTU
- fi
-
- if [ -z "$MTU" ]; then
- MTU=1412
- fi
-
- proto_add_ipv4_address "$INTERNAL_IP4_ADDRESS" 32 "" "$INTERNAL_IP4_ADDRESS"
-
- if [ -n "$INTERNAL_IP4_NETMASKLEN" ]; then
- proto_add_ipv4_route "$INTERNAL_IP4_NETADDR" "$INTERNAL_IP4_NETMASKLEN"
- fi
-
- # If the netmask is provided, it contains the address _and_ netmask
- if [ -n "$INTERNAL_IP6_ADDRESS" ] && [ -z "$INTERNAL_IP6_NETMASK" ]; then
- INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128"
- fi
-
- if [ -n "$INTERNAL_IP6_NETMASK" ]; then
- addr="${INTERNAL_IP6_NETMASK%%/*}"
- mask="${INTERNAL_IP6_NETMASK##*/}"
- [[ "$addr" != "$mask" ]] && proto_add_ipv6_address "$addr" "$mask"
- fi
-
- [ -n "$INTERNAL_IP4_DNS" ] && proto_add_dns_server "$INTERNAL_IP4_DNS"
- [ -n "$CISCO_DEF_DOMAIN" ] && proto_add_dns_search "$CISCO_DEF_DOMAIN"
-
- if [ -n "$CISCO_SPLIT_INC" ]; then
- i=0
- while [ $i -lt $CISCO_SPLIT_INC ] ; do
- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
- if [ $NETWORK != "0.0.0.0" ]; then
- proto_add_ipv4_route "$NETWORK" "$NETMASKLEN"
- else
- proto_add_ipv4_route "0.0.0.0" 0
- fi
- i=$(($i + 1))
- done
- elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
- proto_add_ipv4_route "0.0.0.0" 0
- fi
- if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
- i=0
- while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
- eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
- eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
- if [ $NETMASKLEN -lt 128 ]; then
- proto_add_ipv6_route "$NETWORK" "$NETMASKLEN"
- else
- proto_add_ipv6_route "::0" 0
- fi
- i=$(($i + 1))
- done
- elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
- proto_add_ipv6_route "::0" 0
- fi
- proto_send_update "$INTERFACE"
-}
-
-do_disconnect() {
- proto_init_update "$TUNDEV" 0
- proto_send_update "$INTERFACE"
-}
-
-#### Main
-
-if [ -z "$reason" ]; then
- echo "this script must be called from vpnc" 1>&2
- exit 1
-fi
-if [ -z "$INTERFACE" ]; then
- echo "this script must be called for an active interface"
- exit 1
-fi
-
-. /lib/netifd/netifd-proto.sh
-
-case "$reason" in
- pre-init)
- ;;
- connect)
- do_connect
- ;;
- disconnect)
- do_disconnect
- ;;
- reconnect)
- ;;
- *)
- echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2
- exit 1
- ;;
-esac
-
-exit 0
projects / openwrt / svn-archive / packages.git / commitdiff