Hi,
Quite a few things i missed in the last patch. now added all missing files. the
resolv.conf is not yet working, i had no idea yet.
The routes are working now, default is all traffic through the vpnc tunnel. to
modify this behavior, change /etc/vpnc/vpnc-route accordingly.
A little problem arises: if first setting up ppp0, then vpnc, the "old"
default route of vpnc will be "default dev ppp0" which is correct. But if first
shutting down ppp0 and then vpnc (same order as up!), vpnc will try to restore
the default route to "default dev ppp0" which is down by then... i don't know
if this is important to freewrt but it is not really corerct.
Can someone help me setting up a sed regex that filters out the corresponding
"nameserver xx.xx.xx.xx" lines of /etc/resolv.conf when given the ip? I didn't
use sed at all, yet.
Clemens
On Thu, Apr 12, 2007 at 12:59:39AM +0200, Clemens Helfmeier wrote:
> Hi,
>
> vpnc did not work here, so i did a little fix. There was much unreadable stff
> in
> the old vpnc-script which i removed. Currently my idea of vpnc is that
> after setting up the tunnel, no traffic is routed through it. The user must
> first edit /etc/vpnc/vpnc-route apropriatly (inserting some "ip route add
> target/mask dev tun0") to use the tunnel. Maybe setting the default route in
> there by default is a good choice. I didn't do that because i do not use my
> vpnc
> as a default route. Only a little part is routed through my tunnel.
>
> /etc/reslv.conf is not yet edited. Maybe someone could give me a hint how to
> sort out the lines when closing the tunnel. I didn't have any good idea other
> than using backup-files which is not a good idea if network interfaces are
> deconfigured in different orders than they are configred.
>
> Clemens
>
>
Index: package/vpnc/files/vpnc-route
===================================================================
--- package/vpnc/files/vpnc-route (Revision 0)
+++ package/vpnc/files/vpnc-route (Revision 0)
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#* VPNGATEWAY -- vpn gateway address (always present)
+#* TUNDEV -- tunnel device (always present)
+#* INTERNAL_IP4_ADDRESS -- address (always present)
+
+
+# Set up the routing table for the kernel.
+# This script must be modified in order to route the traffic through the
+# VPN tunnel.
+
+if [ "x$TUNDEV" == "x" ]; then
+ echo "No TUNDEV given. Script must be called from vpnc-script"
+ exit 1;
+fi
+
+case "$1" in
+ start)
+ ip route show 0.0.0.0/0 > /var/run/vpnc/default.old
+ ip route del 0.0.0.0/0
+ ip route add 0.0.0.0/0 dev $TUNDEV
+ ;;
+ stop)
+ ip route del 0.0.0.0/0
+ ip route add `cat /var/run/vpnc/default.old`
+ rm /var/run/vpnc/default.old
+ ;;
+esac;
+
+
+exit 0;
Eigenschafts?nderungen: package/vpnc/files/vpnc-route
___________________________________________________________________
Name: svn:executable
+ *
Index: package/vpnc/patches/patch-vpnc-script
===================================================================
--- package/vpnc/patches/patch-vpnc-script (Revision 0)
+++ package/vpnc/patches/patch-vpnc-script (Revision 0)
@@ -0,0 +1,311 @@
+$FreeWRT$
+--- vpnc-0.3.3.orig/vpnc-script 2005-05-05 19:05:18.000000000 +0200
++++ vpnc-0.3.3/vpnc-script 2007-04-12 00:26:24.000000000 +0200
+@@ -16,258 +16,71 @@
+ #* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0)
+ #* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0)
+
+-#set -x
+-
+-OS="`uname -s`"
+-DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
+-RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
+-
+-IPROUTE="`which ip 2> /dev/null`"
+-
+-if [ "$OS" = "Linux" ]; then
+- ifconfig_syntax_ptp="pointopoint"
+- route_syntax_gw="gw"
+- route_syntax_del="del"
+- route_syntax_netmask="netmask"
+-else
+- ifconfig_syntax_ptp=""
+- route_syntax_gw=""
+- route_syntax_del="delete"
+- route_syntax_netmask="-netmask"
+-fi
+-
+-####
+-
+ do_pre_init() {
+- if [ "$OS" = "Linux" ]; then
+- if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
+- :
+- else # can't open /dev/net/tun
+- test -e /proc/sys/kernel/modprobe && `cat
/proc/sys/kernel/modprobe` tun 2>/dev/null
+- # fix for broken devfs in kernel 2.6.x
+- if [ "`readlink /dev/net/tun`" = misc/net/tun \
+- -a ! -e /dev/net/misc/net/tun -a -e
/dev/misc/net/tun ] ; then
+- ln -sf /dev/misc/net/tun /dev/net/tun
+- fi
+- # make sure tun device exists
+- if [ ! -e /dev/net/tun ]; then
+- mkdir -p /dev/net
+- mknod -m 0640 /dev/net/tun c 10 200
+- fi
+- fi
+- elif [ "$OS" = "FreeBSD" ]; then
+- :
+- elif [ "$OS" = "NetBSD" ]; then
+- :
+- elif [ "$OS" = "OpenBSD" ]; then
+- :
+- elif [ "$OS" = "SunOS" ]; then
++ # bevore doing anything, make shure, the tun module is loaded and the
++ # tun device nodes exist.
++ if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
+ :
++ else # can't open /dev/net/tun
++ test -e /proc/sys/kernel/modprobe && `cat
/proc/sys/kernel/modprobe` tun 2>/dev/null
++ # fix for broken devfs in kernel 2.6.x
++ if [ "`readlink /dev/net/tun`" = misc/net/tun \
++ -a ! -e /dev/net/misc/net/tun -a -e /dev/misc/net/tun ]
; then
++ ln -sf /dev/misc/net/tun /dev/net/tun
++ fi
++ # make sure tun device exists
++ if [ ! -e /dev/net/tun ]; then
++ mkdir -p /dev/net
++ mknod -m 0640 /dev/net/tun c 10 200
++ fi
+ fi
++ echo "pre-init successful."
+ }
+
+-do_ifconfig() {
+- ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp
"$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up
+-}
+-
+-if [ -n "$IPROUTE" ]; then
+- fix_ip_get_output () {
+- sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g'
+- }
++do_connect() {
++ # after connection is established, we should update resolv.conf
++ # and the kernel routing table
+
+- set_vpngateway_route() {
+- $IPROUTE route add `ip route get "$VPNGATEWAY" |
fix_ip_get_output`
+- $IPROUTE route flush cache
+- }
+-
+- del_vpngateway_route() {
+- $IPROUTE route del "$VPNGATEWAY"
+- $IPROUTE route flush cache
+- }
+-
+- set_default_route() {
+- $IPROUTE route | grep '^default' | fix_ip_get_output >
"$DEFAULT_ROUTE_FILE"
+- $IPROUTE route del default
+- $IPROUTE route add default dev "$TUNDEV"
+- $IPROUTE route flush cache
+- }
+-
+- set_network_route() {
+- NETWORK="$1"
+- NETMASK="$2"
+- NETMASKLEN="$3"
+- $IPROUTE route add "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
+- $IPROUTE route flush cache
+- }
+-
+- reset_default_route() {
+- $IPROUTE route del default > /dev/null 2>&1
+- $IPROUTE route add `cat "$DEFAULT_ROUTE_FILE"`
+- $IPROUTE route flush cache
+- }
+-
+- del_network_route() {
+- # linux deletes routes automatically if the device is shut down
+- return
+- #NETWORK="$1"
+- #NETMASK="$2"
+- #NETMASKLEN="$3"
+- #$IPROUTE route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
+- #$IPROUTE route flush cache
+- }
+-else
+- get_default_gw() {
+- netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
+- }
+-
+- set_vpngateway_route() {
+- route add -host "$VPNGATEWAY" $route_syntax_gw
"`get_default_gw`"
+- }
++ # set up the interface
++ echo "setting up tun device $TUNDEV"
++ cmd="ifconfig $TUNDEV $INTERNAL_IP4_ADDRESS pointopoint
$INTERNAL_IP4_ADDRESS mtu 1412 up"
++ echo $cmd
++ $cmd
+
+- del_vpngateway_route() {
+- route $route_syntax_del -host "$VPNGATEWAY"
+- }
+-
+- set_default_route() {
+- DEFAULTGW="`get_default_gw`"
+- echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE"
+- route $route_syntax_del default
+- route add default $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
+- }
+-
+- set_network_route() {
+- NETWORK="$1"
+- NETMASK="$2"
+- NETMASKLEN="$3"
+- route add -net "$NETWORK" $route_syntax_netmask "$NETMASK"
$route_syntax_gw "$INTERNAL_IP4_ADDRESS"
+- }
+-
+- reset_default_route() {
+- route $route_syntax_del default
+- route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"`
+- }
+-
+- del_network_route() {
+- if [ "$OS" = "Linux" ]; then
+- # linux deletes routes automatically if the device is
shut down
+- return
+- fi
+- NETWORK="$1"
+- NETMASK="$2"
+- NETMASKLEN="$3"
+- route $route_syntax_del -net "$NETWORK" $route_syntax_netmask
"$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
+- }
+-fi
++ # set up the route to the remote side
++ echo "adding route to gateway $VPNGATEWAY"
++ cmd="ip route add `ip route get "$VPNGATEWAY"`"
++ echo $cmd
++ $cmd
++ ip route flush cache
+
+-write_resolvconf() {
+- grep '[EMAIL PROTECTED]@' /etc/resolv.conf > /dev/null 2>&1 || cp --
/etc/resolv.conf "$RESOLV_CONF_BACKUP"
+- NEW_RESOLVCONF="[EMAIL PROTECTED]@ -- this file is generated by vpnc
+-# and will be overwritten by vpnc
+-# as long as the above mark is intact"
+-
+- exec 6< /etc/resolv.conf
+- while read LINE <&6 ; do
+- case "$LINE" in
+- nameserver*)
+- if [ -n "$INTERNAL_IP4_DNS" ]; then
+- read ONE_NAMESERVER INTERNAL_IP4_DNS
<<-EOF
+- $INTERNAL_IP4_DNS
+-EOF
+- LINE="nameserver $ONE_NAMESERVER"
+- else
+- LINE=""
+- fi
+- ;;
+- domain*|search*)
+- if [ -n "$CISCO_DEF_DOMAIN" ]; then
+- LINE="$LINE $CISCO_DEF_DOMAIN"
+- CISCO_DEF_DOMAIN=""
+- fi
+- ;;
+- esac
+- NEW_RESOLVCONF="$NEW_RESOLVCONF
+-$LINE"
+- done
+- exec 6<&-
+-
+- for i in $INTERNAL_IP4_DNS ; do
+- NEW_RESOLVCONF="$NEW_RESOLVCONF
+-nameserver $i"
+- done
+- if [ -n "$CISCO_DEF_DOMAIN" ]; then
+- NEW_RESOLVCONF="$NEW_RESOLVCONF
+-search $CISCO_DEF_DOMAIN"
+- fi
+- echo "$NEW_RESOLVCONF" > /etc/resolv.conf
+-}
++ # set up the default routes via vpnc-route
++ echo "starting vpnc-route"
++ /etc/vpnc/vpnc-route start
+
+-reset_resolvconf() {
+- if [ ! -e "$RESOLV_CONF_BACKUP" ]; then
+- return
++ if [ "x$INTERNAL_IP4_DNS" != "x" ]; then
++ # set up the dns servers (add to resolv.conf)
++ echo "setting up DNS server"
++ :
+ fi
+- grep '[EMAIL PROTECTED]@' /etc/resolv.conf > /dev/null 2>&1 && cat
"$RESOLV_CONF_BACKUP" > /etc/resolv.conf
+- rm -f -- "$RESOLV_CONF_BACKUP"
+-}
+
+-do_connect() {
+- if [ -n "$CISCO_BANNER" ]; then
+- echo "Connect Banner:"
+- echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ;
done
+- echo
+- fi
+-
+- do_ifconfig
+- set_vpngateway_route
+- if [ -n "$CISCO_SPLIT_INC" ]; then
+- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
+- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
+- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
+- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
+- set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
+- done
+- for i in $INTERNAL_IP4_DNS ; do
+- set_network_route "$i" "255.255.255.255" "32"
+- done
+- else
+- set_default_route
+- fi
+-
+- if [ -n "$INTERNAL_IP4_DNS" ]; then
+- write_resolvconf
+- fi
+ }
+
+ do_disconnect() {
+- if [ -n "$CISCO_SPLIT_INC" ]; then
+- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
+- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
+- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
+- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
+- del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
+- done
+- for i in $INTERNAL_IP4_DNS ; do
+- del_network_route "$i" "255.255.255.255" "32"
+- done
+- else
+- if [ -s "$DEFAULT_ROUTE_FILE" ]; then
+- reset_default_route
+- rm -f -- "$DEFAULT_ROUTE_FILE"
+- fi
+- fi
+-
+- del_vpngateway_route
+-
+- if [ -n "$INTERNAL_IP4_DNS" ]; then
+- reset_resolvconf
+- fi
+-}
++ # remove the nameserver from resolv.conf
++ # and restore the old routing table
+
+-####
++ # remove route to gateway
++ ip route del $VPNGATEWAY
+
+-if [ -z "$reason" ]; then
+- echo "this script must be called from vpnc" 1>&2
+- exit 1
+-fi
++ # remove default routes
++ /etc/vpnc/vpnc-route stop
++
++ # remove the dns servers from resolv.conf
++
++ # deconfigure network interface
++ ifconfig $TUNDEV down
++}
+
+ case "$reason" in
+ pre-init)
Index: package/vpnc/ipkg/vpnc.conffiles
===================================================================
--- package/vpnc/ipkg/vpnc.conffiles (Revision 2354)
+++ package/vpnc/ipkg/vpnc.conffiles (Arbeitskopie)
@@ -1,2 +1,4 @@
/etc/vpnc/vpnc.conf
/etc/vpnc/vpnc-script
+/etc/vpnc/vpnc-route
+
Index: package/vpnc/Makefile
===================================================================
--- package/vpnc/Makefile (Revision 2354)
+++ package/vpnc/Makefile (Arbeitskopie)
@@ -27,5 +27,7 @@
post-install:
${CP} ${WRKINST}/* ${IDIR_VPNC}/
+ ${CP} files/vpnc-route ${IDIR_VPNC}/etc/vpnc/
+ ${INSTALL_DIR} ${IDIR_VPNC}/var/run/vpnc
include ${TOPDIR}/mk/pkg-bottom.mk
_______________________________________________
freewrt-developers mailing list
[EMAIL PROTECTED]
https://www.freewrt.org/lists/listinfo/freewrt-developers
