Am 26.02.2018 um 16:27 schrieb David Woodhouse:
>
>
> On Wed, 2018-02-21 at 17:46 +0100, Gernot Hillier wrote:
>> OpenConnect already sets the according environment variables when the Pulse
>> gateway sends "split-exclude" routes, so we only need to handle them
>
Hi!
(Sorry for the duplicated answer, hit the wrong button while sitting in
a shaky train... :-( )
Am 21.02.2018 um 18:19 schrieb Kevin Cernekee:
> On Wed, Feb 21, 2018 at 8:46 AM, Gernot Hillier
> wrote:
>> The vpnc-script used by OpenConnect only supports "split include&qu
Am 21.02.2018 um 18:19 schrieb Kevin Cernekee:
> On Wed, Feb 21, 2018 at 8:46 AM, Gernot Hillier
> wrote:
>> The vpnc-script used by OpenConnect only supports "split include" rules
>> (default
>> route unchanged, specific VPN routes added). We add support for Pu
Hi there!
Am 12.12.2017 um 16:52 schrieb David Woodhouse:
> On Tue, 2017-12-12 at 16:38 +0100, Gernot Hillier wrote:
>> As these changes are relevant for many Siemens colleagues using Linux,
>> I'm definitely willing to continue improving them - given that you are
>> (i
Extend the *_network_route helper functions by parameters to specify device
and, optionally, gateway for the route.
Signed-off-by: Gernot Hillier
Tested-by: Thomas Zander
---
vpnc-script | 69 ++---
1 file changed, 52 insertions(+), 17
ding testbeds.
Tested on Linux (using ip and route command) in a IPv4 environment, "ip"
case also tested in a IPv6 dialup config (gateway is IPv4 only).
Signed-off-by: Gernot Hillier
---
vpnc-script | 117
1 file changed, 1
s function didn't do anything until now. So remove this
call -- it's a bad idea to call del_network_route inside set_network_route
anyways because both modify the same global variables.
Signed-off-by: Gernot Hillier
Tested-by: Thomas Zander
---
vpnc-script | 7 ---
1 file changed,
nfortunately, our (scarce) BSD users
had no chance to test v3 so far and I didn't want to further delay patch
submission.
Gernot Hillier (3):
Support split-exclude rules from Pulse gateway
Revive route cleanup for /sbin/route code
Support routes with di
already in the background.
Did I overlook anything or is there currently no mechanism to get this
information? So my best bet would be to add some custom (D-Bus?)
notification to my vpnc-script right?
--
Gernot Hillier
Siemens AG, Corporate Competence Center
out implementing something similar like
juniper-vpn.py from https://github.com/russdill/juniper-vpn-py which
does our company-specific auth dance and then just calls openconnect
with the DSID cookie...
That said, finding a working PKCS#11 solution for Python turned out to
Am 30.10.2017 um 15:04 schrieb Gernot Hillier:
> OpenConnect already sets the according environment variables when the Pulse
> gateway sends "split-exclude" routes, so we only need to handle them
> in vpnc-script.
>
> Patch history:
>
> Original series:
> - ass
Hi there!
On Oct, 30th 15:04 Gernot Hillier wrote:
> OpenConnect already sets the according environment variables when the Pulse
> gateway sends "split-exclude" routes, so we only need to handle them
> in vpnc-script.
Might I ask for your review/feedback regarding these patche
s function didn't do anything until now. So remove this
call -- it's a bad idea to call del_network_route inside set_network_route
anyways because both modify the same global variables.
Signed-off-by: Gernot Hillier
Tested-by: Thomas Zander
---
vpnc-script | 7 ---
1 file changed,
argets specified as split-exclude by the gateway, we add additional routes
which keep traffic as-is (i.e. separate from tunnel). On platforms only
providing /sbin/route, we guess that those are reached via default gateway.
Tested on Linux/OpenSUSE (using ip and route command).
Signed-off-by: Gernot Hilli
Extend the *_network_route helper functions by parameters to specify device
and, optionally, gateway for the route.
Signed-off-by: Gernot Hillier
Tested-by: Thomas Zander
---
vpnc-script | 69 ++---
1 file changed, 52 insertions(+), 17
Please let me know what you think about the re-work.
Original patches were tested successfully on Linux and FreeBSD and
"partially-acked" by dlen...@gmail.com. v2 is successfully tested on Linux
using "ip route" and /sbin/route mode, FreeBSD results will follow soon.
Gernot
Hi!
Am 17.10.2017 um 14:35 schrieb [ext] Gernot Hillier:
> Am 17.10.2017 um 12:12 schrieb David Woodhouse:
>> On Tue, 2017-10-17 at 10:54 +0200, Gernot Hillier wrote:
>>> Ah, and BTW, these are global, not local variables. Something which made
>>> me scratching my he
Am 17.10.2017 um 12:12 schrieb David Woodhouse:
> On Tue, 2017-10-17 at 10:54 +0200, Gernot Hillier wrote:
>> Ah, and BTW, these are global, not local variables. Something which made
>> me scratching my head for quite some time when looking for a bug in the
>> /sbin/route
ugly hack to support NetworkManager setups in case you can't use
NetworkManager plugin for OpenConnect
+ if nmcli c show --active | grep -q "$TUNDEV"; then
+ echo "Telling nmcli to forget $TUNDEV configuration"
+ nmcli c delete $TUNDEV
+ else
+
Am 17.10.2017 um 12:13 schrieb David Woodhouse:
> On Tue, 2017-10-17 at 10:35 +0200, Gernot Hillier wrote:
>>
>>> Is this tested in *BSD, Solaris, OSX, etc?
>>
>> Nope, sorry, only Linux (and Windows) machines here. I forced it to use
>> /sbin/route instead
Am 17.10.2017 um 10:35 schrieb [ext] Gernot Hillier:
> Dear David!
>
> Thanks for reviewing!
>
> Am 17.10.2017 um 10:04 schrieb David Woodhouse:
>> On Wed, 2017-10-11 at 22:39 +0200, Gernot Hillier wrote:
>>> Extend the *_network_route helper functions by parame
Am 17.10.2017 um 10:07 schrieb David Woodhouse:
> On Wed, 2017-10-11 at 22:40 +0200, Gernot Hillier wrote:
>>
>> + get_uplink_gw() {
>> + # If we have a specific route to VPNGATEWAY, then this is our
>> + # Internet uplink (VPN tunne
Dear David!
Thanks for reviewing!
Am 17.10.2017 um 10:04 schrieb David Woodhouse:
> On Wed, 2017-10-11 at 22:39 +0200, Gernot Hillier wrote:
>> Extend the *_network_route helper functions by parameters to specify device
>> and, optionally, gateway for the route.
>
> I
xx.xxx: gateway xxx.xxx.xxx.xxx
> route: route has not been found
So do those errors make any sense to you?
I would suggest to find out the exact commands to be run (e.g. by adding
echos to the script or by starting it using "bash -x") and try to
run/fix them manually to understan
Am 16.10.2017 um 20:54 schrieb Daniel Lenski:
> On Wed, Oct 11, 2017 at 1:39 PM, Gernot Hillier
> wrote:
>> OpenConnect already sets the according environment variables when the Pulse
>> gateway sends "split-exclude" routes, so we only need to handle them
>> in
penSUSE 42.2 using ip and route command. IPv6 part completely
untested.
Signed-off-by: Gernot Hillier
---
vpnc-script | 48
1 file changed, 48 insertions(+)
diff --git a/vpnc-script b/vpnc-script
index d04bba9..50ce252 100755
--- a/vpnc-script
++
bles.
Signed-off-by: Gernot Hillier
---
vpnc-script | 7 ---
1 file changed, 7 deletions(-)
diff --git a/vpnc-script b/vpnc-script
index 50ce252..f0503ff 100755
--- a/vpnc-script
+++ b/vpnc-script
@@ -370,7 +370,6 @@ else # use route command
else
NETGW=&q
Add helper functions to get network device and gateway of default route of our
Internet uplink (not the VPN tunnel). (As bonus, we have get_default_dev for
/sbin/route mode to get information about currently active default route just
to complement get_default_gw.)
Signed-off-by: Gernot Hillier
Extend the *_network_route helper functions by parameters to specify device
and, optionally, gateway for the route.
Signed-off-by: Gernot Hillier
---
vpnc-script | 67 +
1 file changed, 50 insertions(+), 17 deletions(-)
diff --git a
VPN connection with
split-exclude routes on your ancient embedded device can become reality!
Please let me know if you prefer a different patch splitup, removal of untested
IPv6 code or similar!
Gernot Hillier
Siemens AG, Corporate Competence Center Embedded Linux
Gernot Hillier (4):
Support r
30 matches
Mail list logo
