Once again vpnc,
Ok, hopefully final version now. DNS is working (thanks to ulmen and his link
to
a good sed page, which told me that grep can also do the job i was looking
for very easily ;)
The "problem" with incorrect order of interface up/down has not been solved. I
don't know any method other than the one now used with resolv.conf:
Build a file, that consists of lines containing the information what default
routes are available and let a script determine the best one to set. On
interface up/down one could simply add/remove lines to that file and call the
script to set up the default route.
I think this is kind of overkill up to now. If needed, i could do a little work
on that but for the moment, i will leave it at that.
Clemens
On Sat, Jan 01, 2000 at 01:21:16AM +0100, Clemens Helfmeier wrote:
> Hi,
>
> Quite a few things i missed in the last patch. now added all missing files.
> the
> resolv.conf is not yet working, i had no idea yet.
>
> The routes are working now, default is all traffic through the vpnc tunnel.
> to
> modify this behavior, change /etc/vpnc/vpnc-route accordingly.
>
> A little problem arises: if first setting up ppp0, then vpnc, the "old"
> default route of vpnc will be "default dev ppp0" which is correct. But if
> first
> shutting down ppp0 and then vpnc (same order as up!), vpnc will try to
> restore
> the default route to "default dev ppp0" which is down by then... i don't know
> if this is important to freewrt but it is not really corerct.
>
> Can someone help me setting up a sed regex that filters out the corresponding
> "nameserver xx.xx.xx.xx" lines of /etc/resolv.conf when given the ip? I
> didn't
> use sed at all, yet.
>
> Clemens
>
>
Index: vpnc/files/vpnc-route
===================================================================
--- vpnc/files/vpnc-route (Revision 0)
+++ vpnc/files/vpnc-route (Revision 0)
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+#* VPNGATEWAY -- vpn gateway address (always present)
+#* TUNDEV -- tunnel device (always present)
+#* INTERNAL_IP4_ADDRESS -- address (always present)
+
+
+# Set up the routing table for the kernel.
+# This script must be modified in order to route the traffic through the
+# VPN tunnel.
+
+if [ "x$TUNDEV" == "x" ]; then
+ echo "No TUNDEV given. Script must be called from vpnc-script"
+ exit 1;
+fi
+
+case "$1" in
+ start)
+ ip route show 0.0.0.0/0 > /var/run/vpnc/default.old
+ ip route del 0.0.0.0/0
+ ip route add 0.0.0.0/0 dev $TUNDEV
+ ;;
+ stop)
+ ip route del 0.0.0.0/0
+ ip route add `cat /var/run/vpnc/default.old`
+ rm /var/run/vpnc/default.old
+ ;;
+esac;
+
+
+exit 0;
Eigenschafts?nderungen: vpnc/files/vpnc-route
___________________________________________________________________
Name: svn:executable
+ *
Index: vpnc/patches/patch-vpnc-script
===================================================================
--- vpnc/patches/patch-vpnc-script (Revision 0)
+++ vpnc/patches/patch-vpnc-script (Revision 0)
@@ -0,0 +1,328 @@
+$FreeWRT$
+--- vpnc-0.3.3.orig/vpnc-script 2005-05-05 19:05:18.000000000 +0200
++++ vpnc-0.3.3/vpnc-script 2007-04-13 22:04:24.000000000 +0200
+@@ -16,258 +16,88 @@
+ #* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0)
+ #* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0)
+
+-#set -x
+-
+-OS="`uname -s`"
+-DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
+-RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
+-
+-IPROUTE="`which ip 2> /dev/null`"
+-
+-if [ "$OS" = "Linux" ]; then
+- ifconfig_syntax_ptp="pointopoint"
+- route_syntax_gw="gw"
+- route_syntax_del="del"
+- route_syntax_netmask="netmask"
+-else
+- ifconfig_syntax_ptp=""
+- route_syntax_gw=""
+- route_syntax_del="delete"
+- route_syntax_netmask="-netmask"
+-fi
+-
+-####
+-
+ do_pre_init() {
+- if [ "$OS" = "Linux" ]; then
+- if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
+- :
+- else # can't open /dev/net/tun
+- test -e /proc/sys/kernel/modprobe && `cat
/proc/sys/kernel/modprobe` tun 2>/dev/null
+- # fix for broken devfs in kernel 2.6.x
+- if [ "`readlink /dev/net/tun`" = misc/net/tun \
+- -a ! -e /dev/net/misc/net/tun -a -e
/dev/misc/net/tun ] ; then
+- ln -sf /dev/misc/net/tun /dev/net/tun
+- fi
+- # make sure tun device exists
+- if [ ! -e /dev/net/tun ]; then
+- mkdir -p /dev/net
+- mknod -m 0640 /dev/net/tun c 10 200
+- fi
+- fi
+- elif [ "$OS" = "FreeBSD" ]; then
+- :
+- elif [ "$OS" = "NetBSD" ]; then
+- :
+- elif [ "$OS" = "OpenBSD" ]; then
+- :
+- elif [ "$OS" = "SunOS" ]; then
++ # bevore doing anything, make shure, the tun module is loaded and the
++ # tun device nodes exist.
++ if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
+ :
++ else # can't open /dev/net/tun
++ test -e /proc/sys/kernel/modprobe && `cat
/proc/sys/kernel/modprobe` tun 2>/dev/null
++ # fix for broken devfs in kernel 2.6.x
++ if [ "`readlink /dev/net/tun`" = misc/net/tun \
++ -a ! -e /dev/net/misc/net/tun -a -e /dev/misc/net/tun ]
; then
++ ln -sf /dev/misc/net/tun /dev/net/tun
++ fi
++ # make sure tun device exists
++ if [ ! -e /dev/net/tun ]; then
++ mkdir -p /dev/net
++ mknod -m 0640 /dev/net/tun c 10 200
++ fi
+ fi
++ echo "pre-init successful."
+ }
+
+-do_ifconfig() {
+- ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp
"$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up
+-}
+-
+-if [ -n "$IPROUTE" ]; then
+- fix_ip_get_output () {
+- sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g'
+- }
++do_connect() {
++ # after connection is established, we should update resolv.conf
++ # and the kernel routing table
+
+- set_vpngateway_route() {
+- $IPROUTE route add `ip route get "$VPNGATEWAY" |
fix_ip_get_output`
+- $IPROUTE route flush cache
+- }
+-
+- del_vpngateway_route() {
+- $IPROUTE route del "$VPNGATEWAY"
+- $IPROUTE route flush cache
+- }
+-
+- set_default_route() {
+- $IPROUTE route | grep '^default' | fix_ip_get_output >
"$DEFAULT_ROUTE_FILE"
+- $IPROUTE route del default
+- $IPROUTE route add default dev "$TUNDEV"
+- $IPROUTE route flush cache
+- }
+-
+- set_network_route() {
+- NETWORK="$1"
+- NETMASK="$2"
+- NETMASKLEN="$3"
+- $IPROUTE route add "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
+- $IPROUTE route flush cache
+- }
+-
+- reset_default_route() {
+- $IPROUTE route del default > /dev/null 2>&1
+- $IPROUTE route add `cat "$DEFAULT_ROUTE_FILE"`
+- $IPROUTE route flush cache
+- }
+-
+- del_network_route() {
+- # linux deletes routes automatically if the device is shut down
+- return
+- #NETWORK="$1"
+- #NETMASK="$2"
+- #NETMASKLEN="$3"
+- #$IPROUTE route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
+- #$IPROUTE route flush cache
+- }
+-else
+- get_default_gw() {
+- netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
+- }
+-
+- set_vpngateway_route() {
+- route add -host "$VPNGATEWAY" $route_syntax_gw
"`get_default_gw`"
+- }
++ # set up the interface
++ ifconfig $TUNDEV $INTERNAL_IP4_ADDRESS pointopoint
$INTERNAL_IP4_ADDRESS mtu 1412 up
+
+- del_vpngateway_route() {
+- route $route_syntax_del -host "$VPNGATEWAY"
+- }
+-
+- set_default_route() {
+- DEFAULTGW="`get_default_gw`"
+- echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE"
+- route $route_syntax_del default
+- route add default $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
+- }
+-
+- set_network_route() {
+- NETWORK="$1"
+- NETMASK="$2"
+- NETMASKLEN="$3"
+- route add -net "$NETWORK" $route_syntax_netmask "$NETMASK"
$route_syntax_gw "$INTERNAL_IP4_ADDRESS"
+- }
+-
+- reset_default_route() {
+- route $route_syntax_del default
+- route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"`
+- }
+-
+- del_network_route() {
+- if [ "$OS" = "Linux" ]; then
+- # linux deletes routes automatically if the device is
shut down
+- return
+- fi
+- NETWORK="$1"
+- NETMASK="$2"
+- NETMASKLEN="$3"
+- route $route_syntax_del -net "$NETWORK" $route_syntax_netmask
"$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
+- }
+-fi
++ # set up the route to the remote side and remove any cached routes
++ ip route add `ip route get "$VPNGATEWAY"`
++ ip route flush cache
+
+-write_resolvconf() {
+- grep '[EMAIL PROTECTED]@' /etc/resolv.conf > /dev/null 2>&1 || cp --
/etc/resolv.conf "$RESOLV_CONF_BACKUP"
+- NEW_RESOLVCONF="[EMAIL PROTECTED]@ -- this file is generated by vpnc
+-# and will be overwritten by vpnc
+-# as long as the above mark is intact"
+-
+- exec 6< /etc/resolv.conf
+- while read LINE <&6 ; do
+- case "$LINE" in
+- nameserver*)
+- if [ -n "$INTERNAL_IP4_DNS" ]; then
+- read ONE_NAMESERVER INTERNAL_IP4_DNS
<<-EOF
+- $INTERNAL_IP4_DNS
+-EOF
+- LINE="nameserver $ONE_NAMESERVER"
+- else
+- LINE=""
+- fi
+- ;;
+- domain*|search*)
+- if [ -n "$CISCO_DEF_DOMAIN" ]; then
+- LINE="$LINE $CISCO_DEF_DOMAIN"
+- CISCO_DEF_DOMAIN=""
+- fi
+- ;;
+- esac
+- NEW_RESOLVCONF="$NEW_RESOLVCONF
+-$LINE"
+- done
+- exec 6<&-
+-
+- for i in $INTERNAL_IP4_DNS ; do
+- NEW_RESOLVCONF="$NEW_RESOLVCONF
+-nameserver $i"
+- done
+- if [ -n "$CISCO_DEF_DOMAIN" ]; then
+- NEW_RESOLVCONF="$NEW_RESOLVCONF
+-search $CISCO_DEF_DOMAIN"
+- fi
+- echo "$NEW_RESOLVCONF" > /etc/resolv.conf
+-}
++ # set up the default routes via vpnc-route
++ echo "starting vpnc-route"
++ /etc/vpnc/vpnc-route start
+
+-reset_resolvconf() {
+- if [ ! -e "$RESOLV_CONF_BACKUP" ]; then
+- return
++ if [ "x$INTERNAL_IP4_DNS" != "x" ]; then
++ # set up the dns servers (add to resolv.conf)
++ echo "setting up DNS server"
++ # simply add the given servers to the resolv.conf file
++ echo "" > /var/run/vpnc/resolv.conf
++ for dns in $INTERNAL_IP4_DNS; do
++ echo "nameserver $dns" >> /var/run/vpnc/resolv.conf
++ done;
++ cat /etc/resolv.conf >> /var/run/vpnc/resolv.conf
++ mv /var/run/vpnc/resolv.conf /etc/resolv.conf
++ # keep the DNS server IPs for shutdown
++ echo "$INTERNAL_IP4_DNS" > /var/run/vpnc/dnsserver
+ fi
+- grep '[EMAIL PROTECTED]@' /etc/resolv.conf > /dev/null 2>&1 && cat
"$RESOLV_CONF_BACKUP" > /etc/resolv.conf
+- rm -f -- "$RESOLV_CONF_BACKUP"
+-}
+
+-do_connect() {
+- if [ -n "$CISCO_BANNER" ]; then
+- echo "Connect Banner:"
+- echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ;
done
+- echo
+- fi
+-
+- do_ifconfig
+- set_vpngateway_route
+- if [ -n "$CISCO_SPLIT_INC" ]; then
+- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
+- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
+- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
+- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
+- set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
+- done
+- for i in $INTERNAL_IP4_DNS ; do
+- set_network_route "$i" "255.255.255.255" "32"
+- done
+- else
+- set_default_route
+- fi
+-
+- if [ -n "$INTERNAL_IP4_DNS" ]; then
+- write_resolvconf
+- fi
+ }
+
+ do_disconnect() {
+- if [ -n "$CISCO_SPLIT_INC" ]; then
+- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
+- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
+- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
+- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
+- del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
+- done
+- for i in $INTERNAL_IP4_DNS ; do
+- del_network_route "$i" "255.255.255.255" "32"
+- done
+- else
+- if [ -s "$DEFAULT_ROUTE_FILE" ]; then
+- reset_default_route
+- rm -f -- "$DEFAULT_ROUTE_FILE"
+- fi
+- fi
+-
+- del_vpngateway_route
+-
+- if [ -n "$INTERNAL_IP4_DNS" ]; then
+- reset_resolvconf
+- fi
+-}
++ # remove the nameserver from resolv.conf
++ # and restore the old routing table
+
+-####
++ # remove route to gateway
++ ip route del $VPNGATEWAY
+
+-if [ -z "$reason" ]; then
+- echo "this script must be called from vpnc" 1>&2
+- exit 1
+-fi
++ # remove default routes
++ /etc/vpnc/vpnc-route stop
++
++ # remove the dns servers from resolv.conf
++ if [ -f /var/run/vpnc/dnsserver ]; then
++ re_dns="";
++ for dns in `cat /var/run/vpnc/dnsserver`; do
++ echo "removing DNS server $dns";
++ if [ "x$re_dns" == "x" ]; then
++ re_dns=\($dns\);
++ else
++ re_dns=$re_dns\|\($dns\);
++ fi;
++ done;
++ echo "re_dns=$re_dns"
++ cat /etc/resolv.conf | grep -v -E "($re_dns)|(^\ *$)" >
/var/run/vpnc/resolv.conf
++ mv /var/run/vpnc/resolv.conf /etc/resolv.conf
++ rm /var/run/vpnc/dnsserver
++ fi;
++
++ # deconfigure network interface
++ ifconfig $TUNDEV down
++}
+
+ case "$reason" in
+ pre-init)
Index: vpnc/ipkg/vpnc.conffiles
===================================================================
--- vpnc/ipkg/vpnc.conffiles (Revision 2356)
+++ vpnc/ipkg/vpnc.conffiles (Arbeitskopie)
@@ -1,2 +1,4 @@
/etc/vpnc/vpnc.conf
/etc/vpnc/vpnc-script
+/etc/vpnc/vpnc-route
+
Index: vpnc/Makefile
===================================================================
--- vpnc/Makefile (Revision 2356)
+++ vpnc/Makefile (Arbeitskopie)
@@ -27,5 +27,7 @@
post-install:
${CP} ${WRKINST}/* ${IDIR_VPNC}/
+ ${CP} files/vpnc-route ${IDIR_VPNC}/etc/vpnc/
+ ${INSTALL_DIR} ${IDIR_VPNC}/var/run/vpnc
include ${TOPDIR}/mk/pkg-bottom.mk
_______________________________________________
freewrt-developers mailing list
[EMAIL PROTECTED]
https://www.freewrt.org/lists/listinfo/freewrt-developers
