As I extend the vpnc <-> vpnc-script interface and ask if the vpnc folks object, it occurs to me that I should also be asking the same question of those who need to implement the vpnc-script side of it too, such as NetworkManager.
We have IPv6 support in NetworkManager now, right? So extending NetworkManager-openconnect and NetworkManager-vpnc to set up the IPv6 routing shouldn't be so hard? -- dwmw2
--- Begin Message ---I've just added IPv6 support to OpenConnect, and hence to vpnc-script. If anyone is planning to add IPv6 support to vpnc, feel free to shout if you don't like the way I've done it. I don't really want vpnc and openconnect to end up being incompatible in the way they invoke vpnc-script. For the IPv6 address, it assumes that it'll either be passed an address in $INTERNAL_IP6_ADDRESS, or full address/mask in $INTERNAL_IP6_NETMASK. It'll use the latter by preference. Routes are handled just like the Legacy IP routes -- with $CISCO_IPV6_SPLIT_INC giving the number of routes, and each route in $CISCO_IPV6_SPLIT_INC_x_ADDR and $CISCO_IPV6_SPLIT_INC_x_NETMASKLEN. We don't bother with the netmask -- it's just netmasklen. I've left IPv6 nameservers in $INTERNAL_IP4_DNS for now, alongside the Legacy IP nameservers. I could be persuaded to do it differently, perhaps. I haven't yet made it cope with the fact that the VPN gateway might be on IPv6; it currently assumes that it'll be on Legacy IP. Neither have I made it work on non-Linux; the IPv6 route handling functions for non-iproute2 systems are just a stubs for now. diff --git a/vpnc-script b/vpnc-script index 673e8a3..9faaf00 100755 --- a/vpnc-script +++ b/vpnc-script @@ -105,6 +105,13 @@ do_ifconfig() { if [ -n "$INTERNAL_IP4_NETMASK" ]; then set_network_route $INTERNAL_IP4_NETADDR $INTERNAL_IP4_NETMASK $INTERNAL_IP4_NETMASKLEN fi + + # If the netmask is provided, it contains the address _and_ netmask + if [ -n "$INTERNAL_IP6_NETMASK" -a -n "$IPROUTE" ]; then + $IPROUTE -6 addr add $INTERNAL_IP6_NETMASK dev $TUNDEV + elif [ -n "$INTERNAL_IP6_ADDRESS" -a -n "$IPROUTE" ]; then + $IPROUTE -6 addr add $INTERNAL_IP6_ADDRESS/128 dev $TUNDEV + fi } destroy_tun_device() { @@ -161,6 +168,31 @@ if [ -n "$IPROUTE" ]; then $IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$TUNDEV" $IPROUTE route flush cache } + + set_ipv6_default_route() { + # We don't save/restore IPv6 default route; just add a higher-priority one. + $IPROUTE -6 route add default dev "$TUNDEV" metric 1 + $IPROUTE -6 route flush cache + } + + set_ipv6_network_route() { + NETWORK="$1" + NETMASKLEN="$2" + $IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV" + $IPROUTE route flush cache + } + + reset_ipv6_default_route() { + $IPROUTE -6 route del default dev "$TUNDEV" + $IPROUTE route flush cache + } + + del_ipv6_network_route() { + NETWORK="$1" + NETMASKLEN="$2" + $IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV" + $IPROUTE -6 route flush cache + } else # use route command get_default_gw() { # isn't -n supposed to give --numeric output? @@ -213,6 +245,27 @@ else # use route command NETMASKLEN="$3" route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS" } + + set_ipv6_default_route() { + # FIXME + : + } + + set_ipv6_network_route() { + # FIXME + : + } + + reset_ipv6_default_route() { + # FIXME + : + } + + del_ipv6_network_route() { + # FIXME + : + } + fi # =========== resolv.conf handling ==================================== @@ -467,11 +520,33 @@ do_connect() { i=`expr $i + 1` done for i in $INTERNAL_IP4_DNS ; do - set_network_route "$i" "255.255.255.255" "32" + if ! echo "$i" | grep -q : ; then + set_network_route "$i" "255.255.255.255" "32" + fi done - else + elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then set_default_route fi + if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then + i=0 + while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do + eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}" + eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}" + if [ $NETMASKLEN -lt 128 ]; then + set_ipv6_network_route "$NETWORK" "$NETMASKLEN" + else + set_ipv6_default_route + fi + i=`expr $i + 1` + done + for i in $INTERNAL_IP4_DNS ; do + if echo "$i" | grep -q : ; then + set_ipv6_network_route "$i" "128" + fi + done + elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then + set_ipv6_default_route + fi if [ -n "$INTERNAL_IP4_DNS" ]; then $MODIFYRESOLVCONF @@ -500,6 +575,24 @@ do_disconnect() { else reset_default_route fi + if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then + i=0 + while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do + eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}" + eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}" + if [ $NETMASKLEN -eq 128 ]; then + del_ipv6_network_route "$NETWORK" "$NETMASKLEN" + else + reset_ipv6_default_route + fi + i=`expr $i + 1` + done + for i in $INTERNAL_IP6_DNS ; do + del_ipv6_network_route "$i" "128" + done + else + reset_ipv6_default_route + fi del_vpngateway_route -- dwmw2 _______________________________________________ vpnc-devel mailing list [email protected] https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel http://www.unix-ag.uni-kl.de/~massar/vpnc/
--- End Message ---
_______________________________________________ NetworkManager-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/networkmanager-list
