Hi.
Happy user of openconnect here since the start of the plague. Thanks!
I needed to put the VPN in its own netns to stop it blocking my
non-work-related ssh sessions, so I tried to use vpn-script-ssh instead
of the default vpn-script.
It didn't work for me on Ubuntu 20.04. I fixed it, and finally got
around to preparing a patch against current infradead.org master. In
case it's useful to anyone else, I attach it here.
...Peder...
--
I wish a new life awaited _me_ in some off-world colony.
>From 6ef0c4131df9647fb77bb00752fd5b8c385659d6 Mon Sep 17 00:00:00 2001
From: "Peder O. Klingenberg" <pe...@klingenberg.no>
Date: Sat, 17 Apr 2021 22:02:20 +0200
Subject: [PATCH] Update vpnc-script-sshd to work with Ubuntu 20.04
- ip calling conventions changed, giving more control over device
names
- systemd-resolve uses 127.0.0.53, but it's still localhost
- (cosmetic) use $IP consistently.
Signed-off-by: Peder O. Klingenberg <pe...@klingenberg.no>
---
vpnc-script-sshd | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/vpnc-script-sshd b/vpnc-script-sshd
index 40e9205..32d71ef 100755
--- a/vpnc-script-sshd
+++ b/vpnc-script-sshd
@@ -157,6 +157,7 @@
IP="`which ip 2> /dev/null | grep '^/'`"
SCRIPTNAME=`basename $0`
NETNSNAME=$SCRIPTNAME
+LOCALDEV=$TUNDEV-vpnsshL
# XINETDCONF=`dirname $0`/xinetd.netns.conf
@@ -179,10 +180,8 @@ connect_parent()
exit 1
fi
- $IP link add dev $TUNDEV-vpnssh%d type veth
- # XXX: Assume vpnssh0 and vpnssh1; ip doesn't tell us!
- LOCALDEV=$TUNDEV-vpnssh0
- export REMOTEDEV=$TUNDEV-vpnssh1
+ export REMOTEDEV=$TUNDEV-vpnsshR
+ $IP link add dev $LOCALDEV type veth peer name $REMOTEDEV
$IP netns exec $NETNSNAME $0 $@ &
CHILDPID=$!
@@ -201,7 +200,7 @@ connect_parent()
$IP addr add fec0::2/64 dev $LOCALDEV
echo "VPN now accessible through 'ssh fec0::1'"
- if ! grep -q 127.0.0.1 /etc/resolv.conf; then
+ if ! grep -q 127.0.0. /etc/resolv.conf; then
echo "WARNING: Your host needs to be running a local dnsmasq or named"
echo "WARNING: and /etc/resolv.conf needs to point to 127.0.0.1"
# XXX: We could probably fix that for ourselves...
@@ -218,7 +217,7 @@ connect()
# This is the child, which remains running in the background
# Wait for the tundev to appear in this namespace
- while ! ip link show $TUNDEV >/dev/null 2>&1 ; do
+ while ! $IP link show $TUNDEV >/dev/null 2>&1 ; do
sleep 0.1
done
@@ -265,7 +264,7 @@ connect()
fi
# Wait for the veth link to be closed...
- while ip link show $REMOTEDEV >/dev/null 2>&1 ; do
+ while $IP link show $REMOTEDEV >/dev/null 2>&1 ; do
sleep 1
done
@@ -282,7 +281,7 @@ connect()
disconnect()
{
# Kill our end of the veth link, leaving the child script to clean up
- $IP link del $TUNDEV-vpnssh0
+ $IP link del $LOCALDEV
while ! $IP netns delete $NETNSNAME >/dev/null 2>&1 ; do
sleep 0.1
--
2.25.1
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
