- update to 0.5.1

- adds a sample split vpn script

from Thomas Schoeller, tested by many - thanks!

ok sthen@ landry@
This commit is contained in:
okan 2008-04-04 21:41:27 +00:00
parent 49ba93287b
commit f1876a2bc5
9 changed files with 83 additions and 106 deletions

View File

@ -1,9 +1,8 @@
# $OpenBSD: Makefile,v 1.12 2007/09/15 23:30:01 merdely Exp $
# $OpenBSD: Makefile,v 1.13 2008/04/04 21:41:27 okan Exp $
COMMENT= client for Cisco 3000 VPN concentrators
DISTNAME= vpnc-0.3.3
PKGNAME= ${DISTNAME}p1
DISTNAME= vpnc-0.5.1
CATEGORIES= security net
HOMEPAGE= http://www.unix-ag.uni-kl.de/~massar/vpnc/
@ -25,6 +24,7 @@ NO_REGRESS= Yes
do-configure:
@perl -pi -e "s,/etc,${SYSCONFDIR},g" ${WRKSRC}/{README,config.c}
@sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/vpnc.sh > ${WRKBUILD}/vpnc.sh
@sed -e "s,%%PREFIX%%,${PREFIX},g" ${FILESDIR}/split.sh > ${WRKBUILD}/split.sh
do-install:
${INSTALL_PROGRAM} ${WRKBUILD}/vpnc ${PREFIX}/sbin
@ -33,6 +33,7 @@ do-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc.conf ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc-script ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/split.sh ${PREFIX}/share/examples/vpnc
${INSTALL_DATA} ${WRKBUILD}/vpnc.sh ${PREFIX}/share/examples/vpnc
${INSTALL_MAN} ${WRKBUILD}/vpnc.8 ${PREFIX}/man/man8

View File

@ -1,5 +1,5 @@
MD5 (vpnc-0.3.3.tar.gz) = 51GM/yEyb+frl5W2DCWuag==
RMD160 (vpnc-0.3.3.tar.gz) = /8sin7jKwY+NbeoOZ/iM7EIPMdo=
SHA1 (vpnc-0.3.3.tar.gz) = lVWeHFsfS8eNwaC5+V4aLWWoTAo=
SHA256 (vpnc-0.3.3.tar.gz) = vkqOh7BEy5k0nnHmh5RGc53VN9veE+mexhgX7WdgW9c=
SIZE (vpnc-0.3.3.tar.gz) = 59939
MD5 (vpnc-0.5.1.tar.gz) = eo6U2+lPOaT9ibcuASX2bw==
RMD160 (vpnc-0.5.1.tar.gz) = dt1aOji9IQnPjh+62F4nYuhImDI=
SHA1 (vpnc-0.5.1.tar.gz) = 78cdugOqQJRa815LB02Z+SL/f/0=
SHA256 (vpnc-0.5.1.tar.gz) = 9jZgvQILvmo56OtnrWDFTXGQRsYZimg0Nx0JiUf5ou0=
SIZE (vpnc-0.5.1.tar.gz) = 91496

View File

@ -0,0 +1,19 @@
#!/bin/sh
# this effectively disables changes to /etc/resolv.conf
INTERNAL_IP4_DNS=
# This sets up split networking regardless
# of the concentrators specifications.
# You can add as many routes as you want,
# but you must set the counter $CISCO_SPLIT_INC
# accordingly
CISCO_SPLIT_INC=1
CISCO_SPLIT_INC_0_ADDR=10.0.0.0
CISCO_SPLIT_INC_0_MASK=255.255.0.0
CISCO_SPLIT_INC_0_MASKLEN=16
CISCO_SPLIT_INC_0_PROTOCOL=0
CISCO_SPLIT_INC_0_SPORT=0
CISCO_SPLIT_INC_0_DPORT=0
. /etc/vpnc/vpnc-script

View File

@ -1,16 +1,18 @@
$OpenBSD: patch-Makefile,v 1.3 2005/11/11 19:38:07 sturm Exp $
--- Makefile.orig Sun May 1 22:30:35 2005
+++ Makefile Fri Nov 4 00:03:54 2005
@@ -22,9 +22,9 @@ ETCDIR=/etc/vpnc
SBINDIR=$(PREFIX)/sbin
MANDIR=$(PREFIX)/share/man
$OpenBSD: patch-Makefile,v 1.4 2008/04/04 21:41:27 okan Exp $
--- Makefile.orig Thu Sep 6 16:05:15 2007
+++ Makefile Wed Sep 19 06:05:20 2007
@@ -49,12 +49,9 @@ RELEASE_VERSION := $(shell cat VERSION)
#OPENSSL_GPL_VIOLATION = -DOPENSSL_GPL_VIOLATION
#OPENSSLLIBS = -lcrypto
-CC=gcc
-CFLAGS=-W -Wall -O -g '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags)
-LDFLAGS=-g $(shell libgcrypt-config --libs)
+CC?=gcc
+CFLAGS+=-W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags)
+LDFLAGS+=$(shell libgcrypt-config --libs)
-CFLAGS ?= -O3 -g
-CFLAGS += -W -Wall -Wmissing-declarations -Wwrite-strings
-CFLAGS += $(shell libgcrypt-config --cflags)
+CC ?= gcc
+CFLAGS += -W -Wall '-DVERSION="$(shell cat VERSION)"' $(shell libgcrypt-config --cflags)
CPPFLAGS += -DVERSION=\"$(VERSION)\" $(OPENSSL_GPL_VIOLATION)
-LDFLAGS ?= -g
LDFLAGS += $(shell libgcrypt-config --libs) $(OPENSSLLIBS)
ifeq ($(shell uname -s), Linux)
SYSDEP=sysdep-linux.o
ifeq ($(shell uname -s), SunOS)

View File

@ -1,21 +0,0 @@
$OpenBSD: patch-tunip_c,v 1.3 2005/11/11 19:38:07 sturm Exp $
--- tunip.c.orig Thu May 5 12:25:00 2005
+++ tunip.c Fri Nov 4 00:09:30 2005
@@ -436,7 +436,7 @@ int update_sa_addr(struct sa_desc *p)
if (new_addr.sin_addr.s_addr != p->source.sin_addr.s_addr) {
char addr1[16];
p->source.sin_addr = new_addr.sin_addr;
- strcpy(addr1, inet_ntoa(p->dest.sin_addr));
+ strlcpy(addr1, inet_ntoa(p->dest.sin_addr), sizeof(addr1));
syslog(LOG_NOTICE,
"local address for %s is %s", addr1, inet_ntoa(p->source.sin_addr));
return 1;
@@ -844,7 +844,7 @@ static void vpnc_main_loop(struct peer_d
|| from.sin_addr.s_addr != peer->remote_sa->dest.sin_addr.s_addr) {
/* remote end changed address */
char addr1[16];
- strcpy(addr1, inet_ntoa(peer->remote_sa->dest.sin_addr));
+ strlcpy(addr1, inet_ntoa(peer->remote_sa->dest.sin_addr), sizeof(addr1));
syslog(LOG_NOTICE,
"spi %u: remote address changed from %s to %s",
peer->remote_sa->spi, addr1, inet_ntoa(from.sin_addr));

View File

@ -1,64 +1,26 @@
$OpenBSD: patch-vpnc-script,v 1.1 2005/11/11 19:38:07 sturm Exp $
--- vpnc-script.orig Thu Nov 3 23:39:23 2005
+++ vpnc-script Thu Nov 3 23:51:02 2005
@@ -70,7 +70,7 @@ do_ifconfig() {
ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu 1412 up
}
$OpenBSD: patch-vpnc-script,v 1.2 2008/04/04 21:41:27 okan Exp $
--- vpnc-script.orig Thu Sep 6 22:05:15 2007
+++ vpnc-script Thu Sep 13 21:53:21 2007
@@ -108,7 +108,7 @@ destroy_tun_device() {
# =========== route handling ====================================
-if [ -n "$IPROUTE" ]; then
+if [ -x "$IPROUTE" ]; then
fix_ip_get_output () {
sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g'
sed 's/cache//;s/metric \?[0-9]\+ [0-9]\+//g;s/hoplimit [0-9]\+//g'
}
@@ -117,7 +117,11 @@ if [ -n "$IPROUTE" ]; then
}
else
get_default_gw() {
- netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
+ if [ "$OS" = "OpenBSD" ]; then
+ netstat -r -n | grep '^default' | awk '{print $2}'
+ else
+ netstat -r -n | grep '^0.0.0.0' | awk '{print $2}'
+ fi
}
set_vpngateway_route() {
@@ -215,15 +219,21 @@ do_connect() {
echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
echo
fi
-
+
+ if [ ! -d /var/run/vpnc ]; then
+ mkdir /var/run/vpnc || exit $?
+ fi
+
do_ifconfig
set_vpngateway_route
if [ -n "$CISCO_SPLIT_INC" ]; then
- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
+ i=0
+ while [ $i -lt $CISCO_SPLIT_INC ]; do
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
+ i=`expr $i + 1`
done
for i in $INTERNAL_IP4_DNS ; do
set_network_route "$i" "255.255.255.255" "32"
@@ -239,11 +249,13 @@ do_connect() {
do_disconnect() {
if [ -n "$CISCO_SPLIT_INC" ]; then
- for ((i = 0 ; i < CISCO_SPLIT_INC ; i++ )) ; do
+ i=0
+ while [ $i -lt $CISCO_SPLIT_INC ]; do
eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
+ i=`expr $i + 1`
done
for i in $INTERNAL_IP4_DNS ; do
del_network_route "$i" "255.255.255.255" "32"
@@ -195,6 +195,13 @@ else # use route command
case "$OS" in
Linux|NetBSD) # and probably others...
# routes are deleted automatically on device shutdown
+ return
+ ;;
+ OpenBSD)
+ # delete only routes that are present
+ if [ `route -n get $1|grep $2|wc -l` -ne 0 ]; then
+ route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
+ fi
return
;;
esac

View File

@ -1,7 +1,7 @@
$OpenBSD: patch-vpnc_c,v 1.2 2005/11/11 19:38:07 sturm Exp $
--- vpnc.c.orig Fri Nov 4 00:09:49 2005
+++ vpnc.c Fri Nov 4 00:11:03 2005
@@ -196,10 +196,11 @@ static void addenv(const void *name, con
$OpenBSD: patch-vpnc_c,v 1.3 2008/04/04 21:41:27 okan Exp $
--- vpnc.c.orig Mon Sep 10 15:39:48 2007
+++ vpnc.c Wed Sep 12 16:47:27 2007
@@ -159,10 +159,11 @@ static void addenv(const void *name, const char *value
oldval = getenv(name);
if (oldval != NULL) {

View File

@ -0,0 +1,10 @@
$OpenBSD: patch-vpnc_conf,v 1.1 2008/04/04 21:41:27 okan Exp $
--- vpnc.conf.orig Thu Sep 13 22:40:00 2007
+++ vpnc.conf Thu Sep 13 22:39:04 2007
@@ -4,3 +4,6 @@ IPSec secret <group-psk>
IKE Authmode hybrid
Xauth username <username>
Xauth password <password>
+
+# run script to manipulate dns and routing settings
+#Script /etc/vpnc/split.sh

View File

@ -1,10 +1,14 @@
@comment $OpenBSD: PLIST,v 1.5 2006/06/29 17:26:15 steven Exp $
@comment $OpenBSD: PLIST,v 1.6 2008/04/04 21:41:27 okan Exp $
@man man/man8/vpnc.8
sbin/vpnc
share/doc/vpnc/
share/doc/vpnc/README
share/examples/vpnc/
@sample ${SYSCONFDIR}/vpnc/
share/examples/vpnc/split.sh
@mode 0755
@sample ${SYSCONFDIR}/vpnc/split.sh
@mode
share/examples/vpnc/vpnc-script
@mode 0755
@sample ${SYSCONFDIR}/vpnc/vpnc-script