3 [ -n "$INCLUDE_ONLY" ] ||
{
10 while [ $# -gt 0 ]; do
11 append cmdline
"'${1//\'/\'\\\'\'}'"
16 proto_openconnect_init_config
() {
17 proto_config_add_string
"server"
18 proto_config_add_int
"port"
19 proto_config_add_int
"mtu"
20 proto_config_add_int
"juniper"
21 proto_config_add_int
"reconnect_timeout"
22 proto_config_add_string
"vpn_protocol"
23 proto_config_add_boolean
"pfs"
24 proto_config_add_boolean
"no_dtls"
25 proto_config_add_string
"interface"
26 proto_config_add_string
"username"
27 proto_config_add_string
"serverhash"
28 proto_config_add_string
"authgroup"
29 proto_config_add_string
"usergroup"
30 proto_config_add_string
"password"
31 proto_config_add_string
"password2"
32 proto_config_add_string
"token_mode"
33 proto_config_add_string
"token_secret"
34 proto_config_add_string
"token_script"
35 proto_config_add_string
"os"
36 proto_config_add_string
"csd_wrapper"
37 proto_config_add_string
"proxy"
38 proto_config_add_array
'form_entry:regex("[^:]+:[^=]+=.*")'
43 proto_openconnect_add_form_entry
() {
44 [ -n "$1" ] && append_args
--form-entry "$1"
47 proto_openconnect_setup
() {
76 logger
-t openconnect
"initializing..."
78 [ -n "$interface" ] && {
79 logger
-t "openconnect" "adding host dependency for $server at $config"
80 for ip
in $
(resolveip
-t 10 "$server"); do
81 logger
-t "openconnect" "adding host dependency for $ip at $config"
82 proto_add_host_dependency
"$config" "$ip" "$interface"
86 [ -n "$port" ] && port
=":$port"
88 append_args
"$server$port" -i "$ifname" --non-inter --syslog --script /lib
/netifd
/vpnc-script
89 [ "$pfs" = 1 ] && append_args
--pfs
90 [ "$no_dtls" = 1 ] && append_args
--no-dtls
91 [ -n "$mtu" ] && append_args
--mtu "$mtu"
93 # migrate to standard config files
94 [ -f "/etc/config/openconnect-user-cert-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-cert-vpn-$config.pem" "/etc/openconnect/user-cert-vpn-$config.pem"
95 [ -f "/etc/config/openconnect-user-key-vpn-$config.pem" ] && mv "/etc/config/openconnect-user-key-vpn-$config.pem" "/etc/openconnect/user-key-vpn-$config.pem"
96 [ -f "/etc/config/openconnect-ca-vpn-$config.pem" ] && mv "/etc/config/openconnect-ca-vpn-$config.pem" "/etc/openconnect/ca-vpn-$config.pem"
98 [ -f /etc
/openconnect
/user-cert-vpn-
$config.pem
] && append_args
-c "/etc/openconnect/user-cert-vpn-$config.pem"
99 [ -f /etc
/openconnect
/user-key-vpn-
$config.pem
] && append_args
--sslkey "/etc/openconnect/user-key-vpn-$config.pem"
100 [ -f /etc
/openconnect
/ca-vpn-
$config.pem
] && {
101 append_args
--cafile "/etc/openconnect/ca-vpn-$config.pem"
102 append_args
--no-system-trust
105 [ "${juniper:-0}" -gt 0 ] && [ -z "$vpn_protocol" ] && {
109 [ -n "$vpn_protocol" ] && {
110 append_args
--protocol "$vpn_protocol"
113 [ -n "$serverhash" ] && {
114 append_args
"--servercert=$serverhash"
115 append_args
--no-system-trust
117 [ -n "$authgroup" ] && append_args
--authgroup "$authgroup"
118 [ -n "$usergroup" ] && append_args
--usergroup "$usergroup"
119 [ -n "$username" ] && append_args
-u "$username"
120 [ -n "$password" ] ||
[ "$token_mode" = "script" ] && {
123 pwfile
="/var/etc/openconnect-$config.passwd"
124 [ -n "$password" ] && {
125 echo "$password" > "$pwfile"
126 [ -n "$password2" ] && echo "$password2" >> "$pwfile"
128 [ "$token_mode" = "script" ] && {
129 $token_script >> "$pwfile" 2> /dev
/null ||
{
130 logger
-t openconenct
"Cannot get password from script '$token_script'"
131 proto_setup_failed
"$config"
134 append_args
--passwd-on-stdin
137 [ -n "$token_mode" -a "$token_mode" != "script" ] && append_args
"--token-mode=$token_mode"
138 [ -n "$token_secret" ] && append_args
"--token-secret=$token_secret"
139 [ -n "$os" ] && append_args
"--os=$os"
140 [ -n "$csd_wrapper" ] && [ -x "$csd_wrapper" ] && append_args
"--csd-wrapper=$csd_wrapper"
141 [ -n "$proxy" ] && append_args
"--proxy=$proxy"
142 [ -n "$reconnect_timeout" ] && append_args
"--reconnect-timeout=$reconnect_timeout"
144 json_for_each_item proto_openconnect_add_form_entry form_entry
146 proto_export INTERFACE
="$config"
147 logger
-t openconnect
"executing 'openconnect $cmdline'"
149 if [ -f "$pwfile" ]; then
150 eval "proto_run_command '$config' /usr/sbin/openconnect-wrapper '$pwfile' $cmdline"
152 eval "proto_run_command '$config' /usr/sbin/openconnect $cmdline"
156 proto_openconnect_teardown
() {
159 pwfile
="/var/etc/openconnect-$config.passwd"
162 logger
-t openconnect
"bringing down openconnect"
163 proto_kill_command
"$config" 2
166 [ -n "$INCLUDE_ONLY" ] ||
{
167 add_protocol openconnect