87 lines
2.2 KiB
Plaintext
87 lines
2.2 KiB
Plaintext
|
#!/bin/sh -x
|
||
|
|
||
|
. /etc/functions.sh
|
||
|
|
||
|
[ $# = 0 ] && { echo " $0 <group>"; exit; }
|
||
|
|
||
|
include /lib/network
|
||
|
scan_interfaces
|
||
|
|
||
|
config="$1"
|
||
|
export OPENWRT_INTERFACE="$config"
|
||
|
|
||
|
config_get proto "$config" proto
|
||
|
|
||
|
if [ "$proto" != "openconnect" ]; then
|
||
|
echo "Interface $config is $proto not openconnect" >&2
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
config_get device "$config" device
|
||
|
|
||
|
local server
|
||
|
config_get server "$config" server
|
||
|
|
||
|
local port
|
||
|
config_get port "$config" port
|
||
|
if [ -n "$port" ]; then
|
||
|
args="$server:$port"
|
||
|
else
|
||
|
args="$server"
|
||
|
fi
|
||
|
|
||
|
local cookie
|
||
|
config_get cookie "$config" cookie
|
||
|
[ -n "$cookie" ] && args="$args -C $cookie"
|
||
|
|
||
|
local username
|
||
|
config_get username "$config" username
|
||
|
[ -n "$username" ] && args="$args -u $username"
|
||
|
|
||
|
local password
|
||
|
config_get password "$password" password
|
||
|
|
||
|
/sbin/insmod tun
|
||
|
|
||
|
local lock="/var/lock/openconnect-$config"
|
||
|
|
||
|
# creating the tunnel below will trigger a net subsystem event
|
||
|
# prevent it from touching or iface by disabling .auto here
|
||
|
uci_set_state network "$config" ifname $link
|
||
|
uci_set_state network "$config" auto 0
|
||
|
|
||
|
local gw="$(find_gw)"
|
||
|
[ -n "$gw" ] && {
|
||
|
local serv_addrs=""
|
||
|
for ip in $(resolveip -4 -t 3 "$server"); do
|
||
|
append serv_addrs "$ip"
|
||
|
route delete -host "$ip" 2>/dev/null
|
||
|
route add -host "$ip" gw "$gw"
|
||
|
done
|
||
|
uci_toggle_state network "$config" serv_addrs "$serv_addrs"
|
||
|
}
|
||
|
|
||
|
RECON=$(date +%s)
|
||
|
|
||
|
trap "[ -r /var/run/openconnect-$config-oc.pid ] && kill -HUP \$(cat /var/run/openconnect-$config-oc.pid)" SIGHUP
|
||
|
while [ "$(uci_get_state network ${config} up)" = "1" ]; do
|
||
|
NOW=$(date +%s)
|
||
|
if [ $RECON -gt $NOW ]; then
|
||
|
DELAY=$(expr $RECON - $NOW)
|
||
|
logger -t openconnect "Waiting for $DELAY seconds before reconnecting"
|
||
|
sleep $(expr $DELAY)
|
||
|
fi
|
||
|
|
||
|
# The lock prevents a race condition where /lib/network/openconnect.sh could
|
||
|
# send us SIGHUP after we spawn openconnect, but before we store its pid.
|
||
|
# Thus leaving it running after we should have killed it.
|
||
|
lock $lock
|
||
|
echo "$passwd" | /usr/sbin/openconnect $args -i "vpn-$config" \
|
||
|
--no-cert-check --non-inter --passwd-on-stdin --syslog --script /etc/vpnc/vpnc-script &
|
||
|
echo $! > /var/run/openconnect-$config-oc.pid
|
||
|
lock -u $lock
|
||
|
wait $!
|
||
|
rm /var/run/openconnect-$config-oc.pid
|
||
|
RECON=$(expr $NOW + 60)
|
||
|
done
|