diff --git a/net/openconnect/Config.in b/net/openconnect/Config.in deleted file mode 100644 index 1daaeaa6a..000000000 --- a/net/openconnect/Config.in +++ /dev/null @@ -1,18 +0,0 @@ -# openconnect avanced configuration - -menu "Configuration" - depends on PACKAGE_openconnect - -choice - prompt "SSL library" - default OPENCONNECT_GNUTLS - -config OPENCONNECT_GNUTLS - bool "GnuTLS support" - -config OPENCONNECT_OPENSSL - bool "OpenSSL" - -endchoice - -endmenu diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile deleted file mode 100644 index 106e9bbf6..000000000 --- a/net/openconnect/Makefile +++ /dev/null @@ -1,58 +0,0 @@ -# -# Copyright (C) 2006 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -include $(TOPDIR)/rules.mk - -PKG_NAME:=openconnect -PKG_VERSION:=5.03 -PKG_RELEASE:=1 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/ -PKG_MD5SUM:=ff43ed1dbaccd2537fd7c5bfb04295a6 - -include $(INCLUDE_DIR)/package.mk - -define Package/openconnect/config - source "$(SOURCE)/Config.in" -endef - -define Package/openconnect - SECTION:=net - CATEGORY:=Network - DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls - TITLE:=VPN client for Cisco's AnyConnect SSL VPN - URL:=http://www.infradead.org/openconnect/ - SUBMENU:=VPN -endef - -define Package/openconnect/description - A VPN client compatible with Cisco's AnyConnect SSL VPN and ocserv. - - OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is - supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800, 2800, - 3800, 7200 Series and Cisco 7301 Routers. -endef - -CONFIGURE_ARGS += \ - --disable-shared \ - --with-vpnc-script=/lib/netifd/vpnc-script - -ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y) -CONFIGURE_ARGS += \ - --without-gnutls -endif - -define Package/openconnect/install - $(INSTALL_DIR) $(1)/lib/netifd/proto - $(INSTALL_BIN) ./files/openconnect.sh $(1)/lib/netifd/proto/ - $(INSTALL_BIN) ./files/vpnc-script $(1)/lib/netifd/ - $(INSTALL_DIR) $(1)/usr/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/openconnect $(1)/usr/sbin/ -endef - -$(eval $(call BuildPackage,openconnect)) diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh deleted file mode 100755 index 261019438..000000000 --- a/net/openconnect/files/openconnect.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -. /lib/functions.sh -. ../netifd-proto.sh -init_proto "$@" - -proto_openconnect_init_config() { - proto_config_add_string "server" - proto_config_add_int "port" - proto_config_add_string "username" - proto_config_add_string "cookie" - proto_config_add_string "password" - no_device=1 - available=1 -} - -proto_openconnect_setup() { - local config="$1" - - json_get_vars server port username cookie password - - grep -q tun /proc/modules || insmod tun - - serv_addr= - for ip in $(resolveip -t 5 "$server"); do - proto_add_host_dependency "$config" "$server" - serv_addr=1 - done - [ -n "$serv_addr" ] || { - echo "Could not resolve server address" - sleep 5 - proto_setup_failed "$config" - exit 1 - } - - [ -n "$port" ] && port=":$port" - - cmdline="$server$port -i vpn-$config --no-cert-check --non-inter --syslog --script /lib/netifd/vpnc-script" - - [ -n "$cookie" ] && append cmdline "-C $cookie" - [ -n "$username" ] && append cmdline "-u $username" - [ -n "$password" ] && { - umask 077 - pwfile="/var/run/openconnect-$config.passwd" - echo "$password" > "$pwfile" - append cmdline "--passwd-on-stdin" - } - - proto_export INTERFACE="$config" - proto_run_command "$config" /usr/sbin/openconnect $cmdline <$pwfile -} - -proto_openconnect_teardown() { - proto_kill_command "$config" -} - -add_protocol openconnect diff --git a/net/openconnect/files/vpnc-script b/net/openconnect/files/vpnc-script deleted file mode 100755 index 4d12d7e20..000000000 --- a/net/openconnect/files/vpnc-script +++ /dev/null @@ -1,156 +0,0 @@ -#!/bin/sh -# List of parameters passed through environment -#* reason -- why this script was called, one of: pre-init connect disconnect -#* VPNGATEWAY -- vpn gateway address (always present) -#* TUNDEV -- tunnel device (always present) -#* INTERNAL_IP4_ADDRESS -- address (always present) -#* INTERNAL_IP4_MTU -- mtu (often unset) -#* INTERNAL_IP4_NETMASK -- netmask (often unset) -#* INTERNAL_IP4_NETMASKLEN -- netmask length (often unset) -#* INTERNAL_IP4_NETADDR -- address of network (only present if netmask is set) -#* INTERNAL_IP4_DNS -- list of dns servers -#* INTERNAL_IP4_NBNS -- list of wins servers -#* INTERNAL_IP6_ADDRESS -- IPv6 address -#* INTERNAL_IP6_NETMASK -- IPv6 netmask -#* INTERNAL_IP6_DNS -- IPv6 list of dns servers -#* CISCO_DEF_DOMAIN -- default domain name -#* CISCO_BANNER -- banner from server -#* CISCO_SPLIT_INC -- number of networks in split-network-list -#* CISCO_SPLIT_INC_%d_ADDR -- network address -#* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0) -#* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24) -#* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0) -#* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0) -#* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0) -#* CISCO_IPV6_SPLIT_INC -- number of networks in IPv6 split-network-list -#* CISCO_IPV6_SPLIT_INC_%d_ADDR -- IPv6 network address -#* CISCO_IPV6_SPLIT_INC_$%d_MASKLEN -- IPv6 subnet masklen - -# FIXMEs: - -# Section A: route handling - -# 1) The 3 values CISCO_SPLIT_INC_%d_PROTOCOL/SPORT/DPORT are currently being ignored -# In order to use them, we'll probably need os specific solutions -# * Linux: iptables -t mangle -I PREROUTING -j ROUTE --oif $TUNDEV -# This would be an *alternative* to changing the routes (and thus 2) and 3) -# shouldn't be relevant at all) -# 2) There are two different functions to set routes: generic routes and the -# default route. Why isn't the defaultroute handled via the generic route case? -# 3) In the split tunnel case, all routes but the default route might get replaced -# without getting restored later. We should explicitely check and save them just -# like the defaultroute -# 4) Replies to a dhcp-server should never be sent into the tunnel - -# Section B: Split DNS handling - -# 1) Maybe dnsmasq can do something like that -# 2) Parse dns packets going out via tunnel and redirect them to original dns-server - -do_connect() { - if [ -n "$CISCO_BANNER" ]; then - echo "Connect Banner:" - echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done - echo - fi - - proto_init_update "$TUNDEV" 1 - - if [ -n "$INTERNAL_IP4_MTU" ]; then - MTU=$INTERNAL_IP4_MTU - fi - - if [ -z "$MTU" ]; then - MTU=1412 - fi - - proto_add_ipv4_address "$INTERNAL_IP4_ADDRESS" 32 "" "$INTERNAL_IP4_ADDRESS" - - if [ -n "$INTERNAL_IP4_NETMASKLEN" ]; then - proto_add_ipv4_route "$INTERNAL_IP4_NETADDR" "$INTERNAL_IP4_NETMASKLEN" - fi - - # If the netmask is provided, it contains the address _and_ netmask - if [ -n "$INTERNAL_IP6_ADDRESS" ] && [ -z "$INTERNAL_IP6_NETMASK" ]; then - INTERNAL_IP6_NETMASK="$INTERNAL_IP6_ADDRESS/128" - fi - - if [ -n "$INTERNAL_IP6_NETMASK" ]; then - addr="${INTERNAL_IP6_NETMASK%%/*}" - mask="${INTERNAL_IP6_NETMASK##*/}" - [[ "$addr" != "$mask" ]] && proto_add_ipv6_address "$addr" "$mask" - fi - - [ -n "$INTERNAL_IP4_DNS" ] && proto_add_dns_server "$INTERNAL_IP4_DNS" - [ -n "$CISCO_DEF_DOMAIN" ] && proto_add_dns_search "$CISCO_DEF_DOMAIN" - - if [ -n "$CISCO_SPLIT_INC" ]; then - i=0 - while [ $i -lt $CISCO_SPLIT_INC ] ; do - eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}" - eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}" - eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}" - if [ $NETWORK != "0.0.0.0" ]; then - proto_add_ipv4_route "$NETWORK" "$NETMASKLEN" - else - proto_add_ipv4_route "0.0.0.0" 0 - fi - i=$(($i + 1)) - done - elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then - proto_add_ipv4_route "0.0.0.0" 0 - fi - if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then - i=0 - while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do - eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}" - eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}" - if [ $NETMASKLEN -lt 128 ]; then - proto_add_ipv6_route "$NETWORK" "$NETMASKLEN" - else - proto_add_ipv6_route "::0" 0 - fi - i=$(($i + 1)) - done - elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then - proto_add_ipv6_route "::0" 0 - fi - proto_send_update "$INTERFACE" -} - -do_disconnect() { - proto_init_update "$TUNDEV" 0 - proto_send_update "$INTERFACE" -} - -#### Main - -if [ -z "$reason" ]; then - echo "this script must be called from vpnc" 1>&2 - exit 1 -fi -if [ -z "$INTERFACE" ]; then - echo "this script must be called for an active interface" - exit 1 -fi - -. /lib/netifd/netifd-proto.sh - -case "$reason" in - pre-init) - ;; - connect) - do_connect - ;; - disconnect) - do_disconnect - ;; - reconnect) - ;; - *) - echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2 - exit 1 - ;; -esac - -exit 0