#!/bin/sh -x . /etc/functions.sh [ $# = 0 ] && { echo " $0 "; exit; } include /lib/network scan_interfaces config="$1" export OPENWRT_INTERFACE="$config" config_get proto "$config" proto if [ "$proto" != "openconnect" ]; then echo "Interface $config is $proto not openconnect" >&2 exit 1 fi config_get device "$config" device local server config_get server "$config" server local port config_get port "$config" port if [ -n "$port" ]; then args="$server:$port" else args="$server" fi local cookie config_get cookie "$config" cookie [ -n "$cookie" ] && args="$args -C $cookie" local username config_get username "$config" username [ -n "$username" ] && args="$args -u $username" local password config_get password "$password" password /sbin/insmod tun local lock="/var/lock/openconnect-$config" # creating the tunnel below will trigger a net subsystem event # prevent it from touching or iface by disabling .auto here uci_set_state network "$config" ifname $link uci_set_state network "$config" auto 0 local gw="$(find_gw)" [ -n "$gw" ] && { local serv_addrs="" for ip in $(resolveip -4 -t 3 "$server"); do append serv_addrs "$ip" route delete -host "$ip" 2>/dev/null route add -host "$ip" gw "$gw" done uci_toggle_state network "$config" serv_addrs "$serv_addrs" } RECON=$(date +%s) trap "[ -r /var/run/openconnect-$config-oc.pid ] && kill -HUP \$(cat /var/run/openconnect-$config-oc.pid)" SIGHUP while [ "$(uci_get_state network ${config} up)" = "1" ]; do NOW=$(date +%s) if [ $RECON -gt $NOW ]; then DELAY=$(expr $RECON - $NOW) logger -t openconnect "Waiting for $DELAY seconds before reconnecting" sleep $(expr $DELAY) fi # The lock prevents a race condition where /lib/network/openconnect.sh could # send us SIGHUP after we spawn openconnect, but before we store its pid. # Thus leaving it running after we should have killed it. lock $lock echo "$passwd" | /usr/sbin/openconnect $args -i "vpn-$config" \ --no-cert-check --non-inter --passwd-on-stdin --syslog --script /etc/vpnc/vpnc-script & echo $! > /var/run/openconnect-$config-oc.pid lock -u $lock wait $! rm /var/run/openconnect-$config-oc.pid RECON=$(expr $NOW + 60) done