6 proto_vpnc_init_config
() {
7 proto_config_add_string
"server"
8 proto_config_add_string
"username"
9 proto_config_add_string
"hexpasswd"
10 proto_config_add_string
"authgroup"
11 proto_config_add_string
"password"
12 proto_config_add_string
"token_mode"
13 proto_config_add_string
"token_secret"
14 proto_config_add_string
"interface"
15 proto_config_add_string
"passgroup"
16 proto_config_add_string
"hexpassgroup"
17 proto_config_add_string
"domain"
18 proto_config_add_string
"vendor"
19 proto_config_add_string
"natt_mode"
20 proto_config_add_string
"dh_group"
21 proto_config_add_string
"pfs"
22 proto_config_add_boolean
"enable_single_des"
23 proto_config_add_boolean
"enable_no_enc"
24 proto_config_add_int
"mtu"
25 proto_config_add_string
"local_addr"
26 proto_config_add_int
"local_port"
27 proto_config_add_int
"udp_port"
28 proto_config_add_int
"dpd_idle"
29 proto_config_add_string
"auth_mode"
30 proto_config_add_string
"target_network"
31 proto_config_add_boolean
"authfail"
39 json_get_vars server username hexpasswd authgroup password token_mode token_secret interface passgroup hexpassgroup domain vendor natt_mode dh_group pfs enable_single_des enable_no_enc mtu local_addr local_port udp_port dpd_idle auth_mode target_network authfail
41 grep -q tun
/proc
/modules || insmod tun
43 logger
-t vpnc
"initializing..."
45 for ip
in $
(resolveip
-t 10 "$server"); do
46 ( proto_add_host_dependency
"$config" "$ip" $interface )
49 [ -n "$serv_addr" ] ||
{
50 logger
-t vpnc
"Could not resolve server address: '$server'"
52 proto_setup_failed
"$config"
58 pwfile
="/var/etc/vpnc-$config.conf"
59 echo "IPSec gateway $server" > "$pwfile"
60 cmdline
="--no-detach --pid-file /var/run/vpnc-$config.pid --ifname vpn-$config --non-inter --script /lib/netifd/vpnc-script $pwfile"
62 [ -f /etc
/vpnc
/ca-vpn-
$config.pem
] && echo "CA-File /etc/vpnc/ca-vpn-$config.pem" >> "$pwfile"
63 [ -n "$hexpasswd" ] && echo "Xauth obfuscated password $hexpasswd" >> "$pwfile"
64 [ -n "$authgroup" ] && echo "IPSec ID $authgroup" >> "$pwfile"
65 [ -n "$username" ] && echo "Xauth username $username" >> "$pwfile"
66 [ -n "$password" ] && echo "Xauth password $password" >> "$pwfile"
67 [ -n "$passgroup" ] && echo "IPSec secret $passgroup" >> "$pwfile"
68 [ -n "$hexpassgroup" ] && echo "IPSec obfuscated secret $hexpassgroup" >> "$pwfile"
69 [ -n "$domain" ] && echo "Domain $domain" >> "$pwfile"
70 [ -n "$vendor" ] && echo "Vendor $vendor" >> "$pwfile"
71 [ -n "$natt_mode" ] && echo "NAT Traversal Mode $natt_mode" >> "$pwfile"
72 [ -n "$dh_group" ] && echo "IKE DH Group $dh_group" >> "$pwfile"
73 [ -n "$pfs" ] && echo "Perfect Forward Secrecy $pfs" >> "$pwfile"
74 [ "${enable_single_des:-0}" -gt 0 ] && echo "Enable Single DES" >> "$pwfile"
75 [ "${enable_no_enc:-0}" -gt 0 ] && echo "Enable no encryption" >> "$pwfile"
76 [ -n "$mtu" ] && echo "Interface MTU $mtu" >> "$pwfile"
77 [ -n "$local_addr" ] && echo "Local Addr $local_addr" >> "$pwfile"
78 [ -n "$local_port" ] && echo "Local Port $local_port" >> "$pwfile"
79 [ -n "$udp_port" ] && echo "Cisco UDP Encapsulation Port $udp_port" >> "$pwfile"
80 [ -n "$dpd_idle" ] && echo "DPD idle timeout (our side) $dpd_idle" >> "$pwfile"
81 [ -n "$auth_mode" ] && echo "IKE Authmode $auth_mode" >> "$pwfile"
82 [ -n "$target_network" ] && echo "IPSEC target network $target_network" >> "$pwfile"
84 proto_export INTERFACE
="$config"
85 logger
-t vpnc
"executing 'vpnc $cmdline'"
86 proto_run_command
"$config" /usr
/sbin
/vpnc
$cmdline
89 proto_vpnc_teardown
() {
92 pwfile
="/var/etc/vpnc-$config.conf"
94 json_get_var authfail authfail
95 # On error exit (vpnc only has success = 0 and error = 1, so
96 # we can't be fine-grained and say only auth error)
97 # and authfail setting true, then don't retry starting vpnc
98 # This is used for the case were the server blocks repeated
99 # failed authentication attempts (which will occur if the password
100 # is wrong, for example).
101 if [ ${ERROR:-0} -gt 0 ] && [ "${authfail:-0}" -gt 0 ]; then
102 proto_block_restart
"$config"
106 logger
-t vpnc
"bringing down vpnc"
107 proto_kill_command
"$config" 2