diff options
Diffstat (limited to 'net-vpn/openconnect/files')
-rw-r--r-- | net-vpn/openconnect/files/README.OpenRC | 25 | ||||
-rw-r--r-- | net-vpn/openconnect/files/openconnect.conf.in | 2 | ||||
-rw-r--r-- | net-vpn/openconnect/files/openconnect.confd | 6 | ||||
-rw-r--r-- | net-vpn/openconnect/files/openconnect.initd | 28 | ||||
-rw-r--r-- | net-vpn/openconnect/files/openconnect.initd.8.10 | 105 |
5 files changed, 39 insertions, 127 deletions
diff --git a/net-vpn/openconnect/files/README.OpenRC b/net-vpn/openconnect/files/README.OpenRC index baa617d94eaa..488533e87e31 100644 --- a/net-vpn/openconnect/files/README.OpenRC +++ b/net-vpn/openconnect/files/README.OpenRC @@ -1,30 +1,13 @@ -The service script for openconnect supports multiple vpn tunnels. +The service script for openconnect supports multiple VPN tunnels. -You need to create a symbolic link to /etc/init.d/openconnect in +To enable this, create a symbolic link to /etc/init.d/openconnect in /etc/init.d for each tunnel instead of calling it directly: ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 -Also, create a configuration file for the tunnel in /etc/openconnect. To -follow this example, the configuration file would be called -/etc/openconnect/vpn0.conf. See man openconnect for the options that can -go in this file. +To define per-VPN settings, copy /etc/conf.d/openconnect to +openconnect.vpn0. You can then start the vpn tunnel like this: rc-service openconnect.vpn0 start - -If you would like to run preup, postup, predown, and/or postdown scripts, -You need to create a directory in /etc/openconnect with the name of the vpn: - -mkdir /etc/openconnect/vpn0 - -Then add executable shell files: - -mkdir /etc/openconnect/vpn0 -cd /etc/openconnect/vpn0 -echo '#!/bin/sh' > preup.sh -cp preup.sh predown.sh -cp preup.sh postup.sh -cp preup.sh postdown.sh -chmod 755 /etc/openconnect/vpn0/* diff --git a/net-vpn/openconnect/files/openconnect.conf.in b/net-vpn/openconnect/files/openconnect.conf.in index 53b14e61378e..7e44f569c0c4 100644 --- a/net-vpn/openconnect/files/openconnect.conf.in +++ b/net-vpn/openconnect/files/openconnect.conf.in @@ -23,4 +23,4 @@ server_vpn0="vpn.server.tld" password_vpn0="YOUR_PASSWORD" # Any OPENCONNECT options my go here (see openconnect --help) -vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME --script=/etc/openconnect/openconnect.sh" +vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME" diff --git a/net-vpn/openconnect/files/openconnect.confd b/net-vpn/openconnect/files/openconnect.confd new file mode 100644 index 000000000000..5c00518a6937 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.confd @@ -0,0 +1,6 @@ +# Arguments to pass to openconnect +#command_args="--authgroup AUTHGROUP --user USER SERVERNAME" + +# For non-interactive use, set either password or password_file +#password="PASSWORD" +#password_file="/etc/openconnect/vpn0.password" diff --git a/net-vpn/openconnect/files/openconnect.initd b/net-vpn/openconnect/files/openconnect.initd new file mode 100644 index 000000000000..69f9999f6ad9 --- /dev/null +++ b/net-vpn/openconnect/files/openconnect.initd @@ -0,0 +1,28 @@ +#!/sbin/openrc-run +# Copyright 2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +vpn=${RC_SVCNAME#*.} +command="/usr/sbin/openconnect" +pidfile="/run/openconnect/${vpn}.pid" +command_args="--syslog ${command_args}" +command_args_background="--background --pid-file \"${pidfile}\"" +stopsig="SIGINT" + +start_pre() { + checkpath -d /run/openconnect +} + +start() { + if [ -n "${password}" ]; then + command_args="${command_args} --passwd-on-stdin" + default_start <<EOF +${password} +EOF + elif [ -n "${password_file}" ]; then + command_args="${command_args} --passwd-on-stdin" + default_start <"${password_file}" + else + default_start + fi +} diff --git a/net-vpn/openconnect/files/openconnect.initd.8.10 b/net-vpn/openconnect/files/openconnect.initd.8.10 deleted file mode 100644 index 020eeb91aa16..000000000000 --- a/net-vpn/openconnect/files/openconnect.initd.8.10 +++ /dev/null @@ -1,105 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -VPN="${RC_SVCNAME#*.}" -VPNCONF=/etc/openconnect/${VPN}.conf -VPNDIR="/etc/openconnect/${VPN}" -VPNLOG="/var/log/openconnect/${VPN}" -VPNLOGFILE="${VPNLOG}/openconnect.log" -VPNERRFILE="${VPNLOG}/openconnect.err" - -command="/usr/sbin/openconnect" -name="OpenConnect: ${VPN}" -pidfile="/run/openconnect/${VPN}.pid" -stopsig="SIGINT" - -depend() { - before netmount -} - -checkconfig() { - if [ $VPN = "openconnect" ]; then - eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:" - eerror - eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0" - eerror - eerror "And then call it instead:" - eerror - eerror "/etc/init.d/openconnect.vpn0 start" - return 1 - fi - if [ ! -f "${VPNCONF}" ]; then - ewarn "The configuration file for ${VPN} does not exist." - ewarn "Please create ${VPNCONF}" - ewarn "This will become a fatal error in a future release." - fi - local server vpnopts password - eval server=\$server_${VPN} - eval vpnopts=\$vpnopts_${VPN} - eval password=\$password_${VPN} - if [ -n "$server" ] || [ -n "$vpnopts" ] || [ -n "password" ]; then - ewarn "server_${VPN}, vpnopts${VPN} and password_${VPN} are deprecated" - ewarn"Please move them to the appropriate settings in ${VPNCONF}" - ewarn "They will be ignored in the future." - fi - return 0 -} - -checktuntap() { - if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then - if ! modprobe tun ; then - eerror "TUN/TAP support is not available in this kernel" - return 1 - fi - fi -} - -run_hook() { - if [ -x "$1" ]; then - "$@" - fi -} - -start_pre() { - checkconfig || return - checktuntap || return - checkpath -d "${VPNLOG}" || return - checkpath -d /run/openconnect || return - run_hook "${VPNDIR}/preup.sh" -} - -start() { - local server vpnopts password - eval server=\$server_${VPN} - eval vpnopts=\$vpnopts_${VPN} - eval password=\$password_${VPN} - - ebegin "Starting ${name}" - start-stop-daemon --start --exec "${command}" -- \ - --background \ - --config="${VPNCONF:-/dev/null}" \ - --interface="${VPN}" \ - --pid-file="${pidfile}" \ - ${vpnopts} \ - "${server}" \ - >> "${VPNLOGFILE}" \ - 2>> "${VPNERRFILE}" \ - <<EOF -${password} -EOF - eend $? -} - -start_post() { - run_hook "${VPNDIR}/postup.sh" -} - -stop_pre() { - checkconfig || return - run_hook "${VPNDIR}/predown.sh" -} - -stop_post() { - run_hook "${VPNDIR}/postdown.sh" -} |