Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #* reason -- why this script was called, one of: pre-init connect disconnect
- #* VPNGATEWAY -- vpn gateway address (always present)
- #* TUNDEV -- tunnel device (always present)
- #* INTERNAL_IP4_ADDRESS -- address (always present)
- #* INTERNAL_IP4_NETMASK -- netmask (often unset)
- #* INTERNAL_IP4_NETMASKLEN -- netmask length (often unset)
- #* INTERNAL_IP4_NETADDR -- address of network (only present if netmask is set)
- #* INTERNAL_IP4_DNS -- list of dns serverss
- #* INTERNAL_IP4_NBNS -- list of wins servers
- #* CISCO_DEF_DOMAIN -- default domain name
- #* CISCO_BANNER -- banner from server
- #* CISCO_SPLIT_INC -- number of networks in split-network-list
- #* CISCO_SPLIT_INC_%d_ADDR -- network address
- #* CISCO_SPLIT_INC_%d_MASK -- subnet mask (for example: 255.255.255.0)
- #* CISCO_SPLIT_INC_%d_MASKLEN -- subnet masklen (for example: 24)
- #* CISCO_SPLIT_INC_%d_PROTOCOL -- protocol (often just 0)
- #* CISCO_SPLIT_INC_%d_SPORT -- source port (often just 0)
- #* CISCO_SPLIT_INC_%d_DPORT -- destination port (often just 0)
- # FIXMEs:
- # Section A: route handling
- # 1) The 3 values CISCO_SPLIT_INC_%d_PROTOCOL/SPORT/DPORT are currently being ignored
- # In order to use them, we'll probably need os specific solutions
- # * Linux: iptables -t mangle -I PREROUTING <conditions> -j ROUTE --oif $TUNDEV
- # This would be an *alternative* to changing the routes (and thus 2) and 3)
- # shouldn't be relevant at all)
- # 2) There are two different functions to set routes: generic routes and the
- # default route. Why isn't the defaultroute handled via the generic route case?
- # 3) In the split tunnel case, all routes but the default route might get replaced
- # without getting restored later. We should explicitely check and save them just
- # like the defaultroute
- # 4) Replies to a dhcp-server should never be sent into the tunnel
- # Section B: Split DNS handling
- # 1) Maybe dnsmasq can do something like that
- # 2) Parse dns packets going out via tunnel and redirect them to original dns-server
- #env | sort
- #set -x
- # =========== script (variable) setup ====================================
- PATH=/sbin:/usr/sbin:$PATH
- OS="`uname -s`"
- DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
- RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
- SCRIPTNAME=`basename $0`
- # some systems, eg. Darwin & FreeBSD, prune /var/run on boot
- if [ ! -d "/var/run/vpnc" ]; then
- mkdir -p /var/run/vpnc
- fi
- # stupid SunOS: no blubber in /usr/local/bin ... (on stdout)
- IPROUTE="`which ip | grep '^/' 2> /dev/null`"
- if [ "$OS" = "Linux" ]; then
- ifconfig_syntax_ptp="pointopoint"
- route_syntax_gw="gw"
- route_syntax_del="del"
- route_syntax_netmask="netmask"
- else
- ifconfig_syntax_ptp=""
- route_syntax_gw=""
- route_syntax_del="delete"
- route_syntax_netmask="-netmask"
- fi
- if [ "$OS" = "SunOS" ]; then
- route_syntax_interface="-interface"
- route_syntax_plumb="plumb"
- else
- route_syntax_interface=""
- route_syntax_plumb=""
- fi
- if [ -x /sbin/resolvconf ]; then # Optional tool on Debian, Ubuntu, Gentoo
- MODIFYRESOLVCONF=modify_resolvconf_manager
- RESTORERESOLVCONF=restore_resolvconf_manager
- elif [ -x /sbin/modify_resolvconf ]; then # Mandatory tool on Suse earlier than 11.1
- MODIFYRESOLVCONF=modify_resolvconf_suse
- RESTORERESOLVCONF=restore_resolvconf_suse
- else # Generic for any OS
- MODIFYRESOLVCONF=modify_resolvconf_generic
- RESTORERESOLVCONF=restore_resolvconf_generic
- fi
- # =========== tunnel interface handling ====================================
- do_ifconfig() {
- if [ -n "$INTERNAL_IP4_MTU" ]; then
- MTU=$INTERNAL_IP4_MTU
- elif [ -n "$IPROUTE" ]; then
- MTUDEV=$($IPROUTE route get "$VPNGATEWAY" | sed -ne 's/^.*dev \([a-z0-9]*\).*$/\1/p')
- MTU=$($IPROUTE link show "$MTUDEV" | sed -ne 's/^.*mtu \([[:digit:]]\+\).*$/\1/p')
- if [ -n "$MTU" ]; then
- MTU=$(( $MTU - 88 ))
- fi
- fi
- if [ -z "$MTU" ]; then
- MTU=1412
- fi
- # Point to point interface require a netmask of 255.255.255.255 on some systems
- if [ -n "$IPROUTE" ]; then
- $IPROUTE link set dev "$TUNDEV" up mtu "$MTU"
- $IPROUTE addr add "$INTERNAL_IP4_ADDRESS/255.255.255.255" peer "$INTERNAL_IP4_ADDRESS" dev "$TUNDEV"
- else
- ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" $ifconfig_syntax_ptp "$INTERNAL_IP4_ADDRESS" netmask 255.255.255.255 mtu ${MTU} up
- fi
- if [ -n "$INTERNAL_IP4_NETMASK" ]; then
- set_network_route $INTERNAL_IP4_NETADDR $INTERNAL_IP4_NETMASK $INTERNAL_IP4_NETMASKLEN
- fi
- # If the netmask is provided, it contains the address _and_ netmask
- if [ -n "$IPROUTE" ]; then
- if [ -n "$INTERNAL_IP6_NETMASK" ]; then
- $IPROUTE -6 addr add $INTERNAL_IP6_NETMASK dev $TUNDEV
- elif [ -n "$INTERNAL_IP6_ADDRESS" ]; then
- $IPROUTE -6 addr add $INTERNAL_IP6_ADDRESS/128 dev $TUNDEV
- fi
- else
- if [ -n "$INTERNAL_IP6_ADDRESS" ]; then
- ifconfig "$TUNDEV" inet6 $route_syntax_plumb $INTERNAL_IP6_ADDRESS/128 $ifconfig_syntax_ptp $INTERNAL_IP6_ADDRESS mtu $MTU up
- fi
- fi
- }
- destroy_tun_device() {
- case "$OS" in
- NetBSD|FreeBSD) # and probably others...
- ifconfig "$TUNDEV" destroy
- ;;
- SunOS)
- if [ -n "$INTERNAL_IP6_ADDRESS" ]; then
- ifconfig "$TUNDEV" inet6 unplumb
- fi
- ;;
- esac
- }
- # =========== route handling ====================================
- if [ -n "$IPROUTE" ]; then
- fix_ip_get_output () {
- sed -e 's/ /\n/g' | \
- sed -ne '1p;/via/{N;p};/dev/{N;p};/src/{N;p};/mtu/{N;p}'
- }
- set_vpngateway_route() {
- $IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
- $IPROUTE route flush cache
- }
- del_vpngateway_route() {
- $IPROUTE route $route_syntax_del "$VPNGATEWAY"
- $IPROUTE route flush cache
- }
- set_default_route() {
- $IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
- $IPROUTE route replace default dev "$TUNDEV"
- $IPROUTE route flush cache
- }
- set_network_route() {
- NETWORK="$1"
- NETMASK="$2"
- NETMASKLEN="$3"
- $IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
- $IPROUTE route flush cache
- }
- reset_default_route() {
- if [ -s "$DEFAULT_ROUTE_FILE" ]; then
- $IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
- $IPROUTE route flush cache
- rm -f -- "$DEFAULT_ROUTE_FILE"
- fi
- }
- del_network_route() {
- NETWORK="$1"
- NETMASK="$2"
- NETMASKLEN="$3"
- $IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
- $IPROUTE route flush cache
- }
- set_ipv6_default_route() {
- # We don't save/restore IPv6 default route; just add a higher-priority one.
- $IPROUTE -6 route add default dev "$TUNDEV" metric 1
- $IPROUTE -6 route flush cache
- }
- set_ipv6_network_route() {
- NETWORK="$1"
- NETMASKLEN="$2"
- $IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
- $IPROUTE route flush cache
- }
- reset_ipv6_default_route() {
- $IPROUTE -6 route del default dev "$TUNDEV"
- $IPROUTE route flush cache
- }
- del_ipv6_network_route() {
- NETWORK="$1"
- NETMASKLEN="$2"
- $IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$TUNDEV"
- $IPROUTE -6 route flush cache
- }
- else # use route command
- get_default_gw() {
- # isn't -n supposed to give --numeric output?
- # apperently not...
- # Get rid of lines containing IPv6 addresses (':')
- netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'
- }
- set_vpngateway_route() {
- route add -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw`"
- }
- del_vpngateway_route() {
- vpngw_route=`netstat -r -n | awk '/:/ { next; } /^(default|0\.0\.0\.0)/ { print $2; }'`
- route $route_syntax_del -host "$VPNGATEWAY" $route_syntax_gw "$vpngw_route"
- }
- set_default_route() {
- DEFAULTGW="`get_default_gw`"
- echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE"
- route $route_syntax_del default $route_syntax_gw "`get_default_gw`"
- route add default $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface
- }
- set_network_route() {
- NETWORK="$1"
- NETMASK="$2"
- NETMASKLEN="$3"
- del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
- route add -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS" $route_syntax_interface
- }
- reset_default_route() {
- if [ -s "$DEFAULT_ROUTE_FILE" ]; then
- route $route_syntax_del default $route_syntax_gw "`get_default_gw`" $route_syntax_interface
- route add default $route_syntax_gw `cat "$DEFAULT_ROUTE_FILE"`
- rm -f -- "$DEFAULT_ROUTE_FILE"
- fi
- }
- del_network_route() {
- case "$OS" in
- Linux|NetBSD|Darwin|SunOS) # and probably others...
- # routes are deleted automatically on device shutdown
- return
- ;;
- esac
- NETWORK="$1"
- NETMASK="$2"
- NETMASKLEN="$3"
- route $route_syntax_del -net "$NETWORK" $route_syntax_netmask "$NETMASK" $route_syntax_gw "$INTERNAL_IP4_ADDRESS"
- }
- set_ipv6_default_route() {
- route add -inet6 default "$INTERNAL_IP6_ADDRESS" $route_syntax_interface
- }
- set_ipv6_network_route() {
- NETWORK="$1"
- NETMASK="$2"
- route add -inet6 -net "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS" $route_syntax_interface
- :
- }
- reset_ipv6_default_route() {
- route $route_syntax_del -inet6 default "$INTERNAL_IP6_ADDRESS"
- :
- }
- del_ipv6_network_route() {
- NETWORK="$1"
- NETMASK="$2"
- route $route_syntax_del -inet6 "$NETWORK/$NETMASK" "$INTERNAL_IP6_ADDRESS"
- :
- }
- fi
- # =========== resolv.conf handling ====================================
- # =========== resolv.conf handling for any OS =========================
- modify_resolvconf_generic() {
- grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 || cp -- /etc/resolv.conf "$RESOLV_CONF_BACKUP"
- NEW_RESOLVCONF="#@VPNC_GENERATED@ -- this file is generated by vpnc
- # and will be overwritten by vpnc
- # as long as the above mark is intact"
- # Remember the original value of CISCO_DEF_DOMAIN we need it later
- CISCO_DEF_DOMAIN_ORIG="$CISCO_DEF_DOMAIN"
- # Don't step on INTERNAL_IP4_DNS value, use a temporary variable
- INTERNAL_IP4_DNS_TEMP="$INTERNAL_IP4_DNS"
- exec 6< "$RESOLV_CONF_BACKUP"
- while read LINE <&6 ; do
- case "$LINE" in
- nameserver*)
- if [ -n "$INTERNAL_IP4_DNS_TEMP" ]; then
- read ONE_NAMESERVER INTERNAL_IP4_DNS_TEMP <<-EOF
- $INTERNAL_IP4_DNS_TEMP
- EOF
- LINE="nameserver $ONE_NAMESERVER"
- else
- LINE=""
- fi
- ;;
- search*)
- if [ -n "$CISCO_DEF_DOMAIN" ]; then
- LINE="$LINE $CISCO_DEF_DOMAIN"
- CISCO_DEF_DOMAIN=""
- fi
- ;;
- domain*)
- if [ -n "$CISCO_DEF_DOMAIN" ]; then
- LINE="domain $CISCO_DEF_DOMAIN"
- CISCO_DEF_DOMAIN=""
- fi
- ;;
- esac
- NEW_RESOLVCONF="$NEW_RESOLVCONF
- $LINE"
- done
- exec 6<&-
- for i in $INTERNAL_IP4_DNS_TEMP ; do
- NEW_RESOLVCONF="$NEW_RESOLVCONF
- nameserver $i"
- done
- if [ -n "$CISCO_DEF_DOMAIN" ]; then
- NEW_RESOLVCONF="$NEW_RESOLVCONF
- search $CISCO_DEF_DOMAIN"
- fi
- echo "$NEW_RESOLVCONF" > /etc/resolv.conf
- if [ "$OS" = "Darwin" ]; then
- case "`uname -r`" in
- # Skip for pre-10.4 systems
- 4.*|5.*|6.*|7.*)
- ;;
- # 10.4 and later require use of scutil for DNS to work properly
- *)
- OVERRIDE_PRIMARY=""
- if [ -n "$CISCO_SPLIT_INC" ]; then
- if [ $CISCO_SPLIT_INC -lt 1 ]; then
- # Must override for correct default route
- # Cannot use multiple DNS matching in this case
- OVERRIDE_PRIMARY='d.add OverridePrimary # 1'
- fi
- fi
- # Uncomment the following if/fi pair to use multiple
- # DNS matching when available. When multiple DNS matching
- # is present, anything reading the /etc/resolv.conf file
- # directly will probably not work as intended.
- #if [ -z "$CISCO_DEF_DOMAIN_ORIG" ]; then
- # Cannot use multiple DNS matching without a domain
- OVERRIDE_PRIMARY='d.add OverridePrimary # 1'
- #fi
- scutil >/dev/null 2>&1 <<-EOF
- open
- d.init
- d.add ServerAddresses * $INTERNAL_IP4_DNS
- set State:/Network/Service/$TUNDEV/DNS
- d.init
- # next line overrides the default gateway and breaks split routing
- # d.add Router $INTERNAL_IP4_ADDRESS
- d.add Addresses * $INTERNAL_IP4_ADDRESS
- d.add SubnetMasks * 255.255.255.255
- d.add InterfaceName $TUNDEV
- $OVERRIDE_PRIMARY
- set State:/Network/Service/$TUNDEV/IPv4
- close
- EOF
- if [ -n "$CISCO_DEF_DOMAIN_ORIG" ]; then
- scutil >/dev/null 2>&1 <<-EOF
- open
- get State:/Network/Service/$TUNDEV/DNS
- d.add DomainName $CISCO_DEF_DOMAIN_ORIG
- d.add SearchDomains * $CISCO_DEF_DOMAIN_ORIG
- d.add SupplementalMatchDomains * $CISCO_DEF_DOMAIN_ORIG
- set State:/Network/Service/$TUNDEV/DNS
- close
- EOF
- fi
- ;;
- esac
- fi
- }
- restore_resolvconf_generic() {
- if [ ! -e "$RESOLV_CONF_BACKUP" ]; then
- return
- fi
- grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 && cat "$RESOLV_CONF_BACKUP" > /etc/resolv.conf
- rm -f -- "$RESOLV_CONF_BACKUP"
- if [ "$OS" = "Darwin" ]; then
- case "`uname -r`" in
- # Skip for pre-10.4 systems
- 4.*|5.*|6.*|7.*)
- ;;
- # 10.4 and later require use of scutil for DNS to work properly
- *)
- scutil >/dev/null 2>&1 <<-EOF
- open
- remove State:/Network/Service/$TUNDEV/IPv4
- remove State:/Network/Service/$TUNDEV/DNS
- close
- EOF
- ;;
- esac
- fi
- }
- # === resolv.conf handling via /sbin/modify_resolvconf (Suse) =====================
- # Suse provides a script that modifies resolv.conf. Use it because it will
- # restart/reload all other services that care about it (e.g. lwresd).
- modify_resolvconf_suse()
- {
- FULL_SCRIPTNAME=`readlink -f $0`
- RESOLV_OPTS=''
- test -n "$INTERNAL_IP4_DNS" && RESOLV_OPTS="-n \"$INTERNAL_IP4_DNS\""
- test -n "$CISCO_DEF_DOMAIN" && RESOLV_OPTS="$RESOLV_OPTS -d $CISCO_DEF_DOMAIN"
- test -n "$RESOLV_OPTS" && eval /sbin/modify_resolvconf modify -s $SCRIPTNAME -p $SCRIPTNAME -f $FULL_SCRIPTNAME -e $TUNDEV $RESOLV_OPTS -t \"This file was created by $SCRIPTNAME\"
- }
- # Restore resolv.conf to old contents on Suse
- restore_resolvconf_suse()
- {
- FULL_SCRIPTNAME=`readlink -f $0`
- /sbin/modify_resolvconf restore -s vpnc -p $SCRIPTNAME -f $FULL_SCRIPTNAME -e $TUNDEV
- }
- # === resolv.conf handling via /sbin/resolvconf (Debian, Ubuntu, Gentoo)) =========
- modify_resolvconf_manager() {
- NEW_RESOLVCONF=""
- for i in $INTERNAL_IP4_DNS; do
- NEW_RESOLVCONF="$NEW_RESOLVCONF
- nameserver $i"
- done
- if [ -n "$CISCO_DEF_DOMAIN" ]; then
- NEW_RESOLVCONF="$NEW_RESOLVCONF
- domain $CISCO_DEF_DOMAIN"
- fi
- echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
- }
- restore_resolvconf_manager() {
- /sbin/resolvconf -d $TUNDEV
- }
- # ========= Toplevel state handling =======================================
- kernel_is_2_6_or_above() {
- case `uname -r` in
- 1.*|2.[012345]*)
- return 1
- ;;
- *)
- return 0
- ;;
- esac
- }
- do_pre_init() {
- if [ "$OS" = "Linux" ]; then
- if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
- :
- else # can't open /dev/net/tun
- test -e /proc/sys/kernel/modprobe && `cat /proc/sys/kernel/modprobe` tun 2>/dev/null
- # fix for broken devfs in kernel 2.6.x
- if [ "`readlink /dev/net/tun`" = misc/net/tun \
- -a ! -e /dev/net/misc/net/tun -a -e /dev/misc/net/tun ] ; then
- ln -sf /dev/misc/net/tun /dev/net/tun
- fi
- # make sure tun device exists
- if [ ! -e /dev/net/tun ]; then
- mkdir -p /dev/net
- mknod -m 0640 /dev/net/tun c 10 200
- fi
- # workaround for a possible latency caused by udev, sleep max. 10s
- if kernel_is_2_6_or_above ; then
- for x in `seq 100` ; do
- (exec 6<> /dev/net/tun) > /dev/null 2>&1 && break;
- sleep 0.1
- done
- fi
- fi
- elif [ "$OS" = "FreeBSD" ]; then
- if [ ! -e /dev/tun ]; then
- kldload if_tun
- fi
- elif [ "$OS" = "GNU/kFreeBSD" ]; then
- if [ ! -e /dev/tun ]; then
- kldload if_tun
- fi
- elif [ "$OS" = "NetBSD" ]; then
- :
- elif [ "$OS" = "OpenBSD" ]; then
- :
- elif [ "$OS" = "SunOS" ]; then
- :
- elif [ "$OS" = "Darwin" ]; then
- :
- fi
- }
- do_connect() {
- if [ -n "$CISCO_BANNER" ]; then
- echo "Connect Banner:"
- echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
- echo
- fi
- set_vpngateway_route
- do_ifconfig
- if [ -n "$CISCO_SPLIT_INC" ]; then
- i=0
- while [ $i -lt $CISCO_SPLIT_INC ] ; do
- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
- if [ $NETWORK != "0.0.0.0" ]; then
- set_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
- else
- set_default_route
- fi
- i=`expr $i + 1`
- done
- for i in $INTERNAL_IP4_DNS ; do
- if ! echo "$i" | grep : >/dev/null; then
- set_network_route "$i" "255.255.255.255" "32"
- fi
- done
- elif [ -n "$INTERNAL_IP4_ADDRESS" ]; then
- set_default_route
- fi
- if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
- i=0
- while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
- eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
- eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
- if [ $NETMASKLEN -lt 128 ]; then
- set_ipv6_network_route "$NETWORK" "$NETMASKLEN"
- else
- set_ipv6_default_route
- fi
- i=`expr $i + 1`
- done
- for i in $INTERNAL_IP4_DNS ; do
- if echo "$i" | grep : >/dev/null; then
- set_ipv6_network_route "$i" "128"
- fi
- done
- elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
- set_ipv6_default_route
- fi
- if [ -n "$INTERNAL_IP4_DNS" ]; then
- $MODIFYRESOLVCONF
- fi
- }
- do_disconnect() {
- if [ -n "$CISCO_SPLIT_INC" ]; then
- i=0
- while [ $i -lt $CISCO_SPLIT_INC ] ; do
- eval NETWORK="\${CISCO_SPLIT_INC_${i}_ADDR}"
- eval NETMASK="\${CISCO_SPLIT_INC_${i}_MASK}"
- eval NETMASKLEN="\${CISCO_SPLIT_INC_${i}_MASKLEN}"
- if [ $NETWORK != "0.0.0.0" ]; then
- # FIXME: This doesn't restore previously overwritten
- # routes.
- del_network_route "$NETWORK" "$NETMASK" "$NETMASKLEN"
- else
- reset_default_route
- fi
- i=`expr $i + 1`
- done
- for i in $INTERNAL_IP4_DNS ; do
- del_network_route "$i" "255.255.255.255" "32"
- done
- else
- reset_default_route
- fi
- if [ -n "$CISCO_IPV6_SPLIT_INC" ]; then
- i=0
- while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
- eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
- eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
- if [ $NETMASKLEN -eq 0 ]; then
- reset_ipv6_default_route
- else
- del_ipv6_network_route "$NETWORK" "$NETMASKLEN"
- fi
- i=`expr $i + 1`
- done
- for i in $INTERNAL_IP6_DNS ; do
- del_ipv6_network_route "$i" "128"
- done
- elif [ -n "$INTERNAL_IP6_NETMASK" -o -n "$INTERNAL_IP6_ADDRESS" ]; then
- reset_ipv6_default_route
- fi
- del_vpngateway_route
- if [ -n "$INTERNAL_IP4_DNS" ]; then
- $RESTORERESOLVCONF
- fi
- destroy_tun_device
- }
- #### Main
- if [ -z "$reason" ]; then
- echo "this script must be called from vpnc" 1>&2
- exit 1
- fi
- case "$reason" in
- pre-init)
- do_pre_init
- ;;
- connect)
- do_connect
- ;;
- disconnect)
- do_disconnect
- ;;
- *)
- echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2
- exit 1
- ;;
- esac
- exit 0
Add Comment
Please, Sign In to add comment