It would be nice to have support to execute scripts when establishing or destroying a vpn connected. E.g. I'd like to restore the default route after establishing the vpn connection, as only relevant traffic should be routed over the tunnel. Example scripts executed as shown in the attached patch von /etc/init.d/vpnc would be (given that the init script is called vpnc.mynetwork): mynetwork-preup.sh: #!/bin/sh route -n | grep -E '^0.0.0.0 ' | cut -c 17-32 >/var/tmp/defaultgw mynetwork-postup.sh: #!/bin/sh route del -net 0.0.0.0 netmask 0.0.0.0 dev tun1 route add default gw $(cat /var/tmp/defaultgw) route add -net 123.123.0.0 netmask 255.255.0.0 dev tun1 The patch is quite simple and should disturbe existing setups (except for return codes as $?, please check). Reproducible: Always Steps to Reproduce:
Created attachment 139631 [details, diff] Patch for /etc/init.d/vpnc or net-misc/vpnc/files/vpnc-1.init This patch inserts shell code to execute scripts before/after establishing/destroying a vpn connection. The scripts' names depend on the connection name (as given by the init script's name). The scripts location is /etc/vpnc/scripts.d
This looks like an ideal addition...I will add it after some local testing.
Thomas, if you are bored you can start writing an extension of http://www.gentoo.org/doc/en/vpnc-howto.xml to document your change. Simply attach a patch here.
A note about your patch: 1) Bash is not allowed in initscripts to be able to be compatible to other shells (POSIX is the standard). 2) You forgot to define PREDOWNSCRIPT Nevertheless, works fine here.
I noticed that there has been some documentation added to Gentoo's vpnc documentation regarding my pre/post scripts. I wrote some more text describing an example how to used these scripts. Can someone proof-read my text and add it to the documentation (maybe below the table in subsection "Start vpnc on boot"), please? --8<----8<----8<----8<----8<----8<----8<----8<----8<----8<-- <p> These custom-made scripts can be used to setup a user-defined routing for the vpnc connection. The examples below show how to setup the routing table so that only connections to 123.234.x.x are routed over the VPN and all other connections use the default gateway. The example uses work-preup.sh to save the current default gateway before starting vpnc (which resets the default gateway using the VPN connection). Once vpnc has been started, work-postup.sh deletes this new default gateway, restores the old default gateway and sets the route for all connections to 123.234.x.x to use the vpnc connection. </p> <pre caption="/etc/vpnc/scripts.d/work-preup.sh"> #!/bin/sh route -n | grep -E '^0.0.0.0 ' | cut -c 17-32 >/var/tmp/defaultgw </pre> <pre caption="/etc/vpnc/scripts.d/work-postup.sh"> #!/bin/sh route del -net 0.0.0.0 netmask 0.0.0.0 dev tun1 route add default gw $(cat /var/tmp/defaultgw) route add -net 123.234.0.0 netmask 255.255.0.0 dev tun1 </pre> <p> The example scripts assume that the vpnc connection uses tun1 as tun device. You can set the device name in the connection's configuration file. </p> <pre caption="/etc/vpnc/work.conf"> Interface name tun1 IPSec gateway vpn.mywork.com Pidfile /var/run/vpnc.work.pid </pre>
(In reply to comment #5) > I noticed that there has been some documentation added to Gentoo's vpnc > documentation regarding my pre/post scripts. I wrote some more text describing > an example how to used these scripts. Great. > Can someone proof-read my text and add it to the documentation (maybe below the > table in subsection "Start vpnc on boot"), please? This is always done by the doc team, so you could open a bug with your patch attached, they would take care of it. The text looks good, by the way and I will prepare a patch and submit it to your documentation maintainers.
Documentation change requested with patch in bug 205738, thanks.
