diff options
| author | Daniel Dickinson <openwrt@daniel.thecshore.com> | 2016-03-12 20:23:46 -0500 |
|---|---|---|
| committer | Daniel Dickinson <openwrt@daniel.thecshore.com> | 2016-03-23 02:06:34 -0400 |
| commit | a25514e9ade2d0af3f7260c2eb7e89a984f90c5e (patch) | |
| tree | 2f6b5fd2e5c36baea1c26673b48e05f2927a0f6c /net/vpnc | |
| parent | bff22d5831457fed11ec53ef644a53cb6f3f58ba (diff) | |
net/vpnc: Add option to prevent retry on authentication failure
On some systems too many retries with authentication failure results
in IP or username being locked out, so add option to prevent retries
in the event of authentication failure
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Diffstat (limited to 'net/vpnc')
| -rw-r--r-- | net/vpnc/Makefile | 2 | ||||
| -rwxr-xr-x | net/vpnc/files/vpnc.sh | 14 |
2 files changed, 14 insertions, 2 deletions
diff --git a/net/vpnc/Makefile b/net/vpnc/Makefile index c6bcdf38c..147bca93f 100644 --- a/net/vpnc/Makefile +++ b/net/vpnc/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vpnc PKG_REV:=550 PKG_VERSION:=0.5.3.r$(PKG_REV) -PKG_RELEASE:=4 +PKG_RELEASE:=5 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://svn.unix-ag.uni-kl.de/vpnc/trunk/ diff --git a/net/vpnc/files/vpnc.sh b/net/vpnc/files/vpnc.sh index c408d78ae..971b823b8 100755 --- a/net/vpnc/files/vpnc.sh +++ b/net/vpnc/files/vpnc.sh @@ -28,6 +28,7 @@ proto_vpnc_init_config() { proto_config_add_int "dpd_idle" proto_config_add_string "auth_mode" proto_config_add_string "target_network" + proto_config_add_boolean "authfail" no_device=1 available=1 } @@ -35,7 +36,7 @@ proto_vpnc_init_config() { proto_vpnc_setup() { local config="$1" - json_get_vars server username hexpasswd authgroup password token_mode token_secret interface passgroup hexpassgroup domain vendor natt_mode dh_group pfs enable_single_des enable_no_enc mtu local_addr local_port udp_port dpd_idle auth_mode target_network + json_get_vars server username hexpasswd authgroup password token_mode token_secret interface passgroup hexpassgroup domain vendor natt_mode dh_group pfs enable_single_des enable_no_enc mtu local_addr local_port udp_port dpd_idle auth_mode target_network authfail grep -q tun /proc/modules || insmod tun @@ -90,6 +91,17 @@ proto_vpnc_teardown() { pwfile="/var/etc/vpnc-$config.conf" + json_get_var authfail authfail + # On error exit (vpnc only has success = 0 and error = 1, so + # we can't be fine-grained and say only auth error) + # and authfail setting true, then don't retry starting vpnc + # This is used for the case were the server blocks repeated + # failed authentication attempts (which will occur if the password + # is wrong, for example). + if [ ${ERROR:-0} -gt 0 ] && [ "${authfail:-0}" -gt 0 ]; then + proto_block_restart "$config" + fi + rm -f $pwfile logger -t vpnc "bringing down vpnc" proto_kill_command "$config" 2 |