aboutsummaryrefslogtreecommitdiff
path: root/net/openconnect/files
Commit message (Collapse)AuthorAge
* openconnect: make host dependency more resilientNikos Mavrogiannopoulos2024-02-16
| | | | | | | | | Retry when resolveip fails as it seems to be causing issues on startup depending on various unpredictable parameters. Resolves: #23185 Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
* openconnect: add support for option --pfsVladislav Grigoryev2023-10-14
| | | | | | | Add support for the OpenConnect option `--pfs`. Designed to require perfect forward secrecy. Signed-off-by: Vladislav Grigoryev <vg.aetera@gmail.com>
* openconnect: Allow reconnect timeout to be specifiedMichael Brown2022-08-07
| | | | Signed-off-by: Michael Brown <mbrown@fensystems.co.uk>
* openconnect: Support use of a proxy serverMichael Brown2022-08-07
| | | | | | | Allow connection via a proxy server (required on some sites where direct outbound HTTP(S) access is not permitted). Signed-off-by: Michael Brown <mbrown@fensystems.co.uk>
* openconnect: make the host dependency optionalRui Salvaterra2022-06-01
| | | | | | | | According to David Woodhouse, OpenConnect has no issues reconnecting on any interface. Make the host dependency optional, as it can cause issues in multiple WAN scenarios. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* openconnect: avoid using the --juniper switchRui Salvaterra2022-06-01
| | | | | | | | | | The --juniper switch has been deprecated in favour of --protocol=nc. Fix the proto script thusly, while keeping compatibility with existing configurations. Note that, as far as UCI is concerned, if both options juniper and vpn_protocol are specified, the latter takes precedence. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* openconnect: fix inclusion of netifd proto scriptsRui Salvaterra2022-06-01
| | | | | | This is the preferred way, according to the wiki. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* Revert "openconnect: drop the dependency on resolveip"Rui Salvaterra2022-06-01
| | | | | | | | | Using resolveip is more robust and predictable than depending on nslookup and awk. This reverts commit 131ec7b3bd6895aa3f86f57169dd23c15f174fe2. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* openconnect: don't bother loading the tun moduleRui Salvaterra2022-05-23
| | | | | | If it exists (if it isn't built-in), it will be loaded automatically at boot. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* openconnect: drop the dependency on resolveipRui Salvaterra2022-05-23
| | | | | | We have nslookup and awk, let's use them. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* openconnect: Fix secondary password script overwriting primaryFrederick Morlock2021-01-01
| | | | | | When specifying a secondary password script, the output should be appended to the temporary password file and shouldn't overwrite it. If you refer to the case where there is a static secondary password, you can see that the secondary password is appended. Without this fix, only the secondary password is passed to the `openconnect` session. Signed-off-by: Frederick Morlock <FrederickGeek8@gmail.com>
* openconnect: allow specify --protocol from configMengyang Li2020-10-25
| | | | | | | | | | | | | | | openconnect v8.10 supports 4 VPN protocols --protocol=anyconnect Compatible with Cisco AnyConnect SSL VPN, as well as ocserv (default) --protocol=nc Compatible with Juniper Network Connect --protocol=gp Compatible with Palo Alto Networks (PAN) GlobalProtect SSL VPN --protocol=pulse Compatible with Pulse Connect Secure SSL VPN This patch allows user to specify protocol use the new "vpn_protocol" option and deprecate the old option "juniper" which seems to be missing in the current openconnect client. Signed-off-by: Mengyang Li <mayli.he@gmail.com>
* openconnect: allow disable dtls with bool option no_dtlsYousong Zhou2020-08-27
| | | | | | | | | | openconnect may emit following error logs every minute when negotiating with deployments forbidding usage of dtls Thu Aug 27 04:11:59 2020 daemon.notice openconnect[12024]: DTLS handshake failed: Error in the push function. Thu Aug 27 04:11:59 2020 daemon.notice openconnect[12024]: (Is a firewall preventing you from sending UDP packets?) Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openconnect: break each var into its own line in orderYousong Zhou2020-08-27
| | | | | | For easier review Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openconnect: Allow to set `usergroup` option in OpenConnectMarco Gulino2020-04-29
| | | | | | Just adding the extra option `-g|--usergroup <group>` (required by the VPN server I'm currently using) Signed-off-by: Marco Gulino <marco@gulinux.net>
* openconnect: preserve whitespace in argumentsJo-Philipp Wich2020-02-03
| | | | | | | | | Properly quote arguments when assembling the command line and eval the proto_run_command() invocation in order to prevent the shell from improperly splitting the command arguments on $IFS. Fixes: #10137 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* openconnect: allow specifying form_entry listYousong Zhou2019-09-21
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openconnect: support reading password from scriptGavin Ni2017-12-04
| | | | | | | | | "token_mode" add support for "script", which execute "token_script" to get the password. Some token is not supported by OpenConnect natively, e.g. "MobilePass" or "Softoken II" used in Cisco VPN Signed-off-by: Gavin Ni <gisngy@gmail.com> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openconnect: re-introduce config: interfaceGavin Ni2017-11-22
| | | | | In some cases, it's useful to specify which interface to establish the VPN connection Signed-off-by: Gavin Ni <gisngy@gmail.com>
* openconnect: add options to support juniperVladimir Berezhnoy2017-11-20
| | | | Signed-off-by: Vladimir Berezhnoy <non7top@gmail.com>
* openconnect: openconnect-wrapper: rewriteYousong Zhou2017-06-19
| | | | | | | | | | | | | | | | | | | - use exec directly to eliminate a level in the process tree - use "$@" instead of "$*" to pass arguments to openconnect According to openconnect(8), openconnect will call vpnc-script to cleanup before quit when it received SIGINT(2) and will quit immediately when it received SIGTERM (the default signal by kill command) Before and after the change, openconnect process will be killed first with SIGINT sent from netifd. This was decided by the 'proto_kill_command "$config" 2' notify call in the proto script. SIGKILL is the only other signal that can be sent from netifd when the process did not quit on SIGINT on time. There should be no need to trap on signal 1 3 6 9 (HUP QUIT ABRT KILL) Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openconnect: new option mtuYousong Zhou2017-06-18
| | | | | | | | | | | According to openconnect --help output: -m, --mtu=MTU Request MTU from server --base-mtu=MTU Indicate path MTU to/from server Fixes #2099 by allowing setting tunnel mtu Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openconnect: drop stale config: interfaceYousong Zhou2017-06-18
| | | | | | | | It was introduced with 41f8d5465 ("openconnect: fix a couple of minor things and add an interface option") and not needed since 4083de9d7 ("openconnect: use proto_add_host_dependency") Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* openconnect: use proto_add_host_dependencyNikos Mavrogiannopoulos2016-05-22
| | | | | | | This ensures that a direct route to the connected host is added by netifd. Resolves #2548
* openconnect: disabled the resolving code from ppp in netifd scriptNikos Mavrogiannopoulos2015-08-26
| | | | | | | That code was causing netifd disabling openconnect with no way to restart it. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: corrected call to proto_add_host_dependencyNikos Mavrogiannopoulos2015-07-07
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: allow processing multiple passwords from stdinNikos Mavrogiannopoulos2015-06-20
| | | | | | Resolves #1419 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: allow specifying a custom CSD wrapper scriptFlorian Fainelli2015-04-04
| | | | | | | | Some VPN servers might be configured in a way that a CSD wrapper script is mandatory to complete the authentication process, allow that to be specified for openconnect. Signed-off-by: Florian Fainelli <florian@openwrt.org>
* openconnect: allow specifying "os"Florian Fainelli2015-04-04
| | | | | | | Some servers might be implementing ACLs based on the value specified by openconnect for "os", allow that to be configured. Signed-off-by: Florian Fainelli <florian@openwrt.org>
* openconnect: backup hook scripts as wellNikos Mavrogiannopoulos2015-02-17
| | | | | | Resolves #882 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: fix a couple of minor things and add an interface optionDaniel Gimpelevich2015-02-06
| | | | Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* openconnect: separate out vpnc-scriptsDaniel Gimpelevich2015-02-06
| | | | Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
* openconnect: use openconnect.upgrade to save configured filesNikos Mavrogiannopoulos2015-01-19
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Revert "openconnect: move certificate files to config/ to add graceful upgrade"Nikos Mavrogiannopoulos2015-01-19
| | | | This reverts commit b53e5bfe875d673fc8a57a4766d7af6fc1b3e074.
* Revert "openconnect: cmdline parameter for CA not moved"Nikos Mavrogiannopoulos2015-01-19
| | | | This reverts commit fa8f5479458ee5163c9907ee3e92d8bd6b62389b.
* openconnect: cmdline parameter for CA not movedJasper2015-01-16
| | | The location for the server CA file was moved in b53e5bfe875d673fc8a57a4766d7af6fc1b3e074, but the corresponding command line option for opeconnect not updated.
* openconnect: automatically enable rebind for DNS servers sent by VPN serverNikos Mavrogiannopoulos2015-01-10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: move certificate files to config/ to add graceful upgradeNikos Mavrogiannopoulos2015-01-10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: register split-dns to dnsmasqNikos Mavrogiannopoulos2015-01-10
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: Restore support for vpnc-script hooksMatthew Sykes2014-12-20
| | | | | | | | * Restore hooks support from vpnc-script * Use consistent style for tests and blocks in openconnect.sh * Cleanup code that writes banner to syslog Signed-off-by: Matthew Sykes <matthew.sykes@gmail.com>
* openconnect: add an option to support stokenFlorian Fainelli2014-12-07
| | | | | | | | | Add a new build configuration option for openconnect and let it link against libstoken if instructed to. Two new uci configuration variables are introduced: "token_mode" and "token_secret" to allow openconnect to use those. Signed-off-by: Florian Fainelli <florian@openwrt.org>
* openconnect: simplified cmdline appendingNikos Mavrogiannopoulos2014-12-05
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: when serverhash or cafile are present, set --no-system-trustNikos Mavrogiannopoulos2014-11-29
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: use SIGINT to bring down openconnectNikos Mavrogiannopoulos2014-10-28
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: forward SIGINT to appNikos Mavrogiannopoulos2014-10-28
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: increased the timeout value for retryingNikos Mavrogiannopoulos2014-09-28
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: openconnect-wrapper would trap signals and send the correct one ↵Nikos Mavrogiannopoulos2014-09-01
| | | | | | to server Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: set config variable on teardown and correctly pass the passwordNikos Mavrogiannopoulos2014-09-01
| | | | | | This addresses https://dev.openwrt.org/ticket/16634 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: corrected typoNikos Mavrogiannopoulos2014-07-06
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* openconnect: increase timeout time on resolving error and use the IPs for ↵Nikos Mavrogiannopoulos2014-07-01
| | | | | | proto_add_host_dependency Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Powered by cgit, Themed by Ted Yin.