gh-mirrors/openwrt-packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2026-01-11 04:04:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

openconnect: move certificate files to config/ to add graceful upgrade

Browse Source 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
This commit is contained in:
Nikos Mavrogiannopoulos
2015-01-10 11:12:33 +01:00
parent 9e75cfeeef
commit b53e5bfe87
2 changed files with 13 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
net/openconnect/README
View File

@@ -14,9 +14,9 @@ config interface 'MYVPN'
option authgroup 'DEFAULT'
The additional files are also used:
/etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
/etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
/etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
/etc/config/openconnect-user-cert-vpn-MYVPN.pem: The user certificate
/etc/config/openconnect-user-key-vpn-MYVPN.pem: The user private key
/etc/config/openconnect-ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
After these are setup you can initiate the VPN using "ifup MYVPN", and
deinitialize it using ifdown. You may also use the luci web interface

13
net/openconnect/files/openconnect.sh
View File

@@ -38,12 +38,19 @@ proto_openconnect_setup() {
cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
[ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
[ -f /etc/openconnect/ca-vpn-$config.pem ] && {
# migrate to new config files
[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && mv "/etc/openconnect/user-cert-vpn-$config.pem" "/etc/config/openconnect-user-cert-vpn-$config.pem"
[ -f /etc/openconnect/user-key-vpn-$config.pem ] && mv "/etc/openconnect/user-key-vpn-$config.pem" "/etc/config/openconnect-user-key-vpn-$config.pem"
[ -f /etc/openconnect/ca-vpn-$config.pem ] && mv "/etc/openconnect/ca-vpn-$config.pem" "/etc/config/openconnect-ca-vpn-$config.pem"
# read new config files
[ -f /etc/config/openconnect-user-cert-vpn-$config.pem ] && append cmdline "-c /etc/config/openconnect-user-cert-vpn-$config.pem"
[ -f /etc/config/openconnect-user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/config/openconnect-user-key-vpn-$config.pem"
[ -f /etc/config/openconnect-ca-vpn-$config.pem ] && {
append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
append cmdline "--no-system-trust"
}
[ -n "$serverhash" ] && {
append cmdline " --servercert=$serverhash"
append cmdline "--no-system-trust"