From: Daniel Lenski <dlenski@gmail.com>
Date: Wed, 31 Mar 2021 23:23:38 +0000 (-0700)
Subject: vpnc-script-win: make VPN addresses/gateways "non-persistent", and delete them on... 
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=3a11fc7c971a28e375cc1fb2defe9d829aed2a4f;p=users%2Fdwmw2%2Fvpnc-scripts.git

vpnc-script-win: make VPN addresses/gateways "non-persistent", and delete them on disconnect

Persisting the state of IPv4 configuration of these interfaces is generally
unhelpful (as with DNS/WINS settings).

Two approaches. We do both:

1. Make the addresses ephemeral ("netsh ... store=active", as opposed to the
   "store=persistent" default). This ensures that the addresses won't last
   past reboot.
2. Delete the addresses upon disconnection.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---

diff --git a/vpnc-script-win.js b/vpnc-script-win.js
index 3b698f6..91a5752 100644
--- a/vpnc-script-win.js
+++ b/vpnc-script-win.js
@@ -88,16 +88,17 @@ case "connect":
 
     if (!env("CISCO_SPLIT_INC") && REDIRECT_GATEWAY_METHOD != 2) {
         // Interface metric must be set to 1 in order to add a route with metric 1 since Windows Vista
-        run("netsh interface ip set interface \"" + env("TUNIDX") + "\" metric=1");
+        run("netsh interface ip set interface \"" + env("TUNIDX") + "\" metric=1 store=active");
     }
 
     if (env("CISCO_SPLIT_INC") || REDIRECT_GATEWAY_METHOD > 0) {
         run("netsh interface ip set address \"" + env("TUNIDX") + "\" static " +
-            env("INTERNAL_IP4_ADDRESS") + " " + env("INTERNAL_IP4_NETMASK"));
+            env("INTERNAL_IP4_ADDRESS") + " " + env("INTERNAL_IP4_NETMASK") + " store=active");
     } else {
         // The default route will be added automatically
         run("netsh interface ip set address \"" + env("TUNIDX") + "\" static " +
-            env("INTERNAL_IP4_ADDRESS") + " " + env("INTERNAL_IP4_NETMASK") + " " + internal_gw + " 1");
+            env("INTERNAL_IP4_ADDRESS") + " " + env("INTERNAL_IP4_NETMASK") + " " + internal_gw +
+            " gwmetric=1 store=active");
     }
 
     // Add direct route for the VPN gateway to avoid routing loops
@@ -201,6 +202,14 @@ case "disconnect":
     // FIXME: handle IPv6 gateway address
     run("route delete " + env("VPNGATEWAY") + " mask 255.255.255.255");
 
+    // Delete address
+    run("netsh interface ipv4 del address " + env("TUNIDX") + " " +
+        env("INTERNAL_IP4_ADDRESS") + " gateway=all");
+    if (env("INTERNAL_IP6_ADDRESS")) {
+        run("netsh interface ipv6 del address " + env("TUNIDX") + " " +
+            env("INTERNAL_IP6_ADDRESS"));
+    }
+
     // Delete Legacy IP split-exclude routes
     if (env("CISCO_SPLIT_EXC")) {
         for (var i = 0 ; i < parseInt(env("CISCO_SPLIT_EXC")); i++) {