Fix typo inside comment

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add IPv6 new variables to comment header

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Reuse function and value for default GW

Remove duplicated code to get default GW and
use existing get_default_gw().

Reuse default GW value just obtained, don't
call get_default_gw() twice.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

No need to add link-local address on Solaris.

Revert commit 9e277b5e64315aa3e1a2f2472e9c2d55f9b0f788. Now that we plumb
the interface from openconnect instead of with ifconfig from vpnc-script,
the issues with link-local addresses no longer seem to bother us.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

vpnc-script: fix for Suse pre 11.1

To handle /etc/resolv.conf file, Suse Linux pre 11.1
uses /sbin/modify_resolvconf script.
The same parameter "-s <service>" have to be passed
to modify_resolvconf on both "modify" and "restore".

Original vpnc-script.in from vpnc project runs:
  /sbin/modify_resolvconf modify -s $SCRIPTNAME ...
  /sbin/modify_resolvconf restore -s vpnc  ...
with $SCRIPTNAME=="vpnc".

In this repository, vpnc-script.in has been converted
to vpnc-script. Doing this, the value $SCRIPTNAME has
changed from "vpnc" to "vpnc-script".
This breaks the "restore" and left /etc/resolv.conf
modified for the (already closed) VPN tunnel.

Replace "-s $SCRIPTNAME" with fixed value "-s vpnc".

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Do not plumb interface for IPv6 on Solaris. The VPN client should do that.

... and does, as of openconnect commit c77af62db. (vpnc doesn't do IPv6 yet)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Manually assign link-local IPv6 addresses on Solaris

Solaris 11 *really* wants the interface to have a link-local address, and
doesn't add one automatically.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix stderr redirection for 'which ip' output

We really want to redirect stderr from 'which'; not from 'grep'.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Tidy up IPv6 address/netmask handling a little, fix netmask handling on *BSD.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove dest_address from IPv6 ifconfig for all but Solaris

This makes OpenBSD unhappy, and it looks like OpenVPN *only* does it on
Solaris.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add restorecon calls for /var/run/vpnc and /dev/net/tun (Red Hat bug #731382)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix calculation of MTU. Bash doesn't like numbers in quotes.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix MTU calculation (Red Hat bug #693235)

Newer iproute doesn't give the mtu in 'ip route get' output, so get the
device and then get the device's MTU (which theoretically could be
different to the route MTU but this is good enough for now).

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Merge branch 'vpnc-script' of git://github.com/falconindy/vpnc-scripts

Be more robust with unknown 'ip route get' output.

Make it opt-in, not opt-out for unknown options.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

vpnc-script: use iproute to create ptp link if possible

This should make net-tools completely optional on Linux.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>

vpnc-script: prevent negative MTU

We can't be sure that the route shown by 'ip route get' will return
anything. Restructure the logic to only perform the subtraction if it
does. Otherwise, fall back to the default 1412.

Signed-off-by: Dave Reisner <dreisner@archlinux.org>

Cope with new kernel/iproute including ipid in route list

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Set route to VPN gateway before configuring tunnel

In some circumstances (with $VPNGATEWAY being inside of
$INTERNAL_IP4_ADDRESS/$INTERNAL_IP4_NETMASK, for example when the netmask
was set incorrectly) the hostroute to $VPNGATEWAY pointed to the
tunnel device, creating a routing recursion.

Set the host route before configuring the tun interface to fix this.

Signed-off-by: Bernhard Schmidt <berni@birkenwald.de>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Only remove IPv6 default route if we had IPv6

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix up FreeBSD support

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add IPv6 support for Solaris (and maybe BSD)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

no grep -q on solaris

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Handle IPv6 nameservers (in $INTERNAL_IP4_DNS variable)

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Handle IPv6 routes

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Set IPv6 address on interface; no routes yet

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Fix MTU when no default route

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525389

Patch from Jonathan Miner

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Make basic vpnc-script work with Solaris

Add -interface flag when adding routes, specify gateway for default
route when deleting it.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add pTRTd script for NAT-PT address to VPN

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add netunshare

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

set up dnsmasq in netns

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Add ssh-inside-vpn-namespace script

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Remove the substitution in vpnc-script, to remove the need for vpnc-script.in

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

Import vpnc-script from vpnc

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>