From 64cc6d66a7fb4d6a07838f835f6e048db3fa3fa6 Mon Sep 17 00:00:00 2001 From: Daniel Lenski Date: Mon, 14 Dec 2020 17:40:23 -0800 Subject: [PATCH] *BSDs: get_default_gw needs to EXCLUDE routes through tunnel for attempt-reconnect, but should NOT exclude them otherwise See explanation here: https://gitlab.com/openconnect/vpnc-scripts/-/commit/ecf656700c283267912a7c073bb75e8100064316#note_466648051 Signed-off-by: Daniel Lenski --- vpnc-script | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/vpnc-script b/vpnc-script index 0e20a0f..726f23e 100755 --- a/vpnc-script +++ b/vpnc-script @@ -399,6 +399,10 @@ else # use route command # apperently not... # Get rid of lines containing IPv6 addresses (':') # Get rid of lines for link-local routes (https://superuser.com/a/1067742) + netstat -r -n | awk '/:/ { next; } /link\#/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; }' + } + + get_default_gw_excl_tunnel() { # Get rid of lines containing $TUNDEV (we don't want loopback) netstat -r -n | awk '/:/ { next; } /link\#/ { next; } /[[:space:]]'"$TUNDEV"'([[:space:]]|$)/ { next; } /^(default|0\.0\.0\.0([[:space:]]|\/0))/ { print $2; exit; }' } @@ -414,7 +418,10 @@ else # use route command } set_vpngateway_route_attempt_reconnect() { - set_vpngateway_route + case "$VPNGATEWAY" in + *:*) route add $route_syntax_inet6_host "$VPNGATEWAY" $route_syntax_gw "`get_ipv6_default_gw_excl_tunnel`";; + *) route add -host "$VPNGATEWAY" $route_syntax_gw "`get_default_gw_excl_tunnel`";; + esac } del_vpngateway_route() { @@ -492,6 +499,10 @@ else # use route command netstat -r -n $netstat_syntax_ipv6 | awk '/^(default|::\/0)/ { if ($NF!~/^lo/) { print ($2~/^fe[89ab]/ ? $2"%"$NF : $2); } }' } + get_ipv6_default_gw_excl_tunnel() { + netstat -r -n $netstat_syntax_ipv6 | awk '/^(default|::\/0)/ { if ($NF!~/^lo/ && /$NF!~/'"$TUNDEV"'([[:space:]]|$)/) { print ($2~/^fe[89ab]/ ? $2"%"$NF : $2); } }' + } + set_ipv6_default_route() { DEFAULTGW="`get_ipv6_default_gw`" echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE_IPV6" -- 2.50.1