Re: VPN Support committed

Here's the code snippet from my vpnc-connect that handles the "Target networks"
configuration option.  unfortunately the vpnc application complains about the
configuration option, but it works anyways with the warnings.


networks="$(getvar "${config}" "Target networks")"
if [ -z "$networks" ]; then
    ip route add $(ip route get $VPNGATEWAY | fix_ip_get_output)
    ip route | grep '^default' | fix_ip_get_output > "$defr"
    echo "$VPNGATEWAY" > "$gateway"
for network in $networks; do
    ip route del $network 2>/dev/null
    ip route add $network dev $TUNDEV

networks="$(getvar "${config}" "Exclude networks")"
for network in $networks; do
    ip route del $network 2>/dev/null
    ip route add to $network via $DEF_GATEWAY

Quoting Dan Williams <dcbw redhat com>:

> On Fri, 2005-04-15 at 12:45 -0400, Derek Atkins wrote:
> > Cool!
> > 
> > What's the plan w.r.t. custom configurations of the vpnc connection
> manager? 
> > For exmaple, my vpnc-connect (and vpnc.conf) contain "Targeted Networks"
> > configurtion so only partial routes will get forwarded across the VPN
> instead
> > of all traffic.  Will your hooks still work with that change to the
> > "vpnc-connect" script?
> If you could post some of the ifconfig or iproute commands in your vpnc-
> connect file, that would be great.  I simply don't have any examples of
> that at this time, and having some would allow me to implement it.
> > I presume your changes also handle re-pointing of DNS servers?
> Yes.  In the initial implementation, all DNS traffic runs over the VPN-
> provided DNS servers, but quite soon I hope to be able to route just
> traffic for the VPN-provided domain (ie CISCO_DEF_DOMAIN) and everything
> else over the regular servers. NOTE: regular glibc/nscd _cannot_ do
> that, so if you want this feature, you'll need to use the caching-
> nameserver configuration.
> Dan

       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL:    PP-ASEL-IA     N1NWH
       warlord MIT EDU                        PGP key available

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]