@ -28,6 +28,7 @@ proto_vpnc_init_config() {
proto_config_add_int "dpd_idle"
proto_config_add_string "auth_mode"
proto_config_add_string "target_network"
proto_config_add_boolean "authfail"
no_device = 1
available = 1
}
@ -35,7 +36,7 @@ proto_vpnc_init_config() {
proto_vpnc_setup( ) {
local config = " $1 "
json_get_vars server username hexpasswd authgroup password token_mode token_secret interface passgroup hexpassgroup domain vendor natt_mode dh_group pfs enable_single_des enable_no_enc mtu local_addr local_port udp_port dpd_idle auth_mode target_network
json_get_vars server username hexpasswd authgroup password token_mode token_secret interface passgroup hexpassgroup domain vendor natt_mode dh_group pfs enable_single_des enable_no_enc mtu local_addr local_port udp_port dpd_idle auth_mode target_network authfail
grep -q tun /proc/modules || insmod tun
@ -90,6 +91,17 @@ proto_vpnc_teardown() {
pwfile = " /var/etc/vpnc- $config .conf "
json_get_var authfail authfail
# On error exit (vpnc only has success = 0 and error = 1, so
# we can't be fine-grained and say only auth error)
# and authfail setting true, then don't retry starting vpnc
# This is used for the case were the server blocks repeated
# failed authentication attempts (which will occur if the password
# is wrong, for example).
if [ ${ ERROR :- 0 } -gt 0 ] && [ " ${ authfail :- 0 } " -gt 0 ] ; then
proto_block_restart " $config "
fi
rm -f $pwfile
logger -t vpnc "bringing down vpnc"
proto_kill_command " $config " 2