LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Revert "openconnect: move certificate files to config/ to add graceful upgrade" 

This reverts commit b53e5bfe87.
lilik-openwrt-22.03
Nikos Mavrogiannopoulos 10 years ago
parent
cd73693255
commit
ab50e4802f
2 changed files with 6 additions and 13 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -3
      net/openconnect/README
  2. +3
    -10
      net/openconnect/files/openconnect.sh

+ 3
- 3
net/openconnect/README View File

@ -14,9 +14,9 @@ config interface 'MYVPN'
option authgroup 'DEFAULT'
The additional files are also used:
/etc/config/openconnect-user-cert-vpn-MYVPN.pem: The user certificate
/etc/config/openconnect-user-key-vpn-MYVPN.pem: The user private key
/etc/config/openconnect-ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
/etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
/etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
/etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
After these are setup you can initiate the VPN using "ifup MYVPN", and
deinitialize it using ifdown. You may also use the luci web interface


+ 3
- 10
net/openconnect/files/openconnect.sh View File

@ -38,19 +38,12 @@ proto_openconnect_setup() {
cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
# migrate to new config files
[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && mv "/etc/openconnect/user-cert-vpn-$config.pem" "/etc/config/openconnect-user-cert-vpn-$config.pem"
[ -f /etc/openconnect/user-key-vpn-$config.pem ] && mv "/etc/openconnect/user-key-vpn-$config.pem" "/etc/config/openconnect-user-key-vpn-$config.pem"
[ -f /etc/openconnect/ca-vpn-$config.pem ] && mv "/etc/openconnect/ca-vpn-$config.pem" "/etc/config/openconnect-ca-vpn-$config.pem"
# read new config files
[ -f /etc/config/openconnect-user-cert-vpn-$config.pem ] && append cmdline "-c /etc/config/openconnect-user-cert-vpn-$config.pem"
[ -f /etc/config/openconnect-user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/config/openconnect-user-key-vpn-$config.pem"
[ -f /etc/config/openconnect-ca-vpn-$config.pem ] && {
[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
[ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
[ -f /etc/openconnect/ca-vpn-$config.pem ] && {
append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
append cmdline "--no-system-trust"
}
[ -n "$serverhash" ] && {
append cmdline " --servercert=$serverhash"
append cmdline "--no-system-trust"


Write Preview
Loading…
Cancel
Save