Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

openconnect: move certificate files to config/ to add graceful upgrade

Browse source 
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
This commit is contained in:
Nikos Mavrogiannopoulos 2015-01-10 11:12:33 +01:00
parent 9e75cfeeef
commit b53e5bfe87
2 changed files with 13 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
net/openconnect/README
View file

@ -14,9 +14,9 @@ config interface 'MYVPN'
option authgroup 'DEFAULT'
The additional files are also used:
/etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
/etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
/etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
/etc/config/openconnect-user-cert-vpn-MYVPN.pem: The user certificate
/etc/config/openconnect-user-key-vpn-MYVPN.pem: The user private key
/etc/config/openconnect-ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
After these are setup you can initiate the VPN using "ifup MYVPN", and
deinitialize it using ifdown. You may also use the luci web interface

13
net/openconnect/files/openconnect.sh
View file

@ -38,12 +38,19 @@ proto_openconnect_setup() {
cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
[ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
[ -f /etc/openconnect/ca-vpn-$config.pem ] && {
# migrate to new config files
[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && mv "/etc/openconnect/user-cert-vpn-$config.pem" "/etc/config/openconnect-user-cert-vpn-$config.pem"
[ -f /etc/openconnect/user-key-vpn-$config.pem ] && mv "/etc/openconnect/user-key-vpn-$config.pem" "/etc/config/openconnect-user-key-vpn-$config.pem"
[ -f /etc/openconnect/ca-vpn-$config.pem ] && mv "/etc/openconnect/ca-vpn-$config.pem" "/etc/config/openconnect-ca-vpn-$config.pem"
# read new config files
[ -f /etc/config/openconnect-user-cert-vpn-$config.pem ] && append cmdline "-c /etc/config/openconnect-user-cert-vpn-$config.pem"
[ -f /etc/config/openconnect-user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/config/openconnect-user-key-vpn-$config.pem"
[ -f /etc/config/openconnect-ca-vpn-$config.pem ] && {
append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
append cmdline "--no-system-trust"
}
[ -n "$serverhash" ] && {
append cmdline " --servercert=$serverhash"
append cmdline "--no-system-trust"