Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Revert "openconnect: move certificate files to config/ to add graceful upgrade"

Browse source 
This reverts commit b53e5bfe87.
This commit is contained in:
Nikos Mavrogiannopoulos 2015-01-19 22:37:43 +01:00
parent 09c3b4df0b
commit cdcbacdda9
2 changed files with 6 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
net/openconnect/README
View file

@ -12,9 +12,9 @@ config interface 'MYVPN'
option authgroup 'DEFAULT'
The additional files are also used:
/etc/config/openconnect-user-cert-vpn-MYVPN.pem: The user certificate
/etc/config/openconnect-user-key-vpn-MYVPN.pem: The user private key
/etc/config/openconnect-ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
/etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
/etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
/etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)
After these are setup you can initiate the VPN using "ifup MYVPN", and
deinitialize it using ifdown. You may also use the luci web interface

13
net/openconnect/files/openconnect.sh
View file

@ -38,19 +38,12 @@ proto_openconnect_setup() {
cmdline="$server$port -i vpn-$config --non-inter --syslog --script /lib/netifd/vpnc-script"
# migrate to new config files
[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && mv "/etc/openconnect/user-cert-vpn-$config.pem" "/etc/config/openconnect-user-cert-vpn-$config.pem"
[ -f /etc/openconnect/user-key-vpn-$config.pem ] && mv "/etc/openconnect/user-key-vpn-$config.pem" "/etc/config/openconnect-user-key-vpn-$config.pem"
[ -f /etc/openconnect/ca-vpn-$config.pem ] && mv "/etc/openconnect/ca-vpn-$config.pem" "/etc/config/openconnect-ca-vpn-$config.pem"
# read new config files
[ -f /etc/config/openconnect-user-cert-vpn-$config.pem ] && append cmdline "-c /etc/config/openconnect-user-cert-vpn-$config.pem"
[ -f /etc/config/openconnect-user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/config/openconnect-user-key-vpn-$config.pem"
[ -f /etc/config/openconnect-ca-vpn-$config.pem ] && {
[ -f /etc/openconnect/user-cert-vpn-$config.pem ] && append cmdline "-c /etc/openconnect/user-cert-vpn-$config.pem"
[ -f /etc/openconnect/user-key-vpn-$config.pem ] && append cmdline "--sslkey /etc/openconnect/user-key-vpn-$config.pem"
[ -f /etc/openconnect/ca-vpn-$config.pem ] && {
append cmdline "--cafile /etc/openconnect/ca-vpn-$config.pem"
append cmdline "--no-system-trust"
}
[ -n "$serverhash" ] && {
append cmdline " --servercert=$serverhash"
append cmdline "--no-system-trust"