with IPv6 support and bug fixes. It can be used in conjunction
2023-05-05 15:20:57 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 20230103. From the changelog:
- No need to specify FAMILY in IPv4 only functions
- Avoid "ip route flush cache" for IPv4
|
2022-10-20 21:13:41 by Amitai Schleier | Files touched by this commit (1) |
Log message:
Take MAINTAINER.
|
2022-10-18 03:17:53 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 20220917. From the changelog:
- Use 'ps -c -o command=' rather than 'cmd=' [chris vogan]
- Use full names of Windows 'netsh' sub-commands, not abbreviations
[Dimitri Papadopoulos]
- Don't try to condition 'validate=no' flag on Windows version
[Daniel Lenski]
- add networksetup for darwin to fix dns setup on newer versions of
MacOS [Tobias Breitwieser]
- Removed automatic adding of NS routes [Heiko Schabert]
- Add configuration for OBS workflow [Luca Boccassi]
- Add RPM packaging for OBS workflow [Luca Boccassi]
- Add Debian packaging for OBS workflow [Luca Boccassi]
- vpnc-script-sshd: use ip link peer name syntax [Luca Boccassi]
- vpnc-script: Detect systemd with resolvectl status [Jordan Justen]
- Cleanup error status in vpnc-script-win.js [Dimitri Papadopoulos]
- Update copyright/origin notices in scripts [Daniel Lenski]
- On newer versions of Windows, need `validate=no` when adding DNS
servers [Daniel Lenski]
- Better ordering, more logging, and disconnect handler fixes on Windows
[Daniel Lenski]
- Add logLevel and logTimestamps options to vpnc-script-win.js
[Daniel Lenski]
- On newer versions of Windows, need `validate=no` when adding DNS
servers [Daniel Lenski]
- Better ordering, more logging, and disconnect handler fixes on Windows
[Daniel Lenski]
- Add logLevel and logTimestamps options to vpnc-script-win.js
[Daniel Lenski]
- Remove unnecessary quotes around numeric interface identifier (TUNIDX)
in vpnc-script-win.js [Daniel Lenski]
- vpnc-script-win.js: replace incorrect exec() call with run()
[Tim De Baets]
- Always use INTERNAL_IP4_ADDRESS as "gateway" on Windows [Daniel Lenski]
- Support for OpenBSD's resolvd via route messages [Andrew Hewus Fresh]
- Another bugfix when determining the controlling PID [Daniel Lenski]
- Use `type -P` instead of `command -v` in tests/ bash scripts
[Ville Skyttä]
- Use `grep -E` instead of `egrep` [Ville Skyttä]
- Use `command -v` instead of `which` [Ville Skyttä]
- Ensure that vpnc-script-win.js works even if
INTERNAL_IP4_{NETADDR,NETMASK} are unset [Daniel Lenski]
- Add polyfill for String.prototype.trim in vpnc-script-win.js
[Daniel Lenski]
- Minor typo [Dimitri Papadopoulos]
- Fix spacing [Daniel Lenski]
- Use $VPNPID when provided by OpenConnect [Daniel Lenski]
- Also include controlling process identifier in resolv.conf backup path
[Daniel Lenski]
- Bugfix default route handling by using GRANDparent process ID to
uniquely identify connection [Daniel Lenski]
- Typos found by codespell [Dimitri Papadopoulos]
- Ensure that vpnc-script-win.js picks a legal "internal gateway"
address even for /32 netmask [Daniel Lenski]
- tests: fix error message about missing ocserv [Luca Boccassi]
- Typos caught by codespell [Dimitri Papadopoulos]
- Fix set_vpngateway_route [Daniel Lenski]
- Exclude routes may use a different address family from VPNGATEWAY
[Daniel Lenski]
- factor out list_non_loopback_routes and use for split-exclude routes
as well [Daniel Lenski]
- tests: 'route flush' doesn't work properly on Linux' [Daniel Lenski]
- Linux: fix IPv6 route flushing [Daniel Lenski]
- test timing: wait up to 10s for OpenConnect client to terminating
[Daniel Lenski]
- re-add tests for IPv6 support [Daniel Lenski]
- always exclude TUNDEV when finding/setting gateway route
[Daniel Lenski]
- preserve onlink flag in gateway/exclude routes [Daniel Lenski]
|
2021-10-26 13:07:15 by Nia Alarie | Files touched by this commit (958) |
Log message:
net: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
Not committed (merge conflicts...):
net/radsecproxy/distinfo
The following distfiles could not be fetched (fetched conditionally?):
./net/citrix_ica/distinfo citrix_ica-10.6.115659/en.linuxx86.tar.gz
./net/djbdns/distinfo dnscache-1.05-multiple-ip.patch
./net/djbdns/distinfo djbdns-1.05-test28.diff.xz
./net/djbdns/distinfo djbdns-1.05-ignoreip2.patch
./net/djbdns/distinfo djbdns-1.05-multiip.diff
./net/djbdns/distinfo djbdns-cachestats.patch
|
2021-10-07 16:43:07 by Nia Alarie | Files touched by this commit (962) |
Log message:
net: Remove SHA1 hashes for distfiles
|
2021-05-22 11:12:05 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 20210401. From the changelog:
- fix IPv6 split masklen
- vpnc-script-win: tidy up, more logging
- vpnc-script-win: make VPN addresses/gateways "non-persistent", and
delete them on disconnect
- vpnc-script-win: delete DNS and WINS servers before adding them
- vpnc-script-win: dump stdout and stderr when a command fails
- vpnc-script-win: use TUNIDX in all netsh commands, remove
waitForInterface()
- vpnc-script-win: add FIXMEs regard IPv6 split-excludes and gateways
- vpnc-script-win: add legacy IP split-exclude handling
- vpnc-script-win: cleanup spacing, clarify comments
- vpnc-script-win: simplify 'internal gateway' calculation
- GNU awk regex fix
- move destroy_tun_device into do_disconnect (called only here)
- remove bits for ancient Linux 2.6.x kernels
- mention IDLE_TIMEOUT
- cleanup whitespace and clarify comments
- tweak warning message about un-routable exclude routes
- Ignore unreachable exclude routes
- Document split tunnel EXC variables
- ignore bogus non-forwardable exclude routes on disconnect too
- *BSDs: get_default_gw needs to EXCLUDE routes through tunnel for
attempt-reconnect, but should NOT exclude them otherwise
- mark tunnel device 'down' before destroying
- Add DragonFly BSD support and improve FreeBSD support
- Use '[[:space:]]' instead of '\s' to support POSIX awk
- *BSDs: don't inadvertently pick up a bogus 0.0.0.0/32 route as a
default route
- Fix basename invocation on *BSD shells
- fix another ifconfig syntax difference between Linux and *BSDs
- use `ip netns` instead of ocserv `listen-netns` config option for
test configs
- match preexisting code style
- Use systemd-resolve to check if resolved is running
- FIXME add mock IPv6 configuration to get CI to work
- add a bit more logging to test scripts
- split iproute2 and *BSD-ish into separate CI runs
- CI: don't need to install ocserv and which
- numerous fixes for Linux IPv6 configuration using
ifconfig/route/netstat
- try running tests with *BSD-ish tools (ifconfig/route/netstat) for
additional coverage
- match code style
- Don't use /sbin/resolvconf if it just points to resolvectl.
- include calling process ID in DEFAULT_ROUTE_FILE{,_IPV6}
- with BSD 'route', save-and-restore IPv6 default routes
- simplify cases and add ifconfig_syntax_del variable
- Patch: make ipv6 in ipv4 and ipv6 in ipv6 tunnels work on (Net)BSD
- vpnc-scripts: added a sanity check of routes and resolv.conf
generation
- preserve metric in fix_ip_get_output
- with iproute2, sort the routes to the VPN gateway by metric before
trying to create an explicit route to the gateway via each of them
- make do_attempt_reconnect work with route/ifconfig
- add working do_attempt_reconnect
- don't try to set an explicit route to VPN gateway if localhost, and
ignore bogus non-forwardable exclude routes
- Ignore link-local routes in set_default_route
- leave support for older systemd-resolved (v229-v238) in place
- Windows IPv6: remove hard-coded next-hop of fe80::8
- Add split DNS support for systemd-resolved
- Use resolvectl for systemd-resolved
- fix tabs/spaces in POSIX vpnc-script as well
- cleanup whitespace in vpnc-script-win.js
- specify interface when adding routes
- fix Slackware issue (netconfig is an unrelated tool, not relevant for
resolv.conf handling)
- No need to add a separate sed invocation for `$NETMASKLEN` fixing
- iproute2 5.1+ doesn't allow prefixlen!=32 in get
|
2019-06-24 22:39:55 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 20190606. From the changelog:
Previously, an IPv6 split tunnel with a /128 request would result in a
default tunnel, rather than a specific route. Correctly set the default
route if we request a /0.
If `which ip` returns something on a non-Linux OS, it's an unrelated
tool that won't work for routing configuration; don't try to set IPROUTE
on another OS. This should fix the macOS issue discovered at:
<https://github.com/dlenski/openconnect/issues/132#issuecomment-470475009>
|
2019-05-14 20:26:42 by Amitai Schleier | Files touched by this commit (2) |
Log message:
Update to 20190424. From the changelog:
Some vpn clients pass multiple domains for DNS search scope, which
requires that we use search rather than domain. The generic path was
already using search, so just switch the resolvconf path to also use
search.
In a container, /etc/nsswitch.conf might not exist.
Silence the error grep: /etc/nsswitch.conf: No such file or directory
Inside a container, running 'ip route flush cache' can spam with
"ip: can't open '/proc/sys/net/ipv4/route/flush': Read-only file system"
Hide that the error output for that command.
|