mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity
openwrt-packages/net/openconnect
History
Yousong Zhou dbc36c3092 openconnect: openconnect-wrapper: rewrite 
- use exec directly to eliminate a level in the process tree
 - use "$@" instead of "$*" to pass arguments to openconnect

According to openconnect(8), openconnect will call vpnc-script to
cleanup before quit when it received SIGINT(2) and will quit immediately
when it received SIGTERM (the default signal by kill command)

Before and after the change, openconnect process will be killed first
with SIGINT sent from netifd.  This was decided by the
'proto_kill_command "$config" 2' notify call in the proto script.

SIGKILL is the only other signal that can be sent from netifd when the
process did not quit on SIGINT on time.  There should be no need to trap
on signal 1 3 6 9 (HUP QUIT ABRT KILL)

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
 		2017-06-19 12:37:24 +08:00
..
files openconnect: openconnect-wrapper: rewrite 2017-06-19 12:37:24 +08:00
Config.in openconnect: add an option to support stoken 2014-12-07 21:18:52 -08:00
Makefile openconnect: openconnect-wrapper: rewrite 2017-06-19 12:37:24 +08:00
README openconnect: updated documentation 2015-06-20 12:36:55 +02:00

README 

The openconnect client expects to be configured using the uci interface.

To setup a VPN connection, add the following to /etc/config/network:

config interface 'MYVPN'
        option proto 'openconnect'
        option interface 'wan'
        option server 'vpn.example.com'
        option port '4443'
        option username 'test'
        option password 'secret'
        option serverhash 'AE7FF6A0426F0A0CD0A02EB9EC3C5066FAEB0B25'
	option defaultroute '0'
        option authgroup 'DEFAULT'

	# For second factor auth:

	# when a fixed 2FA password can be used
	#option password2 'my-fixed-2fa-password'

	# RSA tokens, must be built with stoken support
        #option token_mode 'rsa'
        #option token_secret 'secret'

	# HOTP/TOTP tokens
        #option token_mode 'hotp'
        #option token_secret '00'

The additional files are also used:
/etc/openconnect/user-cert-vpn-MYVPN.pem: The user certificate
/etc/openconnect/user-key-vpn-MYVPN.pem: The user private key
/etc/openconnect/ca-vpn-MYVPN.pem: The CA certificate (instead of serverhash)

After these are setup you can initiate the VPN using "ifup MYVPN", and
deinitialize it using ifdown. You may also use the luci web interface
(Network -> Interfaces -> MYVPN Connect).

Note that you need to configure the firewall to allow communication between
the MYVPN interface and lan.


There is a luci plugin to allow configuring an openconnect interface from
the web environment; see the luci-proto-openconnect package.