[vpnc-devel] Feature requests: Kvpnc compability, cisco hash integration.
Maurice Massar
massar at unix-ag.uni-kl.de
Wed Aug 23 17:47:56 CEST 2006
hi,
On Wed, Aug 23, 2006 at 11:51:39AM +0200, Christoph Thielecke wrote:
[...]
> > second, I would recommend kvpnc not to use the interactive config
> > dialog, but to pass "-" as configfile and make sure to add
> > "Noninteractive".
> Now I have use that way but it's insecure because I have to store the
> passwords into the config file :(
> I think its not too hard to implement this patch in vpnc in all places.
huh? Do not use the interactiv configuration non-interactivly.
You can feed in a config-file via stdin. No need to guess what
vpnc is asking in which order.
(guessing what you're perceiving as problem): vpnc can read multiple
config-files.
> @@ -428,7 +435,14 @@
>
> for (i = 1; i < argc; i++) {
> if (argv[i][0] != '-') {
> + if(argv[i][0] == '/' ) { /* absolute path */
> read_config_file(argv[i], config, 0);
> + } else { /* relative path: assume /etc/vpnc/%s.conf */
> + char buff[256];
> + snprintf(buff,255,"/etc/vpnc/%s.conf",argv[i]);
> + buff[255]='\0';
> + read_config_file((char *)&buff[0], config, 0);
> + }
> continue;
> }
this part is obsolete (and wrong intended too)
> diff -ruN vpnc-0.3.2/Makefile vpnc-0.3.2.mine/Makefile
> --- vpnc-0.3.2/Makefile 2004-11-13 00:23:36.000000000 +0100
> +++ vpnc-0.3.2.mine/Makefile 2004-11-24 13:41:38.167478480 +0100
> @@ -17,7 +17,7 @@
> # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>
> DESTDIR=
> -PREFIX=/usr/local
> +PREFIX=/usr
> SBINDIR=$(PREFIX)/sbin
> MANDIR=$(PREFIX)/share/man
>
I think I've already complained about this (-:
> diff -ruN vpnc-0.3.2/vpnc-connect vpnc-0.3.2.mine/vpnc-connect
> --- vpnc-0.3.2/vpnc-connect 2004-05-23 02:43:00.000000000 +0200
> +++ vpnc-0.3.2.mine/vpnc-connect 2004-11-24 13:41:38.170478024 +0100
> @@ -12,6 +12,7 @@
> sed 's/cache//;s/metric[0-9]\+ [0-9]\+//g' | xargs echo
> }
>
> +resolv=/var/run/vpnc/resolv.conf
> defr=/var/run/vpnc/defaultroute
> gateway=/var/run/vpnc/gateway
> pid=/var/run/vpnc/pid
> @@ -47,6 +48,10 @@
> fi
>
> # started from vpnc..
> +mv /etc/resolv.conf $resolv
> +for i in $INTERNAL_IP4_DNS; do
> + echo nameserver $i >> /etc/resolv.conf
> +done
>
> ifconfig $TUNDEV inet $INTERNAL_IP4_ADDRESS \
> pointopoint $INTERNAL_IP4_ADDRESS \
the current vpnc-script handles this in a better way.
there is no vpnc-connect anymore
> diff -ruN vpnc-0.3.2/vpnc-disconnect vpnc-0.3.2.mine/vpnc-disconnect
> --- vpnc-0.3.2/vpnc-disconnect 2004-05-23 02:43:00.000000000 +0200
> +++ vpnc-0.3.2.mine/vpnc-disconnect 2004-11-24 13:41:38.172477720 +0100
> @@ -1,5 +1,6 @@
> #!/bin/sh
>
> +resolv=/var/run/vpnc/resolv.conf
> defr=/var/run/vpnc/defaultroute
> gateway=/var/run/vpnc/gateway
> pid=/var/run/vpnc/pid
> @@ -34,6 +35,7 @@
> ip route flush cache
> fi
>
> +mv $resolv /etc/resolv.conf
> rm -f -- "$defr" "$pid" "$gateway"
>
> exit 0
see above..
cu
maurice
More information about the vpnc-devel
mailing list