Update to latest openconnect version 8.04 with pulse support
This commit is contained in:
parent
0fdc0d1eff
commit
9dad4b64b8
@ -1,18 +1,24 @@
|
|||||||
FROM alpine:3.8
|
FROM alpine:edge
|
||||||
MAINTAINER Wolfgang Klinger <wolfgang@wazum.com>
|
MAINTAINER Wolfgang Klinger <wolfgang@wazum.com>
|
||||||
|
|
||||||
# openconnect is not yet available on main
|
# openconnect is not yet available on main
|
||||||
RUN apk add --no-cache tinyproxy openconnect --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing
|
RUN apk add --no-cache libcrypto1.1 libssl1.1 libstdc++ --repository http://dl-cdn.alpinelinux.org/alpine/edge/main
|
||||||
|
RUN apk add --no-cache oath-toolkit-libpskc --repository http://dl-cdn.alpinelinux.org/alpine/edge/community
|
||||||
|
RUN apk add --no-cache nettle --repository http://dl-cdn.alpinelinux.org/alpine/edge/main
|
||||||
|
RUN apk add --no-cache openconnect tinyproxy --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing
|
||||||
|
|
||||||
COPY tinyproxy.conf /etc/tinyproxy.conf
|
RUN apk --no-cache add ca-certificates wget && \
|
||||||
|
wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \
|
||||||
# https://github.com/gliderlabs/docker-alpine/issues/367
|
wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.30-r0/glibc-2.30-r0.apk && \
|
||||||
RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
|
apk add glibc-2.30-r0.apk
|
||||||
|
|
||||||
# Use an up-to-date version of vpnc-script
|
# Use an up-to-date version of vpnc-script
|
||||||
|
# https://www.infradead.org/openconnect/vpnc-script.html
|
||||||
COPY vpnc-script /etc/vpnc/vpnc-script
|
COPY vpnc-script /etc/vpnc/vpnc-script
|
||||||
RUN chmod 755 /etc/vpnc/vpnc-script
|
RUN chmod 755 /etc/vpnc/vpnc-script
|
||||||
|
|
||||||
|
COPY tinyproxy.conf /etc/tinyproxy.conf
|
||||||
|
|
||||||
COPY entrypoint.sh /entrypoint.sh
|
COPY entrypoint.sh /entrypoint.sh
|
||||||
RUN chmod +x /entrypoint.sh
|
RUN chmod +x /entrypoint.sh
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
################
|
################
|
||||||
#
|
#
|
||||||
# List of parameters passed through environment
|
# List of parameters passed through environment
|
||||||
#* reason -- why this script was called, one of: pre-init connect disconnect reconnect
|
#* reason -- why this script was called, one of: pre-init connect disconnect reconnect attempt-reconnect
|
||||||
#* VPNGATEWAY -- vpn gateway address (always present)
|
#* VPNGATEWAY -- vpn gateway address (always present)
|
||||||
#* TUNDEV -- tunnel device (always present)
|
#* TUNDEV -- tunnel device (always present)
|
||||||
#* INTERNAL_IP4_ADDRESS -- address (always present)
|
#* INTERNAL_IP4_ADDRESS -- address (always present)
|
||||||
@ -88,9 +88,6 @@ if [ ! -d "/var/run/vpnc" ]; then
|
|||||||
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc
|
[ -x /sbin/restorecon ] && /sbin/restorecon /var/run/vpnc
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# stupid SunOS: no blubber in /usr/local/bin ... (on stdout)
|
|
||||||
IPROUTE="`which ip 2> /dev/null | grep '^/'`"
|
|
||||||
|
|
||||||
if ifconfig --help 2>&1 | grep BusyBox > /dev/null; then
|
if ifconfig --help 2>&1 | grep BusyBox > /dev/null; then
|
||||||
ifconfig_syntax_inet=""
|
ifconfig_syntax_inet=""
|
||||||
else
|
else
|
||||||
@ -98,11 +95,15 @@ else
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$OS" = "Linux" ]; then
|
if [ "$OS" = "Linux" ]; then
|
||||||
|
IPROUTE="`which ip 2> /dev/null | grep '^/'`"
|
||||||
ifconfig_syntax_ptp="pointopoint"
|
ifconfig_syntax_ptp="pointopoint"
|
||||||
route_syntax_gw="gw"
|
route_syntax_gw="gw"
|
||||||
route_syntax_del="del"
|
route_syntax_del="del"
|
||||||
route_syntax_netmask="netmask"
|
route_syntax_netmask="netmask"
|
||||||
else
|
else
|
||||||
|
# iproute2 is Linux only; if `which ip` returns something on another OS, it's likely an unrelated tool
|
||||||
|
# (see https://github.com/dlenski/openconnect/issues/132#issuecomment-470475009)
|
||||||
|
IPROUTE=""
|
||||||
ifconfig_syntax_ptp=""
|
ifconfig_syntax_ptp=""
|
||||||
route_syntax_gw=""
|
route_syntax_gw=""
|
||||||
route_syntax_del="delete"
|
route_syntax_del="delete"
|
||||||
@ -116,7 +117,7 @@ else
|
|||||||
ifconfig_syntax_ptpv6=""
|
ifconfig_syntax_ptpv6=""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
grep ^hosts /etc/nsswitch.conf|grep resolve >/dev/null 2>&1
|
grep ^hosts /etc/nsswitch.conf 2>/dev/null|grep resolve >/dev/null 2>&1
|
||||||
if [ $? = 0 ];then
|
if [ $? = 0 ];then
|
||||||
RESOLVEDENABLED=1
|
RESOLVEDENABLED=1
|
||||||
else
|
else
|
||||||
@ -230,18 +231,18 @@ if [ -n "$IPROUTE" ]; then
|
|||||||
|
|
||||||
set_vpngateway_route() {
|
set_vpngateway_route() {
|
||||||
$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
|
$IPROUTE route add `$IPROUTE route get "$VPNGATEWAY" | fix_ip_get_output`
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
del_vpngateway_route() {
|
del_vpngateway_route() {
|
||||||
$IPROUTE route $route_syntax_del "$VPNGATEWAY"
|
$IPROUTE route $route_syntax_del "$VPNGATEWAY"
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
set_default_route() {
|
set_default_route() {
|
||||||
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
|
$IPROUTE route | grep '^default' | fix_ip_get_output > "$DEFAULT_ROUTE_FILE"
|
||||||
$IPROUTE route replace default dev "$TUNDEV"
|
$IPROUTE route replace default dev "$TUNDEV"
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
set_network_route() {
|
set_network_route() {
|
||||||
@ -255,7 +256,7 @@ if [ -n "$IPROUTE" ]; then
|
|||||||
else
|
else
|
||||||
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
$IPROUTE route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||||
fi
|
fi
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
set_exclude_route() {
|
set_exclude_route() {
|
||||||
@ -265,7 +266,7 @@ if [ -n "$IPROUTE" ]; then
|
|||||||
NETMASK="$2"
|
NETMASK="$2"
|
||||||
NETMASKLEN="$3"
|
NETMASKLEN="$3"
|
||||||
$IPROUTE route add `$IPROUTE route get "$NETWORK/$NETMASKLEN" | fix_ip_get_output`
|
$IPROUTE route add `$IPROUTE route get "$NETWORK/$NETMASKLEN" | fix_ip_get_output`
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
del_exclude_route() {
|
del_exclude_route() {
|
||||||
@ -275,13 +276,13 @@ if [ -n "$IPROUTE" ]; then
|
|||||||
NETMASK="$2"
|
NETMASK="$2"
|
||||||
NETMASKLEN="$3"
|
NETMASKLEN="$3"
|
||||||
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN"
|
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN"
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
reset_default_route() {
|
reset_default_route() {
|
||||||
if [ -s "$DEFAULT_ROUTE_FILE" ]; then
|
if [ -s "$DEFAULT_ROUTE_FILE" ]; then
|
||||||
$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
|
$IPROUTE route replace `cat "$DEFAULT_ROUTE_FILE"`
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
rm -f -- "$DEFAULT_ROUTE_FILE"
|
rm -f -- "$DEFAULT_ROUTE_FILE"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -292,13 +293,13 @@ if [ -n "$IPROUTE" ]; then
|
|||||||
NETMASKLEN="$3"
|
NETMASKLEN="$3"
|
||||||
NETDEV="$4"
|
NETDEV="$4"
|
||||||
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
$IPROUTE route $route_syntax_del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
set_ipv6_default_route() {
|
set_ipv6_default_route() {
|
||||||
# We don't save/restore IPv6 default route; just add a higher-priority one.
|
# We don't save/restore IPv6 default route; just add a higher-priority one.
|
||||||
$IPROUTE -6 route add default dev "$TUNDEV" metric 1
|
$IPROUTE -6 route add default dev "$TUNDEV" metric 1
|
||||||
$IPROUTE -6 route flush cache
|
$IPROUTE -6 route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
set_ipv6_network_route() {
|
set_ipv6_network_route() {
|
||||||
@ -311,7 +312,7 @@ if [ -n "$IPROUTE" ]; then
|
|||||||
else
|
else
|
||||||
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
$IPROUTE -6 route replace "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||||
fi
|
fi
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
set_ipv6_exclude_route() {
|
set_ipv6_exclude_route() {
|
||||||
@ -320,12 +321,12 @@ if [ -n "$IPROUTE" ]; then
|
|||||||
NETWORK="$1"
|
NETWORK="$1"
|
||||||
NETMASKLEN="$2"
|
NETMASKLEN="$2"
|
||||||
$IPROUTE -6 route add `$IPROUTE route get "$NETWORK/$NETMASKLEN" | fix_ip_get_output`
|
$IPROUTE -6 route add `$IPROUTE route get "$NETWORK/$NETMASKLEN" | fix_ip_get_output`
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
reset_ipv6_default_route() {
|
reset_ipv6_default_route() {
|
||||||
$IPROUTE -6 route del default dev "$TUNDEV"
|
$IPROUTE -6 route del default dev "$TUNDEV"
|
||||||
$IPROUTE route flush cache
|
$IPROUTE route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
del_ipv6_network_route() {
|
del_ipv6_network_route() {
|
||||||
@ -333,7 +334,7 @@ if [ -n "$IPROUTE" ]; then
|
|||||||
NETMASKLEN="$2"
|
NETMASKLEN="$2"
|
||||||
NETDEV="$3"
|
NETDEV="$3"
|
||||||
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN" dev "$NETDEV"
|
||||||
$IPROUTE -6 route flush cache
|
$IPROUTE -6 route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
|
|
||||||
del_ipv6_exclude_route() {
|
del_ipv6_exclude_route() {
|
||||||
@ -342,7 +343,7 @@ if [ -n "$IPROUTE" ]; then
|
|||||||
NETWORK="$1"
|
NETWORK="$1"
|
||||||
NETMASKLEN="$2"
|
NETMASKLEN="$2"
|
||||||
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN"
|
$IPROUTE -6 route del "$NETWORK/$NETMASKLEN"
|
||||||
$IPROUTE -6 route flush cache
|
$IPROUTE -6 route flush cache 2>/dev/null
|
||||||
}
|
}
|
||||||
else # use route command
|
else # use route command
|
||||||
get_default_gw() {
|
get_default_gw() {
|
||||||
@ -682,7 +683,7 @@ nameserver $i"
|
|||||||
done
|
done
|
||||||
if [ -n "$CISCO_DEF_DOMAIN" ]; then
|
if [ -n "$CISCO_DEF_DOMAIN" ]; then
|
||||||
NEW_RESOLVCONF="$NEW_RESOLVCONF
|
NEW_RESOLVCONF="$NEW_RESOLVCONF
|
||||||
domain $CISCO_DEF_DOMAIN"
|
search $CISCO_DEF_DOMAIN"
|
||||||
fi
|
fi
|
||||||
echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
|
echo "$NEW_RESOLVCONF" | /sbin/resolvconf -a $TUNDEV
|
||||||
}
|
}
|
||||||
@ -881,10 +882,10 @@ do_connect() {
|
|||||||
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
|
while [ $i -lt $CISCO_IPV6_SPLIT_INC ] ; do
|
||||||
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
|
eval NETWORK="\${CISCO_IPV6_SPLIT_INC_${i}_ADDR}"
|
||||||
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
|
eval NETMASKLEN="\${CISCO_IPV6_SPLIT_INC_${i}_MASKLEN}"
|
||||||
if [ $NETMASKLEN -lt 128 ]; then
|
if [ $NETMASKLEN -eq 0 ]; then
|
||||||
set_ipv6_network_route "$NETWORK" "$NETMASKLEN" "$TUNDEV"
|
|
||||||
else
|
|
||||||
set_ipv6_default_route
|
set_ipv6_default_route
|
||||||
|
else
|
||||||
|
set_ipv6_network_route "$NETWORK" "$NETMASKLEN" "$TUNDEV"
|
||||||
fi
|
fi
|
||||||
i=`expr $i + 1`
|
i=`expr $i + 1`
|
||||||
done
|
done
|
||||||
@ -1018,7 +1019,15 @@ case "$reason" in
|
|||||||
do_disconnect
|
do_disconnect
|
||||||
run_hooks post-disconnect
|
run_hooks post-disconnect
|
||||||
;;
|
;;
|
||||||
|
attempt-reconnect)
|
||||||
|
# Invoked before each attempt to re-establish the session.
|
||||||
|
# If the underlying physical connection changed, we might
|
||||||
|
# be left with a route to the VPN server through the VPN
|
||||||
|
# itself, which would need to be fixed.
|
||||||
|
run_hooks attempt-reconnect
|
||||||
|
;;
|
||||||
reconnect)
|
reconnect)
|
||||||
|
# After successfully re-establishing the session.
|
||||||
run_hooks reconnect
|
run_hooks reconnect
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
2
connect
2
connect
@ -4,7 +4,7 @@
|
|||||||
|
|
||||||
OPENCONNECT_USER=
|
OPENCONNECT_USER=
|
||||||
OPENCONNECT_URL=
|
OPENCONNECT_URL=
|
||||||
OPENCONNECT_OPTIONS="--authgroup <VPN Group> --servercert <VPN Server Certificate>"
|
OPENCONNECT_OPTIONS="--authgroup <VPN Group> --servercert <VPN Server Certificate> --protocol=pulse"
|
||||||
PROXY_PORT=8888
|
PROXY_PORT=8888
|
||||||
|
|
||||||
# Don't touch this
|
# Don't touch this
|
||||||
|
Loading…
Reference in New Issue
Block a user