SUMMARY: Complilng VPNC

From: JESSE CARROLL <jesse-carroll_at_usa.net>
Date: Thu May 08 2008 - 08:32:51 EDT
Sorry about the delay, but it took a while.

The real issue is not compiling vnpc. I got throught that. The real issue is
the vpnc-script. The one that comes with vpnc 0.5.1 simply won't work with
X86. It doesn't handle resolv.conf properly and doesn't setup the routing
correctly. After some hacking and slashing I finally got a script that works
(at least for me, your milage may vary). There are things in the script that
possibly could be improved and things that could be deleted.

#!/usr/bin/bash
#* reason                       -- why this script was called, one of:
pre-init connect disconnect
#* VPNGATEWAY                   -- vpn gateway address (always present)
#* TUNDEV                       -- tunnel device (always present)
#* INTERNAL_IP4_ADDRESS         -- address (always present)
#* INTERNAL_IP4_NETMASK         -- netmask (often unset)
#* INTERNAL_IP4_DNS             -- list of dns serverss
#* INTERNAL_IP4_NBNS            -- list of wins servers
#* CISCO_DEF_DOMAIN             -- default domain name
#* CISCO_BANNER                 -- banner from server
#* CISCO_SPLIT_INC              -- number of networks in split-network-list
#* CISCO_SPLIT_INC_%d_ADDR      -- network address
#* CISCO_SPLIT_INC_%d_MASK      -- subnet mask (for example: 255.255.255.0)
#* CISCO_SPLIT_INC_%d_MASKLEN   -- subnet masklen (for example: 24)
#* CISCO_SPLIT_INC_%d_PROTOCOL  -- protocol (often just 0)
#* CISCO_SPLIT_INC_%d_SPORT     -- source port (often just 0)
#* CISCO_SPLIT_INC_%d_DPORT     -- destination port (often just 0)

#set -x

# =========== script (variable) setup ====================================

PATH=/sbin:/usr/sbin:$PATH

OS="`uname -s`"

DEFAULT_ROUTE_FILE=/var/run/vpnc/defaultroute
RESOLV_CONF_BACKUP=/var/run/vpnc/resolv.conf-backup
FULL_SCRIPTNAME=/usr/local/sbin/vpnc
SCRIPTNAME=`basename $FULL_SCRIPTNAME`

if ! [ -d "/var/run/vpnc" ]; then
  mkdir -p /var/run/vpnc
fi


MODIFYRESOLVCONF=modify_resolvconf_generic
RESTORERESOLVCONF=restore_resolvconf_generic

# =========== tunnel interface handling ====================================

do_ifconfig() {
  ifconfig "$TUNDEV" inet "$INTERNAL_IP4_ADDRESS" "$INTERNAL_IP4_ADDRESS"
netmask 255.255.255.255 mtu 1412 up
}

# =========== route handling ====================================

# use route command
get_default_gw() {
# isn't -n supposed to give --numeric output? apperently not...
# Get rid of lines containing IPv6 addresses (':')
  netstat -r -n | sed 's/default/0.0.0.0/' | sed 's/^.*:.*$//' | grep
'^0.0.0.0' | awk '{print $2}'
}

set_vpngateway_route() {
  route add "$VPNGATEWAY" "$DEFAULTGW"
}

del_vpngateway_route() {
  DEFAULTGW=`cat $DEFAULT_ROUTE_FILE`
  route delete -host "$VPNGATEWAY" "$DEFAULTGW"
}

set_default_route() {
  DEFAULTGW="`get_default_gw`"
  echo "$DEFAULTGW" > "$DEFAULT_ROUTE_FILE"
  route delete default $DEFAULTGW
  route add default "$INTERNAL_IP4_ADDRESS" -interface }

reset_default_route() {
  if [ -s "$DEFAULT_ROUTE_FILE" ]; then
    route $route_syntax_del default $INTERNAL_IP4_ADDRESS
    route add default `cat "$DEFAULT_ROUTE_FILE"`
    rm -f -- "$DEFAULT_ROUTE_FILE"
  fi
}


# =========== resolv.conf handling for any OS =========================

modify_resolvconf_generic() {
  grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 || cp --
/etc/resolv.conf "$RESOLV_CONF_BACKUP"
  NEW_RESOLVCONF="#@VPNC_GENERATED@ -- this file is generated by vpnc # and
will be overwritten by vpnc # as long as the above mark is intact"

  # Remember the original value of CISCO_DEF_DOMAIN we need it later
  CISCO_DEF_DOMAIN_ORIG="$CISCO_DEF_DOMAIN"
  # Don't step on INTERNAL_IP4_DNS value, use a temporary variable
  INTERNAL_IP4_DNS_TEMP="$INTERNAL_IP4_DNS"
  exec 6< "$RESOLV_CONF_BACKUP"
  while read LINE <&6 ; do
    case "$LINE" in
      nameserver*)
        if [ -n "$INTERNAL_IP4_DNS_TEMP" ]; then
          read ONE_NAMESERVER INTERNAL_IP4_DNS_TEMP <<-EOF
  $INTERNAL_IP4_DNS_TEMP
EOF
          LINE="nameserver $ONE_NAMESERVER"
        else
          LINE=""
        fi
        ;;
      search*)
        if [ -n "$CISCO_DEF_DOMAIN" ]; then
          LINE="$LINE $CISCO_DEF_DOMAIN"
          CISCO_DEF_DOMAIN=""
        fi
        ;;
      domain*)
        if [ -n "$CISCO_DEF_DOMAIN" ]; then
          LINE="domain $CISCO_DEF_DOMAIN"
          CISCO_DEF_DOMAIN=""
        fi
        ;;

    esac
    NEW_RESOLVCONF="$NEW_RESOLVCONF
$LINE"
  done
  exec 6<&-

  for i in $INTERNAL_IP4_DNS_TEMP ; do
    NEW_RESOLVCONF="$NEW_RESOLVCONF
nameserver $i"
  done
  if [ -n "$CISCO_DEF_DOMAIN" ]; then
    NEW_RESOLVCONF="$NEW_RESOLVCONF
search $CISCO_DEF_DOMAIN"
  fi
  echo "$NEW_RESOLVCONF" > /etc/resolv.conf

}

restore_resolvconf_generic() {
  if [ ! -e "$RESOLV_CONF_BACKUP" ]; then
    return
  fi
  grep '^#@VPNC_GENERATED@' /etc/resolv.conf > /dev/null 2>&1 && cat
"$RESOLV_CONF_BACKUP" > /etc/resolv.conf
  rm -f -- "$RESOLV_CONF_BACKUP"
}

# ========= Toplevel state handling  =======================================

kernel_is_2_6_or_above() {
  case `uname -r` in
    1.*|2.[012345]*)
      return 1
      ;;
    *)
      return 0
      ;;
  esac
}

do_pre_init() {
  if [ "$OS" = "Linux" ]; then
    if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
      :
    else # can't open /dev/net/tun
      test -e /proc/sys/kernel/modprobe && `cat /proc/sys/kernel/modprobe`
tun
2>/dev/null
      # fix for broken devfs in kernel 2.6.x
      if [ "`readlink /dev/net/tun`" = misc/net/tun \
        -a ! -e /dev/net/misc/net/tun -a -e /dev/misc/net/tun ] ; then
        ln -sf /dev/misc/net/tun /dev/net/tun
      fi
      # make sure tun device exists
      if [ ! -e /dev/net/tun ]; then
        mkdir -p /dev/net
        mknod -m 0640 /dev/net/tun c 10 200
      fi
      # workaround for a possible latency caused by udev, sleep max. 10s
      if kernel_is_2_6_or_above ; then
        for x in `seq 100` ; do
          (exec 6<> /dev/net/tun) > /dev/null 2>&1 && break;
          sleep 0.1
        done
      fi
    fi
  elif [ "$OS" = "FreeBSD" ]; then
    if [ ! -e /dev/tun ]; then
      kldload if_tun
    fi
  elif [ "$OS" = "GNU/kFreeBSD" ]; then
    if [ ! -e /dev/tun ]; then
      kldload if_tun
    fi
  elif [ "$OS" = "NetBSD" ]; then
    :
  elif [ "$OS" = "OpenBSD" ]; then
    :
  elif [ "$OS" = "SunOS" ]; then
    :
  elif [ "$OS" = "Darwin" ]; then
    :
  fi
}

do_connect() {
  if [ -n "$CISCO_BANNER" ]; then
    echo "Connect Banner:"
    echo "$CISCO_BANNER" | while read LINE ; do echo "|" "$LINE" ; done
    echo
  fi

  do_ifconfig
  set_default_route
  set_vpngateway_route

  if [ -n "$INTERNAL_IP4_DNS" ]; then
    $MODIFYRESOLVCONF
  fi
}

do_disconnect() {
  del_vpngateway_route
  reset_default_route

  if [ -n "$INTERNAL_IP4_DNS" ]; then
    $RESTORERESOLVCONF
  fi
}

#### Main

if [ -z "$reason" ]; then
  echo "this script must be called from vpnc" 1>&2
  exit 1
fi

case "$reason" in
  pre-init)
    do_pre_init
    ;;
  connect)
    do_connect
    ;;
  disconnect)
    do_disconnect
    ;;
  *)
    echo "unknown reason '$reason'. Maybe vpnc-script is out of date" 1>&2
    exit 1
    ;;
esac

exit 0





------ Original Question ------


I'm trying to connect an Solaris 10 x86 system to a Cisco VPN. Most of what I
found suggests using VPNC. However I cannot get it to compile. I've installed
the Blastware stuff (gcc 3.4.3, binutils,  libgcrypt, libgcrypt, intltool,
libiconv, gmake) but I get errors such as:

gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings
-DVERSION=\"0.5.1\"   -c -o sysdep.o sysdep.c
gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings
-DVERSION=\"0.5.1\"   -c -o vpnc-debug.o vpnc-debug.c
gcc -O3 -g -W -Wall -Wmissing-declarations -Wwrite-strings
-DVERSION=\"0.5.1\"   -c -o isakmp-pkt.o isakmp-pkt.c
In file included from isakmp-pkt.c:31:
math_group.h:62: error: syntax error before "gcry_mpi_t"
math_group.h:62: warning: no semicolon at end of struct or union
math_group.h:63: warning: type defaults to `int' in declaration of `p'
math_group.h:63: warning: data definition has no type or storage class
math_group.h:64: error: syntax error before "a"
math_group.h:64: warning: type defaults to `int' in declaration of `a'
math_group.h:64: warning: type defaults to `int' in declaration of `b'
math_group.h:64: warning: type defaults to `int' in declaration of `c'
math_group.h:64: warning: type defaults to `int' in declaration of `d'
math_group.h:64: warning: data definition has no type or storage class
math_group.h:65: error: syntax error before '}' token
In file included from vpnc.h:24,
                 from isakmp-pkt.c:32:
tunip.h:43: error: syntax error before "gcry_cipher_hd_t"
tunip.h:43: warning: no semicolon at end of struct or union
tunip.h:50: error: syntax error before '}' token
tunip.h:111: error: field `rx' has incomplete type
tunip.h:111: error: field `tx' has incomplete type
gmake: *** [isakmp-pkt.o] Error 1

Has someone gotten this beast to compile or should I just go with openvpn?
The
reason I'm trying VPNC is that there are utilities to convert Cisco PCF files
and searches indicate that once it is compiled it works really well with
Cisco. (Unfortunately Cisco does not have a Solaris x86 VPN client.)


JC

PS: J and C are my initials, look at the email address.
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu May 8 08:33:46 2008

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:11 EST