Ship a default ocserv-script, which will put connecting clients into the internal firewall zone.
This commit is contained in:
Nikos Mavrogiannopoulos
parent
7152f9c08c
commit
fcf19fcfac
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ "$REASON" = "connect" ];then
|
||||
# add the user's interface into the internal zone
|
||||
firewall-cmd --zone=internal --add-interface=$DEVICE
|
||||
else
|
||||
firewall-cmd --zone=internal --remove-interface=$DEVICE
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
|
@ -151,8 +151,8 @@ rekey-method = ssl
|
|||
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
|
||||
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client),
|
||||
# ID (a unique numeric ID); REASON may be "connect" or "disconnect".
|
||||
#connect-script = /usr/bin/myscript
|
||||
#disconnect-script = /usr/bin/myscript
|
||||
#connect-script = /usr/bin/ocserv-script
|
||||
#disconnect-script = /usr/bin/ocserv-script
|
||||
|
||||
# UTMP
|
||||
use-utmp = true
|
||||
|
|
@ -285,8 +285,7 @@ route = 192.168.1.0/255.255.255.0
|
|||
#default-select-group = DEFAULT
|
||||
|
||||
# Instead of specifying manually all the allowed groups, you may instruct
|
||||
# ocserv to scan all available groups and include the full list. That
|
||||
# option is only functional on plain authentication.
|
||||
# ocserv to scan all available groups and include the full list.
|
||||
#auto-select-group = true
|
||||
|
||||
# The system command to use to setup a route. %R will be replaced with the
|
||||
|
|
|
|||
10
ocserv.spec
10
ocserv.spec
|
|
@ -1,6 +1,6 @@
|
|||
Name: ocserv
|
||||
Version: 0.8.4
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: OpenConnect SSL VPN server
|
||||
|
||||
# For a breakdown of the licensing, see PACKAGE-LICENSING
|
||||
|
|
@ -14,6 +14,7 @@ Source3: ocserv-pamd.conf
|
|||
Source4: PACKAGE-LICENSING
|
||||
Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig
|
||||
Source7: ocserv-genkey
|
||||
Source8: ocserv-script
|
||||
|
||||
# Taken from upstream:
|
||||
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
|
||||
|
|
@ -111,6 +112,8 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/
|
|||
install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/
|
||||
mkdir -p %{buildroot}/%{_sbindir}
|
||||
install -p -m 755 %{SOURCE7} %{buildroot}/%{_sbindir}
|
||||
mkdir -p %{buildroot}/%{_bindir}
|
||||
install -p -m 755 %{SOURCE8} %{buildroot}/%{_bindir}
|
||||
%make_install
|
||||
|
||||
%clean
|
||||
|
|
@ -132,12 +135,17 @@ rm -rf %{buildroot}
|
|||
%{_mandir}/man8/ocpasswd.8*
|
||||
%{_bindir}/ocpasswd
|
||||
%{_bindir}/occtl
|
||||
%{_bindir}/ocserv-script
|
||||
%{_sbindir}/ocserv
|
||||
%{_sbindir}/ocserv-genkey
|
||||
%{_unitdir}/ocserv.service
|
||||
%{_localstatedir}/lib/ocserv/profile.xml
|
||||
|
||||
%changelog
|
||||
* Thu Sep 09 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-2
|
||||
- Ship a default ocserv-script, which will put connecting clients
|
||||
into the internal firewall zone.
|
||||
|
||||
* Thu Aug 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-1
|
||||
- New upstream release
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue