Ship a default ocserv-script, which will put connecting clients into the internal firewall zone.
This commit is contained in:
parent
7152f9c08c
commit
fcf19fcfac
10
ocserv-script
Executable file
10
ocserv-script
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ "$REASON" = "connect" ];then
|
||||||
|
# add the user's interface into the internal zone
|
||||||
|
firewall-cmd --zone=internal --add-interface=$DEVICE
|
||||||
|
else
|
||||||
|
firewall-cmd --zone=internal --remove-interface=$DEVICE
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
@ -151,8 +151,8 @@ rekey-method = ssl
|
|||||||
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
|
# DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP
|
||||||
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client),
|
# in the P-t-P connection), IP_REMOTE (the VPN IP of the client),
|
||||||
# ID (a unique numeric ID); REASON may be "connect" or "disconnect".
|
# ID (a unique numeric ID); REASON may be "connect" or "disconnect".
|
||||||
#connect-script = /usr/bin/myscript
|
#connect-script = /usr/bin/ocserv-script
|
||||||
#disconnect-script = /usr/bin/myscript
|
#disconnect-script = /usr/bin/ocserv-script
|
||||||
|
|
||||||
# UTMP
|
# UTMP
|
||||||
use-utmp = true
|
use-utmp = true
|
||||||
@ -285,8 +285,7 @@ route = 192.168.1.0/255.255.255.0
|
|||||||
#default-select-group = DEFAULT
|
#default-select-group = DEFAULT
|
||||||
|
|
||||||
# Instead of specifying manually all the allowed groups, you may instruct
|
# Instead of specifying manually all the allowed groups, you may instruct
|
||||||
# ocserv to scan all available groups and include the full list. That
|
# ocserv to scan all available groups and include the full list.
|
||||||
# option is only functional on plain authentication.
|
|
||||||
#auto-select-group = true
|
#auto-select-group = true
|
||||||
|
|
||||||
# The system command to use to setup a route. %R will be replaced with the
|
# The system command to use to setup a route. %R will be replaced with the
|
||||||
|
10
ocserv.spec
10
ocserv.spec
@ -1,6 +1,6 @@
|
|||||||
Name: ocserv
|
Name: ocserv
|
||||||
Version: 0.8.4
|
Version: 0.8.4
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: OpenConnect SSL VPN server
|
Summary: OpenConnect SSL VPN server
|
||||||
|
|
||||||
# For a breakdown of the licensing, see PACKAGE-LICENSING
|
# For a breakdown of the licensing, see PACKAGE-LICENSING
|
||||||
@ -14,6 +14,7 @@ Source3: ocserv-pamd.conf
|
|||||||
Source4: PACKAGE-LICENSING
|
Source4: PACKAGE-LICENSING
|
||||||
Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig
|
Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig
|
||||||
Source7: ocserv-genkey
|
Source7: ocserv-genkey
|
||||||
|
Source8: ocserv-script
|
||||||
|
|
||||||
# Taken from upstream:
|
# Taken from upstream:
|
||||||
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
|
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
|
||||||
@ -111,6 +112,8 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/
|
|||||||
install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/
|
install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/
|
||||||
mkdir -p %{buildroot}/%{_sbindir}
|
mkdir -p %{buildroot}/%{_sbindir}
|
||||||
install -p -m 755 %{SOURCE7} %{buildroot}/%{_sbindir}
|
install -p -m 755 %{SOURCE7} %{buildroot}/%{_sbindir}
|
||||||
|
mkdir -p %{buildroot}/%{_bindir}
|
||||||
|
install -p -m 755 %{SOURCE8} %{buildroot}/%{_bindir}
|
||||||
%make_install
|
%make_install
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
@ -132,12 +135,17 @@ rm -rf %{buildroot}
|
|||||||
%{_mandir}/man8/ocpasswd.8*
|
%{_mandir}/man8/ocpasswd.8*
|
||||||
%{_bindir}/ocpasswd
|
%{_bindir}/ocpasswd
|
||||||
%{_bindir}/occtl
|
%{_bindir}/occtl
|
||||||
|
%{_bindir}/ocserv-script
|
||||||
%{_sbindir}/ocserv
|
%{_sbindir}/ocserv
|
||||||
%{_sbindir}/ocserv-genkey
|
%{_sbindir}/ocserv-genkey
|
||||||
%{_unitdir}/ocserv.service
|
%{_unitdir}/ocserv.service
|
||||||
%{_localstatedir}/lib/ocserv/profile.xml
|
%{_localstatedir}/lib/ocserv/profile.xml
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Sep 09 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-2
|
||||||
|
- Ship a default ocserv-script, which will put connecting clients
|
||||||
|
into the internal firewall zone.
|
||||||
|
|
||||||
* Thu Aug 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-1
|
* Thu Aug 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-1
|
||||||
- New upstream release
|
- New upstream release
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user