/
vpnc-script.xml
52 lines (40 loc) · 2.36 KB
/
vpnc-script.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<PAGE>
<VAR match="VAR_ORIGIN" replace="" />
<VAR match="VAR_CVSID" replace=""/>
<INCLUDE file="inc/header.tmpl" />
<VAR match="VAR_SEL_STARTED" replace="selected" />
<VAR match="VAR_SEL_VPNCSCRIPT" replace="selected" />
<PARSE file="menu1.xml" />
<PARSE file="menu2-started.xml" />
<INCLUDE file="inc/content.tmpl" />
<h1>Install a <tt>vpnc-script</tt>.</h1>
<p>OpenConnect just handles the communication with the VPN server; it does
not know how to configure the network routing and name service on all the
various operating systems that it runs on.</p>
<p>To set the routing and name service up, it uses an external script
which is usually called <tt>vpnc-script</tt>. It's exactly the same script that
<a href="http://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a> uses.
You may already have a <tt>vpnc-script</tt> installed on your system,
perhaps in a location such as <tt>/etc/vpnc/vpnc-script</tt>.</p>
<p>If you don't already have it, you can get a current version from <a
href="http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script">here</a>.
Even if you already have a copy from vpnc, you may wish to install this updated
version which has support for IPv6, and for running on Solaris and on newer Linux
kernels amongst other bug fixes.</p>
<p>Note that the script needs to be executable, and stored somewhere
where SELinux or similar security systems won't prevent the root user
from accessing it.</p>
<p>Current versions of OpenConnect <i>(since version 3.17)</i> are configured
with the location of the script at build time, and will use the script
automatically. If you are using a packaged build of OpenConnect rather than
building it yourself, then the OpenConnect package should have a dependency
on a suitable version of <tt>vpnc-script</tt> and should be built to look in
the right place for it. Hopefully your distributions gets that right.</p>
<p>If you're using an older version of OpenConnect, or if you want to use
a script other than the one that OpenConnect was configured to use, you
can use the <tt>--script</tt> argument on the command line. For example:
<ul><li><tt>openconnect --script /etc/vpnc/vpnc-script https://vpn.example.com/</tt></li></ul></p>
<p>If OpenConnect is invoked without a suitable script, it will not be able
to configure the routing or name service for the VPN.</p>
<INCLUDE file="inc/footer.tmpl" />
</PAGE>