New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add XAuth support #81
Conversation
I got error
for hwdsl2/setup-ipsec-vpn#386 so I changed
and everything works fine now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for contributing! I am glad that these changes work for your use case. You are correct regarding replacing modecfgdns="$DNS_SRV1, $DNS_SRV2"
. The reason is that we are now using Libreswan 3.22 instead of 3.23 where the latter used to require the above format.
I added comments on a few lines in your pull request. With that said, because connecting using vpnc from Linux is not a common use case, and this proposed solution only supports "pam" authentication, I am still unsure if we should merge these changes at this point.
run.sh
Outdated
@@ -56,11 +56,13 @@ if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then | |||
echo "VPN credentials not set by user. Generating random PSK and password..." | |||
VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)" | |||
VPN_USER=vpnuser | |||
VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)" | |||
VPN_PASSWORD=group |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line and the next line are incorrect. VPN password should be auto generated while the group name can have a default value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, I didn't notice I changed the wrong line of code
run.sh
Outdated
|
||
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then | ||
if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ] || [ -z "$VPN_GROUP" ]; then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I doubt if we should make the VPN_GROUP a required variable. Instead of exiting, a default value can be specified in case VPN_GROUP is not defined in vpn.env.
I'll make these changes on Wednesday, I think I need to test it before submit it |
@hwdsl2 I have fixed the two issues you mentioned, I also create a system user for PAM authentication and it's tested working for my environment. Could you review these changes. If everything is fine, I'll add documentation for these changes. |
@hwdsl2 any update on this? |
@hwdsl2 Merge conflicts resolved, and tested |
@vizv Thank you again for contributing! Connecting using vpnc from Linux in aggressive mode is not a common use case, and the proposed solution requires "pam" authentication (which requires adding a user to the system). Besides, the Therefore I'm not sure if we should merge this at this time. However if it works for you, you're welcome to adapt the project to your needs. |
@hwdsl2 Thanks for your comments |
See: hwdsl2/setup-ipsec-vpn#386