Add XAuth support #81
Conversation
|
I got error for hwdsl2/setup-ipsec-vpn#386 so I changed and everything works fine now |
There was a problem hiding this comment.
Thank you for contributing! I am glad that these changes work for your use case. You are correct regarding replacing modecfgdns="$DNS_SRV1, $DNS_SRV2". The reason is that we are now using Libreswan 3.22 instead of 3.23 where the latter used to require the above format.
I added comments on a few lines in your pull request. With that said, because connecting using vpnc from Linux is not a common use case, and this proposed solution only supports "pam" authentication, I am still unsure if we should merge these changes at this point.
run.sh
Outdated
| @@ -56,11 +56,13 @@ if [ -z "$VPN_IPSEC_PSK" ] && [ -z "$VPN_USER" ] && [ -z "$VPN_PASSWORD" ]; then | |||
| echo "VPN credentials not set by user. Generating random PSK and password..." | |||
| VPN_IPSEC_PSK="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)" | |||
| VPN_USER=vpnuser | |||
| VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 16)" | |||
| VPN_PASSWORD=group | |||
There was a problem hiding this comment.
This line and the next line are incorrect. VPN password should be auto generated while the group name can have a default value.
There was a problem hiding this comment.
Oh, I didn't notice I changed the wrong line of code
run.sh
Outdated
|
|
||
| if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ]; then | ||
| if [ -z "$VPN_IPSEC_PSK" ] || [ -z "$VPN_USER" ] || [ -z "$VPN_PASSWORD" ] || [ -z "$VPN_GROUP" ]; then |
There was a problem hiding this comment.
I doubt if we should make the VPN_GROUP a required variable. Instead of exiting, a default value can be specified in case VPN_GROUP is not defined in vpn.env.
|
I'll make these changes on Wednesday, I think I need to test it before submit it |
|
@hwdsl2 I have fixed the two issues you mentioned, I also create a system user for PAM authentication and it's tested working for my environment. Could you review these changes. If everything is fine, I'll add documentation for these changes. |
|
@hwdsl2 any update on this? |
|
@hwdsl2 Merge conflicts resolved, and tested |
|
@vizv Thank you again for contributing! Connecting using vpnc from Linux in aggressive mode is not a common use case, and the proposed solution requires "pam" authentication (which requires adding a user to the system). Besides, the Therefore I'm not sure if we should merge this at this time. However if it works for you, you're welcome to adapt the project to your needs. |
|
@hwdsl2 Thanks for your comments |
See: hwdsl2/setup-ipsec-vpn#386