From onehalf3544 at gmail.com Tue Sep 2 05:57:22 2025 From: onehalf3544 at gmail.com (onehalf3544) Date: Tue, 2 Sep 2025 14:57:22 +0200 Subject: execute hook on client connection? Message-ID: Hi! I'm setting up a configuration described in https://docs.openconnect-vpn.net/recipes/ocserv-site-to-site/ (so Site2 <-> Site1 <-> Client(s)) except that the Site2 acts as a gateway for the clients for quite a lot of IP ranges, and the Site1 isn't to be affected by this - so there are source-based routing table entries for client IPs pointing to Site2 (if/when it is connected, as those get deleted automatically if the Site2 connection drops ;(( ) An iroute isn't enough for this (at least I don't see the way to use it). Redefining route-add-cmd to a custom script that would check the IP and do the custom config for Site2 only seems to be an option (or is it possible to have route-add-cmd in the config-per-user file?), but basically a simple hook would be a way more elegant solution. Such functionality isn't present at the moment, am I right? Would a patch with an implementation be welcome? Or perhaps there is a solution that I overlooked? (at the moment the configuration is done manually, I'd probably do some basic automation via the cron job that would poll the connection state constantly, but that is ugly) Any ideas/comments/recommendations? Thanks.