Vpnc hooks and several clients.

Ogogon !!! ogogon at ogogon.org
Thu Nov 23 12:55:00 PST 2023

Colleagues, I apologize if I didn’t understand something correctly and 
if I’m writing irrational things.

Having looked at the hooks mechanism, I came to the conclusion that if 
several clients are used on the computer (for example, it is a router), 
then the hooks called will be launched in the ${HOOKS_DIR}/${HOOK}.d 
directory when events occur in any logical direction. Even if these are 
hooks for a different direction.
For example, when connecting to one server, you need to enable NAT on 
the interface, and when connecting to another, NAT is not needed, but 
you need to set the remapping of some ports and this needs to be 
distinguished somehow.

In principle, you can find the address of the VPN collector in the 
environment variables and navigate according to it. But there are a 
number of ambiguities here. Firstly, the domain name is not transferred 
to environment variables, but only the IP address resolved from it. And 
it can change, sometimes without warning, that’s why DNS was invented. 
Secondly, the domain name may also change and you will still have to 
rewrite the script code with the hook.

I believe that the only reliable criterion may be the logical name of 
the direction, which is set when the client starts. It is passed into 
environment variables and lets scripts know that this is a job for them. 
For example, --direct=DIRECT_NAME and $direct in the process environment 
variables. Also, if the direction name is specified, then hooks can be 
launched with the path ${HOOKS_DIR}/${HOOK}.d/${direct}/*, which will 
allow you, in principle, not to launch hooks for other directions.

I'm only looking at a multi-client situation, but I figure the server 
must have similar issues as well.

Please, colleagues, tell me if I am right in posing the question?


More information about the openconnect-devel mailing list