123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 |
- <PAGE>
- <INCLUDE file="inc/header.tmpl" />
- <VAR match="VAR_SEL_STARTED" replace="selected" />
- <VAR match="VAR_SEL_VPNCSCRIPT" replace="selected" />
- <PARSE file="menu1.xml" />
- <PARSE file="menu2-started.xml" />
- <INCLUDE file="inc/content.tmpl" />
- <h1>Install a <tt>vpnc-script</tt>.</h1>
- <p>OpenConnect just handles the communication with the VPN server; it does
- not know how to configure the network routing and name service on all the
- various operating systems that it runs on.</p>
- <p>To set the routing and name service up, it uses an external script
- which is usually called <tt>vpnc-script</tt>. It's exactly the same script that
- <a href="https://www.unix-ag.uni-kl.de/~massar/vpnc/">vpnc</a> uses.
- You may already have a <tt>vpnc-script</tt> installed on your system,
- perhaps in a location such as <tt>/etc/vpnc/vpnc-script</tt>.</p>
- <p>If you don't already have it, you can get a current version from <a
- href="https://gitlab.com/openconnect/vpnc-scripts/raw/master/vpnc-script">here</a>.
- Even if you already have a copy from vpnc, you may wish to install this updated
- version which has support for IPv6, and for running on Solaris and on newer Linux
- kernels amongst other bug fixes.</p>
- <p>Note that the script needs to be executable, and stored somewhere
- where SELinux or similar security systems won't prevent the root user
- from accessing it.</p>
- <p>Current versions of OpenConnect <i>(since version 3.17)</i> are configured
- with the location of the script at build time, and will use the script
- automatically. If you are using a packaged build of OpenConnect rather than
- building it yourself, then the OpenConnect package should have a dependency
- on a suitable version of <tt>vpnc-script</tt> and should be built to look in
- the right place for it. Hopefully your distributions gets that right.</p>
- <p>If you're using an older version of OpenConnect, or if you want to use
- a script other than the one that OpenConnect was configured to use, you
- can use the <tt>--script</tt> argument on the command line. For example:
- <ul><li><tt>openconnect --script /etc/vpnc/vpnc-script https://vpn.example.com/</tt></li></ul></p>
- <p>If OpenConnect is invoked without a suitable script, it will not be able
- to configure the routing or name service for the VPN.</p>
- <h1>Windows</h1>
- <p>On Windows, the default configuration of OpenConnect will look for
- a script named <tt>vpnc-script-win.js</tt> in the same directory as the
- <tt>openconnect.exe</tt> executable, and will execute it with the
- <a href="https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cscript">command-based
- script host (<tt>CScript.exe</tt>)</a>.</p>
- <p>The current version of this script can be found <a
- href="https://gitlab.com/openconnect/vpnc-scripts/raw/master/vpnc-script-win.js">here</a>.</p>
- <p>Note that although the script is basically functional for
- configuring both IPv6 and Legacy IP, it does not fully tear down the
- configuration on exit so stale IP address might be left around on the
- interface.</p>
- <INCLUDE file="inc/footer.tmpl" />
- </PAGE>
|