Mailing List Archive

CWD for vpnc-script changes between connect and disconnect calls
Hi all,
I wrote a vpnc-script replacement [1] to easily set up a split tunnel with
a whitelist for specific hosts or subnets.

It's intended to work with either vpnc or openconnect. For the most part it
works great, but I've been puzzled about why it did not seem to get called
on
disconnect by vpnc in certain invocations. I've finally figured it out.

In tunip.c, vpnc_doit() calls chdir("/") prior to forking (or continuing in
the foreground with --no-detach).

config_tunnel(s); /* CWD is whatever vpnc was started with
*/
do_phase2_qm(s);
DEBUGTOP(2, printf("S7.9 main loop (receive and transmit ipsec
packets)\n"));
vpnc_doit(s); /* calls chdir("/") */

/* Tear down phase 2 and 1 tunnels */
send_delete_ipsec(s);
send_delete_isakmp(s);

/* Cleanup routing */
DEBUGTOP(2, printf("S8 close_tunnel\n"));
close_tunnel(s); /* CWD is / */
s_atexit_sa = NULL;

Since the working directory is changed after calling config_tunnel(), but
before calling close_tunnel(), a relative path to the vpnc-script will work
correctly for connect, but *not* for disconnect:

# vpnc --script '../corporate/custom_vpnc_script'
../corporate/custom.vpnc

This behavior is subtle and is not documented in the command-line help or
man page. I believe the best way to fix it would be save the CWD at the
beginning of vpnc_doit(), and restore it at the end.

Would such a patch be accepted?

Thanks,
Dan

[1]: https://github.com/dlenski/vpn-slice