zouppen · January 12, 2017 20:25
diff --git a/README.md b/README.md
diff --git a/default.conf b/default.conf
 # /etc/vpnc/default.conf
 IPSec gateway 10.101.0.1
 IPSec ID my_id
 IPSec secret my_password1
 Xauth username my_id
 Xauth password my_password2
 NAT Traversal Mode none
 Noninteractive
 No Detach
diff --git a/interfaces b/interfaces
 # /etc/network/interfaces
 # VPNC:n automaattikäynnistys kun ethernet on saatavilla
 auto LAITE
 iface LAITE inet static
 	address 10.101.something
 	netmask 255.255.0.0
 	post-up service vpnc-persistent start
 	pre-down service vpnc-persistent stop
diff --git a/rules.v4 b/rules.v4
 # Location /etc/iptables/rules.v4
 #
 # We are using SNAT instead of MASQUERADE because it doesn't drop
 # connections when interface is brought down and back up. Source
 # http://unix.stackexchange.com/a/21968/154218
 *filter
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 -A FORWARD -i !YOUR_LOCAL_INTERFACE -o tun0 -j REJECT --reject-with icmp-port-unreachable
 -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu
 COMMIT
 *nat
 :PREROUTING ACCEPT [0:0]
 :INPUT ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
 -A POSTROUTING -o tun0 -j SNAT --to-source PUBLIC_IP_ADDRESS
 COMMIT
diff --git a/vpnc-persistent b/vpnc-persistent
 #!/bin/sh -eu
 #
 # Example location /usr/local/bin/vpnc-persistent
 #
 # Run the command with increasing intervals if it doesn't
 # behave correctly.
 initial_delay=30
 max_delay=7200
 delay=$initial_delay

 while true; do
 	target=`date -d "${delay} sec" +%s`

 	# the actual command
 	echo Connecting...
 	vpnc-connect "$@" || true

 	now=`date +%s`
 	if test $target -gt $now; then
 		# Died too fast. Sleep until target, and double the delay.
 		left=$(( $target - $now ))
 		echo Sleeping $left seconds...
 		sleep $left
 		delay=$(( $delay * 2 ))
 		# Max delay is 2h
 		test $delay -gt $max_delay && delay=$max_delay
 	else
 		# Kept running for a period of time. Reset delay.
 		delay=$initial_delay
 	fi
 done
diff --git a/vpnc-persistent.service b/vpnc-persistent.service
 # Example location /etc/systemd/system/vpnc-persistent.service

 [Unit]
 Description=VPN service

 [Service]
 ExecStart=/usr/local/bin/vpnc-persistent
	# /etc/vpnc/default.conf
	IPSec gateway 10.101.0.1
	IPSec ID my_id
	IPSec secret my_password1
	Xauth username my_id
	Xauth password my_password2
	NAT Traversal Mode none
	Noninteractive
	No Detach
	# /etc/network/interfaces
	# VPNC:n automaattikäynnistys kun ethernet on saatavilla
	auto LAITE
	iface LAITE inet static
	address 10.101.something
	netmask 255.255.0.0
	post-up service vpnc-persistent start
	pre-down service vpnc-persistent stop
	# Location /etc/iptables/rules.v4
	#
	# We are using SNAT instead of MASQUERADE because it doesn't drop
	# connections when interface is brought down and back up. Source
	# http://unix.stackexchange.com/a/21968/154218
	*filter
	:INPUT ACCEPT [0:0]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	-A FORWARD -i !YOUR_LOCAL_INTERFACE -o tun0 -j REJECT --reject-with icmp-port-unreachable
	-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
	COMMIT
	*nat
	:PREROUTING ACCEPT [0:0]
	:INPUT ACCEPT [0:0]
	:OUTPUT ACCEPT [0:0]
	:POSTROUTING ACCEPT [0:0]
	-A POSTROUTING -o tun0 -j SNAT --to-source PUBLIC_IP_ADDRESS
	COMMIT
	#!/bin/sh -eu
	#
	# Example location /usr/local/bin/vpnc-persistent
	#
	# Run the command with increasing intervals if it doesn't
	# behave correctly.
	initial_delay=30
	max_delay=7200
	delay=$initial_delay

	while true; do
	target=`date -d "${delay} sec" +%s`

	# the actual command
	echo Connecting...
	vpnc-connect "$@" \|\| true

	now=`date +%s`
	if test $target -gt $now; then
	# Died too fast. Sleep until target, and double the delay.
	left=$(( $target - $now ))
	echo Sleeping $left seconds...
	sleep $left
	delay=$(( $delay * 2 ))
	# Max delay is 2h
	test $delay -gt $max_delay && delay=$max_delay
	else
	# Kept running for a period of time. Reset delay.
	delay=$initial_delay
	fi
	done
	# Example location /etc/systemd/system/vpnc-persistent.service

	[Unit]
	Description=VPN service

	[Service]
	ExecStart=/usr/local/bin/vpnc-persistent