Add 'ucsf vpn reconnect'

HenrikBengtsson · May 20, 2024 · 5e6860d · 5e6860d
1 parent 20b967e
commit 5e6860d
Show file tree

Hide file tree

Showing 6 changed files with 116 additions and 5 deletions.
diff --git a/NEWS.md b/NEWS.md
@@ -12,6 +12,11 @@ ucsf-vpn
 
  * Add `ucsf vpn install-vpnc`, which is required before using
    `--flavor=<flavor>`.
+
+ * Add `ucsf vpn reconnect`, which signals `SIGUSR2` to the
+   OpenConnect process and thereby "forces an immediate disconnection
+   and reconnection; this can be used to quickly recover from LAN IP
+   address changes."
 
 ### Deprecated and Defunct
 

diff --git a/README.md b/README.md
@@ -104,6 +104,7 @@ Usage:
 Commands:
  start            Connect to VPN
  stop             Disconnect from VPN
+ reconnect        Reconnect to VPN
  restart          Disconnect and reconnect to VPN
  toggle           Connect to or disconnect from VPN
  status           Display VPN connection status
@@ -202,7 +203,7 @@ Useful resources:
 * UCSF Managing Your Passwords:
   - https://it.ucsf.edu/services/managing-your-passwords
 
-Version: 5.8.0-9007
+Version: 5.8.0-9008
 Copyright: Henrik Bengtsson (2016-2024)
 License: GPL (>= 2.1) [https://www.gnu.org/licenses/gpl.html]
 Source: https://github.com/HenrikBengtsson/ucsf-vpn

diff --git a/WORDLIST b/WORDLIST
@@ -32,3 +32,4 @@ dns
 PID
 www
 YubiKey
+reconnection
diff --git a/bin/ucsf-vpn b/bin/ucsf-vpn
@@ -10,6 +10,7 @@
 ### Commands:
 ###  start            Connect to VPN
 ###  stop             Disconnect from VPN
+###  reconnect        Reconnect to VPN
 ###  restart          Disconnect and reconnect to VPN
 ###  toggle           Connect to or disconnect from VPN
 ###  status           Display VPN connection status
@@ -109,7 +110,7 @@
 ### * UCSF Managing Your Passwords:
 ###   - https://it.ucsf.edu/services/managing-your-passwords
 ###
-### Version: 5.8.0-9007
+### Version: 5.8.0-9008
 ### Copyright: Henrik Bengtsson (2016-2024)
 ### License: GPL (>= 2.1) [https://www.gnu.org/licenses/gpl.html]
 ### Source: https://github.com/HenrikBengtsson/ucsf-vpn
@@ -929,6 +930,9 @@ function openconnect_start() {
         _exit 0
     fi
 
+    rm "$(logfile)"
+    log "openconnect_start() ..."
+
     ## Record IP routing table before connecting to the VPN
     ip route show > "${ip_route_novpn_file}"
 
@@ -1050,6 +1054,8 @@ function openconnect_start() {
       default_route_before=$(grep -E '^default[[:space:]]' "${ip_route_novpn_file}" | sed 's/default //' | sed -E 's/ +$//')
       minfo "Default IP routing was changed from '${default_route_before}' to '${default_route_after}'"
     fi
+
+    log "openconnect_start() ... done"
 
     minfo "Connected to VPN server"
 }
@@ -1060,6 +1066,8 @@ function openconnect_stop() {
 
     mdebug "openconnect_stop() ..."
 
+    log "openconnect_stop() ..."
+
     pid=$(openconnect_pid)
     if [[ $pid == -1 ]]; then
         mwarn "Could not detect a VPN ('openconnect') process. Skipping."
@@ -1082,6 +1090,7 @@ function openconnect_stop() {
         ## session off, disconnecting from the gateway, and running the vpnc-script
         ## to restore the network configuration.
         mdebug "Killing OpenConnect process: sudo kill -s INT \"$pid\" 2> /dev/null"
+        log "- sudo kill -s INT $pid"
         sudo kill -s INT $pid 2> /dev/null
 
          ## Wait for process to terminate
@@ -1132,11 +1141,46 @@ function openconnect_stop() {
       default_route_before=$(grep -E '^default[[:space:]].*tun' "${ip_route_vpn_file}" | sed 's/default //' | sed -E 's/ +$//')
       minfo "Default IP routing was changed from '${default_route_before}' to '${default_route_after}'"
     fi
-
+
+    log "openconnect_stop() ... done"
+
     minfo "Disconnected from VPN server"
 }
 
 
+function openconnect_reconnect() {
+    local kill_timeout
+    local -i kk pid
+
+    mdebug "openconnect_reconnect() ..."
+
+    log "openconnect_reconnect() ..."
+
+    pid=$(openconnect_pid)
+    if [[ $pid == -1 ]]; then
+        mwarn "Could not detect a VPN ('openconnect') process. Skipping."
+        return
+    fi
+
+    minfo "Reconnecting to VPN server"
+
+    assert_sudo "stop"
+
+    ## From 'man openconnect': SIGUSR2 forces an immediate disconnection and
+    ## reconnection; this can be used to quickly recover from LAN IP address
+    ## changes.
+    mdebug "sudo kill -s USR2 $pid"
+    log "- sudo kill -s USR2 $pid"
+    sudo kill -s USR2 $pid 2> /dev/null
+
+    status "connected"
+
+    log "openconnect_reconnect() ... done"
+
+    minfo "Reconnected to VPN server"
+}
+
+
 # -------------------------------------------------------------------------
 # XDG config utility functions
 # -------------------------------------------------------------------------
@@ -1360,6 +1404,10 @@ function logfile() {
     echo "${file}"
 }
 
+log() {
+    echo "[$(date --iso-8601=seconds)] $*" >> "$(logfile)"
+}
+
 
 # -------------------------------------------------------------------------
 # Deprecated and defunct
@@ -1415,6 +1463,8 @@ while [[ $# -gt 0 ]]; do
         action=$1
     elif [[ "$1" == "stop" ]]; then
         action=$1
+    elif [[ "$1" == "reconnect" ]]; then
+        action=$1
     elif [[ "$1" == "toggle" ]]; then
         action=$1
         force=true
@@ -1674,6 +1724,8 @@ elif [[ $action == "start" ]]; then
 elif [[ $action == "stop" ]]; then
     openconnect_stop
     status "disconnected"
+elif [[ $action == "reconnect" ]]; then
+    openconnect_reconnect
 elif [[ $action == "restart" ]]; then
     if $force || is_connected; then
         openconnect_stop

diff --git a/src/incl/openconnect.sh b/src/incl/openconnect.sh
@@ -154,6 +154,9 @@ function openconnect_start() {
         _exit 0
     fi
 
+    rm "$(logfile)"
+    log "openconnect_start() ..."
+
     ## Record IP routing table before connecting to the VPN
     ip route show > "${ip_route_novpn_file}"
 
@@ -275,6 +278,8 @@ function openconnect_start() {
       default_route_before=$(grep -E '^default[[:space:]]' "${ip_route_novpn_file}" | sed 's/default //' | sed -E 's/ +$//')
       minfo "Default IP routing was changed from '${default_route_before}' to '${default_route_after}'"
     fi
+
+    log "openconnect_start() ... done"
 
     minfo "Connected to VPN server"
 }
@@ -285,6 +290,8 @@ function openconnect_stop() {
 
     mdebug "openconnect_stop() ..."
 
+    log "openconnect_stop() ..."
+
     pid=$(openconnect_pid)
     if [[ $pid == -1 ]]; then
         mwarn "Could not detect a VPN ('openconnect') process. Skipping."
@@ -307,6 +314,7 @@ function openconnect_stop() {
         ## session off, disconnecting from the gateway, and running the vpnc-script
         ## to restore the network configuration.
         mdebug "Killing OpenConnect process: sudo kill -s INT \"$pid\" 2> /dev/null"
+        log "- sudo kill -s INT $pid"
         sudo kill -s INT $pid 2> /dev/null
 
          ## Wait for process to terminate
@@ -357,6 +365,41 @@ function openconnect_stop() {
       default_route_before=$(grep -E '^default[[:space:]].*tun' "${ip_route_vpn_file}" | sed 's/default //' | sed -E 's/ +$//')
       minfo "Default IP routing was changed from '${default_route_before}' to '${default_route_after}'"
     fi
-
+
+    log "openconnect_stop() ... done"
+
     minfo "Disconnected from VPN server"
 }
+
+
+function openconnect_reconnect() {
+    local kill_timeout
+    local -i kk pid
+
+    mdebug "openconnect_reconnect() ..."
+
+    log "openconnect_reconnect() ..."
+
+    pid=$(openconnect_pid)
+    if [[ $pid == -1 ]]; then
+        mwarn "Could not detect a VPN ('openconnect') process. Skipping."
+        return
+    fi
+
+    minfo "Reconnecting to VPN server"
+
+    assert_sudo "stop"
+
+    ## From 'man openconnect': SIGUSR2 forces an immediate disconnection and
+    ## reconnection; this can be used to quickly recover from LAN IP address
+    ## changes.
+    mdebug "sudo kill -s USR2 $pid"
+    log "- sudo kill -s USR2 $pid"
+    sudo kill -s USR2 $pid 2> /dev/null
+
+    status "connected"
+
+    log "openconnect_reconnect() ... done"
+
+    minfo "Reconnected to VPN server"
+}
diff --git a/src/ucsf-vpn.sh b/src/ucsf-vpn.sh
@@ -7,6 +7,7 @@
 ### Commands:
 ###  start            Connect to VPN
 ###  stop             Disconnect from VPN
+###  reconnect        Reconnect to VPN
 ###  restart          Disconnect and reconnect to VPN
 ###  toggle           Connect to or disconnect from VPN
 ###  status           Display VPN connection status
@@ -106,7 +107,7 @@
 ### * UCSF Managing Your Passwords:
 ###   - https://it.ucsf.edu/services/managing-your-passwords
 ###
-### Version: 5.8.0-9007
+### Version: 5.8.0-9008
 ### Copyright: Henrik Bengtsson (2016-2024)
 ### License: GPL (>= 2.1) [https://www.gnu.org/licenses/gpl.html]
 ### Source: https://github.com/HenrikBengtsson/ucsf-vpn
@@ -429,6 +430,10 @@ function logfile() {
     echo "${file}"
 }
 
+log() {
+    echo "[$(date --iso-8601=seconds)] $*" >> "$(logfile)"
+}
+
 
 # -------------------------------------------------------------------------
 # Deprecated and defunct
@@ -484,6 +489,8 @@ while [[ $# -gt 0 ]]; do
         action=$1
     elif [[ "$1" == "stop" ]]; then
         action=$1
+    elif [[ "$1" == "reconnect" ]]; then
+        action=$1
     elif [[ "$1" == "toggle" ]]; then
         action=$1
         force=true
@@ -743,6 +750,8 @@ elif [[ $action == "start" ]]; then
 elif [[ $action == "stop" ]]; then
     openconnect_stop
     status "disconnected"
+elif [[ $action == "reconnect" ]]; then
+    openconnect_reconnect
 elif [[ $action == "restart" ]]; then
     if $force || is_connected; then
         openconnect_stop