Arch Linux User Repository

Hello @shurka,

The base64 encoded password is just the word "password", it was intended for the example (at first I didn't realize it needed to be base64 encoded, so I thought others might too). Thanks for the heads up anyway.

The ExecStartPost/ExecStartPost commands are more an idea in case other people find this useful for handling automatic changes to /etc/hosts. I don't think this is needed neither robust enough for being the normal behavior. I don't know about systemd-resolved handling custom changes to /etc/hosts, though, I'll check it.

I've tried the command mode, but didn't like it, I prefer to handle the VPN connection simply through starting/stopping a Systemd service. Also, the template service allows for starting a specific VPN connection automatically at system boot (like systemctl enable snx-rs@myvpn) or as a depencency for other services using Systemd features, etc.. Note I didn't replace the original command mode Systemd service, but added another (template) service which only works when properly referred to together with an instance name parameter.

Anyway it's your call. I'll update the patch to apply cleanly again with the recent changes.

Thanks!

dear @spuk,

first, you posted your password in the patch source code, you better remove it.

second. dns management is a systemd-resolved duty, it's clearly stated in upstream's readme. so you can hack your own setup however you want, but I won't add these changes to this package. also, please, consider contribute changes that introduce /etc/hosts management to the upstream (snx-rs git repo).

third. command mode is used in upstream assets, so I won't change it to standalone here.

overall thanks for the feedback, I'm glad that you found snx-rs is of use with your own unique workflow.

as soon as aur stops lagging, I'll update package to install default configuration file into /usr/share/snx-rs/snx-rs.conf and add a short message with instructions after installation phase.

Here's a patch to add a template Systemd service that runs snx-rs in standalone mode with a parameterized configuration in /etc/snx-rs/, and the sample snx-rs.conf config file with an example for adding the password.

I also added ExecStartPost and ExecStopPost commands that respectively comment and uncomment any lines in /etc/hosts with a suffix like #snx-rs@CONFIG_NAME# (where CONFIG_NAME is the @ instance name of the Systemd service) when the VPN is started/stopped:

diff --git a/PKGBUILD b/PKGBUILD
index 2760878..f5907b1 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -46,4 +46,10 @@ package() {
   sed -i -re 's/^ExecStart.+/ExecStart=snx-rs -m command -l info/g' assets/snx-rs.service
   install -Dm0644 -t "$pkgdir/usr/lib/systemd/system/" assets/snx-rs.service
   install -Dm0644 -t "$pkgdir/usr/share/snx-rs/" assets/snx-rs.conf
+  sed    -re 's,^ExecStart.+,ExecStart=snx-rs -m standalone -l info -c /etc/snx-rs/%i.conf,g' assets/snx-rs.service >assets/snx-rs@.service
+  sed -i -re "/ExecStart=/aExecStartPost=/sbin/sed -r -e '/#snx-rs@%i#$/s/^#//' -i /etc/hosts"    assets/snx-rs@.service
+  sed -i -re "/ExecStartPost=/aExecStopPost=/sbin/sed -r -e '/#snx-rs@%i#$/s/^/#/' -i /etc/hosts" assets/snx-rs@.service
+  sed -i -re "/^Wants/aConditionFileNotEmpty=/etc/snx-rs/%i.conf" assets/snx-rs@.service
+  install -Dm0644 -t "$pkgdir/usr/lib/systemd/system/" assets/snx-rs@.service
+  install -Dm0750 -d "$pkgdir/etc/snx-rs"
 }

So after adding a /etc/snx-rs/VPN.conf file, start the VPN connection with systemctl start snx-rs@VPN, and if you have lines like #1.1.1.1 one.one.one.one #snx-rs@VPN# in you /etc/hosts file, they should be uncommented, and commented back when you systemctl stop snx-rs@VPN (this is useful for me).

(Note: patch updated following later comments, sample config file not present anymore.)