Merge pull request #14 from bechampion/readme

Updated readme and small tweaks to split.sh to allow overrides
bechampion · Jun 28, 2024 · 80f1076 · 80f1076
2 parents f8b31ec + 0f10599
commit 80f1076
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -3,10 +3,12 @@ gohip
 
 The HIP ( `Host Integrity Protection`) mechanism is a security scanner for the Palo Alto Networks GlobalProtect VPNs, in the same vein as Cisco's CSD and Juniper's Host Checker ([source](https://www.infradead.org/openconnect/hip.html)).
 
-# Install
+# Installation
 
 Download and install `gohip` from the [releases page](https://github.com/bechampion/gohip/releases).
 
+The packaged version will drop a file in `/etc/vpnc/post-connect.d/split.sh`. If you opted to install the binary manually, you can create this file manually should you want to use the _splitvpn_ feature.
+
 # Usage
 
 Create file `/etc/vpnc/splitvpn` with the following content:
@@ -24,16 +26,15 @@ Then start the vpn client with
 
 # Using your default browser (so creds are remembered , hsm etc)
 
-You can pass `--default-browser` to gpclient is your in version `2.3.2` at least ,  and that should open on what xdg-config says
-```
-sudo -E gpclient connect --hip --csd-wrapper /home/jgarcia/Projects/disney/xgohip iad1gwavo.gp.disneystreaming.com --default-browser
-```
+You can pass `--default-browser` to `gpclient` if your in version `2.3.2` at least,  and that should open on what `xdg-config` says
+    
+    sudo -E gpclient connect --hip --csd-wrapper /path/to/gohip vpn.endpoint.com --default-browser
+
 
 To set your default browser you can do
-```
-xdg-settings set default-web-browser firefox.desktop
-```
+
+    xdg-settings set default-web-browser firefox.desktop
 
 
 ## Notes
-If you use firefox/chrome from snaps this will not work ,  gpclient drops a file on `/tmp` that needs to be reachable by the browser and that doesn't work with snaps
+If you use firefox/chrome from snaps this will not work,  gpclient drops a file on `/tmp` that needs to be reachable by the browser and that doesn't work with snaps
diff --git a/build-aux/scripts/split.sh b/build-aux/scripts/split.sh
@@ -1,5 +1,7 @@
 #!/usr/bin/env bash
 
+# THIS SCRIPT IS PART OF gohip. DO NOT MODIFY IT UNLESS YOU KNOW WHAT YOU ARE DOING.
+
 set -e
 
 CONFIG_FILE=/etc/vpnc/splitvpn
@@ -20,13 +22,13 @@ EOF
     exit 0
 fi
 
-. $CONFIG_FILE
-
-DISNEY_NET="10/8"
+VPN_NET="10/8"
 VPN_DEV="tun0"
 
+. $CONFIG_FILE
+
 ip route del default
 ip route add default via $GW dev $MAIN_DEV
-ip route add $DISNEY_NET dev $VPN_DEV
+ip route add $VPN_NET dev $VPN_DEV
 
 exit 0