openfortivpn: add realm parameter support

Some FortiGate VPN gateways require a specific authentication realm
when multiple domains or user groups are configured on the same server.

This commit updates the netifd protocol script to parse the 'realm'
option from the UCI configuration and correctly append it to the
openfortivpn command line arguments.

Signed-off-by: Xing-Kai Wang <redacted>

diff --git a/net/openfortivpn/files/openfortivpn.sh b/net/openfortivpn/files/openfortivpn.sh
index b4bc9f5d0181af46f9892cc7db04045befa93a65..55168e51d52462c8ad5c5e39e05b194c95f7e91a 100755 (executable)
--- a/net/openfortivpn/files/openfortivpn.sh
+++ b/net/openfortivpn/files/openfortivpn.sh
@@ -24,6 +24,7 @@ proto_openfortivpn_init_config() {
        proto_config_add_string "remote_status_check"
        proto_config_add_boolean "saml_login"
        proto_config_add_int "saml_login_port"
+       proto_config_add_string  "realm"
        no_device=1
        available=1
 }
@@ -34,9 +35,9 @@ proto_openfortivpn_setup() {
        local msg ifname ip server_ips pwfile callfile
 
        local peeraddr port tunlink local_ip username password persist_int \
-             trusted_cert remote_status_check saml_login saml_login_port
+             trusted_cert remote_status_check saml_login saml_login_port realm
        json_get_vars host peeraddr port tunlink local_ip username password persist_int \
-                     trusted_cert remote_status_check saml_login saml_login_port
+                     trusted_cert remote_status_check saml_login saml_login_port realm
 
        ifname="vpn-$config"
 
@@ -148,6 +149,8 @@ proto_openfortivpn_setup() {
                fi
        }
 
+       [ -n "$realm" ] && append_args "--realm=$realm"
+
        callfile="/var/etc/openfortivpn/peers/$config"
        echo "115200
 :$local_ip