|
|
snx-rs (Check Point VPN) doesn't notice that its tunnel died during
suspend: the IKE keepalive is interrupted and the SAML cookie may
expire, but the daemon happily sits on dead sockets after resume.
`snxctl status` keeps reporting "Connected" while no traffic
actually flows, so the user has to manually disconnect+reconnect.
Install an /etc/systemd/system-sleep/ hook that stops the user-scope
snx-rs.service before suspend and starts it on resume. The tunnel is
left disconnected after resume; the waybar toggle (or any
`snxctl connect`) re-establishes it, going through SAML only if the
cached cookie has actually expired.
The hook enumerates logged-in users via loginctl and skips any that
don't have snx-rs.service enabled, so it's a no-op on machines that
don't use the VPN.
Also teach run_onchange_after_deploy-etc.sh.tmpl to install files
under etc/systemd/system-sleep/ with mode 0755 (systemd ignores
sleep hooks that aren't executable).
|
sommerfeld