SSH PPP VPN
Version vom 5. November 2014, 09:31 Uhr von Thomas (Diskussion | Beiträge)
#!/bin/sh #SERVER_HOSTNAME=" gaius -p 22" test $# -ne 4 && ( echo $0 'start|stop PORT IP NETRANGE' ; exit 1 ) SERVER_HOSTNAME=" $3 -p $2" LOCAL_NET=192.168.240.0/20 REMOTE_NET="$4" SERVER_USERNAME=root ######## SERVER_IFIPADDR=172.29.29.1 CLIENT_IFIPADDR=172.29.29.3 LOCAL_SSH_OPTS="-P" PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/: PPPD=/usr/sbin/pppd SSH=/usr/bin/ssh ROUTE=/sbin/route ADD_FORT="/sbin/sysctl -w net.ipv4.ip_forward=1" DEl_FORT="/sbin/sysctl -w net.ipv4.ip_forward=0" ADD_SNAT="/sbin/iptables -t nat -A POSTROUTING -s $LOCAL_NET -j MASQUERADE -o eth0" DEL_SNAT="/sbin/iptables -t nat -D POSTROUTING -s $LOCAL_NET -j MASQUERADE -o eth0" if ! test -f $PPPD ; then echo "can't find $PPPD"; exit 3; fi if ! test -f $SSH ; then echo "can't find $SSH"; exit 4; fi case "$1" in start) echo -n "Starting vpn to $SERVER_HOSTNAME: " ${PPPD} updetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -l${SERVER_USERNAME} -o Batchmode=yes ${PPPD} nodetach notty noauth" ipparam vpn ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR} ${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -l${SERVER_USERNAME} ${ROUTE} add -net ${LOCAL_NET} gw ${CLIENT_IFIPADDR} ${ROUTE} add -net ${REMOTE_NET} gw ${SERVER_IFIPADDR} ${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -l${SERVER_USERNAME} ${ADD_FORT} ${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -l${SERVER_USERNAME} ${ADD_SNAT} # echo "connected." ;; stop) # echo -n "Stopping vpn to $SERVER_HOSTNAME: " ${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -l${SERVER_USERNAME} ${DEL_SNAT} PID=`ps ax | grep "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -l${SERVER_USERNAME} -o" | grep -v ' passive ' | grep -v 'grep ' | awk '{print $1}'` if [ "${PID}" != "" ]; then kill $PID echo "disconnected." else echo "Failed to find PID for the connection" fi ;; config) echo "SERVER_HOSTNAME=$SERVER_HOSTNAME" echo "SERVER_USERNAME=$SERVER_USERNAME" echo "SERVER_IFIPADDR=$SERVER_IFIPADDR" echo "CLIENT_IFIPADDR=$CLIENT_IFIPADDR" ;; esac