Skip to content

Instantly share code, notes, and snippets.

@AlexGluck

AlexGluck/ssh-vpn-share-admin-inet.sh

Created April 16, 2019 15:48
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save AlexGluck/898cc7a398e3fad23628b047c65e2e69 to your computer and use it in GitHub Desktop.
Save AlexGluck/898cc7a398e3fad23628b047c65e2e69 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssh-vpn-share-admin-inet.sh
#!/usr/bin/env bash
host="$1"
disconnect="$2"
local_tun_number="1"
home_tmp=
eval home_tmp=~"$USER"/.ssh/tmp.sockets
mkdir -p "$home_tmp"
if [[ -n "${disconnect:+x}" ]]; then
ssh -q -S "$home_tmp"/"$host".ssh.sock -O exit "$host" '' &
sysctl -w net.ipv4.ip_forward=0 >/dev/null &
iptables -t nat -D POSTROUTING -s 10.0.0.1 -j MASQUERADE 2>/dev/null
systemctl start firewalld
else
ssh -q -o BatchMode=yes -i ~"$USER"/.ssh/id_rsa -o StrictHostKeyChecking=accept-new "$host" 'sed -i -e "s|.*PermitTunnel.*|PermitTunnel point-to-point|" /etc/ssh/sshd_config ; systemctl restart sshd; sed -i "1inameserver 8.8.8.8" /etc/resolv.conf ;exit'
ssh -q -f -N -M -S "$home_tmp"/"$host".ssh.sock -i ~"$USER"/.ssh/id_rsa -w "$local_tun_number" "$host" ''
ssh -q -o BatchMode=yes -i ~"$USER"/.ssh/id_rsa "$host" 'ip a add 10.0.0.1/30 dev tun0 peer 10.0.0.2 ; ip l set tun0 up ; ip r add "${SSH_CONNECTION%%" "*}" via "$(ip r | grep default | cut -f3 -d " ")" dev "$(ip r | grep default | cut -f5 -d " ")" 2>/dev/null ; ip r add default via 10.0.0.2 dev tun0 metric 1'
( ip a add 10.0.0.2/30 dev tun"$local_tun_number" peer 10.0.0.1 && ip l set tun"$local_tun_number" up ) &
sysctl -w net.ipv4.ip_forward=1 >/dev/null &
systemctl stop firewalld
iptables -t nat -A POSTROUTING -s 10.0.0.1 -j MASQUERADE
fi
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment