Created
February 23, 2017 08:39
-
-
Save bdpdx/3d927745d555f306314f4eca66f187bd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Softether VPN client setup for SSTP on Mac OS X Sierra | |
| # install tuntap from the binaries at http://tuntaposx.sourceforge.net (can't build from source w/o kext-enabled cert from apple) | |
| # download and build softether mac os x client, then: | |
| sudo mv vpnclient /usr/local | |
| sudo chown -R 0:0 /usr/local/vpnclient | |
| sudo find /usr/local/vpnclient -type f -exec chmod 600 {} \; -type d -exec chmod 700 {} \; | |
| sudo chmod 700 /usr/local/vpnclient/{vpnclient,vpncmd} | |
| # Load vpnclient at launch: | |
| sudo cp org.softether.vpnclient.plist /Library/LaunchDaemons | |
| sudo chown 0:0 /Library/LaunchDaemons/org.softether.vpnclient.plist | |
| sudo chmod 644 /Library/LaunchDaemons/org.softether.vpnclient.plist | |
| sudo launchctl load /Library/LaunchDaemons/org.softether.vpnclient.plist | |
| # Configure vpnclient | |
| # see http://www.calvinfroedge.com/connecting-to-a-softether-vpn-server-as-client-from-osx-yosemite | |
| alias vpncmd='sudo /usr/local/vpnclient/vpncmd localhost /CLIENT /CMD' | |
| vpncmd NicCreate tun0 | |
| vpncmd NicEnable tun0 | |
| vpncmd AccountCreate <username> /SERVER:vpn.example.com:443 /HUB:VPN /USERNAME:<username> /NICNAME:tun0 | |
| vpncmd AccountPasswordSet <username> /TYPE:standard |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>KeepAlive</key> | |
| <true/> | |
| <key>Label</key> | |
| <string>org.softether.vpnclient</string> | |
| <key>ProgramArguments</key> | |
| <array> | |
| <string>/usr/local/vpnclient/vpnclient</string> | |
| <string>start</string> | |
| </array> | |
| <key>RunAtLoad</key> | |
| <true/> | |
| <key>StandardErrorPath</key> | |
| <string>/Library/Logs/vpnclient.log</string> | |
| <key>StandardOutPath</key> | |
| <string>/Library/Logs/vpnclient.log</string> | |
| </dict> | |
| </plist> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| USERNAME=<username> | |
| alias vpncmd='sudo /usr/local/vpnclient/vpncmd localhost /CLIENT /CMD' | |
| OLDGATEWAYIP=$(route get default | awk '/gateway:/ {print $2}') | |
| VPNSERVERNAME=$(vpncmd AccountGet $USERNAME | awk -F '|' '/VPN Server Host Name/ {print $2}') | |
| VPNSERVERIP=$(dig +short $VPNSERVERNAME) | |
| ipconfig set tap0 NONE | |
| vpncmd AccountDisconnect $USERNAME | |
| ipconfig set tap0 DHCP | |
| vpncmd AccountConnect $USERNAME | |
| set +e | |
| while : ; do | |
| TAP0IP=$(ipconfig getifaddr tap0) | |
| if [ -n "$TAP0IP" ] ; then break ; fi | |
| sleep 1 | |
| done | |
| set -e | |
| # route all traffic through the VPN | |
| NEWGATEWAYIP=$(netstat -nrf inet | awk '/default.*tap0/ {print $2}') | |
| route -n add -host $VPNSERVERIP $OLDGATEWAYIP | |
| route -n delete default | |
| route -n add default $NEWGATEWAYIP | |
| route -n add -host -ifscope tap0 67.169.199.221 172.20.10.1 | |
| # reset | |
| route -n delete -host 67.169.199.221 | |
| ipconfig set tap0 NONE | |
| vpncmd AccountDisconnect $USERNAME | |
| route -n add default 172.20.10.1 | |
| ipconfig set tap0 DHCP | |
| vpncmd AccountConnect brian | |
| vpncmd AccountStatusGet brian |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment