Last active
March 1, 2021 23:16
-
-
Save gephaest/e7891f2058009ec45bc1e334a1d9bf76 to your computer and use it in GitHub Desktop.
Generate vpnc_server_script.sh for VPN whitelisting. Only for padavan firmware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
input="$(pwd)/domains.txt" | |
outputFile="$(pwd)/vpnc_server_script.sh" | |
routerSSH="admin@192.168.1.1" | |
addOps=() | |
delOps=() | |
ipAddrRegular='[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$' | |
echo -n "" >$outputFile | |
printAdd() { | |
echo "route add -host $1 gw \$IPREMOTE dev \$IFNAME" | |
} | |
printRemove() { | |
echo "route del -host $1 gw \$IPREMOTE dev \$IFNAME" | |
} | |
while IFS= read -r line; do | |
if [[ -z "$line" ]]; then | |
continue | |
# Строку с комментом переносим | |
elif [[ "$line" =~ ^# ]]; then | |
addOps+=("$line") | |
delOps+=("$line") | |
continue | |
# Обычный IP X.X.X.X | |
elif [[ "$line" =~ $ipAddrRegular ]]; then | |
addOps+=("$(printAdd $line)") | |
delOps+=("$(printRemove $line)") | |
continue | |
# Подсесть | |
elif [[ "$line" =~ [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\/[0-9]{1,3} ]]; then | |
addOps+=("route add -net $line gw \$IPREMOTE dev \$IFNAME") | |
delOps+=("route del -net $line gw \$IPREMOTE dev \$IFNAME") | |
continue | |
# Достать IP из домена | |
else | |
ip=$(nslookup $line | tail -n2 | awk '{print $2}') | |
if [[ $ip =~ $ipAddrRegular ]]; then | |
addOps+=("$(printAdd $ip)") | |
delOps+=("$(printRemove $ip)") | |
fi | |
fi | |
done <"$input" | |
#TEMPLATE | |
tee -a "$outputFile" <<EOF | |
#!/bin/sh | |
### Custom user script | |
### Called after internal VPN client connected/disconnected to remote VPN server | |
### \$1 - action (up/down) | |
### \$IFNAME - tunnel interface name (e.g. ppp5 or tun0) | |
### \$IPLOCAL - tunnel local IP address | |
### \$IPREMOTE - tunnel remote IP address | |
### \$DNS1 - peer DNS1 | |
### \$DNS2 - peer DNS2 | |
# private LAN subnet behind a remote server (example) | |
#peer_lan="192.168.9.0" | |
#peer_msk="255.255.255.0" | |
### example: add static route to private LAN subnet behind a remote server | |
func_ipup() | |
{ | |
# route add -net \$peer_lan netmask \$peer_msk gw \$IPREMOTE dev \$IFNAME | |
route add -host \$DNS1 gw \$IPREMOTE dev \$IFNAME | |
route add -host \$DNS2 gw \$IPREMOTE dev \$IFNAME | |
EOF | |
printf ' %s\n' "${addOps[@]}" | tee -a $outputFile | |
tee -a $outputFile <<EOF | |
return 0 | |
} | |
func_ipdown() | |
{ | |
# route del -net \$peer_lan netmask \$peer_msk gw \$IPREMOTE dev \$IFNAME | |
route del -host \$DNS1 gw \$IPREMOTE dev \$IFNAME | |
route del -host \$DNS2 gw \$IPREMOTE dev \$IFNAME | |
EOF | |
printf ' %s\n' "${delOps[@]}" | tee -a $outputFile | |
tee -a $outputFile <<EOF | |
return 0 | |
} | |
logger -t vpnc-script "\$IFNAME \$1" | |
case "\$1" in | |
up) | |
func_ipup | |
;; | |
down) | |
func_ipdown | |
;; | |
esac | |
EOF | |
ssh $routerSSH 'cp /etc/storage/vpnc_server_script.sh /etc/storage/vpnc_server_script_backup.sh' | |
scp $outputFile $routerSSH:/etc/storage | |
ssh $routerSSH '/sbin/restart_vpn_client; sleep 5; /sbin/route -e' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment