Created
September 9, 2011 10:27
-
-
Save m0n5t3r/1205909 to your computer and use it in GitHub Desktop.
Start a VPN on connection, don't allow any connections before it if the VPN is supposed to be a default gateway; save as /etc/NetworkManager/dispatcher.d/02vpn
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh -e | |
if [ -z "$1" ]; then | |
echo "$0: called with no interface" 1>&2 | |
exit 1; | |
fi | |
if [ "$2" != "up" ]; then | |
exit 0 | |
fi | |
NMCLI=/usr/bin/nmcli | |
IP=/sbin/ip | |
HOME_WIFI="1505b9bc-cece-4817-8957-6ac5b3a83ea8" | |
WORK_WIFI="ddaa7836-90cd-48e0-8c11-d78b5557f1db" | |
HOME_VPN="df0da633-b93e-4e48-9639-17dcdc043935" | |
BACKUP_VPN="ae1711f2-0c12-4e7c-ae70-6400683c6eb8" | |
WORK_VPN="2c36bcc5-82a8-4176-889c-af6677a5905f" | |
WORK_FULL_VPN="15a487b5-ed71-43ea-9b57-604425299c37" | |
log() { | |
/usr/bin/logger -t vpn-script $* | |
} | |
no_default_gw() { | |
$NMCLI con list uuid $1 | awk '/ipv4\.never-default/{print $2}' | |
} | |
start_vpn() { | |
vpn=$1 | |
if [ "$(no_default_gw $vpn)" = "no" ]; then | |
# network is not trusted | |
gw=$($IP ro sh | grep default) | |
remote_end=$($NMCLI con list uuid $vpn | grep vpn.data | sed -e 's/.*\(gateway\|remote\) = \([^,]\+\).*/\2/g') | |
# prevent all outbound connections | |
log "Delete default gw '$gw'" | |
$IP ro del default | |
# ... except for DNS, if needed | |
if (echo $remote_end | grep -q '[^0-9\.]'); then | |
log "Remote end '$remote_end' is not an IP, resolving" | |
for addr in $(/usr/bin/awk '/^nameserver/{print $2}' /etc/resolv.conf); do | |
log "Add route to DNS $addr" | |
$IP ro add $(echo $gw | sed -e 's/^default/'$addr'/g') | |
done | |
remote_end=$(/usr/bin/host -t a $remote_end | awk '/has address/{ print $4 }') | |
fi | |
# ... and our gateway | |
log "Add route to gateway $remote_end" | |
$IP ro add $(echo $gw | sed -e 's/^default/'$remote_end'/g') | |
fi | |
$NMCLI con up uuid $vpn | |
} | |
case $CONNECTION_UUID in | |
$HOME_WIFI|$WORK_WIFI) | |
start_vpn $WORK_VPN | |
;; | |
*) | |
start_vpn $HOME_VPN || start_vpn $BACKUP_VPN || start_vpn $WORK_FULL_VPN | |
;; | |
esac | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment