Created
December 17, 2015 05:43
-
-
Save mrcsparker/2b3b8186a05c688b5d9d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # split-vpn | |
| # patches junos pulse connections connections to allow split tunnelling | |
| # relaunch with sudo if we aren't root | |
| if [[ $EUID -ne 0 ]]; then | |
| echo "$0: relaunching as sudo $0" | |
| sudo "$0" $@ | |
| exit $? | |
| fi | |
| vpn=$(netstat -nr | grep default | grep utun | head -n 1 | awk '{print $6}'); | |
| router=$(netstat -nr | grep default | grep en0 | head -n 1 | awk '{print $2}'); | |
| gateway=$(netstat -nr | grep default | head -n 1); | |
| function throw() { | |
| echo split-vpn: error - $@; >&2 | |
| exit 1; | |
| } | |
| if [ -z "$vpn" ] | |
| then | |
| echo split-vpn: not connected to Junos Pulse, nothing to do | |
| exit 0 | |
| fi | |
| if [ "$vpn" == "$gateway" ] | |
| then | |
| echo split-vpn: default gateway already set to $gateway, nothing to do | |
| exit 0 | |
| fi | |
| # internal ip ranges to always route over the vpn | |
| echo 156.107 > /tmp/split-vpn | |
| echo 157.191 >> /tmp/split-vpn | |
| echo 156.109 >> /tmp/split-vpn | |
| echo 172.28 >> /tmp/split-vpn | |
| # NOTE: uncomment the next line to add any ip ranges explicitly pushed by the vpn | |
| # netstat -r -n -f inet | awk '{print $1 "\t" $2}' | grep utun0 | grep -v default | cut -f 1 >> /tmp/split-vpn | |
| # drop the route table defaults | |
| route -n delete default -ifscope en0 > /dev/null || throw "cannot delete wifi gateway"; | |
| route -n delete -net default -interface $vpn > /dev/null || throw "cannot delete vpn gateway"; | |
| # make the network gateway the default route | |
| route -n add -net default $router > /dev/null || throw "cannot add wifi gateway"; | |
| # apply the ips that should route over vpn instead of the network gateway | |
| for range in `cat /tmp/split-vpn`; | |
| do | |
| echo split-vpn: adding $range to vpn routes; | |
| route -n add -net $range -interface $vpn > /dev/null || throw "cannot add range $range to vpn"; | |
| done | |
| # get our external ip of the wifi network | |
| echo split-vpn: getting external ip | |
| external_ip=$(curl --max-time 5 --silent http://ifconfig.me | head -n 1); | |
| if [ -z "$external_ip" ] | |
| then | |
| external_ip="unknown"; | |
| fi | |
| # cleanup | |
| [ -f /tmp/split-vpn ] && rm -f /tmp/split-vpn | |
| osascript -e "display notification \"vpn split tunneling over external ip $external_ip\" with title \"VPN\"" | |
| echo split-vpn: vpn split tunneling over external ip $external_ip | |
| echo split-vpn: done! | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment