diff options
author | Laurent Ghigonis <laurent@p1sec.com> | 2013-06-16 17:07:00 +0200 |
---|---|---|
committer | Laurent Ghigonis <laurent@p1sec.com> | 2013-06-16 17:07:00 +0200 |
commit | a5bf74a6df654c5b9a0d419278c0c4a57f460c92 (patch) | |
tree | 12c6716a4d798dfb15e62f467af86597a4c678a8 /covpn/covpn.sh | |
parent | add READMEs around (diff) | |
download | laurent-tools-a5bf74a6df654c5b9a0d419278c0c4a57f460c92.tar.xz laurent-tools-a5bf74a6df654c5b9a0d419278c0c4a57f460c92.zip |
add covpn - Wrapper to run OpenVPN with server push filtering, tcp/udp/defgw modes
Diffstat (limited to '')
-rwxr-xr-x | covpn/covpn.sh | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/covpn/covpn.sh b/covpn/covpn.sh new file mode 100755 index 0000000..6139909 --- /dev/null +++ b/covpn/covpn.sh @@ -0,0 +1,85 @@ +#!/bin/sh + +# covpn - Wrapper to run OpenVPN with server push filtering, tcp/udp/defgw modes +# 2013 Laurent Ghigonis <laurent@gouloum.fr> + +# Works together with correct openvpn-up.sh +# Uses same config file for UDP and TCP, passing --proto and --remote in command line +# Change of default gateway and DNS is done in openvpn-up.sh +# Passes env var 'openvpn_gateway' to openvpn-up.sh in case default gw is set to VPN +# Passes env var 'covpn_conf' to openvpn-up.sh to load it's configuration + +usage_exit() { + echo "`basename $0` [-g] [-t] <conf_path>" + exit 1 +} + +restore() { + restore_gateway + restore_dns +} + +restore_gateway() { + echo "INFO: check_gateway" + gw_cur=`ip route show 0/0 |cut -d' ' -f3` + echo "INFO: gw_cur=$gw_cur" + if [ "$gw_before" != "$gw_cur" ]; then + echo "INFO: Gateway changed (before=$gw_before, cur=$gw_cur)" + echo "INFO: Restoring previous default gw" + /usr/sbin/ip route delete default + /usr/sbin/ip route add default via $gw_before + fi +} + +restore_dns() { + echo "INFO: check_dns" + if [ -f /etc/resolv.conf.bak-covpn ]; then + echo "INFO: restoring previous DNS" + mv /etc/resolv.conf.bak-covpn /etc/resolv.conf + fi +} + +if [ `id -u` -ne 0 ]; then + echo "must be root" + exit 1 +fi + +gw_before=`ip route show 0/0 |cut -d' ' -f3` + +opts="$(getopt -o gth -l gateway,tcp,help -n "$program" -- "$@")" +openvpn_proto="udp" +gateway=0 +err=$? +echo "INFO: gw_before=$gw_before" +eval set -- "$opts" +while true; do case $1 in + -g|--gateway) gateway=1; shift;; + -t|--tcp) openvpn_proto="tcp"; shift ;; + -h|--help) usage_exit ;; + --) shift; break ;; +esac done +test $err -ne 0 && usage_exit +test $# -lt 1 && usage_exit +conf_path=`readlink -f $1` +shift + +covpn_conf="$conf_path/covpn.conf" +if [ ! -f $covpn_conf ]; then + echo "ERROR: missing covpn.conf in $conf_path !" + exit 1 +fi +. $covpn_conf + +if [ $openvpn_proto = "udp" ]; then + openvpn_remote="$CONF_UDP_REMOTE" +else + openvpn_remote="$CONF_TCP_REMOTE" +fi + +trap restore INT TERM EXIT + +/usr/sbin/openvpn --setenv openvpn_gateway $gateway \ + --setenv covpn_conf $covpn_conf \ + --cd $conf_path --config openvpn.conf --chroot $conf_path \ + --proto $openvpn_proto --remote $openvpn_remote $@ + |