2020 May 17.
2020 Apr. 12.
接続スクリプト connectVpnGate.sh
#!/bin/bash # 2020 May 17. # 2020 May 16. # Ryuichi Hashimoto # connect to VPN-GATE-server # You have to be a root user. # Do not forget to disconnect VpnGateServer and resume network route after using vpn-gate-server. # flow # 1) get VPN Gate server address from arguement. # 2) check host is communicating with outside of LAN # 3) add packet-route to server to routing table. # 4) start vpnclient. # 5) change VPN-server's address of account. # 6) connect account. # 7) give ip-address to virtual NIC. # 8) change default route to VPN-Gate in routing table. # You can enjoy VPN-Gate-server Command=`basename $0` DhclientPidFile=/var/run/dhclint-vpngate`date "+%y%m%d%H%M%S"`.pid # usage function usage() { cat << EOP usage: $ su - # ${Command} IpAddress Port Example: # ${Command} 111.222.333.444 443 flow: 1) get VPN Gate server address from arguement. 2) check host is communicating with outside of LAN 3) add packet-route to server to routing table. 4) start vpnclient. 5) change VPN-server's address of account. 6) connect account. 7) give ip-address to virtual NIC. 8) change default route to VPN-Gate in routing table. You can enjoy VPN-Gate-server EOP } function checkIPstr() { local IP=$1 local NumDot=`echo -n $IP | sed -e 's@[^.]@@g' | wc -c` local TmpIP=${IP} local LengthTmpIP=${#TmpIP} local StrIPpart="" local HeadLetter="" ## check IP # count dots if [ ${NumDot} -ne 3 ]; then echo "Number of dot in IP-address ${IP} is not 3." return 1 fi if [ $LengthTmpIP -lt 8 ] then echo "Too few address-letters." return 1 fi # check number and digit of number while [ ${LengthTmpIP} -gt 0 ] do # get top strings before 1st dot StrIPpart=`echo ${TmpIP} | grep -oP '^[0-9]*'` if [ ${#StrIPpart} -lt 1 ] then echo "No number in some area in IP-address." return 1 fi # store IPtmp for next loop TmpIP=`echo ${TmpIP} | sed -e "s/^${StrIPpart}//"` # if head of TmpIP is ".", remove "." HeadLetter=`echo ${TmpIP:0:1}` if [[ $HeadLetter = "." ]] then TmpIP=${TmpIP#.} # if TmpIP has no letter, then finish loop if [ ${#TmpIP} -lt 1 ] then break fi fi # check StrIPpart is number expr $StrIPpart + 1 >/dev/null 2>&1 if [ $? -gt 1 ] then echo "Non-number-letters are included in IP-address." return 1 fi # check StarIPpart is 0-255 if [[ $StrIPpart -lt 0 || $StrIPpart -gt 255 ]] then echo "Number of IP-address is out of range[0-255]." return 1 fi LengthTmpIP=${#TmpIP} done return 0 } ############## #### main #### ############## # check number of arguements if [ $# -ne 2 ] then echo "False: Num of arguements" 1>&2 usage exit 1 fi # get VPN Gate server address ServerIP=$1 # get port number Port=$2 # check ServerIP-address-string RetCheckIPstr=`checkIPstr ${ServerIP}` if [ $? -gt 0 ] then echo $RetCheckIPstr 1>&2 exit 1 fi # check $Port is number expr "$Port" + 1 > /dev/null 2>&1 if [ $? -gt 1 ] then echo "${Port} is not number." 1>&2 exit 1 fi # check host is not communicating with outside of LAN which isCommunicatingOutLan.sh > /dev/null 2>&1 if [ $? -ne 0 ] then echo "isCommunicatingOutLan.sh does not exist in command-PATH." 1>&2 echo "Abort." 1>&2 exit 1 fi isCommunicatingOutLan.sh > /dev/null 2>&1 if [ $? -ne 1 ] then echo "Host is communicating with outside through LAN." 1>&2 echo "Changing packet-route stops existing communication through LAN." 1>&2 echo "Abort." 1>&2 exit 1 fi # add packet-route to server to routing table. RealNIC=`route | grep -m 1 default | sed 's/[\t ]\+/\t/g' | cut -f 8` RealGWayAddress=`route -n | grep ${RealNIC} | sed 's/[\t ]\+/\t/g' | cut -f 2 | sort -r | sed -n '1,1p'` route add ${ServerIP} gw ${RealGWayAddress} dev ${RealNIC} # start vpnclient. PathVpnClientCom=`find /usr/ -type f -name vpnclient` DirVpnClient=`dirname ${PathVpnClientCom}` cd $DirVpnClient ./vpnclient start sleep 1 AccountName=`./vpncmd localhost /CLIENT /CMD AccountList | grep 接続設定名 | sed -e "s/^.*|//"` if [ ${#AccountName} -lt 1 ] then echo "No VPN-account found." echo "Abort." ./vpnclient stop route del ${ServerIP} exit 1 fi AccountHub=`./vpncmd localhost /CLIENT /CMD AccountList | grep HUB | sed -e "s/^.*|//"` if [ ${#AccountHub} -lt 1 ] then echo "No VPN-account-hub found." echo "Abort." ./vpnclient stop route del ${ServerIP} exit 1 fi # set server-address:port to account ./vpncmd localhost /CLIENT /CMD AccountSet ${AccountName} /SERVER:${ServerIP}:${Port} /HUB:${AccountHub} # connect to VPN Gate server ./vpncmd localhost /CLIENT /CMD AccountConnect ${AccountName} # set an address on virtual NIC on linux VpnNIC=`./vpncmd localhost /CLIENT /CMD AccountList | grep LAN | sed -e "s/^.*|//"` LinuxVirNIC=`ip l | grep -Po "\S+${VpnNIC}"` echo "Getting IP-Address on virtual-NIC by dhclient..." 1>&2 dhclient -v -pf $DhclientPidFile $LinuxVirNIC echo "Got IP-Address on virtual-NIC." 1>&2 # change default route of routing table to flow to VPN Gate server VirNicAddress=` ip -4 a show ${LinuxVirNIC} | grep -Po "inet\s+[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -Po "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+"` VirGWayAddress=`echo ${VirNicAddress} | grep -Po "[0-9]+\.[0-9]+\."` VirGWayAddress="${VirGWayAddress}254.254" # delete default route while : do NumDefaultRoute=`route -n | awk -v awkRealGWayAddress="${RealGWayAddress}" '{if ($1 == "0.0.0.0" && ($2 == awkRealGWayAddress)){print}}' | wc -l` if [ ${NumDefaultRoute} -lt 1 ] then break fi route del default done # add vpngate-route as default-gateway route add default gw ${VirGWayAddress} dev ${LinuxVirNIC} exit 0
切断スクリプト disconnectVpnGate.sh
#!/bin/bash # 2020 May 17. # 2020 Apr. 11. # ryuichi Hashimoto # Disconnect VPN Gate server connection # You have to be a root user. Cmd=`basename $0` # usage function usage() { cat << EOP usage: $ su - ${Cmd} EOP } # check host is communicating with outside of LAN which isCommunicatingOutLan.sh > /dev/null 2>&1 if [ $? -ne 0 ] then echo "isCommunicatingOutLan.sh does not exist in command-PATH." echo "Abort." exit 1 fi UsingInternet="yes" while [ "yes" = ${UsingInternet} ] do isCommunicatingOutLan.sh > /dev/null 2>&1 if [ $? -ne 1 ] then # Host is communicating with outside through LAN. # Changing packet-route stops existing communication through LAN. sleep 1m else UsingInternet="no" fi done # check vpnclient is running ps ax -f | grep vpnclient | grep -v grep > /dev/null 2>&1 if [ $? -ne 0 ] then echo "vpnclient is not running." echo "Abort." exit 1 fi # move to VpnClient-command-dir PathVpnClientCom=`find /usr/ -type f -name vpnclient` DirVpnClient=`dirname ${PathVpnClientCom}` cd $DirVpnClient # check packet-route-setting VpnNIC=`./vpncmd localhost /CLIENT /CMD AccountList | grep LAN | sed -e "s/^.*|//"` LinuxVirNIC=`ip l | grep -Po -m 1 "\S+${VpnNIC}"` if [ $? -ne 0 ] then echo "Virtual NIC on linux does not exist." echo "Abort." exit 1 fi route | grep default | grep ${LinuxVirNIC} if [ $? -ne 0 ] then echo "Default packet-route does not pass through virtual NIC." echo "Abort." exit 1 fi # resume packet-route RealNIC=`route -n | grep -m 1 '192.168.' | sed 's/[\t ]\+/\t/g' | cut -f 8` RealGWayAddress=`route -n | grep ${RealNIC} | sed 's/[\t ]\+/\t/g' | cut -f 2 | grep -m 1 -Po '192.168.[0-9]+.[0-9]+'` ServerIP=`route -n | grep ${RealNIC} | sed 's/[\t ]\+/ /g' | awk -v adrs=${RealGWayAddress} '{if ($2 == adrs){print $1}}'` route del default route add default gw ${RealGWayAddress} dev ${RealNIC} route del ${ServerIP} # disconnect VPN Gate AccountName=`./vpncmd localhost /CLIENT /CMD AccountList | grep 接続設定名 | sed -e "s/^.*|//"` ./vpncmd localhost /CLIENT /CMD AccountDisconnect ${AccountName} ./vpnclient stop # kill dhclient while : do NumPsLines=`ps ax -f | grep "dhclient .*${LinuxVirNIC}" | grep -v grep | wc -l` if [ $NumPsLines -lt 1 ] then break fi PidDhclient=`ps ax -f | grep -v grep | grep -m1 "dhclient .*${LinuxVirNIC}" | sed -n '1,1p' | sed 's/[\t ]\+/\t/g' | cut -f 2` kill -9 ${PidDhclient} done exit 0
isCommunicatingOutLan.sh (上記2スクリプトから呼び出される)
#!/bin/bash # # 2020 Apr. 12. # Ryuichi Hashimoto. # # Check if host is communicating with outside of LAN. # retrun code # 0: host is using internet # 1: host is not using internet # List up programs which access to internet and with which you fear to break internet-communications. # Connecting to VPN-gate-server breaks existing internet access. # CMDS='INETPROGRAM1|INETPROGRAM2|INETPROGRAM3' CMDS='INETPROGRAM1|INETPROGRAM2|INETPROGRAM3' function isCommunicate() { ps ax -f | grep -E $CMDS | grep -v grep if [ $? -ne 0 ];then # nothing uses internet return 1 fi # something uses internet return 0 } ############ ### main ### ############ # set loop-count NumLoop=5 # set default-retrun-code. Result=1 while [ $NumLoop -gt 0 ]; do isCommunicate # return code of isCommunicate # 0: host is using internet # 1: host is not using internet if [ 0 -eq $? ]; then # when some commands are running Result=0 fi sleep 1 NumLoop=$(($NumLoop - 1)) done exit $Result