Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #export DEBUG= # uncomment/comment to enable/disable debugging mode
- # http://www.dd-wrt.com/phpBB2/viewtopic.php?t=280165
- SERVER="watch.torguard.org"
- PROTOCOL="udp" # You can use tcp or udp, but make sure the letters are lowercase.
- PORT="443" # You can select port 443 for either tcp or udp. Port 1194 also works for udp.
- USER="MYUSERNAME" # Replace MYUSERNAME with your IPVanish Username.
- PASS="MYPASSWORD" # Replace MYPASSWORD with your IPVanish Password.
- # This script will cause the entire router startup sequence to be about 2 minutes.
- ntpclient pool.ntp.org
- stopservice process_monitor
- startservice process_monitor
- sleep 30
- mkdir /tmp/openvpncl
- echo client > /tmp/openvpncl/openvpn.conf &&
- echo dev tun >> /tmp/openvpncl/openvpn.conf &&
- echo proto "$PROTOCOL" >> /tmp/openvpncl/openvpn.conf &&
- echo remote "$SERVER" "$PORT" >> /tmp/openvpncl/openvpn.conf &&
- echo resolv-retry infinite >> /tmp/openvpncl/openvpn.conf &&
- echo nobind >> /tmp/openvpncl/openvpn.conf &&
- echo persist-key >> /tmp/openvpncl/openvpn.conf &&
- echo persist-tun >> /tmp/openvpncl/openvpn.conf &&
- echo persist-remote-ip >> /tmp/openvpncl/openvpn.conf &&
- echo tun-mtu 1500 >> /tmp/openvpncl/openvpn.conf &&
- echo ca /tmp/openvpncl/ca.crt >> /tmp/openvpncl/openvpn.conf &&
- echo remote-cert-tls server >> /tmp/openvpncl/openvpn.conf &&
- echo auth-user-pass /tmp/auth.conf >> /tmp/openvpncl/openvpn.conf &&
- echo comp-lzo >> /tmp/openvpncl/openvpn.conf &&
- echo verb 4 >> /tmp/openvpncl/openvpn.conf &&
- echo auth SHA256 >> /tmp/openvpncl/openvpn.conf &&
- echo cipher AES-256-CBC >> /tmp/openvpncl/openvpn.conf &&
- echo keysize 256 >> /tmp/openvpncl/openvpn.conf &&
- echo tls-cipher DHE-RSA-AES256-SHA >> /tmp/openvpncl/openvpn.conf &&
- echo script-security 3 system >> /tmp/openvpncl/openvpn.conf
- echo log /tmp/openvpncl/openvpn.log >> /tmp/openvpncl/openvpn.conf
- echo daemon >> /tmp/openvpncl/openvpn.conf
- echo status-version 3 >> /tmp/openvpncl/openvpn.conf
- echo status /tmp/openvpncl/status.log 5 >> /tmp/openvpncl/openvpn.conf
- echo -e "$USER\n$PASS" > /tmp/auth.conf
- chmod 600 /tmp/auth.conf
- echo -----BEGIN CERTIFICATE----- > /tmp/openvpncl/ca.crt
- echo MIIDqzCCAxSgAwIBAgIJAP/g7Ah3SNNHMA0GCSqGSIb3DQEBBQUAMIGWMQswCQYD >> /tmp/openvpncl/ca.crt
- echo VQQGEwJVUzELMAkGA1UECBMCRkwxEDAOBgNVBAcTB09ybGFuZG8xETAPBgNVBAoT >> /tmp/openvpncl/ca.crt
- echo CFRvckd1YXJkMQwwCgYDVQQLEwNWUE4xEzARBgNVBAMTClRHLU9WUE4tQ0ExDDAK >> /tmp/openvpncl/ca.crt
- echo BgNVBCkTA1ZQTjEkMCIGCSqGSIb3DQEJARYVc3lzYWRtaW5AdG9yZ3VhcmQubmV0 >> /tmp/openvpncl/ca.crt
- echo MB4XDTE0MDQwOTE0NDIyMloXDTI0MDQwNjE0NDIyMlowgZYxCzAJBgNVBAYTAlVT >> /tmp/openvpncl/ca.crt
- echo MQswCQYDVQQIEwJGTDEQMA4GA1UEBxMHT3JsYW5kbzERMA8GA1UEChMIVG9yR3Vh >> /tmp/openvpncl/ca.crt
- echo cmQxDDAKBgNVBAsTA1ZQTjETMBEGA1UEAxMKVEctT1ZQTi1DQTEMMAoGA1UEKRMD >> /tmp/openvpncl/ca.crt
- echo VlBOMSQwIgYJKoZIhvcNAQkBFhVzeXNhZG1pbkB0b3JndWFyZC5uZXQwgZ8wDQYJ >> /tmp/openvpncl/ca.crt
- echo KoZIhvcNAQEBBQADgY0AMIGJAoGBANeCV65/6z6cbGfZ6LouGl1W7A71x6CEerxN >> /tmp/openvpncl/ca.crt
- echo wcFeLZx89DM0NxEBs47+gYYqhzKCR+6YCVduD29NMa5dzDwNFEmhOKrHhIposdY7 >> /tmp/openvpncl/ca.crt
- echo JmNC2IeXxOSEcOMjBrRexqBN+CZx0bfj6H6qtlRFtkZlDvNritINiznJjG/DbA2X >> /tmp/openvpncl/ca.crt
- echo jTO6J8f1AgMBAAGjgf4wgfswHQYDVR0OBBYEFPWAX1TtNU8tPbhRdYMGn98i9Hoi >> /tmp/openvpncl/ca.crt
- echo MIHLBgNVHSMEgcMwgcCAFPWAX1TtNU8tPbhRdYMGn98i9HoioYGcpIGZMIGWMQsw >> /tmp/openvpncl/ca.crt
- echo CQYDVQQGEwJVUzELMAkGA1UECBMCRkwxEDAOBgNVBAcTB09ybGFuZG8xETAPBgNV >> /tmp/openvpncl/ca.crt
- echo BAoTCFRvckd1YXJkMQwwCgYDVQQLEwNWUE4xEzARBgNVBAMTClRHLU9WUE4tQ0Ex >> /tmp/openvpncl/ca.crt
- echo DDAKBgNVBCkTA1ZQTjEkMCIGCSqGSIb3DQEJARYVc3lzYWRtaW5AdG9yZ3VhcmQu >> /tmp/openvpncl/ca.crt
- echo bmV0ggkA/+DsCHdI00cwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBx >> /tmp/openvpncl/ca.crt
- echo 1VNcpbpAPzSz8gfT7iUiVPsSgHqhrzozEY8zpPoZkHDfo75P6AQnGwGdDHKljo6h >> /tmp/openvpncl/ca.crt
- echo dkl1ZCTMd0CMbQbWzseNIZNwvHbE3hcnH0zxVKaGyNB6FNdhWVDNcvOhIZYvYbPM >> /tmp/openvpncl/ca.crt
- echo fzWZQFXS/jfjjn1+p9UUQwPONvhoQaRhsUJOcrntug== >> /tmp/openvpncl/ca.crt
- echo -----END CERTIFICATE----- >> /tmp/openvpncl/ca.crt
- echo -----BEGIN CERTIFICATE----- >> /tmp/openvpncl/ca.crt
- echo MIIEwTCCA6mgAwIBAgIJAKROjebUHo0gMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD >> /tmp/openvpncl/ca.crt
- echo VQQGEwJVUzELMAkGA1UECBMCRkwxEDAOBgNVBAcTB09ybGFuZG8xETAPBgNVBAoT >> /tmp/openvpncl/ca.crt
- echo CFRvckd1YXJkMQwwCgYDVQQLEwNWUE4xEzARBgNVBAMTClRHLU9WUE4tQ0ExETAP >> /tmp/openvpncl/ca.crt
- echo BgNVBCkTCFRvckd1YXJkMSQwIgYJKoZIhvcNAQkBFhVzeXNhZG1pbkB0b3JndWFy >> /tmp/openvpncl/ca.crt
- echo ZC5uZXQwHhcNMTQwNDE3MTAwOTIzWhcNMjQwNDE0MTAwOTIzWjCBmzELMAkGA1UE >> /tmp/openvpncl/ca.crt
- echo BhMCVVMxCzAJBgNVBAgTAkZMMRAwDgYDVQQHEwdPcmxhbmRvMREwDwYDVQQKEwhU >> /tmp/openvpncl/ca.crt
- echo b3JHdWFyZDEMMAoGA1UECxMDVlBOMRMwEQYDVQQDEwpURy1PVlBOLUNBMREwDwYD >> /tmp/openvpncl/ca.crt
- echo VQQpEwhUb3JHdWFyZDEkMCIGCSqGSIb3DQEJARYVc3lzYWRtaW5AdG9yZ3VhcmQu >> /tmp/openvpncl/ca.crt
- echo bmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAws1hJzlbWKlm3DEO >> /tmp/openvpncl/ca.crt
- echo XyQpmvtxwrsR4CIYMi8C6np5w74lTRYmGBcuuPqAT3ig2DnH9HNNFx1WWZbYO8pU >> /tmp/openvpncl/ca.crt
- echo a1tdn7uYErJi4EP9/t2l3uXCNgoWYVdVP1j5EXIY1oacOv9srbNZHeWpxHIb1wZr >> /tmp/openvpncl/ca.crt
- echo 1i4sLsdaifOibgVZI91FATXGrVdFDaQb2OjyJrFW8b4xbC8pBJxQDzqPeu9mkVpu >> /tmp/openvpncl/ca.crt
- echo OhBuU+dM+9h+8Bj0tpdAernEAt8CbHIywe9Rjm0JLrYmCPKuB5ldVgG3rYQWFa3X >> /tmp/openvpncl/ca.crt
- echo YWjrWtr//nGM4f4WKOFc2PHWA2gI3JwdynTNLsB9NQi0N7hhR6lmtCMeqHlm0oAz >> /tmp/openvpncl/ca.crt
- echo 4Ad4gQIDAQABo4IBBDCCAQAwHQYDVR0OBBYEFJvAPA1gnlD/majxi+43jL0XDfqQ >> /tmp/openvpncl/ca.crt
- echo MIHQBgNVHSMEgcgwgcWAFJvAPA1gnlD/majxi+43jL0XDfqQoYGhpIGeMIGbMQsw >> /tmp/openvpncl/ca.crt
- echo CQYDVQQGEwJVUzELMAkGA1UECBMCRkwxEDAOBgNVBAcTB09ybGFuZG8xETAPBgNV >> /tmp/openvpncl/ca.crt
- echo BAoTCFRvckd1YXJkMQwwCgYDVQQLEwNWUE4xEzARBgNVBAMTClRHLU9WUE4tQ0Ex >> /tmp/openvpncl/ca.crt
- echo ETAPBgNVBCkTCFRvckd1YXJkMSQwIgYJKoZIhvcNAQkBFhVzeXNhZG1pbkB0b3Jn >> /tmp/openvpncl/ca.crt
- echo dWFyZC5uZXSCCQCkTo3m1B6NIDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA >> /tmp/openvpncl/ca.crt
- echo A4IBAQBRG46DnL/8EAPbi/eOQli5WO7lRHYyZJdlLUMlsnwkp6Ul6BMJq8q3UX3z >> /tmp/openvpncl/ca.crt
- echo +pqDf3wzj94y/IpGQgE4l0fgAdwf/C7F533TSwU/vi+5PDWfwD2WmGqVmcmXn6Rp >> /tmp/openvpncl/ca.crt
- echo 9Fwr+oryRw8GfsVBLZHTkWF1RZrRAr8hWZhNySGFwSXlEIicvNy+9mlFhk2Nb46w >> /tmp/openvpncl/ca.crt
- echo ioZKc1Lc7/okeXNWHPv6Dlm39TcNBpGX/xNoWBzqs1EtA1ZGvMcQHsKLfi3Nbaab >> /tmp/openvpncl/ca.crt
- echo BYe08KWsfeZA+ih4BZ6y2E+x84NYHRebqijXTtHp35coyXllBL/+LBoZ86hKszEx >> /tmp/openvpncl/ca.crt
- echo F3pjGU0+8NzvdPUbKndhzyPPnHF1 >> /tmp/openvpncl/ca.crt
- echo -----END CERTIFICATE----- >> /tmp/openvpncl/ca.crt
- chmod 644 /tmp/openvpncl/ca.crt
- touch /tmp/openvpncl/openvpn.log
- chmod 664 /tmp/openvpncl/openvpn.log
- #echo "#!/bin/sh" > /tmp/openvpncl/route-up.sh
- #echo "iptables -I POSTROUTING -t nat -o tun0 -j MASQUERADE" >> /tmp/openvpncl/route-up.sh
- #echo "iptables -I INPUT -t filter -i tun0 -j ACCEPT" >> /tmp/openvpncl/route-up.sh
- #echo -e "#!/bin/sh\nsleep 2" > /tmp/openvpncl/route-down.sh
- #echo "iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE" >> /tmp/openvpncl/route-down.sh
- #echo "iptables -D INPUT -t filter -i tun0 -j ACCEPT" >> /tmp/openvpncl/route-down.sh
- #chmod 700 /tmp/openvpncl/route-up.sh
- #chmod 700 /tmp/openvpncl/route-down.sh
- SCRIPT="/tmp/openvpncl/route-up.sh"
- cat << "EOF" > $SCRIPT
- #!/bin/sh
- sleep 2
- iptables -I POSTROUTING -t nat -o tun0 -j MASQUERADE
- iptables -I INPUT -t filter -i tun0 -j ACCEPT
- (
- [ -n "${DEBUG+x}" ] && set -x
- TID="200"
- VPN_IF="$dev" # provided by OpenVPN at runtime
- VPN_GW="$route_vpn_gateway" # provided by OpenVPN at runtime
- WAN_GW="$route_net_gateway" # provided by OpenVPN at runtime
- # copy main routing table to bypass routing table (exclude all
- # default gateways)
- ip route show | grep -Ev '^default|^0.0.0.0/1|^128.0.0.0/1' \
- | while read route; do
- ip route add $route table $TID
- done
- # add VPN as default gateway
- ip route add default via $VPN_GW table $TID
- # return WAN back to default gateway in main routing table
- ip route add 0.0.0.0/2 via $WAN_GW
- ip route add 64.0.0.0/2 via $WAN_GW
- ip route add 128.0.0.0/2 via $WAN_GW
- ip route add 192.0.0.0/2 via $WAN_GW
- # force routing system to recognize our changes
- ip route flush cache
- # add source IP(s)/network(s) to be routed over VPN
- # add IPs you want to bypass VPN here AND below
- ip rule add from 10.0.0.50 table $TID
- ) 2>&1 | logger -t $(basename $0)[$$]
- EOF
- chmod +x $SCRIPT
- SCRIPT="/tmp/openvpncl/route-down.sh"
- cat << "EOF" > $SCRIPT
- #!/bin/sh
- iptables -D POSTROUTING -t nat -o tun0 -j MASQUERADE
- iptables -D INPUT -t filter -i tun0 -j ACCEPT
- (
- [ -n "${DEBUG+x}" ] && set -x
- TID="200"
- VPN_IF="$dev" # provided by OpenVPN at runtime
- VPN_GW="$route_vpn_gateway" # provided by OpenVPN at runtime
- WAN_GW="$route_net_gateway" # provided by OpenVPN at runtime
- # reset main routing table
- ip route del 0.0.0.0/2 via $WAN_GW
- ip route del 64.0.0.0/2 via $WAN_GW
- ip route del 128.0.0.0/2 via $WAN_GW
- ip route del 192.0.0.0/2 via $WAN_GW
- # delete alternate routing table
- ip route flush table $TID
- # force routing system to recognize our changes
- ip route flush cache
- # delete source IP(s)/network(s) to be routed over VPN
- # add IPs you want to bypass VPN here
- ip rule del from 10.0.0.50 table $TID
- ) 2>&1 | logger -t $(basename $0)[$$]
- EOF
- chmod +x $SCRIPT
- (openvpn --config /tmp/openvpncl/openvpn.conf --ca /tmp/openvpncl/ca.crt --route-up /tmp/openvpncl/route-up.sh --down-pre /tmp/openvpncl/route-down.sh &)
- sleep 480
- echo "*** SYSTEM REPORT ***" > /tmp/openvpncl/report.txt
- echo >> /tmp/openvpncl/report.txt
- echo "------------> * OpenVPN Information * <------------" >> /tmp/openvpncl/report.txt
- echo "Command: openvpn --version" >> /tmp/openvpncl/report.txt
- echo "Command: cat /tmp/openvpncl/status.log" >> /tmp/openvpncl/report.txt
- echo "Command: cat /tmp/openvpncl/openvpn.log" >> /tmp/openvpncl/report.txt
- echo >> /tmp/openvpncl/report.txt
- openvpn --version >> /tmp/openvpncl/report.txt
- cat /tmp/openvpncl/status.log >> /tmp/openvpncl/report.txt
- cat /tmp/openvpncl/openvpn.log >> /tmp/openvpncl/report.txt
- echo >> /tmp/openvpncl/report.txt
- echo "------------> * System Log * <------------" >> /tmp/openvpncl/report.txt
- echo "Command: cat /var/log/messages" >> /tmp/openvpncl/report.txt
- echo >> /tmp/openvpncl/report.txt
- sleep 120
- cat /var/log/messages >> /tmp/openvpncl/report.txt
- echo >> /tmp/openvpncl/report.txt
- echo "------------> * Current Adapters * <------------" >> /tmp/openvpncl/report.txt
- echo "Command: ifconfig" >> /tmp/openvpncl/report.txt
- echo >> /tmp/openvpncl/report.txt
- ifconfig >> /tmp/openvpncl/report.txt
- echo >> /tmp/openvpncl/report.txt
- echo "------------> * IP Tables * <------------" >> /tmp/openvpncl/report.txt
- echo "Command: iptables -nvxL" >> /tmp/openvpncl/report.txt
- echo "Command: iptables -nvxL nat" >> /tmp/openvpncl/report.txt
- echo "Command: ip ro" >> /tmp/openvpncl/report.txt
- echo >> /tmp/openvpncl/report.txt
- iptables -nvxL >> /tmp/openvpncl/report.txt
- iptables -nvxL nat >> /tmp/openvpncl/report.txt
- ip ro >> /tmp/openvpncl/report.txt
- echo >> /tmp/openvpncl/report.txt
- echo "------------> * Processes * <------------" >> /tmp/openvpncl/report.txt
- echo "Command: ps" >> /tmp/openvpncl/report.txt
- echo >> /tmp/openvpncl/report.txt
- ps >> /tmp/openvpncl/report.txt
- exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement