Network Destination Netmask Gateway Interface Metric 10.0

1. Network
2. Destination Netmask Gateway Interface Metric
3. 10.0.0.0 255.255.0.0 10.0.0.3 10.0.0.3 20 <--Local LAN
4. 10.0.0.0 255.255.0.0 192.168.199.1 192.168.199.12 1 <--VPN Link
5.  
6. >route delete 10.0.0.0
7. >route delete 10.0.0.0 mask 255.255.0.0
8. >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1
9. >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 if 192.168.199.12
10. >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 if 0x3
11.  
12. >route delete 10.0.*
13.  
14. #include <sys/socket.h>
15. #include <linux/netlink.h>
16.  
17. int _ZN27CInterfaceRouteMonitorLinux20routeCallbackHandlerEv()
18. {
19. int fd=50; // max fd to try
20. char buf[8192];
21. struct sockaddr_nl sa;
22. socklen_t len = sizeof(sa);
23.  
24. while (fd) {
25. if (!getsockname(fd, (struct sockaddr *)&sa, &len)) {
26. if (sa.nl_family == AF_NETLINK) {
27. ssize_t n = recv(fd, buf, sizeof(buf), MSG_DONTWAIT);
28. }
29. }
30. fd--;
31. }
32. return 0;
33. }
34.  
35. gcc -o libhack.so -shared -fPIC hack.c
36.  
37. sudo cp libhack.so /opt/cisco/anyconnect/lib/
38.  
39. /etc/init.d/vpnagentd stop
40.  
41. ps auxw | grep vpnagentd
42.  
43. LD_PRELOAD=/opt/cisco/anyconnect/lib/libhack.so /opt/cisco/anyconnect/bin/vpnagentd
44.  
45. /etc/init.d/vpnagentd start
46.  
47. iptables-save | grep -v DROP | iptables-restore
48.  
49. route add -net 192.168.1.0 netmask 255.255.255.0 dev wlan0
50.  
51. route -n
52.  
53. b socket
54. c
55. bt
56.  
57. #!/bin/bash
58.  
59. dnsfix() {
60. [ -f /etc/resolv.conf.vpnbackup ] || echo "Not connected?" >&2 || return 0 # do nothing in case of failure
61. while ! diff -q /etc/resolv.conf /etc/resolv.conf.vpnbackup #>/dev/null
62. do
63. cat /etc/resolv.conf.vpnbackup >/etc/resolv.conf
64. done
65. chattr +i /etc/resolv.conf
66. diff -q /etc/resolv.conf /etc/resolv.conf.vpnbackup >/dev/null
67. }
68.  
69. while ! dnsfix
70. do
71. echo "Retrying..."
72. chattr -i /etc/resolv.conf
73. done
74.  
75. int _ZN18CFileSystemWatcher11AddNewWatchESsj(void *string, unsigned int integer)
76. {
77. return 0;
78. }
79.  
80. #!/bin/bash
81.  
82. # Change this as needed
83. CONF="/etc/vpnc/vpn.conf"
84. # vpn.conf format
85. #gateway <IP>
86. #username <username>
87. #password <password>
88. #delete_routes <"route spec"...> eg. "default gw 0.0.0.0 dev cscotun0"
89. #add_routes <"route spec"...> eg. "-net 192.168.10.0 netmask 255.255.255.0 dev cscotun0" "-host 10.10.10.1 dev cscotun0"
90.  
91. ANYCONNECT="/opt/cisco/anyconnect"
92.  
93. usage() {
94. echo "Usage: $0 {connect|disconnect|state|stats|hack}"
95. exit 1
96. }
97.  
98. CMD="$1"
99. [ -z "$CMD" ] && usage
100.  
101. ID=`id -u`
102.  
103. VPNC="$ANYCONNECT/bin/vpn"
104.  
105. dnsfix() {
106. [ -f /etc/resolv.conf.vpnbackup ] || echo "Not connected?" >&2 || return 0 # do nothing in case of failure
107. while ! diff -q /etc/resolv.conf /etc/resolv.conf.vpnbackup >/dev/null
108. do
109. cat /etc/resolv.conf.vpnbackup >/etc/resolv.conf
110. done
111. # chattr +i /etc/resolv.conf
112. diff -q /etc/resolv.conf /etc/resolv.conf.vpnbackup >/dev/null
113. }
114.  
115. case "$CMD" in
116. "connect")
117. [ $ID -ne 0 ] && echo "Needs root." && exit 1
118. HOST=`grep ^gateway $CONF | awk '{print $2}'`
119. USER=`grep ^user $CONF | awk '{print $2}'`
120. PASS=`grep ^password $CONF | awk '{print $2}'`
121. OLDIFS=$IFS
122. IFS='"'
123. DEL_ROUTES=(`sed -n '/^delete_routes/{s/delete_routes[ t"]*//;s/"[ t]*"/"/g;p}' $CONF`)
124. ADD_ROUTES=(`sed -n '/^add_routes/{s/add_routes[ t"]*//;s/"[ t]*"/"/g;p}' $CONF`)
125. IFS=$OLDIFS
126.  
127. /usr/bin/expect <<EOF
128. set vpn_client "$VPNC";
129. set ip "$HOST";
130. set user "$USER";
131. set pass "$PASS";
132. set timeout 5
133. spawn $vpn_client connect $ip
134. match_max 100000
135. expect {
136. timeout {
137. puts "timeout errorn"
138. spawn killall $vpn_client
139. exit 1
140. }
141. ">> The VPN client is not connected." { exit 0};
142. ">> state: Disconnecting" { exit 0};
143. "Connect Anyway?"
144. }
145. sleep .1
146. send -- "yr"
147. expect {
148. timeout {
149. puts "timeout errorn"
150. spawn killall $vpn_client
151. exit 1
152. }
153. "Username:"
154. }
155. sleep .1
156. send -- "$userr"
157. expect {
158. timeout {
159. puts "timeout errorn"
160. spawn killall $vpn_client
161. exit 1
162. }
163. "Password: "
164. }
165. send -- "$passr";
166. expect eof
167. EOF
168. sleep 2
169. # iptables
170. iptables-save | grep -v DROP | iptables-restore
171.  
172. # routes
173. for ROUTE in "${DEL_ROUTES[@]}"
174. do
175. # echo route del $ROUTE
176. route del $ROUTE
177. done
178. for ROUTE in "${ADD_ROUTES[@]}"
179. do
180. # echo route add $ROUTE
181. route add $ROUTE
182. done
183.  
184. # dns
185. while ! dnsfix
186. do
187. echo "Try again..."
188. # chattr -i /etc/resolv.conf
189. done
190.  
191. echo "done."
192. ;;
193. "disconnect")
194. # [ $ID -ne 0 ] && echo "Needs root." && exit 1
195. # dns
196. # chattr -i /etc/resolv.conf
197.  
198. $VPNC disconnect
199. ;;
200. "state"|"stats")
201. $VPNC $CMD
202. ;;
203. "hack")
204. [ $ID -ne 0 ] && echo "Needs root." && exit 1
205. /etc/init.d/vpnagentd stop
206. sleep 1
207. killall -9 vpnagentd 2>/dev/null
208. cat - >/tmp/hack.c <<EOF
209. #include <sys/socket.h>
210. #include <linux/netlink.h>
211.  
212. int _ZN27CInterfaceRouteMonitorLinux20routeCallbackHandlerEv()
213. {
214. int fd=50; // max fd to try
215. char buf[8192];
216. struct sockaddr_nl sa;
217. socklen_t len = sizeof(sa);
218.  
219. while (fd) {
220. if (!getsockname(fd, (struct sockaddr *)&sa, &len)) {
221. if (sa.nl_family == AF_NETLINK) {
222. ssize_t n = recv(fd, buf, sizeof(buf), MSG_DONTWAIT);
223. }
224. }
225. fd--;
226. }
227. return 0;
228. }
229.  
230. int _ZN18CFileSystemWatcher11AddNewWatchESsj(void *string, unsigned int integer)
231. {
232. return 0;
233. }
234. EOF
235. gcc -o /tmp/libhack.so -shared -fPIC /tmp/hack.c
236. mv /tmp/libhack.so $ANYCONNECT
237. sed -i "s+^([ t]*)$ANYCONNECT/bin/vpnagentd+1LD_PRELOAD=$ANYCONNECT/lib/libhack.so $ANYCONNECT/bin/vpnagentd+" /etc/init.d/vpnagentd
238. rm -f /tmp/hack.c
239. /etc/init.d/vpnagentd start
240. echo "done."
241. ;;
242. *)
243. usage
244. ;;
245. esac
246.  
247. route change 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1
248. OK!
249.  
250. IPv4 Route Table
251. ===========================================================================
252. Active Routes:
253. Network Destination Netmask Gateway Interface Metric
254. 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.230 21 <-- LAN
255. 0.0.0.0 0.0.0.0 192.168.120.1 192.168.120.3 2 <-- VPN
256.  
257. route change 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1
258. OK!
259.  
260. IPv4 Route Table
261. ===========================================================================
262. Active Routes:
263. Network Destination Netmask Gateway Interface Metric
264. 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.230 21 <-- LAN
265. 0.0.0.0 0.0.0.0 192.168.120.1 192.168.120.3 2 <-- VPN
266.  
267. route change 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1
268. OK!
269.  
270. IPv4 Route Table
271. ===========================================================================
272. Active Routes:
273. Network Destination Netmask Gateway Interface Metric
274. 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.230 21 <-- LAN
275. 0.0.0.0 0.0.0.0 192.168.120.1 192.168.120.3 2 <-- VPN
276.  
277. /sbin/route add -net 10.0 -interface en1
278.  
279. C:UsersMike>ping -n 1 10.64.10.11
280. Reply from 10.64.10.11: bytes=32 time=162ms TTL=127
281.  
282. C:UsersMike>ping -n 1 8.8.8.8
283. PING: transmit failed. General failure.
284.  
285. C:UsersMike>ping -n 1 192.168.163.2
286. General failure.