Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Network
- Destination Netmask Gateway Interface Metric
- 10.0.0.0 255.255.0.0 10.0.0.3 10.0.0.3 20 <--Local LAN
- 10.0.0.0 255.255.0.0 192.168.199.1 192.168.199.12 1 <--VPN Link
- >route delete 10.0.0.0
- >route delete 10.0.0.0 mask 255.255.0.0
- >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1
- >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 if 192.168.199.12
- >route delete 10.0.0.0 mask 255.255.0.0 192.168.199.1 if 0x3
- >route delete 10.0.*
- #include <sys/socket.h>
- #include <linux/netlink.h>
- int _ZN27CInterfaceRouteMonitorLinux20routeCallbackHandlerEv()
- {
- int fd=50; // max fd to try
- char buf[8192];
- struct sockaddr_nl sa;
- socklen_t len = sizeof(sa);
- while (fd) {
- if (!getsockname(fd, (struct sockaddr *)&sa, &len)) {
- if (sa.nl_family == AF_NETLINK) {
- ssize_t n = recv(fd, buf, sizeof(buf), MSG_DONTWAIT);
- }
- }
- fd--;
- }
- return 0;
- }
- gcc -o libhack.so -shared -fPIC hack.c
- sudo cp libhack.so /opt/cisco/anyconnect/lib/
- /etc/init.d/vpnagentd stop
- ps auxw | grep vpnagentd
- LD_PRELOAD=/opt/cisco/anyconnect/lib/libhack.so /opt/cisco/anyconnect/bin/vpnagentd
- /etc/init.d/vpnagentd start
- iptables-save | grep -v DROP | iptables-restore
- route add -net 192.168.1.0 netmask 255.255.255.0 dev wlan0
- route -n
- b socket
- c
- bt
- #!/bin/bash
- dnsfix() {
- [ -f /etc/resolv.conf.vpnbackup ] || echo "Not connected?" >&2 || return 0 # do nothing in case of failure
- while ! diff -q /etc/resolv.conf /etc/resolv.conf.vpnbackup #>/dev/null
- do
- cat /etc/resolv.conf.vpnbackup >/etc/resolv.conf
- done
- chattr +i /etc/resolv.conf
- diff -q /etc/resolv.conf /etc/resolv.conf.vpnbackup >/dev/null
- }
- while ! dnsfix
- do
- echo "Retrying..."
- chattr -i /etc/resolv.conf
- done
- int _ZN18CFileSystemWatcher11AddNewWatchESsj(void *string, unsigned int integer)
- {
- return 0;
- }
- #!/bin/bash
- # Change this as needed
- CONF="/etc/vpnc/vpn.conf"
- # vpn.conf format
- #gateway <IP>
- #username <username>
- #password <password>
- #delete_routes <"route spec"...> eg. "default gw 0.0.0.0 dev cscotun0"
- #add_routes <"route spec"...> eg. "-net 192.168.10.0 netmask 255.255.255.0 dev cscotun0" "-host 10.10.10.1 dev cscotun0"
- ANYCONNECT="/opt/cisco/anyconnect"
- usage() {
- echo "Usage: $0 {connect|disconnect|state|stats|hack}"
- exit 1
- }
- CMD="$1"
- [ -z "$CMD" ] && usage
- ID=`id -u`
- VPNC="$ANYCONNECT/bin/vpn"
- dnsfix() {
- [ -f /etc/resolv.conf.vpnbackup ] || echo "Not connected?" >&2 || return 0 # do nothing in case of failure
- while ! diff -q /etc/resolv.conf /etc/resolv.conf.vpnbackup >/dev/null
- do
- cat /etc/resolv.conf.vpnbackup >/etc/resolv.conf
- done
- # chattr +i /etc/resolv.conf
- diff -q /etc/resolv.conf /etc/resolv.conf.vpnbackup >/dev/null
- }
- case "$CMD" in
- "connect")
- [ $ID -ne 0 ] && echo "Needs root." && exit 1
- HOST=`grep ^gateway $CONF | awk '{print $2}'`
- USER=`grep ^user $CONF | awk '{print $2}'`
- PASS=`grep ^password $CONF | awk '{print $2}'`
- OLDIFS=$IFS
- IFS='"'
- DEL_ROUTES=(`sed -n '/^delete_routes/{s/delete_routes[ t"]*//;s/"[ t]*"/"/g;p}' $CONF`)
- ADD_ROUTES=(`sed -n '/^add_routes/{s/add_routes[ t"]*//;s/"[ t]*"/"/g;p}' $CONF`)
- IFS=$OLDIFS
- /usr/bin/expect <<EOF
- set vpn_client "$VPNC";
- set ip "$HOST";
- set user "$USER";
- set pass "$PASS";
- set timeout 5
- spawn $vpn_client connect $ip
- match_max 100000
- expect {
- timeout {
- puts "timeout errorn"
- spawn killall $vpn_client
- exit 1
- }
- ">> The VPN client is not connected." { exit 0};
- ">> state: Disconnecting" { exit 0};
- "Connect Anyway?"
- }
- sleep .1
- send -- "yr"
- expect {
- timeout {
- puts "timeout errorn"
- spawn killall $vpn_client
- exit 1
- }
- "Username:"
- }
- sleep .1
- send -- "$userr"
- expect {
- timeout {
- puts "timeout errorn"
- spawn killall $vpn_client
- exit 1
- }
- "Password: "
- }
- send -- "$passr";
- expect eof
- EOF
- sleep 2
- # iptables
- iptables-save | grep -v DROP | iptables-restore
- # routes
- for ROUTE in "${DEL_ROUTES[@]}"
- do
- # echo route del $ROUTE
- route del $ROUTE
- done
- for ROUTE in "${ADD_ROUTES[@]}"
- do
- # echo route add $ROUTE
- route add $ROUTE
- done
- # dns
- while ! dnsfix
- do
- echo "Try again..."
- # chattr -i /etc/resolv.conf
- done
- echo "done."
- ;;
- "disconnect")
- # [ $ID -ne 0 ] && echo "Needs root." && exit 1
- # dns
- # chattr -i /etc/resolv.conf
- $VPNC disconnect
- ;;
- "state"|"stats")
- $VPNC $CMD
- ;;
- "hack")
- [ $ID -ne 0 ] && echo "Needs root." && exit 1
- /etc/init.d/vpnagentd stop
- sleep 1
- killall -9 vpnagentd 2>/dev/null
- cat - >/tmp/hack.c <<EOF
- #include <sys/socket.h>
- #include <linux/netlink.h>
- int _ZN27CInterfaceRouteMonitorLinux20routeCallbackHandlerEv()
- {
- int fd=50; // max fd to try
- char buf[8192];
- struct sockaddr_nl sa;
- socklen_t len = sizeof(sa);
- while (fd) {
- if (!getsockname(fd, (struct sockaddr *)&sa, &len)) {
- if (sa.nl_family == AF_NETLINK) {
- ssize_t n = recv(fd, buf, sizeof(buf), MSG_DONTWAIT);
- }
- }
- fd--;
- }
- return 0;
- }
- int _ZN18CFileSystemWatcher11AddNewWatchESsj(void *string, unsigned int integer)
- {
- return 0;
- }
- EOF
- gcc -o /tmp/libhack.so -shared -fPIC /tmp/hack.c
- mv /tmp/libhack.so $ANYCONNECT
- sed -i "s+^([ t]*)$ANYCONNECT/bin/vpnagentd+1LD_PRELOAD=$ANYCONNECT/lib/libhack.so $ANYCONNECT/bin/vpnagentd+" /etc/init.d/vpnagentd
- rm -f /tmp/hack.c
- /etc/init.d/vpnagentd start
- echo "done."
- ;;
- *)
- usage
- ;;
- esac
- route change 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1
- OK!
- IPv4 Route Table
- ===========================================================================
- Active Routes:
- Network Destination Netmask Gateway Interface Metric
- 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.230 21 <-- LAN
- 0.0.0.0 0.0.0.0 192.168.120.1 192.168.120.3 2 <-- VPN
- route change 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1
- OK!
- IPv4 Route Table
- ===========================================================================
- Active Routes:
- Network Destination Netmask Gateway Interface Metric
- 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.230 21 <-- LAN
- 0.0.0.0 0.0.0.0 192.168.120.1 192.168.120.3 2 <-- VPN
- route change 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1
- OK!
- IPv4 Route Table
- ===========================================================================
- Active Routes:
- Network Destination Netmask Gateway Interface Metric
- 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.230 21 <-- LAN
- 0.0.0.0 0.0.0.0 192.168.120.1 192.168.120.3 2 <-- VPN
- /sbin/route add -net 10.0 -interface en1
- C:UsersMike>ping -n 1 10.64.10.11
- Reply from 10.64.10.11: bytes=32 time=162ms TTL=127
- C:UsersMike>ping -n 1 8.8.8.8
- PING: transmit failed. General failure.
- C:UsersMike>ping -n 1 192.168.163.2
- General failure.
Add Comment
Please, Sign In to add comment