Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- HOST=192.168.0.1 # Keenetic IP address
- PORT=80 # Keenetic web-interface port
- USER=user # Keenetic web-interface user
- PASS=pa$$word # and their password
- VPN_IFACE=OpenVPN0 # OpenVPN service interface ID, see 'show interfaces' CLI
- VPN_DESC=TestVPN # OpenVPN service description, any string
- VPN_USER=new@TestVPN # A new VPN user name
- VPN_PASS=newPassword # A new VPN password
- JAR=/tmp/ovpn-jar
- TMP=/tmp/ovpn-tmp
- TMP2=/tmp/ovpn-patched
- # compute password hash required to log into Keenetic's
- # web-interface: acquire new session cookie,
- # new password challenge and a realm from the router
- OPTS='-s -c '$JAR' -b '$JAR
- AUTH=`curl -v $OPTS http://$HOST:$PORT/auth 2>&1`
- CHALLENGE=`printf "$AUTH" | grep 'X-NDM-Challenge' | cut -d ':' -f2 | sed 's/ //' | tr -d '\r'`
- REALM=`printf "$AUTH" | grep 'X-NDM-Realm' | cut -d ':' -f2 | sed 's/ //' | tr -d '\r'`
- # compute password hash
- printf "$USER:$REALM:$PASS" > $TMP
- HASH=`md5sum $TMP | cut -d ' ' -f1`
- printf "$CHALLENGE$HASH" > $TMP
- HASH=`sha256sum $TMP | cut -d ' ' -f1`
- # now, use user and computed hash to log into the router
- curl $OPTS -X POST http://$HOST:$PORT/auth \
- -H 'Content-Type: application/json;charset=UTF-8' \
- --data-binary "{\"login\":\"$USER\",\"password\":\"$HASH\"}"
- # get OpenVPN config via REST, and patch it to insert new VPN credentials
- curl $OPTS http://$HOST:$PORT/rci/interface | jq '.'"$VPN_IFACE"'.openvpn.config.config' > $TMP
- sed 's/pass>.*</pass>\\n'$VPN_USER'\\n'$VPN_PASS'\\n</' < $TMP > $TMP2
- # post new OpenVPN config back to the router, effectively applying it
- VPN_CONFIG=`cat $TMP2`
- # VPN_DATA must fit into a single line (!), a very long one:
- VPN_DATA='[{"interface":{"'"$VPN_IFACE"'":{"authentication":{"no":true}}}},{"interface":{"'"$VPN_IFACE"'":{"description":"'"$VPN_DESC"'","role":["misc"],"ip":{"tcp":{"adjust-mss":{"pmtu":true}},"address":{"no":true},"name-server":false,"mtu":{"no":true}},"openvpn":{"accept-routes":true,"config":{"config":'"$VPN_CONFIG"'},"connect":{"via":"","no":false}},"schedule":{"no":true}}}},{"system":{"configuration":{"save":true}}}]'
- curl $OPTS http://$HOST:$PORT/rci/ \
- -H 'Content-Type: application/json;charset=UTF-8' \
- --data-binary "$VPN_DATA"
- # clean up
- rm $TMP2 $TMP $JAR
Add Comment
Please, Sign In to add comment