API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 2nd, 2016
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.24 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. #
  3. # Script: mint (Multiple INTerpreter)
  4. # Author: Stronz
  5. # Date : June 2016
  6. #
  7. # Platform:
  8. #
  9. # Purpose:
  10. #
  11. ################################################################################
  12. # NOTES
  13. ################################################################################
  14. #
  15. ################################################################################
  16. # PACKAGE PREREQUISITES
  17. ################################################################################
  18. # pacman -S openvpn expect
  19. #
  20. ################################################################################
  21. # VARIABLES
  22. ################################################################################
  23. # Hard code these vars #
  24. declare -r vpn_config=""
  25. declare -r uname=""
  26. declare -r upass=''
  27. declare -r nic="enp0s3"
  28. declare -r bridge="br_mint"
  29. declare -r namespace="nsvpn"
  30. declare -rA veth=([bridge]='veth_mint_br' [netns]='veth_mint_ns')
  31. declare -rA ip=([bridge]='172.16.1.1' [netns]='172.16.1.2')
  32.  
  33. # #
  34.  
  35. ipc=''
  36. read -r -d '' ipc << EOC
  37. sudo ip netns add ${namespace}
  38. sudo ip link add ${bridge} type bridge
  39. sudo ip link add ${veth[bridge]} type veth peer name ${veth[netns]}
  40. sudo ip link set ${veth[bridge]} up
  41. sudo ip link set ${veth[netns]} up
  42. sudo ip link set ${veth[bridge]} master ${bridge}
  43. sudo ip link set ${veth[netns]} netns ${namespace}
  44.  
  45. sudo ip addr add ${ip[bridge]}'/24' dev ${bridge}
  46. sudo ip netns exec ${namespace} ip link set lo up
  47. sudo ip netns exec ${namespace} ip link set ${veth[netns]} up
  48. sudo ip netns exec ${namespace} ip addr add ${ip[netns]}'/24' dev ${veth[netns]}
  49. sudo ip netns exec ${namespace} ip route add default via ${ip[bridge]}
  50.  
  51. sudo iptables -t nat -A POSTROUTING -o ${nic} -j MASQUERADE
  52. sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  53. sudo iptables -A FORWARD -i ${bridge} -o ${nic} -j ACCEPT
  54. EOC
  55.  
  56.  
  57. vpnc=''
  58. read -r -d '' vpnc << EOC
  59. set timeout 60
  60. spawn sudo ip netns exec nsvpn /sbin/openvpn --config ${vpn_config}
  61. expect "Enter Auth Username:" { send "${uname}\r" }
  62. expect "Enter Auth Password:" { send "${upass}\r" }
  63. expect {
  64. "Initialization Sequence Completed" {
  65. sleep 0.5
  66. interact
  67. }
  68. "AUTH_FAILED" { puts "Auth failed..."; exit 1 }
  69. timeout { puts "Timed out..."; exit 1 }
  70. }
  71. EOC
  72.  
  73.  
  74. tunip=''
  75. read -r -d '' tunip << EOC
  76. #Allow loopback device (internal communication)
  77. sudo ip netns exec ${namespace} iptables -A INPUT -i lo -j ACCEPT
  78.  
  79. #Accept all TUN connections (tun = VPN tunnel)
  80. sudo ip netns exec ${namespace} iptables -A INPUT -i tun+ -j ACCEPT
  81. sudo ip netns exec ${namespace} iptables -A OUTPUT -o tun+ -j ACCEPT
  82.  
  83. #inetSharing
  84. sudo ip netns exec ${namespace} iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  85. sudo ip netns exec ${namespace} iptables -A INPUT -m state --state NEW -i tun0 -j ACCEPT
  86.  
  87. # Allow OpenVPN
  88. sudo ip netns exec ${namespace} iptables -A INPUT -p udp --sport 1194 -j ACCEPT
  89. sudo ip netns exec ${namespace} iptables -A OUTPUT -p udp --dport 1194 -j ACCEPT
  90. sudo ip netns exec ${namespace} iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT
  91.  
  92. #Set default policies to drop all communication unless specifically allowed
  93. sudo ip netns exec ${namespace} iptables -P INPUT DROP
  94. sudo ip netns exec ${namespace} iptables -P OUTPUT DROP
  95. sudo ip netns exec ${namespace} iptables -P FORWARD DROP
  96. EOC
  97.  
  98.  
  99. ################################################################################
  100. # FUNCTIONS
  101. ################################################################################
  102.  
  103.  
  104. mint() {
  105. /usr/bin/env $1 <<EOS
  106. ${@:2}
  107. EOS
  108. }
  109.  
  110.  
  111. cleanup() {
  112. sudo kill $(sudo ps -aux | grep openvpn | awk '{print $2'} | head -n -1)
  113. sudo ip link del ${veth[bridge]}
  114. sudo ip link del ${bridge}
  115. sudo ip netns delete ${namespace}
  116. }
  117.  
  118.  
  119. ################################################################################
  120. # MAIN
  121. ################################################################################
  122. sudo modprobe tun
  123. mint 'bash' "$ipc" &> /dev/null
  124. var=$(mint 'expect' "$vpnc" | tee /dev/tty)
  125. var=$(echo $var | grep -o "DNS [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" | awk '{print $2}')
  126. declare -r outbound_ip=${var}
  127. echo $outbound_ip
  128. mint 'bash' "$tunip"
  129. xterm -xrm 'XTerm.vt100.allowTitleOps: false' -T "Namespace: "${namespace} -hold -e "sudo ip netns exec nsvpn su $(whoami); bash"
  130. cleanup
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!