Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #
- # Script: mint (Multiple INTerpreter)
- # Author: Stronz
- # Date : June 2016
- #
- # Platform:
- #
- # Purpose:
- #
- ################################################################################
- # NOTES
- ################################################################################
- #
- ################################################################################
- # PACKAGE PREREQUISITES
- ################################################################################
- # pacman -S openvpn expect
- #
- ################################################################################
- # VARIABLES
- ################################################################################
- # Hard code these vars #
- declare -r vpn_config=""
- declare -r uname=""
- declare -r upass=''
- declare -r nic="enp0s3"
- declare -r bridge="br_mint"
- declare -r namespace="nsvpn"
- declare -rA veth=([bridge]='veth_mint_br' [netns]='veth_mint_ns')
- declare -rA ip=([bridge]='172.16.1.1' [netns]='172.16.1.2')
- # #
- ipc=''
- read -r -d '' ipc << EOC
- sudo ip netns add ${namespace}
- sudo ip link add ${bridge} type bridge
- sudo ip link add ${veth[bridge]} type veth peer name ${veth[netns]}
- sudo ip link set ${veth[bridge]} up
- sudo ip link set ${veth[netns]} up
- sudo ip link set ${veth[bridge]} master ${bridge}
- sudo ip link set ${veth[netns]} netns ${namespace}
- sudo ip addr add ${ip[bridge]}'/24' dev ${bridge}
- sudo ip netns exec ${namespace} ip link set lo up
- sudo ip netns exec ${namespace} ip link set ${veth[netns]} up
- sudo ip netns exec ${namespace} ip addr add ${ip[netns]}'/24' dev ${veth[netns]}
- sudo ip netns exec ${namespace} ip route add default via ${ip[bridge]}
- sudo iptables -t nat -A POSTROUTING -o ${nic} -j MASQUERADE
- sudo iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- sudo iptables -A FORWARD -i ${bridge} -o ${nic} -j ACCEPT
- EOC
- vpnc=''
- read -r -d '' vpnc << EOC
- set timeout 60
- spawn sudo ip netns exec nsvpn /sbin/openvpn --config ${vpn_config}
- expect "Enter Auth Username:" { send "${uname}\r" }
- expect "Enter Auth Password:" { send "${upass}\r" }
- expect {
- "Initialization Sequence Completed" {
- sleep 0.5
- interact
- }
- "AUTH_FAILED" { puts "Auth failed..."; exit 1 }
- timeout { puts "Timed out..."; exit 1 }
- }
- EOC
- tunip=''
- read -r -d '' tunip << EOC
- #Allow loopback device (internal communication)
- sudo ip netns exec ${namespace} iptables -A INPUT -i lo -j ACCEPT
- #Accept all TUN connections (tun = VPN tunnel)
- sudo ip netns exec ${namespace} iptables -A INPUT -i tun+ -j ACCEPT
- sudo ip netns exec ${namespace} iptables -A OUTPUT -o tun+ -j ACCEPT
- #inetSharing
- sudo ip netns exec ${namespace} iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- sudo ip netns exec ${namespace} iptables -A INPUT -m state --state NEW -i tun0 -j ACCEPT
- # Allow OpenVPN
- sudo ip netns exec ${namespace} iptables -A INPUT -p udp --sport 1194 -j ACCEPT
- sudo ip netns exec ${namespace} iptables -A OUTPUT -p udp --dport 1194 -j ACCEPT
- sudo ip netns exec ${namespace} iptables -A OUTPUT -m owner --uid-owner 0 -j ACCEPT
- #Set default policies to drop all communication unless specifically allowed
- sudo ip netns exec ${namespace} iptables -P INPUT DROP
- sudo ip netns exec ${namespace} iptables -P OUTPUT DROP
- sudo ip netns exec ${namespace} iptables -P FORWARD DROP
- EOC
- ################################################################################
- # FUNCTIONS
- ################################################################################
- mint() {
- /usr/bin/env $1 <<EOS
- ${@:2}
- EOS
- }
- cleanup() {
- sudo kill $(sudo ps -aux | grep openvpn | awk '{print $2'} | head -n -1)
- sudo ip link del ${veth[bridge]}
- sudo ip link del ${bridge}
- sudo ip netns delete ${namespace}
- }
- ################################################################################
- # MAIN
- ################################################################################
- sudo modprobe tun
- mint 'bash' "$ipc" &> /dev/null
- var=$(mint 'expect' "$vpnc" | tee /dev/tty)
- var=$(echo $var | grep -o "DNS [0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" | awk '{print $2}')
- declare -r outbound_ip=${var}
- echo $outbound_ip
- mint 'bash' "$tunip"
- xterm -xrm 'XTerm.vt100.allowTitleOps: false' -T "Namespace: "${namespace} -hold -e "sudo ip netns exec nsvpn su $(whoami); bash"
- cleanup
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement