API tools faq
paste
Advertisement
Guest User

vpnc-script

a guest
Dec 15th, 2017
463
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 12.11 KB | None | 0 0
raw download clone embed print report
  1. //
  2. // vpnc-script-win.js
  3. //
  4. // Sets up the Network interface and the routes
  5. // needed by vpnc.
  6. //
  7.  
  8. // --------------------------------------------------------------
  9. // Initial setup
  10. // --------------------------------------------------------------
  11. var internal_ip4_netmask = "255.255.255.0";
  12.  
  13. var accumulatedExitCode = 0;
  14.  
  15. var ws = WScript.CreateObject("WScript.Shell");
  16. var env = ws.Environment("Process");
  17. var comspec = ws.ExpandEnvironmentStrings("%comspec%");
  18.  
  19. if (env("LOG2FILE")) {
  20.     var fs = WScript.CreateObject("Scripting.FileSystemObject");
  21.     var tmpdir = fs.GetSpecialFolder(2)+"\\";
  22.     var log = fs.OpenTextFile(tmpdir + "vpnc.log", 8, true);
  23. }
  24.  
  25. // How to add the default internal route
  26. // -1 - Do not touch default route (but do other necessary route setups)
  27. // 0 - As interface gateway when setting properties
  28. // 1 - As a 0.0.0.0/0 route with a lower metric than the default route
  29. // 2 - As 0.0.0.0/1 + 128.0.0.0/1 routes (override the default route cleanly)
  30. if (env("REDIRECT_GATEWAY_METHOD")) {
  31.     var REDIRECT_GATEWAY_METHOD = env("REDIRECT_GATEWAY_METHOD");
  32. } else {
  33.     var REDIRECT_GATEWAY_METHOD = -1;
  34. }
  35.  
  36. // split tunneling version
  37. var REDIRECT_GATEWAY_METHOD = -1;
  38.  
  39.  
  40. // --------------------------------------------------------------
  41. // Utilities
  42. // --------------------------------------------------------------
  43. function echo(msg)
  44. {
  45.     // TODO: prepend UTC? timestamp to every message
  46.     if (env("LOG2FILE")) {
  47.         log.WriteLine(msg);
  48.     } else {
  49.         WScript.echo(msg);
  50.     }
  51. }
  52.  
  53. function echoMultiLine(msg)
  54. {
  55.     if (env("LOG2FILE")) {
  56.         log.Write(msg);
  57.     } else {
  58.         WScript.echo(msg);
  59.     }
  60. }
  61.  
  62. function exec(cmd)
  63. {
  64.     echo("<<-- [EXEC] " + cmd);
  65.     var oExec = ws.Exec(comspec + " /C \"" + cmd + "\" 2>&1");
  66.     oExec.StdIn.Close();
  67.    
  68.     var s = oExec.StdOut.ReadAll();
  69.     echoMultiLine(s);
  70.    
  71.     var status = oExec.Status;
  72.     var exitCode = oExec.ExitCode;
  73.     echo("-->> (exitCode: " + exitCode + ")");
  74.     accumulatedExitCode += exitCode;
  75.    
  76.     return s;
  77. }
  78.  
  79. function getDefaultGateway()
  80. {
  81.     if (exec("route print").match(/0\.0\.0\.0 *(0|128)\.0\.0\.0 *([0-9\.]*)/)) {
  82.         return (RegExp.$2);
  83.     }
  84.     return ("");
  85. }
  86.  
  87. function waitForInterface() {
  88.     var if_route = new RegExp(env("INTERNAL_IP4_ADDRESS") + " *255.255.255.255");
  89.     for (var i = 0; i < 5; i++) {
  90.         echo("Waiting for interface to come up...");
  91.         WScript.Sleep(2000);
  92.         if (exec("route print").match(if_route)) {
  93.             return true;
  94.         }
  95.     }
  96.     return false;
  97. }
  98.  
  99.  
  100. // --------------------------------------------------------------
  101. // Script starts here
  102. // --------------------------------------------------------------
  103. switch (env("reason")) {
  104. case "pre-init":
  105.     break;
  106. case "connect":
  107.     var gw = getDefaultGateway();
  108.     var address_array = env("INTERNAL_IP4_ADDRESS").split(".");
  109.     var netmask_array = env("INTERNAL_IP4_NETMASK").split(".");
  110.     // Calculate the first usable address in subnet
  111.     var internal_gw_array = new Array(
  112.         address_array[0] & netmask_array[0],
  113.         address_array[1] & netmask_array[1],
  114.         address_array[2] & netmask_array[2],
  115.         (address_array[3] & netmask_array[3]) + 1
  116.     );
  117.     var internal_gw = internal_gw_array.join(".");
  118.     var tundevid = env("TUNIDX");
  119.    
  120.     echo("Default Gateway:" + gw)
  121.     echo("VPN Gateway: " + env("VPNGATEWAY"));
  122.     echo("Internal Address: " + env("INTERNAL_IP4_ADDRESS"));
  123.     echo("Internal Netmask: " + env("INTERNAL_IP4_NETMASK"));
  124.     echo("Internal Gateway: " + internal_gw);
  125.     echo("Interface idx: \"" + tundevid + "\" (\"" + env("TUNDEV") + "\")");
  126.    
  127.     // Add direct route for the VPN gateway to avoid routing loops
  128.     exec("route add " + env("VPNGATEWAY") + " mask 255.255.255.255 " + gw);
  129.  
  130.     if (env("INTERNAL_IP4_MTU")) {
  131.         echo("MTU: " + env("INTERNAL_IP4_MTU"));
  132.         exec("netsh interface ipv4 set subinterface \"" + tundevid + "\" mtu=" + env("INTERNAL_IP4_MTU") + " store=active");
  133.         if (env("INTERNAL_IP6_ADDRESS")) {
  134.             exec("netsh interface ipv6 set subinterface \"" + tundevid + "\" mtu=" + env("INTERNAL_IP4_MTU") + " store=active");
  135.         }
  136.     }
  137.  
  138.     // custom split-tunnel
  139.     function addAddr(addr, mask, maskLen)
  140.     {
  141.         env("CISCO_SPLIT_INC_" + env("CISCO_SPLIT_INC") + "_ADDR") = addr;
  142.         env("CISCO_SPLIT_INC_" + env("CISCO_SPLIT_INC") + "_MASK") = mask;
  143.         env("CISCO_SPLIT_INC_" + env("CISCO_SPLIT_INC") + "_MASKLEN") = maskLen;
  144.         env("CISCO_SPLIT_INC") = parseInt(env("CISCO_SPLIT_INC")) + 1;
  145.     }
  146.     env("CISCO_SPLIT_INC") = 0;
  147.    
  148.     // DNS Servers to use. Put private ones first to get to intranet sites
  149.     env("INTERNAL_IP4_DNS") = "8.8.8.8 8.8.4.4";
  150.     // To use whatever DNS the vpn supplies, uncomment the following:
  151.     // env.Remove("INTERNAL_IP4_DNS");
  152.    
  153.     // List of IPs or subnets beyond VPN tunnel
  154.     // IP4 doesn't care about masklen so I just make it XX
  155.     addAddr("10.4.1.77", "255.255.255.255", "XX");
  156.     addAddr("10.4.1.86", "255.255.255.255", "XX");
  157.     addAddr("10.4.1.199", "255.255.255.255", "XX");
  158.     addAddr("10.4.2.4", "255.255.255.255", "XX");
  159.     addAddr("10.4.3.171", "255.255.255.255", "XX");
  160.     addAddr("10.4.3.91", "255.255.255.255", "XX");
  161.     addAddr("10.4.3.92", "255.255.255.255", "XX");
  162.     addAddr("10.4.3.93", "255.255.255.255", "XX");
  163.     addAddr("10.4.3.107", "255.255.255.255", "XX");
  164.     addAddr("10.4.3.108", "255.255.255.255", "XX");
  165.     addAddr("10.4.3.109", "255.255.255.255", "XX");
  166.     addAddr("10.4.3.156", "255.255.255.255", "XX");
  167.     addAddr("10.4.3.211", "255.255.255.255", "XX");
  168.     addAddr("10.4.3.213", "255.255.255.255", "XX");
  169.     addAddr("10.4.3.212", "255.255.255.255", "XX");
  170.     addAddr("10.4.3.214", "255.255.255.255", "XX");
  171.     addAddr("10.4.3.161", "255.255.255.255", "XX");
  172.     addAddr("10.4.3.153", "255.255.255.255", "XX");
  173.     addAddr("10.4.3.155", "255.255.255.255", "XX");
  174.     addAddr("10.4.3.162", "255.255.255.255", "XX");
  175.     addAddr("10.4.3.164", "255.255.255.255", "XX");
  176.     addAddr("10.4.3.148", "255.255.255.255", "XX");
  177.     addAddr("10.4.3.150", "255.255.255.255", "XX");
  178.     addAddr("10.4.4.129", "255.255.255.255", "XX");
  179.     addAddr("10.4.4.148", "255.255.255.255", "XX");
  180.     addAddr("10.4.5.26", "255.255.255.255", "XX");
  181.     addAddr("10.4.5.48", "255.255.255.255", "XX");
  182.     addAddr("10.4.5.49", "255.255.255.255", "XX");
  183.     addAddr("10.4.5.71", "255.255.255.255", "XX");
  184.     addAddr("10.4.5.245", "255.255.255.255", "XX");
  185.     addAddr("10.4.80.20", "255.255.255.255", "XX");
  186.     addAddr("10.4.233.22", "255.255.255.255", "XX");
  187.     addAddr("10.4.235.72", "255.255.255.255", "XX");
  188.    
  189.     addAddr("172.25.1.41", "255.255.255.255", "XX");
  190.     addAddr("172.25.1.232", "255.255.255.255", "XX");
  191.     addAddr("172.25.2.212", "255.255.255.255", "XX");
  192.     addAddr("172.25.2.234", "255.255.255.255", "XX");
  193.     addAddr("172.28.200.52", "255.255.255.255", "XX");
  194.    
  195.     addAddr("10.4.7.101", "255.255.255.255", "XX");
  196.  
  197.     addAddr("10.4.5.97", "255.255.255.255", "XX");
  198.     addAddr("10.4.53.11", "255.255.255.255", "XX");
  199.     addAddr("172.25.2.102", "255.255.255.255", "XX");
  200.    
  201.     // To ignore the above subnet routes, uncomment the following lines:
  202.     // env.Remove("CISCO_SPLIT_INC");
  203.     // end custom split-tunnel
  204.  
  205.     echo("Configuring \"" + tundevid + "\" interface for Legacy IP...");
  206.    
  207.     if (!env("CISCO_SPLIT_INC") && REDIRECT_GATEWAY_METHOD != 2) {
  208.         // Interface metric must be set to 1 in order to add a route with metric 1 since Windows Vista
  209.         exec("netsh interface ip set interface \"" + tundevid + "\" metric=1");
  210.     }
  211.    
  212.     if (env("CISCO_SPLIT_INC") || REDIRECT_GATEWAY_METHOD != 0) {
  213.         exec("netsh interface ip set address \"" + tundevid + "\" static " + env("INTERNAL_IP4_ADDRESS") + " " + env("INTERNAL_IP4_NETMASK"));
  214.     } else {
  215.         // The default route will be added automatically
  216.         exec("netsh interface ip set address \"" + tundevid + "\" static " + env("INTERNAL_IP4_ADDRESS") + " " + env("INTERNAL_IP4_NETMASK") + " " + internal_gw + " 1");
  217.     }
  218.  
  219.     if (env("INTERNAL_IP4_NBNS")) {
  220.         var wins = env("INTERNAL_IP4_NBNS").split(/ /);
  221.         for (var i = 0; i < wins.length; i++) {
  222.             exec("netsh interface ip add wins \"" + tundevid + "\" " + wins[i] + " index=" + (i+1));
  223.         }
  224.     }
  225.  
  226.     if (env("INTERNAL_IP4_DNS")) {
  227.         var dns = env("INTERNAL_IP4_DNS").split(/ /);
  228.         for (var i = 0; i < dns.length; i++) {
  229.             exec("netsh interface ip add dns \"" + tundevid + "\" " + dns[i] + " index=" + (i+1));
  230.         }
  231.     }
  232.     echo("done.");
  233.  
  234.     // Add internal network routes
  235.     echo("Configuring Legacy IP networks:");
  236.     if (env("CISCO_SPLIT_INC")) {
  237.         // Waiting for the interface to be configured before to add routes
  238.         if (!waitForInterface()) {
  239.             echo("Interface does not seem to be up.");
  240.         }
  241.        
  242.         for (var i = 0 ; i < parseInt(env("CISCO_SPLIT_INC")); i++) {
  243.             var network = env("CISCO_SPLIT_INC_" + i + "_ADDR");
  244.             var netmask = env("CISCO_SPLIT_INC_" + i + "_MASK");
  245.             var netmasklen = env("CISCO_SPLIT_INC_" + i + "_MASKLEN");
  246.             // exec("route add " + network + " mask " + netmask + " " + internal_gw);
  247.             // split tunneling version
  248.             exec("route add " + network + " mask " + netmask + " " + internal_gw + " METRIC 1 IF " + tundevid);        
  249.         }
  250.     } else if (REDIRECT_GATEWAY_METHOD > 0) {
  251.         // Waiting for the interface to be configured before to add routes
  252.         if (!waitForInterface()) {
  253.             echo("Interface does not seem to be up.");
  254.         }
  255.        
  256.         if (REDIRECT_GATEWAY_METHOD == 1) {
  257.             exec("route add 0.0.0.0 mask 0.0.0.0 " + internal_gw + " metric 1");
  258.         } else {
  259.             exec("route add 0.0.0.0 mask 128.0.0.0 " + internal_gw);
  260.             exec("route add 128.0.0.0 mask 128.0.0.0 " + internal_gw);
  261.         }
  262.     }
  263.     echo("Route configuration done.");
  264.  
  265.     if (env("INTERNAL_IP6_ADDRESS")) {
  266.         echo("Configuring \"" + tundevid + "\" interface for IPv6...");
  267.         exec("netsh interface ipv6 set address \"" + tundevid + "\" " + env("INTERNAL_IP6_ADDRESS") + " store=active");
  268.         echo("done.");
  269.  
  270.         // Add internal network routes
  271.         echo("Configuring IPv6 networks:");
  272.         if (env("INTERNAL_IP6_NETMASK") && !env("INTERNAL_IP6_NETMASK").match("/128$")) {
  273.             exec("netsh interface ipv6 add route " + env("INTERNAL_IP6_NETMASK") + " \"" + tundevid + "\" fe80::8 store=active");
  274.         }
  275.  
  276.         if (env("CISCO_IPV6_SPLIT_INC")) {
  277.             for (var i = 0 ; i < parseInt(env("CISCO_IPV6_SPLIT_INC")); i++) {
  278.                 var network = env("CISCO_IPV6_SPLIT_INC_" + i + "_ADDR");
  279.                 var netmasklen = env("CISCO_SPLIT_INC_" + i + "_MASKLEN");
  280.                 exec("netsh interface ipv6 add route " + network + "/" + netmasklen + " \"" + tundevid + "\" fe80::8 store=active");
  281.             }
  282.         } else {
  283.             echo("Setting default IPv6 route through VPN.");
  284.             exec("netsh interface ipv6 add route 2000::/3 \"" + tundevid +
  285.                 "\" fe80::8 store=active");
  286.         }
  287.         echo("IPv6 route configuration done.");
  288.     }
  289.  
  290.     if (env("CISCO_BANNER")) {
  291.         echo("--------------------- BANNER ---------------------");
  292.         echo(env("CISCO_BANNER"));
  293.         echo("------------------- BANNER end -------------------");
  294.     }
  295.     break;
  296. case "disconnect":
  297.     var gw = getDefaultGateway();
  298.     var tundevid = env("TUNIDX");
  299.  
  300.     echo("Default Gateway: " + gw)
  301.     echo("Interface idx: \"" + tundevid + "\" (\"" + env("TUNDEV") + "\")");
  302.  
  303.     // Delete direct route for the VPN gateway
  304.     echo("Deleting Direct Route for VPN Gateway");
  305.     exec("route delete " + env("VPNGATEWAY") + " mask 255.255.255.255");
  306.  
  307.     // Restore direct route
  308.     echo("Restoring Direct Route");
  309.     exec("route delete 0.0.0.0 mask 0.0.0.0 ");
  310.     exec("route add 0.0.0.0 mask 0.0.0.0 " + gw);
  311.  
  312.     // ReSet Tunnel Adapter IP = nothing
  313.     echo("Resetting Tunnel Adapter IP");
  314.     exec("netsh interface ip set address \"" + tundevid + "\" source=static 1.0.0.0 255.255.255.255");
  315.     exec("netsh interface ip delete address \"" + tundevid + "\" 1.0.0.0");
  316.  
  317.     // Take Down IPv4 Split Tunnel Server-side Network Routes
  318.     if (env("CISCO_SPLIT_INC")) {
  319.         echo(">Removing IPv4 Split Tunnel INC Server-side Network Routes:");
  320.         for (var i = 0 ; i < parseInt(env("CISCO_SPLIT_INC")); i++) {
  321.             var network = env("CISCO_SPLIT_INC_" + i + "_ADDR");
  322.             var netmask = env("CISCO_SPLIT_INC_" + i + "_MASK");
  323.             exec("route delete " + network);
  324.         }
  325.     }
  326.  
  327.     // Take Down IPv4 Split Tunnel Client-side Network Routes
  328.     if (env("CISCO_SPLIT_LCL")) {
  329.         echo("Removing IPv4 Split Tunnel Local Client-side Network Routes:");
  330.         for (var i = 0 ; i < parseInt(env("CISCO_SPLIT_LCL")); i++) {
  331.             var network = env("CISCO_SPLIT_LCL_" + i + "_ADDR");
  332.             var netmask = env("CISCO_SPLIT_LCL_" + i + "_MASK");
  333.             exec("route delete " + network);
  334.         }
  335.     }
  336. }
  337.  
  338. if (env("LOG2FILE")) {
  339.     log.Close();
  340. }
  341. WScript.Quit(accumulatedExitCode);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!