API tools faq
paste
Onryo

hma ip binding script

Onryo
Sep 9th, 2011
2,065
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 5.89 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. #
  3. # Hide My Ass VPN Script
  4. # By: Onryo
  5. #
  6.  
  7. # Make sure user has permission to run OpenVPN in sudo.
  8. sudo -v
  9.  
  10. # Make sure DNS servers are not your ISP's to stop leaks.
  11. dns1="nameserver 208.67.222.222"
  12. dns2="nameserver 208.67.220.220"
  13.  
  14. #Flush all rules
  15. IPT=/sbin/iptables
  16. $IPT -F
  17. $IPT -X
  18. $IPT -t nat -F
  19. $IPT -t nat -X
  20. $IPT -t mangle -F
  21. $IPT -t mangle -X
  22. $IPT -P INPUT ACCEPT
  23. $IPT -P FORWARD ACCEPT
  24. $IPT -P OUTPUT ACCEPT
  25.  
  26. # restart openvpn for quick vnp change
  27.  
  28. /sbin/ifconfig tun0 down
  29. killall -9 openvpn
  30. rm -f ./.pid 2>/dev/null
  31.  
  32. echo $dns1 > /etc/resolv.conf
  33. echo $dns2 >> /etc/resolv.conf
  34.  
  35. OIFS=$IFS
  36. check_wait=5 # Time to wait between checks for VPN connection.
  37.  
  38. # Find existing tunnels for connection check
  39. _tunnels=$(ifconfig -s tun 2>/dev/null); tunnels=0; IFS=$'\n'; for tunnel in $_tunnels; do IFS=$' '; tunnel=( $tunnel ); let tunnels=$tunnels+1; done; IFS=$OIFS
  40.  
  41. trim() { IFS=$' '; echo $1; IFS=$OIFS; }
  42. getservers() { echo "Loading server list..."; IFS=$'\n'; for server in $(curl -s http://vpn.hidemyass.com/vpnconfig/countries.php); do servers[${#servers[@]}]=$(trim $server); done; unset server; IFS=$OIFS; echo "Server list loaded."; }
  43. getserver() { IFS=$'\n'; echo "Getting server configuration..."; if [[ ! -d "./servers" ]]; then echo "Creating server configurations directory..."; mkdir -v ./servers; fi; wget -nv $(printf "http://vpn.hidemyass.com/vpnconfig/client_config.php?win=1&loc=%s" ${servers[(($1-1))]}) -O "./servers/${servers[(($1-1))]}.cfg"; echo "Got server configuration."; IFS=$OIFS; }
  44. vpncheck() { if [[ -e ./.pid ]]; then if [[ ! -z $(ps -ef | grep $(cat ./.pid) | grep openvpn) ]]; then echo "HMA VPN already running. PID: $(cat ./.pid)"; exit; else rm -f ./.pid; fi; fi; }
  45. checkconnection() { echo "Checking connection in $check_wait seconds..."; while [[ 1 ]]; do sleep $check_wait; echo "Checking connection..."; _tunnels=$(ifconfig -s tun 2>/dev/null); IFS=$'\n'; _tunnels=( $_tunnels ); if [[ ${#_tunnels[@]} -gt $tunnels ]]; then echo "VPN connected."; echo "Real IP: $OIP"; echo " VPN IP: $(getip)"; break; elif [[ ! -z $(tail -n 5 /var/log/syslog | grep "HMA VPN" | grep -i "auth: received auth_failed control message") ]]; then echo "VPN connection failed. Reason: Invalid password."; exit; elif [[ ! -z $(tail -n 5 /var/log/syslog | grep "HMA VPN" | grep -i "error: auth username is empty") ]]; then echo "VPN connection failed. Reason: Blank username."; exit; fi; IFS=$OIFS; echo "Unable to confirm connection. Trying again in $check_wait seconds..."; done; }
  46. getip() { echo $(curl -s http://www.whatismyip.org); }
  47.  
  48. OIP=$(getip)
  49.  
  50. # Change to the script directory to prevent an OpenVPN error with the
  51. # server configs.
  52. cd "$HOME/.hma"
  53.  
  54. if [[ -z $1 || $1 == '-l' ]]; then
  55.     getservers
  56.     echo "Servers:"
  57.     for (( i=1;i<=${#servers[@]};i++ )); do
  58.         echo "  $i: ${servers[(($i-1))]}"
  59.     done
  60.     echo "End of list."
  61. elif [[ $1 == '-r' ]]; then
  62.     vpncheck
  63.     getservers
  64.     while [[ -z $rserv ]]; do
  65.         rserv=$RANDOM
  66.         let "rserv %= ${#servers[@]}"
  67.         shopt -s nocasematch
  68.         while [[ 1 ]]; do
  69.             echo -n "Continue using server \"${servers[(($rserv-1))]}\"? (yes) "
  70.             read YN
  71.             if [[ -z $YN || $YN =~ ^y(es)*$ ]]; then break;
  72.             elif [[ $YN =~ ^no*$ ]]; then unset rserv;  break;
  73.             else echo "Invalid response."; continue;
  74.             fi
  75.         done
  76.     done
  77.     shopt -u nocasematch
  78.     getserver $1
  79.     echo "Connecting to VPN..."
  80.     sudo openvpn --config "./servers/${servers[(($1-1))]}.cfg" --auth-user-pass client.cred --writepid ./.pid --daemon "HMA VPN"
  81.     checkconnection
  82. elif [[ $1 =~ ^[0-9]+$ && $1 -gt 0 ]]; then
  83.     vpncheck
  84.     getservers
  85.     if [[ ! -z ${servers[(($1-1))]} ]]; then
  86.         echo "Server selected: ${servers[(($1-1))]}"
  87.         getserver $1
  88.         echo
  89.         echo "Connecting to VPN..."
  90.         sudo openvpn --config "./servers/${servers[(($1-1))]}.cfg" --auth-user-pass client.cred --writepid ./.pid --daemon "HMA VPN"
  91.         checkconnection
  92.     else echo "No server found."
  93.     fi
  94. elif [[ $1 == 0 ]]; then echo "Server must be greater than 0."
  95. elif [[ $1 == '-c' ]]; then
  96.     echo "Cleaning..."
  97.     if [[ -d ./servers ]]; then rm -rvf ./servers/*; fi
  98.     echo "Done cleaning."
  99. elif [[ $1 == '-s' ]]; then
  100.     if [[ -e ./.pid ]]; then
  101.         echo "Stopping the VPN..."
  102.         if [[ $(ps -p $(cat ./.pid)) =~ openvpn ]]; then
  103.             sudo kill -9 $(cat ./.pid)
  104.             echo "Killed process: $(cat ./.pid)"
  105.         fi
  106.         rm -f ./.pid 2>/dev/null
  107.         echo "VPN stopped."
  108.     else echo "No PID lock detected. VPN is not running, or the PID file was deleted prematurely."
  109.     fi
  110. elif [[ $1 == '-h' || $1 == '--help' ]]; then cat <<EOF
  111. Hide My Ass VPN Help
  112.  
  113. $0 -h,--help        - Display this help screen
  114. $0 -c           - Clean configuration files
  115. $0 -r           - Random server
  116. $0 #            - Select a server.
  117. $0 -l           - List servers.
  118. $0 -s           - Stop the VPN that is currently running (if any).
  119. EOF
  120. else echo "Unknown command: $1"
  121. fi
  122. ############ binding the vpn with iptables ###############
  123. if [[ $1 =~ ^[0-9]+$ && $1 -gt 0 ]] || [[ $1 == '-r' ]] ; then
  124.  
  125. #Set variables
  126. # IPT=/sbin/iptables
  127. VPN=$(/sbin/ifconfig tun0 | awk '/inet addr/ {print substr($2, 6)}')
  128. LAN1=192.168.0.0/16
  129. ## LAN2=10.0.0.0/8
  130. ## LAN3=172.16.0.0/12
  131.  
  132. echo "Your IP is locked to VPN" $VPN
  133. cat /etc/resolv.conf
  134.  
  135. #Default policies and define chains
  136. $IPT -P OUTPUT DROP
  137. $IPT -P INPUT DROP
  138. $IPT -P FORWARD DROP
  139.  
  140. #Allow input from LAN and tun0 ONLY
  141. $IPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  142. $IPT -A INPUT -i lo -j ACCEPT
  143. $IPT -A INPUT -i tun0 -m conntrack --ctstate NEW -j ACCEPT
  144. $IPT -A INPUT -s $LAN1 -m conntrack --ctstate NEW -j ACCEPT
  145. ## $IPT -A INPUT -s $LAN2 -m conntrack --ctstate NEW -j ACCEPT
  146. ## $IPT -A INPUT -s $LAN3 -m conntrack --ctstate NEW -j ACCEPT
  147. $IPT -A INPUT -j DROP
  148.  
  149. #Allow output from lo and tun0 ONLY
  150. $IPT -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
  151. $IPT -A OUTPUT -o lo -j ACCEPT
  152. $IPT -A OUTPUT -o tun0 -m conntrack --ctstate NEW -j ACCEPT
  153. $IPT -A OUTPUT -d $VPN -m conntrack --ctstate NEW -j ACCEPT
  154. $IPT -A OUTPUT -j DROP
  155. fi
  156. exit 0
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!