API tools faq
paste
Guest User

Untitled

a guest
Mar 4th, 2018
122
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.74 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-
  3.  
  4.  
  5. import dnet
  6. import os
  7. import time
  8. import commands
  9. import re
  10.  
  11. def main():
  12. dest = 'proxy'
  13. username = 's055695'
  14. password = 'pa5sw0rd'
  15. route_rules = []
  16.  
  17. config_dir = '/opt/cuhk_vpn'
  18. if not os.path.isdir(config_dir):
  19. os.mkdir(config_dir)
  20.  
  21. #get dest IP
  22. dest_addr = dnet.addr(dest)
  23. print dest_addr
  24.  
  25. #get self IP and dev for l2tp connect
  26. interfaces = dnet.intf()
  27. my_config = interfaces.get_dst(dest_addr)
  28. my_addr = my_config['addr']
  29. print my_addr
  30. my_dev = my_config['name']
  31. print my_dev
  32.  
  33. routes = dnet.route()
  34. dest_route = routes.get(dest_addr)
  35. if not dest_route is None:
  36. route_rules.append((dest_addr, dest_route))
  37.  
  38.  
  39. # IPSec SPD Policies
  40. setkey_file_path = os.path.join(config_dir,'setkey.conf')
  41. setkey_file = open(setkey_file_path,'w')
  42. setkey_file.write('''#!/sbin/setkey -v
  43. #
  44. # This file is to be processed by the setkey(8) utility
  45. # upon startup of the ipsec service
  46. #
  47. flush;
  48. spdflush;
  49. ''')
  50.  
  51. spd_policies = []
  52. spd_policies.append('''spdadd %s %s[1701] any -P out ipsec
  53. esp/transport//require''' % (my_addr, dest_addr));
  54. spd_policies.append('''spdadd %s[1701] %s any -P in ipsec
  55. esp/transport//require''' % (dest_addr, my_addr));
  56. setkey_file.write('\n'.join(spd_policies) + '\n')
  57. setkey_file.close()
  58.  
  59. # racoon config....
  60.  
  61. psk_file_path = os.path.join(config_dir,'psk.txt')
  62. psk_file = open(psk_file_path,'w')
  63. psk_file.write('%s ipsec-vpn\n' % dest_addr)
  64. psk_file.close()
  65.  
  66. racoon_file_path = os.path.join(config_dir,'racoon.conf')
  67. racoon_file = open(racoon_file_path,'w')
  68. racoon_file.write('''log debug;
  69. path pre_shared_key "%s";
  70. padding {
  71. maximum_length 20;
  72. randomize off;
  73. strict_check off;
  74. exclusive_tail off;
  75. }
  76. remote anonymous {
  77. exchange_mode main;
  78. doi ipsec_doi;
  79. situation identity_only;
  80. generate_policy on;
  81. proposal_check obey;
  82. proposal {
  83. encryption_algorithm des;
  84. hash_algorithm sha1;
  85. authentication_method pre_shared_key;
  86. dh_group 1;
  87. }
  88. }
  89. sainfo anonymous {
  90. lifetime time 28800 sec;
  91. encryption_algorithm 3des;
  92. authentication_algorithm hmac_md5;
  93. compression_algorithm deflate;
  94. }
  95. ''' % psk_file_path)
  96. racoon_file.close()
  97.  
  98. # Re/Start racoon
  99.  
  100. # l2tpconfig commands
  101. # restart openl2tpd here
  102.  
  103. openl2tp_file_path = os.path.join(config_dir,'openl2tpd.conf')
  104. openl2tp_file = open(openl2tp_file_path,'w')
  105.  
  106. l2tp_commands = []
  107. l2tp_commands.append('system modify deny_remote_tunnel_creates=yes')
  108. l2tp_commands.append('ppp profile create profile_name=cuhk_vpn \
  109. auth_eap=no auth_mschapv1=no auth_mschapv2=no \
  110. mtu=1000')
  111. l2tp_commands.append('tunnel create tunnel_name=cuhk_vpn \
  112. ppp_profile_name=cuhk_vpn \
  113. dest_ipaddr=%s persist=yes' % dest_addr)
  114. l2tp_commands.append('session create tunnel_name=cuhk_vpn \
  115. session_name=cuhk_vpn \
  116. user_name=%s \
  117. user_password=%s' % (username, password))
  118.  
  119. openl2tp_file.write('\n'.join(l2tp_commands) + '\n')
  120. openl2tp_file.close()
  121.  
  122. # invoke l2tpconfig here
  123.  
  124.  
  125. # check if conneceted
  126. l2tp_command = 'session show tunnel_name=cuhk_vpn session_name=cuhk_vpn'
  127. output = '''Session 29680 on tunnel 20903:-
  128. type: LAC Incoming Call, state: ESTABLISHED
  129. created at: Aug 31 11:04:59 2005
  130. administrative name: one
  131. created by admin: YES, peer session id: 5
  132. ppp user name: cisco
  133. ppp user password: cisco
  134. ppp profile name: one
  135. ppp interface name: ppp0
  136. data sequencing required: OFF
  137. use data sequence numbers: OFF
  138. trace flags: NONE
  139. framing types: SYNC ASYNC
  140. bearer types: DIGITAL ANALOG
  141. call serial number: 4
  142. use ppp proxy: NO
  143.  
  144. Peer configuration data:-
  145. data sequencing required: OFF
  146. framing types:
  147. bearer types:
  148. call serial number: 4
  149. data rx packets: 1582, rx bytes: 1094667, rx errors: 0
  150. data tx packets: 1582, tx bytes: 1088350, tx errors: 0
  151. '''
  152. state_p = re.compile(r'state: ([A-Z]+)')
  153. m = state_p.search(output)
  154. if not m is None:
  155. state = m.group(1)
  156. print state
  157.  
  158. pppN_p = re.compile(r'ppp interface name: (ppp\d)')
  159. m = pppN_p.search(output)
  160. if not m is None:
  161. pppN = m.group(1)
  162. print pppN
  163.  
  164. #ppp_if = interfaces.get(pppN)
  165. ppp_if = interfaces.get('eth0')
  166. local_addr = '137.189.212.222'
  167. peer_addr = '137.189.224.241'
  168.  
  169. default_addr = dnet.addr('0.0.0.0/0')
  170.  
  171. # remove default route
  172. routes.delete(default_addr)
  173.  
  174. # replace default route
  175. route_rules.append((peer_addr, local_addr))
  176. route_rules.append((default_addr, peer_addr))
  177.  
  178. print route_rules
  179.  
  180. for rule in route_rules:
  181. #routes.add(rule[0],rule[1])
  182. pass
  183.  
  184.  
  185. if __name__ == '__main__':
  186. main()
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!