Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- # -*- coding: utf-8 -*-
- import dnet
- import os
- import time
- import commands
- import re
- def main():
- dest = 'proxy'
- username = 's055695'
- password = 'pa5sw0rd'
- route_rules = []
- config_dir = '/opt/cuhk_vpn'
- if not os.path.isdir(config_dir):
- os.mkdir(config_dir)
- #get dest IP
- dest_addr = dnet.addr(dest)
- print dest_addr
- #get self IP and dev for l2tp connect
- interfaces = dnet.intf()
- my_config = interfaces.get_dst(dest_addr)
- my_addr = my_config['addr']
- print my_addr
- my_dev = my_config['name']
- print my_dev
- routes = dnet.route()
- dest_route = routes.get(dest_addr)
- if not dest_route is None:
- route_rules.append((dest_addr, dest_route))
- # IPSec SPD Policies
- setkey_file_path = os.path.join(config_dir,'setkey.conf')
- setkey_file = open(setkey_file_path,'w')
- setkey_file.write('''#!/sbin/setkey -v
- #
- # This file is to be processed by the setkey(8) utility
- # upon startup of the ipsec service
- #
- flush;
- spdflush;
- ''')
- spd_policies = []
- spd_policies.append('''spdadd %s %s[1701] any -P out ipsec
- esp/transport//require''' % (my_addr, dest_addr));
- spd_policies.append('''spdadd %s[1701] %s any -P in ipsec
- esp/transport//require''' % (dest_addr, my_addr));
- setkey_file.write('\n'.join(spd_policies) + '\n')
- setkey_file.close()
- # racoon config....
- psk_file_path = os.path.join(config_dir,'psk.txt')
- psk_file = open(psk_file_path,'w')
- psk_file.write('%s ipsec-vpn\n' % dest_addr)
- psk_file.close()
- racoon_file_path = os.path.join(config_dir,'racoon.conf')
- racoon_file = open(racoon_file_path,'w')
- racoon_file.write('''log debug;
- path pre_shared_key "%s";
- padding {
- maximum_length 20;
- randomize off;
- strict_check off;
- exclusive_tail off;
- }
- remote anonymous {
- exchange_mode main;
- doi ipsec_doi;
- situation identity_only;
- generate_policy on;
- proposal_check obey;
- proposal {
- encryption_algorithm des;
- hash_algorithm sha1;
- authentication_method pre_shared_key;
- dh_group 1;
- }
- }
- sainfo anonymous {
- lifetime time 28800 sec;
- encryption_algorithm 3des;
- authentication_algorithm hmac_md5;
- compression_algorithm deflate;
- }
- ''' % psk_file_path)
- racoon_file.close()
- # Re/Start racoon
- # l2tpconfig commands
- # restart openl2tpd here
- openl2tp_file_path = os.path.join(config_dir,'openl2tpd.conf')
- openl2tp_file = open(openl2tp_file_path,'w')
- l2tp_commands = []
- l2tp_commands.append('system modify deny_remote_tunnel_creates=yes')
- l2tp_commands.append('ppp profile create profile_name=cuhk_vpn \
- auth_eap=no auth_mschapv1=no auth_mschapv2=no \
- mtu=1000')
- l2tp_commands.append('tunnel create tunnel_name=cuhk_vpn \
- ppp_profile_name=cuhk_vpn \
- dest_ipaddr=%s persist=yes' % dest_addr)
- l2tp_commands.append('session create tunnel_name=cuhk_vpn \
- session_name=cuhk_vpn \
- user_name=%s \
- user_password=%s' % (username, password))
- openl2tp_file.write('\n'.join(l2tp_commands) + '\n')
- openl2tp_file.close()
- # invoke l2tpconfig here
- # check if conneceted
- l2tp_command = 'session show tunnel_name=cuhk_vpn session_name=cuhk_vpn'
- output = '''Session 29680 on tunnel 20903:-
- type: LAC Incoming Call, state: ESTABLISHED
- created at: Aug 31 11:04:59 2005
- administrative name: one
- created by admin: YES, peer session id: 5
- ppp user name: cisco
- ppp user password: cisco
- ppp profile name: one
- ppp interface name: ppp0
- data sequencing required: OFF
- use data sequence numbers: OFF
- trace flags: NONE
- framing types: SYNC ASYNC
- bearer types: DIGITAL ANALOG
- call serial number: 4
- use ppp proxy: NO
- Peer configuration data:-
- data sequencing required: OFF
- framing types:
- bearer types:
- call serial number: 4
- data rx packets: 1582, rx bytes: 1094667, rx errors: 0
- data tx packets: 1582, tx bytes: 1088350, tx errors: 0
- '''
- state_p = re.compile(r'state: ([A-Z]+)')
- m = state_p.search(output)
- if not m is None:
- state = m.group(1)
- print state
- pppN_p = re.compile(r'ppp interface name: (ppp\d)')
- m = pppN_p.search(output)
- if not m is None:
- pppN = m.group(1)
- print pppN
- #ppp_if = interfaces.get(pppN)
- ppp_if = interfaces.get('eth0')
- local_addr = '137.189.212.222'
- peer_addr = '137.189.224.241'
- default_addr = dnet.addr('0.0.0.0/0')
- # remove default route
- routes.delete(default_addr)
- # replace default route
- route_rules.append((peer_addr, local_addr))
- route_rules.append((default_addr, peer_addr))
- print route_rules
- for rule in route_rules:
- #routes.add(rule[0],rule[1])
- pass
- if __name__ == '__main__':
- main()
Add Comment
Please, Sign In to add comment