-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathsvpn.sh
124 lines (117 loc) · 4.25 KB
/
svpn.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/bin/bash
#########################################
#FileName: svpn.sh
#Author: oicu
#Blog: http://oicu.cc.blog.163.com/
#########################################
PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
export PATH
[ "$(whoami)" != 'root' ] && echo "Run it as root." && exit 1
SERVER_SSH_PORT="22"
SERVER_SSH_IP="1.2.3.4"
CLIENT_ETHERNET="eth0"
SERVER_ETHERNET="eth0"
CLIENT_TUNNEL="tun2"
SERVER_TUNNEL="tun1"
CLIENT_TUN_IP="10.0.0.2"
SERVER_TUN_IP="10.0.0.1"
CLIENT_NET="192.168.2.0/24"
CLIENT_GATEWAY="192.168.2.1"
SERVER_NET="192.168.1.0/24"
SERVER_GATEWAY="192.168.1.1"
start()
{
ssh -NTCf -o ServerAliveInterval=30 \
-o ServerAliveCountMax=6 \
-o ExitOnForwardFailure=yes \
-o Tunnel=point-to-point \
-w "${CLIENT_TUNNEL#tun}:${SERVER_TUNNEL#tun}" \
root@${SERVER_SSH_IP} -p ${SERVER_SSH_PORT}
if [ $? -ne 0 ]; then exit 1; fi
echo "ssh tunnel is working."
ssh -T root@${SERVER_SSH_IP} -p ${SERVER_SSH_PORT} > /dev/null 2>&1 << eeooff
# ip route replace default via ${SERVER_GATEWAY}
ip route del ${CLIENT_NET} via ${SERVER_TUN_IP}
ip link set ${SERVER_TUNNEL} down
iptables -t nat -D POSTROUTING -s ${CLIENT_TUN_IP}/32 -o ${SERVER_ETHERNET} -j MASQUERADE
iptables -D FORWARD -p tcp --syn -s ${CLIENT_TUN_IP}/32 -j TCPMSS --set-mss 1356
iptables -t nat -D POSTROUTING -s ${SERVER_NET} -o ${SERVER_TUNNEL} -j MASQUERADE
ifconfig ${SERVER_TUNNEL} > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward
ip link set ${SERVER_TUNNEL} up
ip addr add ${SERVER_TUN_IP}/32 peer ${CLIENT_TUN_IP} dev ${SERVER_TUNNEL}
ip route add ${CLIENT_NET} via ${SERVER_TUN_IP}
# ip route replace default via ${SERVER_TUN_IP}
iptables -t nat -A POSTROUTING -s ${CLIENT_TUN_IP}/32 -o ${SERVER_ETHERNET} -j MASQUERADE
iptables -A FORWARD -p tcp --syn -s ${CLIENT_TUN_IP}/32 -j TCPMSS --set-mss 1356
iptables -t nat -A POSTROUTING -s ${SERVER_NET} -o ${SERVER_TUNNEL} -j MASQUERADE
fi
exit
eeooff
if [ $? -ne 0 ]; then exit 1; fi
echo "remote start."
ifconfig ${CLIENT_TUNNEL} > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo 1 > /proc/sys/net/ipv4/ip_forward
ip link set ${CLIENT_TUNNEL} up
ip addr add ${CLIENT_TUN_IP}/32 peer ${SERVER_TUN_IP} dev ${CLIENT_TUNNEL}
ip route add ${SERVER_NET} via ${CLIENT_TUN_IP}
# ip route replace default via ${CLIENT_TUN_IP}
iptables -t nat -A POSTROUTING -s ${SERVER_TUN_IP}/32 -o ${CLIENT_ETHERNET} -j MASQUERADE
iptables -A FORWARD -p tcp --syn -s ${SERVER_TUN_IP}/32 -j TCPMSS --set-mss 1356
iptables -t nat -A POSTROUTING -s ${CLIENT_NET} -o ${CLIENT_TUNNEL} -j MASQUERADE
ping ${SERVER_TUN_IP} -i 60 > /dev/null 2>&1 &
echo "local start."
else
exit 1
fi
}
stop-srv()
{
ssh -T root@${SERVER_SSH_IP} -p ${SERVER_SSH_PORT} > /dev/null 2>&1 << eeooff
# ip route replace default via ${SERVER_GATEWAY}
ip route del ${CLIENT_NET} via ${SERVER_TUN_IP}
ip link set ${SERVER_TUNNEL} down
iptables -t nat -D POSTROUTING -s ${CLIENT_TUN_IP}/32 -o ${SERVER_ETHERNET} -j MASQUERADE
iptables -D FORWARD -p tcp --syn -s ${CLIENT_TUN_IP}/32 -j TCPMSS --set-mss 1356
iptables -t nat -D POSTROUTING -s ${SERVER_NET} -o ${SERVER_TUNNEL} -j MASQUERADE
exit
eeooff
if [ $? -eq 0 ]; then echo "remote stop."; fi
}
stop()
{
# ip route replace default via ${CLIENT_GATEWAY}
ip route del ${SERVER_NET} via ${CLIENT_TUN_IP}
ip link set ${CLIENT_TUNNEL} down
iptables -t nat -D POSTROUTING -s ${SERVER_TUN_IP}/32 -o ${CLIENT_ETHERNET} -j MASQUERADE
iptables -D FORWARD -p tcp --syn -s ${SERVER_TUN_IP}/32 -j TCPMSS --set-mss 1356
iptables -t nat -D POSTROUTING -s ${CLIENT_NET} -o ${CLIENT_TUNNEL} -j MASQUERADE
CLIENT_SSH_PID=`ps -ef | grep 'ssh -NTCf -o' | grep -v grep | head -n1 | awk '{print $2}'`
if [ -n "${CLIENT_SSH_PID}" ]; then kill -9 ${CLIENT_SSH_PID}; fi
if [ -n "`pidof ping`" ]; then pidof ping | xargs kill -9; fi
} > /dev/null 2>&1
usage()
{
echo "usage:"
echo " $0 -start"
echo " $0 -stop"
echo ""
echo "for ssh:"
echo " nohup $0 -start > /dev/null 2>&1"
}
case $1 in
"--start" | "-start")
stop
start
;;
"--stop" | "-stop")
stop-srv
stop
echo "local stop."
;;
*)
usage
;;
esac