|
(view
this code in a separate window)
#!/bin/sh
#
# Copyright 2001, Bri Hatch
#
# This script is meant to be called on the local host by ssh which
# is called by pppd's pty argument, or as an init.d-style start/stop
# script.
#
# For more information and setup instructions, snag a copy of
# Building Linux VPNs, New Riders, ISBN 1-57870-266-6, by
# Oleg Kolesnikov and Bri Hatch.
#
# Released under the GPL.
# Change me to the appropriate location of
# your SSH VPN installation directory
SSH_VPN_DIR=/opt/ssh-vpn
# No changes should be necessary from here down.
vpn_config () {
vpn_network=$1
# Grab global variables
. $SSH_VPN_DIR/etc/ssh-vpn.conf || exit 0
# Grab vpn-specific variables
VPN_CONFIG=$SSH_VPN_DIR/etc/$vpn_network
. $VPN_CONFIG || exit 0
if [ "$client_debug" = "yes" ] ; then
set -x
client_pppd_args="$client_pppd_args debug"
fi
}
run_as_sshvpn () {
whoami=`$WHOAMI`
pwd=`pwd`
case "$whoami" in
root) exec $SU - $SSH_VPN_USER "-ccd $pwd;$0 $*";
exit 0; ;;
$SSH_VPN_USER) ;;
*) echo "$0 Must be run as $SSH_VPN_USER" >&2;
exit 1; ;;
esac
}
# Determine how we should behave:
if [ ! -z "$LINKNAME" ] ; then
# We were called as the ip-up script from pppd
vpn_config $LINKNAME
# Configure our new route
# sudo not needed -- we were run from pppd as root
# $IPREMOTE is set by pppd for us
[ "$server_network" ] && $ROUTE add -net $server_network gw $IPREMOTE
exit 0;
elif [ "$1" = "stop" ] ; then
# We were invoked init.d style, as one of the following:
# /etc/init.d/vpn-client stop vpn1
# /etc/init.d/vpn1 stop
# /etc/rcX.d/S##vpnname stop
[ "$2" ] && vpn_config "$2" \
|| vpn_config `basename $0 | sed -e 's/^[SK][0-9][0-9]//'`
# Kill off the pppd and stunnel processes
kill `head -1 $PIDDIR/ppp-$vpn_network.pid` 2>/dev/null
exit 0;
elif [ "$1" = "start" ] ; then
# started init.d style, similar to above.
[ "$2" ] && vpn_config "$2" \
|| vpn_config `basename $0 | sed -e 's/^[SK][0-9][0-9]//'`
run_as_sshvpn "$@" # Make sure we're not root, etc.
# Fall through to actual startup stuff.
elif [ $# -eq 1 ] ; then
vpn_config $1
run_as_sshvpn "$@" # Make sure we're not root, etc.
# Fall through to actual startup stuff.
else
echo "Usage: $0 destination start|stop" >&2
echo "Usage: $0 start|stop" >&2
echo "Usage: (if $0 is a vpn name)" >&2
exit 1
fi
# Universal ssh arguments
# (yes, that's two '-t' entries here)
SSH_ARGS="-oBatchMode=yes -enone -t -t"
# Universal pppd arguments
PPPD_ARGS="updetach lock connect-delay 10000 name $vpn_network-client \
user $vpn_network-client linkname $vpn_network \
remotename $vpn_network-server $client_pppd_args pty"
# Munge PPPD_ARGS for desired auth level
if [ "$client_require_pap" = "yes" ] ; then
PPPD_ARGS="require-pap $PPPD_ARGS"
elif [ "$client_require_chap" = "yes" ] ; then
PPPD_ARGS="require-chap $PPPD_ARGS"
else
PPPD_ARGS="noauth $PPPD_ARGS"
fi
# Start our pppd/ssh processes
$SUDO $PPPD $PPPD_ARGS \
"$SUDO -u $SSH_VPN_USER $SSH $SSH_ARGS $client_ssh_args $vpn_network"
|
