|
(view
this code in a separate window)
#!/bin/sh
#
# Copyright 2001, Bri Hatch
#
# This script is meant to be called on the VPN server by the
# 'command=' option in authorized_keys files, or as an init.d-style
# start/stop script.
#
# For more usage and setup instructions, snag a copy of
# Building Linux VPNs, New Riders, ISBN 1-57870-266-6, by
# Oleg Kolesnikov and Bri Hatch.
#
# Released under the GPL.
# Change me to the appropriate location of
# your SSH VPN installation directory
SSH_VPN_DIR=/opt/ssh-vpn
# No changes should be necessary from here down.
vpn_config () {
# Configure our VPN variables
vpn_network=$1
# Grab global variables
. $SSH_VPN_DIR/etc/ssh-vpn.conf
# Grab vpn-specific variables
VPN_CONFIG=$SSH_VPN_DIR/etc/$vpn_network
. $VPN_CONFIG || exit 0 # Make sure we're configured. It could
# be we were called from an ip-up
# script when a different VPN was
# created. If so, simply exit.
if [ "$server_debug" = "yes" ] ; then
set -x
server_pppd_args="$server_pppd_args debug"
fi
}
run_as_sshvpn () {
whoami=`$WHOAMI`
pwd=`pwd`
case "$whoami" in
root) exec $SU - $SSH_VPN_USER "-ccd $pwd;$0 $*";
exit 0; ;;
$SSH_VPN_USER) ;;
*) echo "$0 Must be run as $SSH_VPN_USER" >&2;
exit 1; ;;
esac
}
if [ "$LINKNAME" ] ; then
# We were called as the ip-up script from pppd
vpn_config $LINKNAME
# Configure our new route
# sudo not needed -- we were run from pppd as root
# IPREMOTE set by pppd for us
[ "$client_network" ] && $ROUTE add -net $client_network gw $IPREMOTE
exit 0
elif [ "$1" = "pppd" ] ; then
# We were called from the authorized_keys{2} file
# ala 'vpn-server pppd vpn1' as SSH_VPN_USER
vpn_config $2
# Universal pppd arguments
PPPD_ARGS="updetach linkname $vpn_network \
remotename $vpn_network-client user $vpn_network-server \
name $vpn_network-server $server_pppd_args"
if [ "$server_require_pap" = "yes" ] ; then
PPPD_ARGS="require-pap $PPPD_ARGS"
elif [ "$server_require_chap" = "yes" ] ; then
PPPD_ARGS="require-chap $PPPD_ARGS"
else
PPPD_ARGS="noauth $PPPD_ARGS"
fi
# Launch pppd
$SUDO $PPPD $PPPD_ARGS $server_ppp_ip:$client_ppp_ip
elif [ "$1" = "stop" ] ; then
# We were invoked init.d style
[ "$2" ] && vpn_config "$2" \
|| vpn_config `basename $0 | sed -e 's/^[SK][0-9][0-9]//'`
# Kill off the pppd process
kill `head -1 $PIDDIR/ppp-$vpn_network.pid` 2>/dev/null
exit 0;
elif [ "$1" = "start" ] ; then
# We were invoked init.d style
echo "You can't start an SSH-VPN connection from the server." >&2
exit 1;
else
echo "Usage: $0 stop" >&2
echo "" >&2
echo "This program is meant to be called by sshd or to stop " >&2
echo "an existing VPN. It cannot be called manually." >&2
exit 1
fi
|
