Bug#459937: Example Script
Here is an example script that uses the SSH VPN capability that I use pretty much everyday. It's a little
basic, but it works for me. Please let me know if there is anything else I can provide.
Chris
#!/bin/bash
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
HOST=somehost.someplace.com
REMOTETUNIP="172.31.209.6"
LOCALTUNIP="172.31.209.5"
REMOTENET="10.232.1.0"
REMOTENETMASK="255.255.255.0"
REMOTENETINT=eth1
if [ "$1" != "start" -a "$1" != "stop" ]
then
echo "Syntax: $0 <start> <stop>"
exit 1
fi
if [ "$1" = "start" ]
then
# Find next available local TUN device
TUNNUMBER=0
FINDTUN="false"
while [ "$FINDTUN" = "false" ]
do
ifconfig -a | grep -v tunl | grep tun$TUNNUMBER > /dev/null
if [ "$?" != "1" ]
then
let TUNNUMBER=$TUNNUMBER+1
else
FINDTUN="true"
fi
done
sudo ssh -f -C -w any:any root@$HOST true
ssh root@$HOST "ifconfig tun0 $REMOTETUNIP pointopoint $LOCALTUNIP"
ssh root@$HOST 'echo 1 > /proc/sys/net/ipv4/ip_forward'
ssh root@$HOST "iptables -t nat -A POSTROUTING -o $REMOTENETINT -j MASQUERADE"
sleep 3
sudo ifconfig tun$TUNNUMBER $LOCALTUNIP pointopoint $REMOTETUNIP
sudo route add -net $REMOTENET netmask $REMOTENETMASK gw $LOCALTUNIP tun$TUNNUMBER
echo "Tunnel has been set up"
fi
if [ "$1" = "stop" ]
then
sudo kill `ps ax | grep "any:any root@$HOST true" | grep -v grep | cut -c 1-5` > /dev/null
ssh root@$HOST 'kill `ps ax | grep "sshd: root@notty" | grep -v grep | cut -c 1-5`'
ssh root@$HOST 'ifconfig tun0 down'
fi
Reply to: