#!/bin/bash # sshpppvpn.sh # This script initiates a ppp-ssh vpn connection. # see the VPN PPP-SSH HOWTO on http://www.linuxdoc.org for more information. # revision history: # 1.6 11-Nov-1996 miquels@cistron.nl 1.7 20-Dec-1999 bart@jukie.net 2.0 16-May-2001 bronson@trestle.com # 3.0 now deep-tunneling to your own Mac where you are Admin 13-Oct-2004 prikkertje@xs4all.nl # first pierce the firewall: ssh -L 2222:workmac.intra:22 $USER@fw.work.com # The username on the VPN server that will run the tunnel. # For security reasons, this should NOT be root, but a sudo # authorized, add these lines to sudoers with: sudo visudo # and add the user to the vpn group # Cmnd_Alias VPN=/usr/sbin/pppd,/sbin/route # %vpn ALL=(ALL) NOPASSWD: VPN SERVER_USERNAME=$USER # The remote network that the server is your router for # this is an argument for # route add -net $REMOTE_NET $SERVER_IFIPADDR # 128.32 is interpreted as 128.32.0.0 REMOTE_NET=192.168 # The VPN network interface on the server should use this address: SERVER_IFIPADDR=10.9.8.6 # ...and on the client, this address: CLIENT_IFIPADDR=10.9.8.7 ##### The rest of this file should not need to be changed. ##### # The host name or IP address of the SSH server that we are # sending the connection request to is tunneled SERVER_HOSTNAME=localhost LOCAL_SSH_OPTS="-p 2222" PATH=/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/bin/X11/: PPPD=/usr/sbin/pppd SSH=/usr/bin/ssh if ! test -x $PPPD ; then echo "can't find $PPPD"; exit 3; fi if ! test -x $SSH ; then echo "can't find $SSH"; exit 4; fi case "$1" in start) ${PPPD} nodetach noauth passive pty "${SSH} ${LOCAL_SSH_OPTS} ${SERVER_HOSTNAME} -l${SERVER_USERNAME} -o Batchmode=yes sudo ${PPPD} nodetach notty noauth" ${CLIENT_IFIPADDR}:${SERVER_IFIPADDR} # /usr/sbin/pppd nodetach noauth passive pty /usr/bin/ssh -p 2222 localhost -l${USER} -o Batchmode=yes sudo /usr/sbin/pppd nodetach notty noauth 10.0.1.3:10.0.1.4 echo "manage your route..." echo "sudo route add -net $REMOTE_NET $SERVER_IFIPADDR" ;; stop) PID=`ps wax|grep pppd|grep -v grep|awk '{print $1;}'` if [ "${PID}" != "" ]; then kill $PID echo "disconnected." else echo "Failed to find PID for the connection" fi ;; *) echo "Usage: $0 {start|stop}" exit 1 ;; esac exit 0