#!/bin/bash #Copyright 1999-2002, William Stearns. #Released under the GPL. #sudo needed for dd, arp, ip, insmod export PATH="/sbin:/usr/sbin:/bin:/usr/bin" fail () { logger -s -t server_tunnel "$*, exiting." exit 1 } Action='start' unset TunnelName ClientTransientIPs while [ -n "$1" ]; do case "$1" in [Ss][Tt][Aa][Rr][Tt]) Action='start' ;; [Rr][Ee][Ss][Tt][Aa][Rr][Tt]) Action='restart' ;; [Ss][Tt][Oo][Pp]) Action='stop' ;; -n) if [ -n "$2" ]; then TunnelName="$2" shift else fail "Missing -n TunnelName parameter" fi ;; [0-9]*) ClientTransientIPs="${ClientTransientIPs} $1" ;; *) fail "Unknown parameter \"$1\"" ;; esac shift done if [ -z "$TunnelName" ]; then fail 'Missing TunnelName' fi unset TunnelServerIP ClientPermanentIP ClientCandidateIFs if [ -r /etc/tunnel.conf ]; then . /etc/tunnel.conf "$TunnelName" else fail 'Missing or unreadable /etc/tunnel.conf' fi if [ -z "$TunnelServerIP" ] || [ -z "$ClientPermanentIP" ] || [ -z "$ClientCandidateIFs" ]; then fail "Missing configuration TunnelServerIP, ClientPermanentIP, and/or ClientCandidateIFs information for Tunnel $TunnelName" fi if [ -z "$ClientTransientIPs" ]; then logger -s -t server_tunnel 'No transient IPs specified, forcing a stop.' Action='stop' fi logger -s -t server_tunnel "Attempting to $Action tunnel Client perm $ClientPermanentIP ($TunnelName) via ips $ClientTransientIPs at Server $TunnelServerIP." case "$Action" in start) echo 1 | sudo dd of=/proc/sys/net/ipv4/ip_forward 2>/dev/null #sudo friendly version of: echo 1 >/proc/sys/net/ipv4/ip_forward sudo arp $ClientPermanentIP -Ds eth0 pub #FIXME - hardcoded eth0 on server sudo insmod ip_gre >/dev/null 2>/dev/null TunnelServerGw=`route -n | grep '^0\.0\.0\.0\W' | awk '{print $2}' | grep -v '0\.0\.0\.0' | tail -1` IFNumber=1 TunnelClientRouteCommand="sudo ip route add \"$ClientPermanentIP/32\" equalize " for OneIP in $ClientTransientIPs ; do sudo ip tunnel add "$TunnelName$IFNumber" mode gre remote "$OneIP" local "$TunnelServerIP" ttl 255 sudo ip link set "$TunnelName$IFNumber" up sudo ip addr add "$TunnelServerIP" dev "$TunnelName$IFNumber" TunnelClientRouteCommand="${TunnelClientRouteCommand} nexthop dev \"$TunnelName$IFNumber\"" #via \"$TunnelServerGw\" needed? IFNumber=$[ $IFNumber + 1 ] done eval "$TunnelClientRouteCommand" ;; stop) for OneIF in `ifconfig | grep '^'"$TunnelName" | awk '{print $1}'` ; do sudo ip link set "$OneIF" down #Kills all routes sudo ip tunnel del "$OneIF" done sudo arp -i eth0 -d "$ClientPermanentIP" pub ;; restart) $0 stop -n "$TunnelName" $0 start -n "$TunnelName" $ClientTransientIPs ;; *) logger -s -t server_tunnel "Use \"$0 start\" or \"$0 stop\"." ;; esac #Graveyard: #MODULE="ipip" ; TDEV="tunl0" #MODULE="ip_gre" ; TDEV="gre0" #Start # if [ -z "$CLIENTDIALIP" ]; then # echo "Please run with CLIENTDIALIP set, exiting." #>>/dev/stderr # exit 1 # fi # ifconfig lo:126 down #Make sure you no longer have ClientPermanentIP live as a loopback alias. # echo $CLIENTDIALIP >>/root/bin/CLIENTIPS # sudo insmod "$MODULE" >/dev/null 2>/dev/null # sudo ifconfig "$TDEV" "$TunnelServerIP" pointopoint "$ClientPermanentIP" netmask 255.255.255.255 up # # sudo route del -host "$ClientPermanentIP" # sudo route add -host "$CLIENTDIALIP" "$TDEV" # sudo route add -host "$ClientPermanentIP" gw "$CLIENTDIALIP" "$TDEV" # sudo route del -host "$CLIENTDIALIP" "$TDEV" # # sudo route add -host "$CLIENTDIALIP" gw "$TunnelServerGw" dev eth0 #Stop # for AHOST in `cat /root/bin/CLIENTIPS` ; do # sudo route del -host "$AHOST" eth0 # done # rm -f /root/bin/CLIENTIPS # # #sudo route del -host "$ClientPermanentIP" gw "$CLIENTDIALIP" "$TDEV" # sudo route del -host "$ClientPermanentIP" "$TDEV" # # sudo ifconfig "$TDEV" down # #sudo rmmod "$MODULE" #ip notes #ip tunnel add netb mode gre remote 172.19.20.21 local 172.16.17.18 ttl 255 #ip link set netb up #ip addr add 10.0.1.1 dev netb #ip route add 10.0.2.0/24 dev netb