You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

76 lines
2.2 KiB

#!/bin/bash
#
# This is a sample script to route all the host traffic towards a remote
# gateway, which is reacheable via the n2n virtual interface.
#
# This assumes the n2n connection is already been established and the
# VPN gateway can be pinged by this host.
#
#######################################################
# CONFIG
#######################################################
# The IP address of the gateway through the n2n interface
N2N_GATEWAY="192.168.100.1"
# The IP address of the supernode as configured in n2n
N2N_SUPERNODE="1.2.3.4"
# The n2n interface name
N2N_INTERFACE="n2n0"
# The DNS server to use. Must be a public DNS or a DNS located on the
# N2N virtual network, otherwise DNS query information will be leaked
# outside the VPN.
DNS_SERVER="8.8.8.8"
#######################################################
# END CONFIG
#######################################################
if [[ $UID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
if ! ip route get $N2N_GATEWAY | grep -q $N2N_INTERFACE ; then
echo "Cannot reach the gateway ($N2N_GATEWAY) via $N2N_INTERFACE. Is edge running?"
exit 1
fi
# Determine the current internet gateway
internet_gateway=`ip route get 8.8.8.8 | head -n1 | awk '{ print $3 }'`
# Backup the DNS resolver configuration and use the specified server
cp /etc/resolv.conf /etc/resolv.conf.my_bak
echo "Using DNS server $DNS_SERVER"
echo "nameserver $DNS_SERVER" > /etc/resolv.conf
# The public IP of the supernode must be reachable via the internet gateway
# Whereas all the other traffic will go through the new VPN gateway.
ip route add $N2N_SUPERNODE via $internet_gateway
ip route del default
echo "Forwarding traffic via $N2N_GATEWAY"
ip route add default via $N2N_GATEWAY
function stopService {
echo "Deleting custom routes"
ip route del default
ip route del $N2N_SUPERNODE via $internet_gateway
echo "Restoring original gateway $internet_gateway"
ip route add default via $internet_gateway
echo "Restoring original DNS"
mv /etc/resolv.conf.my_bak /etc/resolv.conf
exit 0
}
# setup signal handlers
trap "stopService" SIGHUP SIGINT SIGTERM
# enter wait loop
echo "VPN is now up"
while :; do sleep 300; done