Last active
July 12, 2018 12:54
-
-
Save alext/e78d60976c52b67541d2781d2735755b to your computer and use it in GitHub Desktop.
vpnc script to route all AWS IP ranges over VPN.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # vpnc-script wrapper for use with openconnect that routes all AWS IP ranges over the VPN. | |
| # Pass any additional IP ranges to be routed as args to the script. | |
| # | |
| # Requirements: bash, curl and jq. | |
| # | |
| # Example usage: | |
| # openconnect https://vpn.example.com/profile --script '/path/to/vpnc-script-aws' | |
| # | |
| # Example with additional IP added | |
| # openconnect https://vpn.example.com/profile --script '/path/to/vpnc-script-aws 192.0.2.110/32' | |
| set -euo pipefail | |
| IPRANGES_URL=https://ip-ranges.amazonaws.com/ip-ranges.json | |
| MASK_0=0.0.0.0 | |
| MASK_1=128.0.0.0 | |
| MASK_2=192.0.0.0 | |
| MASK_3=224.0.0.0 | |
| MASK_4=240.0.0.0 | |
| MASK_5=248.0.0.0 | |
| MASK_6=252.0.0.0 | |
| MASK_7=254.0.0.0 | |
| MASK_8=255.0.0.0 | |
| MASK_9=255.128.0.0 | |
| MASK_10=255.192.0.0 | |
| MASK_11=255.224.0.0 | |
| MASK_12=255.240.0.0 | |
| MASK_13=255.248.0.0 | |
| MASK_14=255.252.0.0 | |
| MASK_15=255.254.0.0 | |
| MASK_16=255.255.0.0 | |
| MASK_17=255.255.128.0 | |
| MASK_18=255.255.192.0 | |
| MASK_19=255.255.224.0 | |
| MASK_20=255.255.240.0 | |
| MASK_21=255.255.248.0 | |
| MASK_22=255.255.252.0 | |
| MASK_23=255.255.254.0 | |
| MASK_24=255.255.255.0 | |
| MASK_25=255.255.255.128 | |
| MASK_26=255.255.255.192 | |
| MASK_27=255.255.255.224 | |
| MASK_28=255.255.255.240 | |
| MASK_29=255.255.255.248 | |
| MASK_30=255.255.255.252 | |
| MASK_31=255.255.255.254 | |
| MASK_32=255.255.255.255 | |
| export CISCO_SPLIT_INC=0 | |
| add_range () | |
| { | |
| local range=$1 | |
| export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=${range%/*} | |
| export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=${range#*/} | |
| local mask_var="MASK_${range#*/}" | |
| export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=${!mask_var} | |
| export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1)) | |
| } | |
| if [ "${reason}" = "connect" ]; then | |
| for range in $(curl -L -s -S -f "${IPRANGES_URL}" | jq -r '[.prefixes[].ip_prefix] | unique[]'); do | |
| add_range $range | |
| done | |
| while [ -n "${1-}" ]; do | |
| add_range $1 | |
| shift | |
| done | |
| fi | |
| unset INTERNAL_IP4_DNS | |
| unset CISCO_DEF_DOMAIN | |
| set +eu | |
| SCRIPT_LOCATIONS=" | |
| /etc/vpnc/vpnc-script | |
| /usr/share/vpnc-scripts/vpnc-script | |
| /usr/local/etc/vpnc-script | |
| /opt/boxen/homebrew/etc/vpnc-script | |
| " | |
| for script in $SCRIPT_LOCATIONS; do | |
| if [ -f "${script}" ]; then | |
| . "${script}" | |
| exit 0 | |
| fi | |
| done | |
| echo "$0: Cannot locate vpnc-script" | |
| exit 1 |
I fixed some errors for duplicate routes
I've incorporated those changes now, thanks.
Updated to remove the MASK_{0..32} declarations. Untested :-) https://gist.github.com/jpluscplusm/f9599d71e408afba6bbadd1e9453665b
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I fixed some errors for duplicate routes: https://gist.github.com/dcarley/dd9e474f67be9f639a4c73537b4655dd/revisions#diff-c42a7da75c64aff62f25bdcf786f5a4d
But you can't submit pull requests or view commit messages for gists 🐼