Created
June 11, 2018 09:38
-
-
Save aursu/4a5f51321ef2c9fe530214df4d5c213b to your computer and use it in GitHub Desktop.
Run Cisco AnyConnect VPN connection inside network namespace [DRAFT]
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| cookie="$1" | |
| vpnsettings=vpn-login | |
| [ -f "$vpnsettings" ] && . $vpnsettings | |
| # NOTE: works well with virbr0 from libvirtd | |
| if [ ! -e /var/run/netns/vpn0 ]; then | |
| ip netns add vpn0 | |
| fi | |
| ip netns exec vpn0 ip link set dev lo up | |
| if ! ip link show veth0; then | |
| ip link add veth0 type veth peer name veth1 | |
| fi | |
| if ip link show veth1; then | |
| ip link set veth1 netns vpn0 | |
| fi | |
| if [ ! -e /sys/class/net/virbr0/brif/veth0 ]; then | |
| brctl addif virbr0 veth0 | |
| fi | |
| # TODO: additional resource existance check for each command | |
| ip link set veth0 up | |
| ip netns exec vpn0 ip link set dev veth1 name eth0 | |
| ip netns exec vpn0 ip link set eth0 up | |
| ip netns exec vpn0 ip addr add 192.168.122.2/24 dev eth0 | |
| ip netns exec vpn0 ip route add default via 192.168.122.1 | |
| ip netns exec vpn0 iptables -t nat -A POSTROUTING -s 192.168.122.1 -o tun0 -j MASQUERADE | |
| iptables -t nat -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE | |
| ip route add 192.168.13.136 via 192.168.122.2 dev virbr0 | |
| ip route add 192.168.11.178 via 192.168.122.2 dev virbr0 | |
| if [ -n "$cookie" -a -n "$VPNGATEWAY" -a -n "$PUBKEYSHA256" ]; then | |
| ip netns exec vpn0 openconnect --background \ | |
| -v \ | |
| --pid-file=/run/vpn0.pid --servercert "sha256:$PUBKEYSHA256" \ | |
| --no-dtls \ | |
| -C "$cookie" $VPNGATEWAY | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment