Created
January 17, 2015 02:52
-
-
Save chriskuehl/a52986e115cb86037833 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -e | |
| if [ "$EUID" -ne 0 ]; then | |
| echo "You are not root." >&2 | |
| exit 1 | |
| fi | |
| remote_ip="169.229.10.47" # vpn.ocf.berkley.edu | |
| port="1194" | |
| proto="udp" | |
| gateway=$(/sbin/ip -4 route list default | head -n1 | cut -d' ' -f3) | |
| route="$remote_ip via $gateway" | |
| echo "Need to add a special route for $remote_ip:" | |
| echo -e "\t$route" | |
| ip route del "$remote_ip" > /dev/null 2>&1 || true # remove if exists | |
| ip route add $route | |
| echo "Added route." | |
| # openvpn calls the "up" script with a bunch of extra arguments; | |
| # we only need the first, but can't disable this behavior, so we make a new | |
| # temporary binary to do it for us | |
| tmp=$(mktemp) | |
| cat > "$tmp" <<EOF | |
| #!/bin/sh -e | |
| /sbin/dhclient "\$1" & | |
| EOF | |
| chmod +x "$tmp" # this might fail if /tmp is noexec... meh | |
| # start the vpn (in foreground) | |
| echo "Starting openvpn..." | |
| openvpn --remote "$remote_ip" "$port" "$proto" --comp-lzo --dev tap \ | |
| --auth-user-pass --ca vpn.crt --client \ | |
| --script-security 2 --up "$tmp" --route-noexec | |
| echo "Cleaning up..." | |
| rm "$tmp" | |
| /sbin/dhclient -r tap0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment