Created
April 5, 2022 09:31
-
-
Save knrt10/ce657d7a9cf54c29ae5cf2d8578bb323 to your computer and use it in GitHub Desktop.
gateway-prep.sh for mac
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -eu | |
| conf_zip="" | |
| if [ -f kv0.zip ] ; then | |
| conf_zip="kv0.zip" | |
| fi | |
| if [ -f kv1.zip ] ; then | |
| conf_zip="kv1.zip" | |
| fi | |
| if [ $# -gt 0 ] ; then | |
| conf_zip="$1" | |
| fi | |
| if [ -z "${conf_zip}" ] ; then | |
| echo "[error] download the vpn client config zip archive first" | |
| exit 1 | |
| fi | |
| conf_zip="$(realpath ${conf_zip})" | |
| dir="$(basename ${conf_zip} .zip)" | |
| echo "working with: $conf_zip" | |
| if [ ! -d "${dir}" ] ; then | |
| mkdir -vp "${dir}" | |
| cd "${dir}" | |
| unzip "${conf_zip}" ||: | |
| else | |
| cd "${dir}" | |
| fi | |
| if [ ! -f "gen-client-cert.sh" ] ; then | |
| curl -OsSL https://gist.githubusercontent.com/vbatts/7d9e514f60e669e74dba73220291c1af/raw/gen-client-cert.sh | |
| fi | |
| echo "\n" | |
| cert_dir="$HOME/.cert/azure-gateway-${dir}" | |
| mkdir -p "${cert_dir}" | |
| umask 077 | |
| if [ ! -f temp/clientCert.pem ] && [ ! -f "${cert_dir}/rootCert.pem" ] ; then | |
| bash gen-client-cert.sh | |
| fi | |
| if [ ! -f "${cert_dir}/VpnServerRoot.cer" ] ; then | |
| cat Generic/VpnServerRoot.cer > "${cert_dir}/VpnServerRoot.cer" | |
| fi | |
| if [ ! -f "${cert_dir}/clientCert.pem" ] ; then | |
| cat temp/clientCert.pem > "${cert_dir}/clientCert.pem" | |
| fi | |
| if [ ! -f "${cert_dir}/clientKey.pem" ] ; then | |
| cat temp/clientKey.pem > "${cert_dir}/clientKey.pem" | |
| fi | |
| if [ ! -f "${cert_dir}/rootCert.pem" ] ; then | |
| cat temp/rootCert.pem > "${cert_dir}/rootCert.pem" | |
| fi | |
| echo "your root certificate data: " | |
| openssl x509 -in "${cert_dir}/rootCert.pem" -outform der | base64 -b0 ; echo | |
| echo "\n" | |
| gw_addr="$(grep VpnServer Generic/VpnSettings.xml | sed -e 's|^.*>\(.*\)<.*$|\1|')" | |
| ## print out IKE details | |
| echo "once you've installed the IPsec/IKEv2 (Strongswan) packages ..." | |
| echo " (apt install strongswan strongswan-pki libstrongswan-extra-plugins curl libxml2-utils cifs-utils unzip network-manager-strongswan)" | |
| echo "use network-manager to + configure a new 'IPsec/IKEv2 (Strongswan)' VPN connection" | |
| echo "Name: Azure ${dir} (IKEv2)" | |
| echo "Address: ${gw_addr}" | |
| echo "Gateway Certificate: $(realpath ${cert_dir}/VpnServerRoot.cer)" | |
| echo "Client Certificate: $(realpath ${cert_dir}/clientCert.pem)" | |
| echo "Client Key: $(realpath ${cert_dir}/clientKey.pem)" | |
| echo "[x] Request an inner IP address" | |
| echo "[x] Enable custom proposals" | |
| echo "IKE: aes256gcm16-sha384-ecp384" | |
| echo "ESP: aes256gcm16-aes256gmac" | |
| echo ".. lastly, from the 'IPv4' tab, select [x] Use this connection only for resources on its network" | |
| echo "\n" | |
| # insert the generated client cert/key into the downloaded config | |
| sed -i '/\$CLIENTCERTIFICATE/{ | |
| r temp/clientCert.pem | |
| d | |
| } | |
| /\$PRIVATEKEY/{ | |
| r temp/clientKey.pem | |
| d | |
| }' ./OpenVPN/vpnconfig.ovpn | |
| ## print out OpenVPN details | |
| echo "once you've installed the OpenVPN packages ..." | |
| echo " (apt install network-manager-openvpn)" | |
| echo "use network-manager to + 'Import from file...'" | |
| echo "file: $(realpath OpenVPN/vpnconfig.ovpn)" | |
| echo "Name: Azure ${dir} (OpenVPN)" | |
| echo ".. lastly, from the 'IPv4' tab, select [x] Use this connection only for resources on its network" | |
| echo "\n" | |
| echo "about to open network setting for you ..." | |
| sleep 2 | |
| if [ "$(command -v gnome-control-center)" != "" ] ; then | |
| gnome-control-center network ||: | |
| fi | |
| # vim:set sts=2 sw=2 et: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment