mrngm · April 26, 2019 13:01
diff --git a/README.md b/README.md
diff --git a/ccd_slash_vpn1 b/ccd_slash_vpn1
 ifconfig-push 10.88.88.10 10.88.88.9
 iroute 10.0.10.0 255.255.255.0
diff --git a/ccd_slash_vpn2 b/ccd_slash_vpn2
 ifconfig-push 10.88.88.22 10.88.88.21
 iroute 10.0.10.0 255.255.255.0
diff --git a/ccd_slash_vpn3 b/ccd_slash_vpn3
 ifconfig-push 10.88.88.30 10.88.88.29
 iroute 10.0.10.0 255.255.255.0
diff --git a/init-client-vpns.sh b/init-client-vpns.sh
 #!/bin/sh
 set -e

 DIRECTORY="/root/vpn/"
 IP=/sbin/ip

 REMOTE=198.18.0.1

 TUNBIND[0]=192.168.0.1
 TUNBIND[1]=192.168.1.1
 TUNBIND[2]=192.168.2.1

 case "$1" in

 start)
 	if [[ "$2" == "tunnel" && "$3" != "" ]]; then
 		if [ ! -e $DIRECTORY/vpn$3/conf/vpn$3.conf ]; then
 			echo "Tunnelconfig for vpn$3 doesn't exist. Exiting"
 			exit 1
 		fi
 		cd $DIRECTORY/vpn$3/conf/
 		echo -n "Starting VPN $3... "
 		# Path
 		openvpn --config vpn$3.conf > /dev/null 2>&1 & echo $! > /var/run/vpn$3.pid
 		echo "started."
 	else
 		for i in {1,2,3}; do
 			$0 start tunnel $i
 		done;
 	
 		if [[ "$2" == "default" ]]; then
 			echo -n "Setting up default route, waiting 5 seconds for tunnels"
 			for i in {1,2,3,4,5}; do echo -n "."; sleep 1; done;
 			IPROUTECMD="ip route add default"
 			for i in {0,1,2}; do 
 				ADDR=`ip r | grep tun${i} | grep src | cut -d ' ' -f 1`
 				IPROUTECMD="${IPROUTECMD} nexthop via $ADDR dev tun${i} weight 1"
 			done;
 			ip r d 10.88.88.1
 			echo ""
 			echo "Saving old default route"
 			ip r | grep default > /tmp/vpn-serv-default-route
 			GATEWAY=`cat /tmp/vpn-serv-default-route | cut -d ' ' -f 3`
 			echo $GATEWAY
 			ip r d default
 			for i in {0,1,2}; do
 				echo "ip r a ${REMOTE} via ${TUNBIND[$i]}"
 			done;
 			ip r a ${REMOTE} via ${GATEWAY}
 			$IPROUTECMD
 		fi
 	fi
 ;;

 stop)
 	if [[ "$2" == "tunnel" && $3 != "" ]]; then
 		if [ ! -e $DIRECTORY/vpn$3/conf/vpn$3.conf ]; then
 			echo "Tunnelconfig for vpn$3 doesn't exist. Exiting"
 			exit 1
 		fi
 		cd $DIRECTORY/vpn$3/conf/
 		PID=`cat /var/run/vpn$3.pid`
 		if [ -e /proc/${PID} -a /proc/${PID}/exe ]; then
 			echo -n "Stopping VPN $3... "
 			kill ${PID}
 			echo "stopped."
 			rm /var/run/vpn$3.pid
 		fi
 		# het maakt niet uit dat er 1 iface wegvalt uit een default route, die wordt dan als "dead" gemarkeerd
 	else
 		for i in {1,2,3}; do
 			$0 stop tunnel $i
 		done
 		if [[ -e /tmp/vpn-serv-default-route ]]; then
 			echo "Restoring default route"
 			ip r d ${REMOTE}
 			# insert security risk here 
 			ip r a `cat /tmp/vpn-serv-default-route`
 			rm /tmp/vpn-serv-default-route
 		fi
 	fi

 ;;

 restart)
 	if [[ $2 == "tunnel" && $3 != "" ]]; then
 		$0 stop tunnel $3
 		$0 start tunnel $3
 	else
 		$0 stop
 		$0 start
 	fi
 ;;

 status)
 	echo "Here comes status info"
 ;;
 *)
 	echo "USAGE: vpn.sh (start [default] |stop|restart [ tunnel ID ]|status)"
 	exit 1
 ;;

 esac

 exit 0
diff --git a/vpn-serv.conf b/vpn-serv.conf
 port 1194
 proto tcp
 dev tun

 ca ca.crt
 cert vpn-serv.crt
 key vpn-serv.key
 dh dh1024p.pem
 server 10.88.88.0 255.255.255.0
 ifconfig-pool-persist ipp.txt
 management localhost 7123
 keepalive 10 120
 cipher BF-CBC
 comp-lzo
 user nobody
 group nobody
 persist-key
 persist-tun
 status openvpn-status.log
 client-config-dir ccd/
 route 10.0.10.0 255.255.255.0
 log-append  openvpn.log
 verb 3
 mute 20
diff --git a/vpn1.conf b/vpn1.conf
 client
 dev tun0
 proto tcp
 remote 198.18.0.1 1194
 resolv-retry infinite
 bind
 local 192.168.0.1
 user nobody
 group nobody
 persist-key
 persist-tun
 ca ca.crt
 cert vpn1.crt
 key vpn1.key
 ns-cert-type server
 cipher BF-CBC
 comp-lzo
 verb 3
diff --git a/vpn2.conf b/vpn2.conf
 client
 dev tun1
 proto tcp
 remote 198.18.0.1 1194
 resolv-retry infinite
 bind
 local 192.168.1.1
 user nobody
 group nobody
 persist-key
 persist-tun
 ca ca.crt
 cert vpn2.crt
 key vpn2.key
 ns-cert-type server
 cipher BF-CBC
 comp-lzo
 verb 3
diff --git a/vpn3.conf b/vpn3.conf
 client
 dev tun2
 proto tcp
 remote 198.18.0.1 1194
 resolv-retry infinite
 bind
 local 192.168.2.1
 user nobody
 group nobody
 persist-key
 persist-tun
 ca ca.crt
 cert vpn3.crt
 key vpn3.key
 ns-cert-type server
 cipher BF-CBC
 comp-lzo
 verb 3
	ifconfig-push 10.88.88.10 10.88.88.9
	iroute 10.0.10.0 255.255.255.0
	ifconfig-push 10.88.88.22 10.88.88.21
	iroute 10.0.10.0 255.255.255.0
	ifconfig-push 10.88.88.30 10.88.88.29
	iroute 10.0.10.0 255.255.255.0
	#!/bin/sh
	set -e

	DIRECTORY="/root/vpn/"
	IP=/sbin/ip

	REMOTE=198.18.0.1

	TUNBIND[0]=192.168.0.1
	TUNBIND[1]=192.168.1.1
	TUNBIND[2]=192.168.2.1

	case "$1" in

	start)
	if [[ "$2" == "tunnel" && "$3" != "" ]]; then
	if [ ! -e $DIRECTORY/vpn$3/conf/vpn$3.conf ]; then
	echo "Tunnelconfig for vpn$3 doesn't exist. Exiting"
	exit 1
	fi
	cd $DIRECTORY/vpn$3/conf/
	echo -n "Starting VPN $3... "
	# Path
	openvpn --config vpn$3.conf > /dev/null 2>&1 & echo $! > /var/run/vpn$3.pid
	echo "started."
	else
	for i in {1,2,3}; do
	$0 start tunnel $i
	done;

	if [[ "$2" == "default" ]]; then
	echo -n "Setting up default route, waiting 5 seconds for tunnels"
	for i in {1,2,3,4,5}; do echo -n "."; sleep 1; done;
	IPROUTECMD="ip route add default"
	for i in {0,1,2}; do
	ADDR=`ip r \| grep tun${i} \| grep src \| cut -d ' ' -f 1`
	IPROUTECMD="${IPROUTECMD} nexthop via $ADDR dev tun${i} weight 1"
	done;
	ip r d 10.88.88.1
	echo ""
	echo "Saving old default route"
	ip r \| grep default > /tmp/vpn-serv-default-route
	GATEWAY=`cat /tmp/vpn-serv-default-route \| cut -d ' ' -f 3`
	echo $GATEWAY
	ip r d default
	for i in {0,1,2}; do
	echo "ip r a ${REMOTE} via ${TUNBIND[$i]}"
	done;
	ip r a ${REMOTE} via ${GATEWAY}
	$IPROUTECMD
	fi
	fi
	;;

	stop)
	if [[ "$2" == "tunnel" && $3 != "" ]]; then
	if [ ! -e $DIRECTORY/vpn$3/conf/vpn$3.conf ]; then
	echo "Tunnelconfig for vpn$3 doesn't exist. Exiting"
	exit 1
	fi
	cd $DIRECTORY/vpn$3/conf/
	PID=`cat /var/run/vpn$3.pid`
	if [ -e /proc/${PID} -a /proc/${PID}/exe ]; then
	echo -n "Stopping VPN $3... "
	kill ${PID}
	echo "stopped."
	rm /var/run/vpn$3.pid
	fi
	# het maakt niet uit dat er 1 iface wegvalt uit een default route, die wordt dan als "dead" gemarkeerd
	else
	for i in {1,2,3}; do
	$0 stop tunnel $i
	done
	if [[ -e /tmp/vpn-serv-default-route ]]; then
	echo "Restoring default route"
	ip r d ${REMOTE}
	# insert security risk here
	ip r a `cat /tmp/vpn-serv-default-route`
	rm /tmp/vpn-serv-default-route
	fi
	fi

	;;

	restart)
	if [[ $2 == "tunnel" && $3 != "" ]]; then
	$0 stop tunnel $3
	$0 start tunnel $3
	else
	$0 stop
	$0 start
	fi
	;;

	status)
	echo "Here comes status info"
	;;
	*)
	echo "USAGE: vpn.sh (start [default] \|stop\|restart [ tunnel ID ]\|status)"
	exit 1
	;;

	esac

	exit 0
	port 1194
	proto tcp
	dev tun

	ca ca.crt
	cert vpn-serv.crt
	key vpn-serv.key
	dh dh1024p.pem
	server 10.88.88.0 255.255.255.0
	ifconfig-pool-persist ipp.txt
	management localhost 7123
	keepalive 10 120
	cipher BF-CBC
	comp-lzo
	user nobody
	group nobody
	persist-key
	persist-tun
	status openvpn-status.log
	client-config-dir ccd/
	route 10.0.10.0 255.255.255.0
	log-append openvpn.log
	verb 3
	mute 20
	client
	dev tun0
	proto tcp
	remote 198.18.0.1 1194
	resolv-retry infinite
	bind
	local 192.168.0.1
	user nobody
	group nobody
	persist-key
	persist-tun
	ca ca.crt
	cert vpn1.crt
	key vpn1.key
	ns-cert-type server
	cipher BF-CBC
	comp-lzo
	verb 3
	client
	dev tun1
	proto tcp
	remote 198.18.0.1 1194
	resolv-retry infinite
	bind
	local 192.168.1.1
	user nobody
	group nobody
	persist-key
	persist-tun
	ca ca.crt
	cert vpn2.crt
	key vpn2.key
	ns-cert-type server
	cipher BF-CBC
	comp-lzo
	verb 3
	client
	dev tun2
	proto tcp
	remote 198.18.0.1 1194
	resolv-retry infinite
	bind
	local 192.168.2.1
	user nobody
	group nobody
	persist-key
	persist-tun
	ca ca.crt
	cert vpn3.crt
	key vpn3.key
	ns-cert-type server
	cipher BF-CBC
	comp-lzo
	verb 3