mtnmts · June 4, 2016 16:52
diff --git a/readme.md b/readme.md
diff --git a/fabfile.py b/fabfile.py
 from fabric.api import *

 SOFTETHER_SERVER_URL = "http://www.softether-download.com/files/softether/v4.21-9613-beta-2016.04.24-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.21-9613-beta-2016.04.24-linux-x64-64bit.tar.gz"

 PUBLIC_CERT = '~/.ssh/cert/publickey.cer'

 DNSMASQ_FILE = """interface=tap_soft
 bind-interfaces
 dhcp-range=tap_soft,192.168.7.50,192.168.7.60,12h
 dhcp-option=tap_soft,3,192.168.7.1"""

 def install_dependencies():
    run("dnf install -y zlib curl gcc openssl glibc chkconfig binutils ncurses readline wget dnsmasq")

 def dns_and_routing(ip):
    run("echo '{TXT}' >> /etc/dnsmasq.conf".format(TXT=DNSMASQ_FILE))
    run("sysctl -w net.ipv4.ip_forward=1")
    run("sysctl -p /etc/sysctl.conf")
    run("sysctl --system")
    run("service dnsmasq restart")
    run("iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source " + ip)

 def install_softether():
    run("wget -O softether.tar.gz " + SOFTETHER_SERVER_URL)
    run("tar xzvf softether.tar.gz")
    run("mv vpnserver /usr/local")
    with cd("/usr/local/vpnserver"):
        run("bash -c \"yes 1 | make\"")
        run("chmod 600 *")
        run("chmod 700 vpncmd")
        run("chmod 700 vpnserver")

 def softether_cmd(strn, hub=True, locally=False):
    if not locally:
        if hub:
            run("/usr/local/vpnserver/vpncmd 127.0.0.1 /HUB:VPN /SERVER /CMD " + strn)
        else:
            run("/usr/local/vpnserver/vpncmd 127.0.0.1 /SERVER /CMD " + strn)
    elif locally:
        if hub:
            local("/usr/local/vpnclient/vpncmd 127.0.0.1 /HUB:VPN /CLIENT /CMD " + strn)
        else:
            local("/usr/local/vpnclient/vpncmd 127.0.0.1 /CLIENT /CMD " + strn)

 def start_softether():
    put(PUBLIC_CERT, '~/x509_cert')
    run("/usr/local/vpnserver/vpnserver start")
    softether_cmd("Hubcreate VPN /PASSWORD:none", hub=False)
    softether_cmd("UserCreate martin /GROUP:none /REALNAME:none /NOTE:none")
    softether_cmd("IPSecEnable /L2TP:yes /L2TPRAW:no /ETHERIP:yes /PSK:hello /DEFAULTHUB:VPN", hub=False)
    softether_cmd("UserCertSet martin /LOADCERT:~/x509_cert")
    softether_cmd("BridgeCreate VPN /DEVICE:soft /TAP:yes", hub=False)
    softether_cmd("ServerCipherSet DHE-RSA-AES256-SHA", hub=False)

 def local_stuff(connection_name, ip_addr):
    #softether_cmd("NicDelete " + connection_name,False,True)
    softether_cmd("NicCreate " + connection_name,False,True)
    #softether_cmd("AccountDelete " + connection_name,False,True)
    softether_cmd("AccountCreate " + connection_name + " /SERVER:"+ip_addr+":443 /HUB:VPN /USERNAME:martin /NICNAME:" + connection_name,False,True)
    softether_cmd("AccountCertSet " + connection_name + " /LOADCERT:~/.ssh/cert/publickey.cer /LOADKEY:~/.ssh/cert/privatekey.pem",False,True)
    softether_cmd("AccountConnect " + connection_name,False,True)

 def get_ip():
    from StringIO import StringIO
    fh = StringIO()
    run("curl http://ipof.in/txt", stdout=fh)
    fh.seek(0)
    return fh.read().split(' ')[-1].strip()
 
 def deploy(name="default"):
    ip_addr = get_ip()
    install_dependencies()
    install_softether()   
    start_softether()
    dns_and_routing(ip_addr)
    local_stuff(name, ip_addr)
diff --git a/monitorvpn.sh b/monitorvpn.sh
 echo $$ > /var/run/monitorvpn.pid
 chown 755 /var/run/monitorvpn.pid
 VIRT_IFACE="vpn_myadapter"
 while :
 do 
    DEFAULT_ROUTE_COUNT="$(ip route list exact 0.0.0.0/0 | wc -l)"
    CORRECT_ROUTE_COUNT="$(ip route list exact 0.0.0.0/0 | grep $VIRT_IFACE | wc -l)"
    if [ "$DEFAULT_ROUTE_COUNT" != 1 ]
    then
        echo "More/Less default routes than expected" > /var/run/monitorvpn.err
        break;
    fi
    if [ "$CORRECT_ROUTE_COUNT" != 1 ]
    then
        echo "Incorrect route detected" > /var/run/monitorvpn.err
        break;
    fi
    sleep 2;
 done
diff --git a/pip.txt b/pip.txt
 ecdsa==0.13
 Fabric==1.11.1
 paramiko==1.17.0
 pycrypto==2.6.1
 wheel==0.24.0
diff --git a/profile.sh b/profile.sh
 VPN_SERVER_IP="YOUR_SERVER_IP_REPLACEME"
 TUNNEL_GW="192.168.30.1"
 REAL_INTERFACE="REAL_INTERFACE_REPLACEME"
 TUNNEL_INTERFACE="TUNNEL_INTERFACE_REPLACEME"
 DEFAULT_ROUTE="$(ip route list exact 0.0.0.0/0 | grep $REAL_INTERFACE | xargs)"
 GATEWAY="$(echo $DEFAULT_ROUTE | awk '{print $3}')"


 alias vpnstatus="vpncmd  127.0.0.1 /CLIENT /CMD AccountStatusGet vpn"
 alias vpnconnect="sudo bash -c 'ip route add $VPN_SERVER_IP via $GATEWAY dev $REAL_INTERFACE proto static metric 10; sudo killall dhclient; /usr/local/vpnclient/vpnclient start; /usr/local/vpnclient/vpncmd 127.0.0.1 /CLIENT /CMD AccountConnect vpn; ip route del default; dhclient $TUNNEL_INTERFACE; ip route add default via $TUNNEL_GW  dev $TUNNEL_INTERFACE proto static metric 500; /usr/local/bin/vpnmonitor.sh&'"
 alias vpndisconnect="sudo bash -c '/usr/local/vpnclient/vpnclient stop; ifconfig $TUNNEL_INTERFACE down;killall dhclient; ifconfig $REAL_INTERFACE down; sleep 3; ifconfig $REAL_INTERFACE up; sleep 3;dhclient $REAL_INTERFACE'"
	from fabric.api import *

	SOFTETHER_SERVER_URL = "http://www.softether-download.com/files/softether/v4.21-9613-beta-2016.04.24-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.21-9613-beta-2016.04.24-linux-x64-64bit.tar.gz"

	PUBLIC_CERT = '~/.ssh/cert/publickey.cer'

	DNSMASQ_FILE = """interface=tap_soft
	bind-interfaces
	dhcp-range=tap_soft,192.168.7.50,192.168.7.60,12h
	dhcp-option=tap_soft,3,192.168.7.1"""

	def install_dependencies():
	run("dnf install -y zlib curl gcc openssl glibc chkconfig binutils ncurses readline wget dnsmasq")

	def dns_and_routing(ip):
	run("echo '{TXT}' >> /etc/dnsmasq.conf".format(TXT=DNSMASQ_FILE))
	run("sysctl -w net.ipv4.ip_forward=1")
	run("sysctl -p /etc/sysctl.conf")
	run("sysctl --system")
	run("service dnsmasq restart")
	run("iptables -t nat -A POSTROUTING -s 192.168.7.0/24 -j SNAT --to-source " + ip)

	def install_softether():
	run("wget -O softether.tar.gz " + SOFTETHER_SERVER_URL)
	run("tar xzvf softether.tar.gz")
	run("mv vpnserver /usr/local")
	with cd("/usr/local/vpnserver"):
	run("bash -c \"yes 1 \| make\"")
	run("chmod 600 *")
	run("chmod 700 vpncmd")
	run("chmod 700 vpnserver")

	def softether_cmd(strn, hub=True, locally=False):
	if not locally:
	if hub:
	run("/usr/local/vpnserver/vpncmd 127.0.0.1 /HUB:VPN /SERVER /CMD " + strn)
	else:
	run("/usr/local/vpnserver/vpncmd 127.0.0.1 /SERVER /CMD " + strn)
	elif locally:
	if hub:
	local("/usr/local/vpnclient/vpncmd 127.0.0.1 /HUB:VPN /CLIENT /CMD " + strn)
	else:
	local("/usr/local/vpnclient/vpncmd 127.0.0.1 /CLIENT /CMD " + strn)

	def start_softether():
	put(PUBLIC_CERT, '~/x509_cert')
	run("/usr/local/vpnserver/vpnserver start")
	softether_cmd("Hubcreate VPN /PASSWORD:none", hub=False)
	softether_cmd("UserCreate martin /GROUP:none /REALNAME:none /NOTE:none")
	softether_cmd("IPSecEnable /L2TP:yes /L2TPRAW:no /ETHERIP:yes /PSK:hello /DEFAULTHUB:VPN", hub=False)
	softether_cmd("UserCertSet martin /LOADCERT:~/x509_cert")
	softether_cmd("BridgeCreate VPN /DEVICE:soft /TAP:yes", hub=False)
	softether_cmd("ServerCipherSet DHE-RSA-AES256-SHA", hub=False)

	def local_stuff(connection_name, ip_addr):
	#softether_cmd("NicDelete " + connection_name,False,True)
	softether_cmd("NicCreate " + connection_name,False,True)
	#softether_cmd("AccountDelete " + connection_name,False,True)
	softether_cmd("AccountCreate " + connection_name + " /SERVER:"+ip_addr+":443 /HUB:VPN /USERNAME:martin /NICNAME:" + connection_name,False,True)
	softether_cmd("AccountCertSet " + connection_name + " /LOADCERT:~/.ssh/cert/publickey.cer /LOADKEY:~/.ssh/cert/privatekey.pem",False,True)
	softether_cmd("AccountConnect " + connection_name,False,True)

	def get_ip():
	from StringIO import StringIO
	fh = StringIO()
	run("curl http://ipof.in/txt", stdout=fh)
	fh.seek(0)
	return fh.read().split(' ')[-1].strip()

	def deploy(name="default"):
	ip_addr = get_ip()
	install_dependencies()
	install_softether()
	start_softether()
	dns_and_routing(ip_addr)
	local_stuff(name, ip_addr)
	echo $$ > /var/run/monitorvpn.pid
	chown 755 /var/run/monitorvpn.pid
	VIRT_IFACE="vpn_myadapter"
	while :
	do
	DEFAULT_ROUTE_COUNT="$(ip route list exact 0.0.0.0/0 \| wc -l)"
	CORRECT_ROUTE_COUNT="$(ip route list exact 0.0.0.0/0 \| grep $VIRT_IFACE \| wc -l)"
	if [ "$DEFAULT_ROUTE_COUNT" != 1 ]
	then
	echo "More/Less default routes than expected" > /var/run/monitorvpn.err
	break;
	fi
	if [ "$CORRECT_ROUTE_COUNT" != 1 ]
	then
	echo "Incorrect route detected" > /var/run/monitorvpn.err
	break;
	fi
	sleep 2;
	done
	ecdsa==0.13
	Fabric==1.11.1
	paramiko==1.17.0
	pycrypto==2.6.1
	wheel==0.24.0
	VPN_SERVER_IP="YOUR_SERVER_IP_REPLACEME"
	TUNNEL_GW="192.168.30.1"
	REAL_INTERFACE="REAL_INTERFACE_REPLACEME"
	TUNNEL_INTERFACE="TUNNEL_INTERFACE_REPLACEME"
	DEFAULT_ROUTE="$(ip route list exact 0.0.0.0/0 \| grep $REAL_INTERFACE \| xargs)"
	GATEWAY="$(echo $DEFAULT_ROUTE \| awk '{print $3}')"


	alias vpnstatus="vpncmd 127.0.0.1 /CLIENT /CMD AccountStatusGet vpn"
	alias vpnconnect="sudo bash -c 'ip route add $VPN_SERVER_IP via $GATEWAY dev $REAL_INTERFACE proto static metric 10; sudo killall dhclient; /usr/local/vpnclient/vpnclient start; /usr/local/vpnclient/vpncmd 127.0.0.1 /CLIENT /CMD AccountConnect vpn; ip route del default; dhclient $TUNNEL_INTERFACE; ip route add default via $TUNNEL_GW dev $TUNNEL_INTERFACE proto static metric 500; /usr/local/bin/vpnmonitor.sh&'"
	alias vpndisconnect="sudo bash -c '/usr/local/vpnclient/vpnclient stop; ifconfig $TUNNEL_INTERFACE down;killall dhclient; ifconfig $REAL_INTERFACE down; sleep 3; ifconfig $REAL_INTERFACE up; sleep 3;dhclient $REAL_INTERFACE'"