Created
April 6, 2009 06:36
-
-
Save raptium/90651 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # -*- coding: utf-8 -*- | |
| import dnet | |
| import os | |
| import time | |
| import commands | |
| import re | |
| def main(): | |
| dest = 'proxy' | |
| username = 's055695' | |
| password = 'pa5sw0rd' | |
| route_rules = [] | |
| config_dir = '/opt/cuhk_vpn' | |
| if not os.path.isdir(config_dir): | |
| os.mkdir(config_dir) | |
| #get dest IP | |
| dest_addr = dnet.addr(dest) | |
| print dest_addr | |
| #get self IP and dev for l2tp connect | |
| interfaces = dnet.intf() | |
| my_config = interfaces.get_dst(dest_addr) | |
| my_addr = my_config['addr'] | |
| print my_addr | |
| my_dev = my_config['name'] | |
| print my_dev | |
| routes = dnet.route() | |
| dest_route = routes.get(dest_addr) | |
| if not dest_route is None: | |
| route_rules.append((dest_addr, dest_route)) | |
| # IPSec SPD Policies | |
| setkey_file_path = os.path.join(config_dir,'setkey.conf') | |
| setkey_file = open(setkey_file_path,'w') | |
| setkey_file.write('''#!/sbin/setkey -v | |
| # | |
| # This file is to be processed by the setkey(8) utility | |
| # upon startup of the ipsec service | |
| # | |
| flush; | |
| spdflush; | |
| ''') | |
| spd_policies = [] | |
| spd_policies.append('''spdadd %s %s[1701] any -P out ipsec | |
| esp/transport//require''' % (my_addr, dest_addr)); | |
| spd_policies.append('''spdadd %s[1701] %s any -P in ipsec | |
| esp/transport//require''' % (dest_addr, my_addr)); | |
| setkey_file.write('\n'.join(spd_policies) + '\n') | |
| setkey_file.close() | |
| # racoon config.... | |
| psk_file_path = os.path.join(config_dir,'psk.txt') | |
| psk_file = open(psk_file_path,'w') | |
| psk_file.write('%s ipsec-vpn\n' % dest_addr) | |
| psk_file.close() | |
| racoon_file_path = os.path.join(config_dir,'racoon.conf') | |
| racoon_file = open(racoon_file_path,'w') | |
| racoon_file.write('''log debug; | |
| path pre_shared_key "%s"; | |
| padding { | |
| maximum_length 20; | |
| randomize off; | |
| strict_check off; | |
| exclusive_tail off; | |
| } | |
| remote anonymous { | |
| exchange_mode main; | |
| doi ipsec_doi; | |
| situation identity_only; | |
| generate_policy on; | |
| proposal_check obey; | |
| proposal { | |
| encryption_algorithm des; | |
| hash_algorithm sha1; | |
| authentication_method pre_shared_key; | |
| dh_group 1; | |
| } | |
| } | |
| sainfo anonymous { | |
| lifetime time 28800 sec; | |
| encryption_algorithm 3des; | |
| authentication_algorithm hmac_md5; | |
| compression_algorithm deflate; | |
| } | |
| ''' % psk_file_path) | |
| racoon_file.close() | |
| # Re/Start racoon | |
| # l2tpconfig commands | |
| # restart openl2tpd here | |
| openl2tp_file_path = os.path.join(config_dir,'openl2tpd.conf') | |
| openl2tp_file = open(openl2tp_file_path,'w') | |
| l2tp_commands = [] | |
| l2tp_commands.append('system modify deny_remote_tunnel_creates=yes') | |
| l2tp_commands.append('ppp profile create profile_name=cuhk_vpn \ | |
| auth_eap=no auth_mschapv1=no auth_mschapv2=no \ | |
| mtu=1000') | |
| l2tp_commands.append('tunnel create tunnel_name=cuhk_vpn \ | |
| ppp_profile_name=cuhk_vpn \ | |
| dest_ipaddr=%s persist=yes' % dest_addr) | |
| l2tp_commands.append('session create tunnel_name=cuhk_vpn \ | |
| session_name=cuhk_vpn \ | |
| user_name=%s \ | |
| user_password=%s' % (username, password)) | |
| openl2tp_file.write('\n'.join(l2tp_commands) + '\n') | |
| openl2tp_file.close() | |
| # invoke l2tpconfig here | |
| # check if conneceted | |
| l2tp_command = 'session show tunnel_name=cuhk_vpn session_name=cuhk_vpn' | |
| output = '''Session 29680 on tunnel 20903:- | |
| type: LAC Incoming Call, state: ESTABLISHED | |
| created at: Aug 31 11:04:59 2005 | |
| administrative name: one | |
| created by admin: YES, peer session id: 5 | |
| ppp user name: cisco | |
| ppp user password: cisco | |
| ppp profile name: one | |
| ppp interface name: ppp0 | |
| data sequencing required: OFF | |
| use data sequence numbers: OFF | |
| trace flags: NONE | |
| framing types: SYNC ASYNC | |
| bearer types: DIGITAL ANALOG | |
| call serial number: 4 | |
| use ppp proxy: NO | |
| Peer configuration data:- | |
| data sequencing required: OFF | |
| framing types: | |
| bearer types: | |
| call serial number: 4 | |
| data rx packets: 1582, rx bytes: 1094667, rx errors: 0 | |
| data tx packets: 1582, tx bytes: 1088350, tx errors: 0 | |
| ''' | |
| state_p = re.compile(r'state: ([A-Z]+)') | |
| m = state_p.search(output) | |
| if not m is None: | |
| state = m.group(1) | |
| print state | |
| pppN_p = re.compile(r'ppp interface name: (ppp\d)') | |
| m = pppN_p.search(output) | |
| if not m is None: | |
| pppN = m.group(1) | |
| print pppN | |
| #ppp_if = interfaces.get(pppN) | |
| ppp_if = interfaces.get('eth0') | |
| local_addr = '137.189.212.222' | |
| peer_addr = '137.189.224.241' | |
| default_addr = dnet.addr('0.0.0.0/0') | |
| # remove default route | |
| routes.delete(default_addr) | |
| # replace default route | |
| route_rules.append((peer_addr, local_addr)) | |
| route_rules.append((default_addr, peer_addr)) | |
| print route_rules | |
| for rule in route_rules: | |
| #routes.add(rule[0],rule[1]) | |
| pass | |
| if __name__ == '__main__': | |
| main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment