-
Notifications
You must be signed in to change notification settings - Fork 4
/
vpn4zju.sh
245 lines (226 loc) · 6.56 KB
/
vpn4zju.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
#!/bin/bash
####################
# Variables
####################
## How many seconds to wait for the ppp to come up each try
TIMEOUT=60
## LAC name in config file
L2TPD_LAC=ZJU
## L2tpServerAddress=('10.5.1.9' '10.5.1.7' '10.5.1.5')
SERVER_ADDR='10.5.1.9'
## static route table
_rt=('10.0.0.0/8'
'58.196.192.0/19'
'58.196.224.0/20'
'210.32.0.0/20'
'210.32.128.0/19'
'210.32.160.0/21'
'210.32.168.0/22'
'210.32.172.0/23'
'210.32.176.0/20'
'222.205.0.0/17')
#_rt+=('210.32.174.0/24') ## zjg maybe
## wait-online by myself, 21s at booting(uptime < 60s)
## default is 'N', network-online.target works better
_WAIT='N' #'Y'
L2TPD_CONTROL_FILE=/var/run/xl2tpd/l2tp-control
L2TPD_CFG_FILE=/etc/xl2tpd/xl2tpd.conf
L2TPD_OPTFILE=/etc/ppp/options.xl2tpd.zju
CHAP_SECRET_FILE=/etc/ppp/chap-secrets
####################
# functions
####################
usage() {
echo "A utility for ZJU school L2TP VPN. v2.0"
echo "Usage: $0 [ACTION]"
echo
echo "Actions: "
echo " -cfg Configure."
echo " -c Connect."
echo " -d Disconnect."
echo " -h Show this information."
echo
}
check_files() {
if [ ! -e $L2TPD_OPTFILE ]; then
echo "[ERR] lost $L2TPD_OPTFILE"
return 1
fi
if [ ! -e $L2TPD_CFG_FILE ]; then
cat > $L2TPD_CFG_FILE <<EOF
[global] ; Global parameters:
port = 1701 ; * Bind to port 1701
access control = yes ; * Refuse connections without IP match
rand source = dev ; * Source for entropy for random
auth file = $CHAP_SECRET_FILE
EOF
fi
if [ ! -e $CHAP_SECRET_FILE ]; then
echo "[ERR] lost $CHAP_SECRET_FILE which is contained in package ppp."
return 1
fi
}
test_connection() {
if [ $_WAIT == Y ]; then
local i=1
_uptime=$(cat /proc/uptime | sed 's/\..*$//')
if [ $_uptime -lt 60 ];then
while [ $i -le 6 ]; do
ping -c 1 -q $SERVER_ADDR 2>&1 > /dev/null && return 0
sleep $i
let i++
done
fi
else
ping -c 1 -q $SERVER_ADDR 2>&1 > /dev/null && return 0
fi
cat <<EOF
The network connection between your computer and the VPN server was interrupted.
This can be caused by:
1) VPN server temporarily got down. Change one.
2) Route table of your computer got corrupted. Restart computer and try again.
3) You have not logged into campus network. If you are in Students' Dormitory
of Zijingang Campus, make sure you have passed authentication via 'ShanXun'.
EOF
return 1
}
_init() {
_GW=$(ip route get $SERVER_ADDR 2> /dev/null | grep via | awk '{print $3}')
_IF=$(ip route get $SERVER_ADDR 2> /dev/null | grep via | awk '{print $5}')
_IFNAME="$(sed -n '/^ifname/ s/ifname //p' $L2TPD_OPTFILE)"
if [ -z "$_IFNAME" ]; then
if [ $(expr length $_GW) -ge 6 ]; then
_IFNAME=ppp0 #YQ
else
_IFNAME=ppp1 #ZJG with Shan Xun, ppp0 is used
fi
fi
}
ppp_alive() {
if ip addr show | grep "inet.*$_IFNAME" > /dev/null; then
return 0 # Yes, connected
else
return 1
fi
}
setroute() {
_VPN_GW=$(ip addr show dev $_IFNAME | grep "inet.*$_IFNAME" | awk '{print $2}')
if [ "$1" == up ]; then
echo "[MSG] Detected gateway: $_GW, PPP device: $_IFNAME"
echo -n "[MSG] Setting up route table... "
for _i in ${_rt[@]}; do
ip route add $_i via $_GW dev $_IF
done
ip route del default
ip route add default via $_VPN_GW dev $_IFNAME
echo "Done!"
elif [ "$1" == down ]; then
echo -n "[MSG] Reseting default route... "
for _i in ${_rt[@]}; do
ip route del $_i
done
ip route del default
ip route add default via $_GW dev $_IF
echo "Done!"
else
echo "[ERR] NEVER HAPPEN!"
fi
}
configure() {
echo "[MSG] Configure L2TP VPN for ZJU."
read -p "Username @[acd] : " username
read -s -p "Password : " password
echo
#write_settings
if grep "^\[lac $L2TPD_LAC\]" $L2TPD_CFG_FILE 2>&1 > /dev/null; then
sed -i "s|^name.*ZJUVPN ID$|name = $username ; * ZJUVPN ID|" $L2TPD_CFG_FILE
else
cat >> $L2TPD_CFG_FILE <<EOF
[lac $L2TPD_LAC]
lns = $SERVER_ADDR ; * Who is our LNS?
redial = yes ; * Redial if disconnected?
redial timeout = 10 ; * Wait n seconds between redials
max redials = 5 ; * Give up after n consecutive failures
require chap = yes ; * Require CHAP auth. by peer
refuse pap = yes ; * Refuse PAP authentication
require authentication = yes ; * Require peer to authenticate
ppp debug = no ; * Turn on PPP debugging
pppoptfile = $L2TPD_OPTFILE ; * ppp options file for this lac
name = $username ; * ZJUVPN ID
EOF
fi
if grep "^$username" $CHAP_SECRET_FILE 2>&1 > /dev/null; then
sed -i "s|^$username .*$|$username * $password *|" $CHAP_SECRET_FILE
else
echo "$username * $password *" >> $CHAP_SECRET_FILE
fi
chmod 600 $CHAP_SECRET_FILE
unset username
unset password
echo "[MSG] Configuration saved."
}
connect() {
echo "c $L2TPD_LAC" > $L2TPD_CONTROL_FILE
for i in $(seq 0 $TIMEOUT); do
if ppp_alive; then
echo " Done!" # Yes, brought up!
setroute up
return 0
fi
echo -n -e "\\r[MSG] Trying to bring up VPN... $i secs..."
sleep 1
done
echo
echo "[ERR] Failed to bring up vpn!"
return 1
}
disconnect() {
setroute down
echo -n "[MSG] Disconnecting VPN ... "
echo "d $L2TPD_LAC" > $L2TPD_CONTROL_FILE
sleep 1
echo "Done!"
}
root_pre() {
if [ "$UID" != "0" ]; then
echo "[ERR] You must be super user to run this utility!"
exit 1
fi
check_files || exit 1
test_connection || exit 1
_init
}
####################
# MAIN
####################
if [ x"$1" == 'x-cfg' ]; then
root_pre
configure
elif [ x"$1" == 'x-c' ]; then
root_pre
if ! grep "^\[lac $L2TPD_LAC\]" $L2TPD_CFG_FILE 2>&1 > /dev/null; then
echo "[MSG] Run ACTION Configure first."
echo "[MSG] If you run me with systemd, please restart xl2tpd after configuration."
exit 1
fi
if [ ! -e $L2TPD_CONTROL_FILE ]; then
echo "[ERR] L2tpd daemon not running!"
exit 1
fi
if ppp_alive ; then
echo "[MSG] VPN already connected."
else
connect || exit 1
fi
elif [ x"$1" == 'x-d' ]; then
root_pre
if ! ppp_alive ; then
echo "[ERR] VPN not connected."
exit 1
else
disconnect
fi
else
usage
fi
exit 0