#!/bin/bash # define, how long ([seconds]) the monitor should wait for cisco's vpnclient to come up timeout=120 config=/etc/opt/cisco-vpnclient/lan-access.conf; module_param=/sys/module/cisco_ipsec/parameters/gateway cipsec_dev="cipsec0" if [ "${EUID}" != "0" ]; then echo "Need to be root to run this command!" >&2 echo "Trying sudo ..." >&2 sudo "$0" $* exit 0 fi if [ -z "${VPNCLIENT_LAN_ACCESS}" ]; then VPNCLIENT_LAN_ACCESS_GATEWAY="0.0.0.0" VPNCLIENT_LAN_ACCESS_NETWORKS="" if [ -e "${config}" ]; then source "${config}" fi if [ $# -eq 2 ]; then # assuming $1="CONNECT" $2="PROFILENAME" profile=$2 v=${profile}_GATEWAY VPNCLIENT_LAN_ACCESS_GATEWAY=${!v} v=${profile}_NETWORKS VPNCLIENT_LAN_ACCESS_NETWORKS=${!v} else exit 1 fi export VPNCLIENT_LAN_ACCESS=1 export VPNCLIENT_LAN_ACCESS_GATEWAY export VPNCLIENT_LAN_ACCESS_NETWORKS echo "VPNCLIENT_LAN_ACCESS_GATEWAY .......... ${VPNCLIENT_LAN_ACCESS_GATEWAY}" >&2 echo "VPNCLIENT_LAN_ACCESS_NETWORKS ......... ${VPNCLIENT_LAN_ACCESS_NETWORKS}" >&2 if [ -e "${module_param}" ]; then echo ${VPNCLIENT_LAN_ACCESS_GATEWAY} | tr '.' ',' >"${module_param}" echo "VPNCLIENT_LAN_ACCESS_GATEWAY .......... ${VPNCLIENT_LAN_ACCESS_GATEWAY}" >&2 echo -n "VPNCLIENT_LAN_ACCESS_MODULE_PARAM ..... " cat ${module_param} fi # grep existing interface routes (beside of route for lo) # and export them to environment VPNCLIENT_LAN_ACCESS_DEVICE_ROUTES=`route -n | grep -E '^[0-9.]+ +0\.0\.0\.0' | grep -v 'lo$' | \ sed -re 's/^(\S++)\s+0\.0\.0\.0\s+(\S+)\s+.*\s+(\S+)$/\1:\2:\3/' | tr '\n' ' '` export VPNCLIENT_LAN_ACCESS_DEVICE_ROUTES echo "VPNCLIENT_LAN_ACCESS_DEVICE_ROUTES .... ${VPNCLIENT_LAN_ACCESS_DEVICE_ROUTES}" >&2 VPNCLIENT_LAN_ACCESS_DEFAULT_ROUTES=`route -n | grep -E '^0\.0\.0\.0' | grep -v 'lo$' | \ sed -re 's/^0\.0\.0\.0\s+(\S+)\s+0\.0\.0\.0\s+\S+\s+(\S+)\s+\S+\s+\S+\s+(\S+)$/\1:\2:\3/' | tr '\n' ' '` export VPNCLIENT_LAN_ACCESS_DEFAULT_ROUTES echo "VPNCLIENT_LAN_ACCESS_DEFAULT_ROUTES ... ${VPNCLIENT_LAN_ACCESS_DEFAULT_ROUTES}" >&2 echo "Re-launching myself in \"monitor\" mode ..." >&2 ( $0 )& # now launch origional "vpnclient" orig_vpnclient="`dirname $0`/vpnclient" echo "Running original vpnclient: ${orig_vpnclient} $*" >&2 echo "===================================================================" >&2 ${orig_vpnclient} $* exit 0 fi # Wait until ${timeout} for cisco's vpnclient to come up i=0 while true; do sleep 1 /sbin/route -n | grep -E '^0\.0\.0\.0' | grep -q "${cipsec_dev}$" && break (( i++ )) [ ${i} -lt ${timeout} ] || exit 1 done sleep 1 # restore original devices routes (read from environment) for r in ${VPNCLIENT_LAN_ACCESS_DEVICE_ROUTES}; do net=`echo ${r} | sed -re 's/^([^:]+):([^:]+):([^:]+)$/\1/'` mask=`echo ${r} | sed -re 's/^([^:]+):([^:]+):([^:]+)$/\2/'` dev=`echo ${r} | sed -re 's/^([^:]+):([^:]+):([^:]+)$/\3/'` /sbin/route add -net "${net}" netmask "${mask}" dev "${dev}" done # retrieve gateway's private address from default route on "${cipsec_dev}" cipsec_gw=`route -n | grep -E '^0\.0\.0\.0' | grep "${cipsec_dev}$" | \ sed -re 's/^0\.0\.0\.0\s+(\S+)\s+.*$/\1/'` # delete default route on "${cipsec_dev}" /sbin/route del default dev "${cipsec_dev}" # add routes to networks behind tunnel (read from environment/config) for n in ${VPNCLIENT_LAN_ACCESS_NETWORKS}; do /sbin/route add -net "${n}" gw "${cipsec_gw}" dev "${cipsec_dev}" done # restore original default routes (read from environment) for r in ${VPNCLIENT_LAN_ACCESS_DEFAULT_ROUTES}; do gw=`echo ${r} | sed -re 's/^([^:]+):([^:]+):([^:]+)$/\1/'` metric=`echo ${r} | sed -re 's/^([^:]+):([^:]+):([^:]+)$/\2/'` dev=`echo ${r} | sed -re 's/^([^:]+):([^:]+):([^:]+)$/\3/'` /sbin/route add default gw "${gw}" metric "${metric}" dev "${dev}" done