Last active
August 29, 2015 14:17
-
-
Save S1GSEGV/eda94d775e5c9d295850 to your computer and use it in GitHub Desktop.
Some Routing commands
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT | |
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT | |
iptables -I INPUT -i tun0 -j REJECT | |
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE" > /tmp/.rc_firewall | |
sleep 45; | |
tun_name=$(ifconfig | sed -n 's/.*\(tun[^ ]\).*/\1/p'); | |
tun_addr=$(ifconfig $tun_name | sed -nr 's/.*P-t-P:([^ ]+) .*/\1/p'); | |
ip rule add from @netaddr table 200; | |
ip route add default via $tun_addr dev $tun_name table 200; | |
ip route flush cache; | |
#!/bin/sh | |
USERNAME="Your_PIA_Username" | |
PASSWORD="Your_PIA_Password" | |
PROTOCOL="udp" | |
# Add - delete - edit servers between ##BB## and ##EE## | |
REMOTE_SERVERS=" | |
##BB## | |
# US - WEST | |
remote us-west.privateinternetaccess.com 1194 | |
##EE## | |
" | |
#### DO NOT CHANGE below this line unless you know exactly what you're doing #### | |
CA_CRT='-----BEGIN CERTIFICATE----- | |
MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD | |
VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK | |
ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl | |
cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50 | |
ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow | |
gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx | |
IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2 | |
YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy | |
aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ | |
AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m | |
hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt | |
4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB | |
CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU | |
l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD | |
VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50 | |
ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD | |
QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j | |
b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH | |
atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge | |
fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2 | |
llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6 | |
-----END CERTIFICATE-----' | |
OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'` | |
if [ "$OPVPNENABLE" != 0 ]; then | |
nvram set openvpncl_enable=0 | |
nvram commit | |
fi | |
sleep 10 | |
mkdir /tmp/pia; cd /tmp/pia | |
echo -e "$USERNAME\n$PASSWORD" > userpass.conf | |
echo "$CA_CRT" > ca.crt | |
echo "#!/bin/sh | |
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE" > route-up.sh | |
echo "#!/bin/sh | |
iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE" > route-down.sh | |
chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh | |
sleep 10 | |
echo "client | |
auth-user-pass /tmp/pia/userpass.conf | |
management 127.0.0.1 5001 | |
management-log-cache 50 | |
dev tun0 | |
proto $PROTOCOL | |
comp-lzo adaptive | |
fast-io | |
script-security 2 | |
mtu-disc yes | |
verb 4 | |
mute 5 | |
cipher bf-cbc | |
auth sha1 | |
tun-mtu 1500 | |
resolv-retry infinite | |
nobind | |
persist-key | |
persist-tun | |
tls-client | |
remote-cert-tls server | |
log-append piavpn.log | |
ca ca.crt | |
status-version 3 | |
status status | |
daemon | |
$REMOTE_SERVERS" > pia.conf | |
ln -s /tmp/pia/piavpn.log /tmp/piavpn.log | |
ln -s /tmp/pia/status /tmp/status | |
(killall openvpn; openvpn --config /tmp/pia/pia.conf --route-up /tmp/pia/route-up.sh --down /tmp/pia/route-down.sh) & | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment