Last active
April 27, 2020 22:32
-
-
Save tresni/c04af67fb9cc614fb431286cb6e6ca9e to your computer and use it in GitHub Desktop.
openconnect utilities
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
INTERFACE=$(route -n get wwwin.cisco.com | awk ' /interface: / { print $2 } ') | |
DEFAULT=$(route -n get default | awk ' /interface: / { print $2 } ') | |
add_route () { | |
sudo route add -net $1 $2 | |
} | |
if [ $DEFAULT != $INTERFACE ]; then | |
GATEWAY=$(route -n get wwwin.cisco.com | awk ' /gateway: / { print $2 } ') | |
for arg; do | |
if ! [[ $arg =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
for ip in $(host $arg | awk '/has address/ { print $4 }'); do | |
add_route $ip $GATEWAY | |
done | |
else | |
add_route $arg $GATEWAY | |
fi | |
done | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# Use this with openconnect by specifing the -s parameter | |
# If you need to use SSO when you login, look at wrapping openconnect using | |
# [openconnect-sso](https://github.com/vlaci/openconnect-sso) | |
# shellcheck source=utils.sh | |
. "$(dirname "$0")/utils.sh" | |
# Initialize empty split tunnel list | |
export CISCO_SPLIT_INC=0 | |
export CISCO_IPV6_SPLIT_INC=0 | |
# Delete DNS info provided by VPN server to use internet DNS | |
# Comment following line to use DNS beyond VPN tunnel | |
unset INTERNAL_IP4_DNS | |
unset INTERNAL_IP6_DNS | |
# IPv4 | |
add_network 10.0.0.0 255.0.0.0 8 | |
add_ip 192.168.0.1 | |
# IPv6 | |
add_networkv6 fefe:: 32 | |
# Domain based | |
add_domain example.com | |
# Have these domains resolve through these specific nameservers | |
# Only works on OSX (only OS that uses /etc/resolver/ to my knowledge.) | |
add_resolver example.com 1.2.3.4 1.2.3.5 | |
add_resolver example.org 1.2.3.6 | |
# Execute default script | |
# shellcheck disable=SC1091 | |
. /usr/local/etc/vpnc-script |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
add_network () | |
{ | |
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$1 | |
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=$2 | |
export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=$3 | |
export CISCO_SPLIT_INC=$((CISCO_SPLIT_INC + 1)) | |
} | |
add_networkv6 () | |
{ | |
export CISCO_IPV6_SPLIT_INC_${CISCO_IPV6_SPLIT_INC}_ADDR=$1 | |
export CISCO_IPV6_SPLIT_INC_${CISCO_IPV6_SPLIT_INC}_MASKLEN=$2 | |
export CISCO_IPV6_SPLIT_INC=$((CISCO_IPV6_SPLIT_INC + 1)) | |
} | |
# Add one IP to the list of split tunnel | |
add_ip () | |
{ | |
add_network "$1" 255.255.255.255 32 | |
} | |
add_domain () | |
{ | |
for ip in $(dig +short "$1"); do | |
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then | |
add_ip $ip | |
fi | |
done | |
} | |
# misnomer, this adds and/removes domain specific resolvers on connect/disconnect | |
add_resolver () | |
{ | |
# shellcheck disable=SC2154 | |
case "$reason" in | |
"connect" | "disconnect") | |
true | |
;; | |
*) | |
return | |
;; | |
esac | |
domain=$1 | |
shift | |
[ ! -d /etc/resolver ] && mkdir /etc/resolver/ | |
[ -f /etc/resolver/$domain ] && rm /etc/resolver/$domain | |
# shellcheck disable=SC2154 | |
if [ "$reason" = "connect" ]; then | |
for nameserver in "$@"; do | |
echo "nameserver $nameserver" >> /etc/resolver/$domain | |
done | |
fi | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment