-
Notifications
You must be signed in to change notification settings - Fork 0
/
forti-vpn
executable file
·107 lines (88 loc) · 2.84 KB
/
forti-vpn
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/bin/bash
# Modify these or provide them in configuration file
FORTIVPN_URL="" # e.g. "vpn.host:port"
FORTIVPN_REALM="" # e.g. "foo"
FORTIVPN_ROUTES="" # e.g. "123.0.0.4/16 123.0.0.5/16"
# The above can be overriden in the config file
CONFIG_DIR="/etc"
if test -f ${CONFIG_DIR}/forti-vpn.conf ; then
source "${CONFIG_DIR}/forti-vpn.conf"
fi
# Modify these to provide tools locations
VPN_LOGIN=/opt/openfortivpn-webview/openfortivpn-webview
VPN_TOOL=/usr/local/bin/openfortivpn
VPN_TOOL_OPTIONS=""
VPN_INTERFACE=ppp0
# This is bit of stiupid but since the vpn process is sent to the background
# we have to wait for such a text to appear in the log, to know it succeded.
VPN_MATCH_TEXT="Tunnel is up and running."
LOG_FILE=/tmp/forti-vpn.log
TMP_FILE=$(mktemp)
script=$0
script="${script##*/}"
is_running() {
pidof -x ${VPN_TOOL} -o $$ >/dev/null
}
start() {
# This `sudo` is to cache password! Script relies on password caching
# because otherwise next sudo password request will most likely fail.
sudo rm ${LOG_FILE} 2> /dev/null
if [ -n "${FORTIVPN_ROUTES}" ]; then
VPN_TOOL_OPTIONS="${VPN_TOOL_OPTIONS} --no-routes"
fi
# Get cookie after authorization
COOKIE=$(${VPN_LOGIN} ${FORTIVPN_URL} --realm=${FORTIVPN_REALM} --url-regex="/sslvpn/portal" 2> /dev/null)
# Establish connection
echo ${COOKIE} | sudo ${VPN_TOOL} ${FORTIVPN_URL} --realm=${FORTIVPN_REALM} \
--cookie-on-stdin ${VPN_TOOL_OPTIONS} > ${LOG_FILE} 2>&1 &
# Wait for the log file to appear
while ! test -f ${LOG_FILE}; do sleep 1; done
# Let's parse the log file for a while..
if timeout 30 tail -f ${LOG_FILE} | grep -q -wi "${VPN_MATCH_TEXT}"; then
# Looks like we are connected. Let's set up routing if target
# networks are provided.
if [ -n "${FORTIVPN_ROUTES}" ]; then
addr=`ip addr show ${VPN_INTERFACE} | grep "inet\b" | awk '{print $2}' | cut -d/ -f1`
for route in ${FORTIVPN_ROUTES}; do
sudo route add -net $route gw $addr ${VPN_INTERFACE}
done
fi
echo "${script}: (${FORTIVPN_URL}) started."
else
echo "${script}: (${FORTIVPN_URL}) failed to start."
fi
}
stop() {
sudo kill -SIGINT $(pidof ${VPN_TOOL}) > /dev/null 2>&1
rm ${LOG_FILE} 2> /dev/null
echo "${script}: (${FORTIVPN_URL}) stopped."
}
status() {
if is_running; then
echo "${script}: (${FORTIVPN_URL}) running."
else
echo "${script}: (${FORTIVPN_URL}) not running."
fi
}
if [ -z ${FORTIVPN_URL} ]; then
printf "${script}: missing FORTIVPN_URL value.\n"
exit 1
fi
case "$1" in
start|up)
start
;;
stop|down)
stop
;;
status)
status
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|up|stop|down|status|restart}"
exit 1
esac