initial commit

2022-03-22 22:48:28 +01:00
commit a35e0455d1
3 changed files with 239 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,19 @@
+# SSLVPN Route
+
+## Usage Windows
+```
+sslvpn-route.ps1 test.example.com
+```
+or with IP
+```
+sslvpn-route.ps1 127.0.0.1
+```
+
+## Usage Linux / MacOS
+```
+sslvpn-route.sh test.example.com
+```
+or with IP
+```
+sslvpn-route.sh 127.0.0.1
+```
--- a/sslvpn-route.ps1
+++ b/sslvpn-route.ps1
@@ -0,0 +1,56 @@
+#requires -version 5
+
+<#
+.SYNOPSIS
+	set route to destination through SSLVPN
+.INPUTS
+	destination as hostname or IP
+.NOTES
+	Version:		1.0.0
+	Author:			Benjamin Rechsteiner
+	Creation Date:	2022-03-22
+	Last Modified:	2022-03-22
+	Purpose/Change: First Release
+#>
+
+param (
+	[String]$Dest
+)
+
+if ([string]::IsNullOrEmpty($Dest)) {
+	Write-Host 'Destination argument is not a valide IP or Hostname'
+	exit $false
+}
+
+$IPs = @()
+
+function Get-IPs {
+	if ($Dest -match '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$') {
+		$script:IPs += $Dest
+	} elseif ($Dest -match '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$') {
+		Resolve-DnsName -Type A $Dest | foreach { $script:IPs += $_.IPAddress }
+	} else {
+		Write-Host 'Destination argument is not a valide IP or Hostname'
+		exit $false
+	}
+	if (-Not $script:IPs.Count -gt 0) {
+		Write-Host 'No IP could be resolved for this hostname'
+		exit $false
+	}
+}
+
+function Get-GwIp {
+	Get-NetRoute -DestinationPrefix 46.227.224.0/21
+}
+
+function Set-Route {
+	$Gw = Get-GwIp
+	Foreach ($ip in $script:IPs) {
+		$ip_route = "$ip/32"
+		New-NetRoute -DestinationPrefix $ip_route -NextHop $Gw.NextHop -InterfaceIndex $Gw.ifIndex | Out-Null
+		Write-Host "Set Route $ip_route through SSLVPN"
+	}
+}
+
+Get-IPs
+Set-Route
--- a/sslvpn-route.sh
+++ b/sslvpn-route.sh
@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+
+################################################################################################
+#
+# version: 1.0.0
+#
+# author: benjamin.rechsteiner@abacus.ch
+#
+# changelog:
+#
+# - 2022-03-22 first release
+#
+################################################################################################
+
+#global script variable
+ME=$(basename "${0}")
+SYSLOG=false
+RED='\033[0;31m'
+NC='\033[0m'
+
+function usage {
+	echo "Usage: ${ME} <IP or Hostname>" >&2
+	echo >&2
+	echo "-h) displays this help" >&2
+	echo "-v) be more verbose (includes debug output)" >&2
+	echo >&2
+}
+
+function cleanup {
+	set +u
+	set +e
+	set +f
+	set +o pipefail
+	unset IFS
+	exitCode=$1
+	if [[ "${exitCode}" != "0" ]]; then	
+		echo -e "${RED}ERROR${NC}: Aborting"
+	fi
+	trap - SIGINT SIGTERM EXIT
+	exit "${exitCode}"
+}
+
+function initialize {
+	trap "cleanup 2" SIGINT SIGTERM EXIT
+	set -e
+	set -u
+	set -o pipefail
+}
+
+function parseOpts {
+	customer=
+	file=
+	verbose=false
+	while getopts hv opts
+		do
+		case ${opts} in
+			v) verbose=true
+			;;
+			h) usage; exit 0
+			;;
+			*) usage; exit 1
+			;;
+		esac
+	done
+	dest="${@: -1}"
+	if [[ -z "${dest}" ]]; then
+		usage; exit 1
+	fi
+	if ! command -v dig &> /dev/null
+	then
+			error 'dig could not be found, please install dnsutils'
+			exit 1
+	fi
+	if ! command -v sudo &> /dev/null
+	then
+			error 'sudo could not be found, please install sudo'
+			exit 1
+	fi
+}
+
+function log {
+	local msg="${1}"
+	local log_out="${2}"
+
+	if ${SYSLOG}; then
+		logger -i -t "${me}" "${msg}"
+	fi
+
+	case ${log_out} in
+		STDOUT)
+			echo -e "${msg}" 
+		;;
+		STDERR)
+			echo -e "${msg}" >&2
+		;;
+		*)
+			echo -e "${msg}" >&2
+		;;
+	esac
+}
+
+function debug {
+	if ${verbose}; then
+		log "DEBUG: ${1}" 'STDOUT'
+	fi
+}
+
+function error {
+	log "${RED}ERROR${NC}: ${1}" 'STDERR'
+}
+
+function getIps {
+	if [[ ${dest} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; then
+		ips=("${dest}")
+	elif [[ ${dest} =~ ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ ]]; then
+		local dns=$(dig +short "${dest}" | grep -v '\.$' | xargs)
+		ips=($dns)
+	else
+		error 'Destination argument is not a valide IP or Hostname'
+		cleanup 1
+	fi
+	declare -a ips
+	if ((${#ips[@]})); then
+		error 'No IP could be resolved for this hostname'
+		cleanup 1
+	fi
+}
+
+function getGwIp {
+	gwip=$(netstat -nr | grep 46.227.224 | awk '{ print $2 }')
+	if [[ ${gwip} == '0.0.0.0' ]]; then
+		error 'Cannot identify the gateway IP - please contact your IT-Helpdesk'
+		cleanup 1
+	fi
+}
+
+function setRoute {
+	for ip in "${ips[@]}"; do
+		ip_route="${ip}/32"
+		if command -v ip &> /dev/null; then
+			debug 'Get sudo permission to set the IP route'
+			sudo ip route add ${ip_route} dev ppp0
+			debug "Set ip route ${ip_route} through SSLVPN"
+		elif command -v netstat &> /dev/null; then
+			getGwIp
+			debug 'Get sudo permission to set the IP route'
+			sudo route add ${ip_route} ${gwip}
+			debug "Set ip route ${ip_route} through SSLVPN"
+		else
+			error 'Please install iproute2 or net-tools'
+			cleanup 1
+		fi
+	done
+}
+
+function main {
+	getIps
+	setRoute
+}
+
+parseOpts "$@"
+initialize
+main
+cleanup 0