commit a35e0455d19243717ad7a25b652fd8995ed57ca8 Author: Benjamin Rechsteiner Date: Tue Mar 22 22:48:28 2022 +0100 initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..2297ecc --- /dev/null +++ b/README.md @@ -0,0 +1,19 @@ +# SSLVPN Route + +## Usage Windows +``` +sslvpn-route.ps1 test.example.com +``` +or with IP +``` +sslvpn-route.ps1 127.0.0.1 +``` + +## Usage Linux / MacOS +``` +sslvpn-route.sh test.example.com +``` +or with IP +``` +sslvpn-route.sh 127.0.0.1 +``` diff --git a/sslvpn-route.ps1 b/sslvpn-route.ps1 new file mode 100755 index 0000000..9834250 --- /dev/null +++ b/sslvpn-route.ps1 @@ -0,0 +1,56 @@ +#requires -version 5 + +<# +.SYNOPSIS + set route to destination through SSLVPN +.INPUTS + destination as hostname or IP +.NOTES + Version: 1.0.0 + Author: Benjamin Rechsteiner + Creation Date: 2022-03-22 + Last Modified: 2022-03-22 + Purpose/Change: First Release +#> + +param ( + [String]$Dest +) + +if ([string]::IsNullOrEmpty($Dest)) { + Write-Host 'Destination argument is not a valide IP or Hostname' + exit $false +} + +$IPs = @() + +function Get-IPs { + if ($Dest -match '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$') { + $script:IPs += $Dest + } elseif ($Dest -match '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$') { + Resolve-DnsName -Type A $Dest | foreach { $script:IPs += $_.IPAddress } + } else { + Write-Host 'Destination argument is not a valide IP or Hostname' + exit $false + } + if (-Not $script:IPs.Count -gt 0) { + Write-Host 'No IP could be resolved for this hostname' + exit $false + } +} + +function Get-GwIp { + Get-NetRoute -DestinationPrefix 46.227.224.0/21 +} + +function Set-Route { + $Gw = Get-GwIp + Foreach ($ip in $script:IPs) { + $ip_route = "$ip/32" + New-NetRoute -DestinationPrefix $ip_route -NextHop $Gw.NextHop -InterfaceIndex $Gw.ifIndex | Out-Null + Write-Host "Set Route $ip_route through SSLVPN" + } +} + +Get-IPs +Set-Route diff --git a/sslvpn-route.sh b/sslvpn-route.sh new file mode 100755 index 0000000..1355cf5 --- /dev/null +++ b/sslvpn-route.sh @@ -0,0 +1,164 @@ +#!/usr/bin/env bash + +################################################################################################ +# +# version: 1.0.0 +# +# author: benjamin.rechsteiner@abacus.ch +# +# changelog: +# +# - 2022-03-22 first release +# +################################################################################################ + +#global script variable +ME=$(basename "${0}") +SYSLOG=false +RED='\033[0;31m' +NC='\033[0m' + +function usage { + echo "Usage: ${ME} " >&2 + echo >&2 + echo "-h) displays this help" >&2 + echo "-v) be more verbose (includes debug output)" >&2 + echo >&2 +} + +function cleanup { + set +u + set +e + set +f + set +o pipefail + unset IFS + exitCode=$1 + if [[ "${exitCode}" != "0" ]]; then + echo -e "${RED}ERROR${NC}: Aborting" + fi + trap - SIGINT SIGTERM EXIT + exit "${exitCode}" +} + +function initialize { + trap "cleanup 2" SIGINT SIGTERM EXIT + set -e + set -u + set -o pipefail +} + +function parseOpts { + customer= + file= + verbose=false + while getopts hv opts + do + case ${opts} in + v) verbose=true + ;; + h) usage; exit 0 + ;; + *) usage; exit 1 + ;; + esac + done + dest="${@: -1}" + if [[ -z "${dest}" ]]; then + usage; exit 1 + fi + if ! command -v dig &> /dev/null + then + error 'dig could not be found, please install dnsutils' + exit 1 + fi + if ! command -v sudo &> /dev/null + then + error 'sudo could not be found, please install sudo' + exit 1 + fi +} + +function log { + local msg="${1}" + local log_out="${2}" + + if ${SYSLOG}; then + logger -i -t "${me}" "${msg}" + fi + + case ${log_out} in + STDOUT) + echo -e "${msg}" + ;; + STDERR) + echo -e "${msg}" >&2 + ;; + *) + echo -e "${msg}" >&2 + ;; + esac +} + +function debug { + if ${verbose}; then + log "DEBUG: ${1}" 'STDOUT' + fi +} + +function error { + log "${RED}ERROR${NC}: ${1}" 'STDERR' +} + +function getIps { + if [[ ${dest} =~ ^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$ ]]; then + ips=("${dest}") + elif [[ ${dest} =~ ^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$ ]]; then + local dns=$(dig +short "${dest}" | grep -v '\.$' | xargs) + ips=($dns) + else + error 'Destination argument is not a valide IP or Hostname' + cleanup 1 + fi + declare -a ips + if ((${#ips[@]})); then + error 'No IP could be resolved for this hostname' + cleanup 1 + fi +} + +function getGwIp { + gwip=$(netstat -nr | grep 46.227.224 | awk '{ print $2 }') + if [[ ${gwip} == '0.0.0.0' ]]; then + error 'Cannot identify the gateway IP - please contact your IT-Helpdesk' + cleanup 1 + fi +} + +function setRoute { + for ip in "${ips[@]}"; do + ip_route="${ip}/32" + if command -v ip &> /dev/null; then + debug 'Get sudo permission to set the IP route' + sudo ip route add ${ip_route} dev ppp0 + debug "Set ip route ${ip_route} through SSLVPN" + elif command -v netstat &> /dev/null; then + getGwIp + debug 'Get sudo permission to set the IP route' + sudo route add ${ip_route} ${gwip} + debug "Set ip route ${ip_route} through SSLVPN" + else + error 'Please install iproute2 or net-tools' + cleanup 1 + fi + done +} + +function main { + getIps + setRoute +} + +parseOpts "$@" +initialize +main +cleanup 0