add tunctl

tunctl

@@ -0,0 +1,147 @@
+#!/bin/bash
+
+# ssh config
+IDENTITY="/root/.ssh/id_rsa"
+SSH_SOCKET="/run/ssh-tunnel.sock"
+SSH_USER="root"
+# network config
+LOCAL_IP="10.0.0.2"
+PORTS="5432 20 21 10090:10100"
+REMOTE_IP="10.0.0.1"
+REMOTE_EXTIP="185.82.216.108"
+REMOTE_EXTIF="eth0"
+# daemon
+SLEEPTIME="5m"
+# notifications
+FROM="server@repo.arcanis.name"
+TO="darkarcanis@mail.ru"
+SUBJECT="Server status report"
+# cmds
+IFCFG="/sbin/ifconfig"
+IPT="/sbin/iptables"
+MAIL="/usr/bin/mail"
+SSH="/usr/bin/ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
+                  -o TCPKeepAlive=yes -o ServerAliveInterval=600 -o ServerAliveCountMax=360 \
+                  -o ControlMaster=auto -o PasswordAuthentication=no -i ${IDENTITY} "
+
+
+function send_mail() {
+  local MESSAGE="${1}"
+
+  echo "${MESSAGE}" | "${MAIL}" -r "${FROM}" -s "${SUBJECT}" "${TO}"
+}
+
+function do_start() {
+  [ -e "${SSH_SOCKET}" ] && rm -f "${SSH_SOCKET}"
+  ${SSH} -M -S "${SSH_SOCKET}" -f -w 0:0 "${SSH_USER}"@"${REMOTE_EXTIP}" \
+          "${IFCFG}" tun0 "${REMOTE_IP}"/30 pointopoint "${LOCAL_IP}"
+  "${IFCFG}" tun0 "${LOCAL_IP}"/30 pointopoint "${REMOTE_IP}"
+
+#  send_mail "Tunnel has been started"
+}
+
+function do_stop() {
+  ${SSH} -S "${SSH_SOCKET}" -O exit "${SSH_USER}"@"${REMOTE_EXTIP}"
+  [ -e "${SSH_SOCKET}" ] && rm -f "${SSH_SOCKET}"
+
+# send_mail "Tunnel has been stoped"
+}
+
+function do_table() {
+  local PORT="${1}"
+
+  ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \
+         "${IPT}" -t nat -A PREROUTING --dst "${REMOTE_EXTIP}" -p tcp --dport "${PORT}" -j DNAT --to-destination "${LOCAL_IP}"
+  ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \
+         "${IPT}" -t nat -A POSTROUTING --dst "${LOCAL_IP}" -p tcp --dport "${PORT}" -j SNAT --to-source "${REMOTE_IP}"
+  ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \
+         "${IPT}" -t nat -A OUTPUT --dst "${REMOTE_EXTIP}" -p tcp --dport "${PORT}" -j DNAT --to-destination "${LOCAL_IP}"
+  ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \
+         "${IPT}" -I FORWARD 1 -i "${REMOTE_EXTIF}" -o tun0 -d "${LOCAL_IP}" -p tcp -m tcp --dport "${PORT}" -j ACCEPT
+}
+
+function do_clear_table() {
+  ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" "${IPT}" -t nat -F
+  ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" "${IPT}" -t nat -X
+}
+
+function do_add_table() {
+  local PORT
+  for PORT in ${PORTS}; do do_table "${PORT}"; done
+}
+
+function do_restart() {
+  if do_ping; then
+    do_clear_table
+    do_stop
+  fi
+  do_start
+  sleep 2
+  do_add_table
+}
+
+function do_ping() {
+  ping -c 4 -q "${REMOTE_IP}" &> /dev/null && return 0 || return 1
+}
+
+function do_daemon() {
+  while true; do
+    sleep "${SLEEPTIME}"
+    echo "Check tunnel"
+    if ! do_ping; then
+      echo "Restart tunnel"
+      do_restart
+    fi
+  done
+}
+
+
+case "${1}" in
+  start)
+        echo "Start tunnel"
+        do_ping && exit 0
+        do_start
+        sleep 2
+        do_add_table
+        ;;
+  stop)
+        echo "Stop tunnel"
+        do_ping || exit 0
+        do_clear_table
+        do_stop
+        ;;
+  restart)
+        echo "Restart tunnel"
+        if do_ping; then
+          do_restart
+        else
+          do_start
+          sleep 2
+          do_add_table
+        fi
+        ;;
+  ping)
+        if do_ping; then
+          echo "Active"
+          exit 0
+        else
+          echo "Inactive"
+          exit 1
+        fi
+        ;;
+  check)
+        if ! do_ping; then
+          echo "Restart tunnel"
+          do_restart
+        fi
+        ;;
+  daemon)
+        do_daemon
+        ;;
+  *)
+        echo "Usage tunctl start|stop|restart|ping|check|daemon"
+        exit 1
+        ;;
+esac
+
+exit 0