diff --git a/tunctl b/tunctl new file mode 100755 index 0000000..67277b6 --- /dev/null +++ b/tunctl @@ -0,0 +1,147 @@ +#!/bin/bash + +# ssh config +IDENTITY="/root/.ssh/id_rsa" +SSH_SOCKET="/run/ssh-tunnel.sock" +SSH_USER="root" +# network config +LOCAL_IP="10.0.0.2" +PORTS="5432 20 21 10090:10100" +REMOTE_IP="10.0.0.1" +REMOTE_EXTIP="185.82.216.108" +REMOTE_EXTIF="eth0" +# daemon +SLEEPTIME="5m" +# notifications +FROM="server@repo.arcanis.name" +TO="darkarcanis@mail.ru" +SUBJECT="Server status report" +# cmds +IFCFG="/sbin/ifconfig" +IPT="/sbin/iptables" +MAIL="/usr/bin/mail" +SSH="/usr/bin/ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \ + -o TCPKeepAlive=yes -o ServerAliveInterval=600 -o ServerAliveCountMax=360 \ + -o ControlMaster=auto -o PasswordAuthentication=no -i ${IDENTITY} " + + +function send_mail() { + local MESSAGE="${1}" + + echo "${MESSAGE}" | "${MAIL}" -r "${FROM}" -s "${SUBJECT}" "${TO}" +} + +function do_start() { + [ -e "${SSH_SOCKET}" ] && rm -f "${SSH_SOCKET}" + ${SSH} -M -S "${SSH_SOCKET}" -f -w 0:0 "${SSH_USER}"@"${REMOTE_EXTIP}" \ + "${IFCFG}" tun0 "${REMOTE_IP}"/30 pointopoint "${LOCAL_IP}" + "${IFCFG}" tun0 "${LOCAL_IP}"/30 pointopoint "${REMOTE_IP}" + +# send_mail "Tunnel has been started" +} + +function do_stop() { + ${SSH} -S "${SSH_SOCKET}" -O exit "${SSH_USER}"@"${REMOTE_EXTIP}" + [ -e "${SSH_SOCKET}" ] && rm -f "${SSH_SOCKET}" + +# send_mail "Tunnel has been stoped" +} + +function do_table() { + local PORT="${1}" + + ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \ + "${IPT}" -t nat -A PREROUTING --dst "${REMOTE_EXTIP}" -p tcp --dport "${PORT}" -j DNAT --to-destination "${LOCAL_IP}" + ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \ + "${IPT}" -t nat -A POSTROUTING --dst "${LOCAL_IP}" -p tcp --dport "${PORT}" -j SNAT --to-source "${REMOTE_IP}" + ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \ + "${IPT}" -t nat -A OUTPUT --dst "${REMOTE_EXTIP}" -p tcp --dport "${PORT}" -j DNAT --to-destination "${LOCAL_IP}" + ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" \ + "${IPT}" -I FORWARD 1 -i "${REMOTE_EXTIF}" -o tun0 -d "${LOCAL_IP}" -p tcp -m tcp --dport "${PORT}" -j ACCEPT +} + +function do_clear_table() { + ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" "${IPT}" -t nat -F + ${SSH} "${SSH_USER}"@"${REMOTE_EXTIP}" "${IPT}" -t nat -X +} + +function do_add_table() { + local PORT + for PORT in ${PORTS}; do do_table "${PORT}"; done +} + +function do_restart() { + if do_ping; then + do_clear_table + do_stop + fi + do_start + sleep 2 + do_add_table +} + +function do_ping() { + ping -c 4 -q "${REMOTE_IP}" &> /dev/null && return 0 || return 1 +} + +function do_daemon() { + while true; do + sleep "${SLEEPTIME}" + echo "Check tunnel" + if ! do_ping; then + echo "Restart tunnel" + do_restart + fi + done +} + + +case "${1}" in + start) + echo "Start tunnel" + do_ping && exit 0 + do_start + sleep 2 + do_add_table + ;; + stop) + echo "Stop tunnel" + do_ping || exit 0 + do_clear_table + do_stop + ;; + restart) + echo "Restart tunnel" + if do_ping; then + do_restart + else + do_start + sleep 2 + do_add_table + fi + ;; + ping) + if do_ping; then + echo "Active" + exit 0 + else + echo "Inactive" + exit 1 + fi + ;; + check) + if ! do_ping; then + echo "Restart tunnel" + do_restart + fi + ;; + daemon) + do_daemon + ;; + *) + echo "Usage tunctl start|stop|restart|ping|check|daemon" + exit 1 + ;; +esac + +exit 0