diff --git a/README.md b/README.md index d2da0ee..fa634f2 100644 --- a/README.md +++ b/README.md @@ -7,3 +7,9 @@ cat .env | openssl enc -a -A -aes-256-cbc -salt -pbkdf2 -pass pass:'paspaspaps' # one line base64 password is in mybin file # last part of the command will check the encryption is OK or NOK ``` + +```bash +# dunno it is persistent or not, but script seems to configure it every time ... +sudo nmcli connection modify Nokia ipv4.dns-search cci.nokia.net,int.net.nokia.com,nsn-rdnet.net +curl -v https://infra.fi-646.vlab.nsn-rdnet.net:8443 +``` diff --git a/nix.sh b/nix.sh old mode 100644 new mode 100755 index 878ce69..8259786 --- a/nix.sh +++ b/nix.sh @@ -1,15 +1,40 @@ #!/bin/env bash set -e -u -o pipefail -DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" -VPN=vpn0 +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null && pwd)" +VPN=${VPN:-vpn0} + +down='false' + +while getopts ':d' flag; do + case "${flag}" in + d) down='true' ;; + *) + echo "sudonixe nokia-auto-vpn 'dot_env_secret password' " + exit 1 + ;; + esac +done + +function route_cleanup() { + sudo ip route delete 10.0.0.0/8 dev $VPN metric 50 || true + sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true + sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true +} + +if [[ "$down" = "true" ]]; then + sudo nmcli connection down Nokia || true + route_cleanup + echo "VPN is down, routes cleared up, exiting..." + exit 0 +fi : ${1:?Missing decrypt pass} : ${2:?Missing topt but needed} -dot_env_secret=$(echo 'U2FsdGVkX19eQYx+TShrhfCxm+MxGCZjtv6PqltQuPsjeJWGZMu34C3zTGjjbq/+vF+/B5arScbw8tnZIqwQq7ISqGTHmDbPS9KqUokXFGEPYW43t9tC42XHMfPtWVrimHS1HENS6U9A0+NSYrS1TQ==' | \ - openssl enc -aes-256-cbc -pbkdf2 -d -a -A -pass pass:$1) +dot_env_secret=$(echo 'U2FsdGVkX19eQYx+TShrhfCxm+MxGCZjtv6PqltQuPsjeJWGZMu34C3zTGjjbq/+vF+/B5arScbw8tnZIqwQq7ISqGTHmDbPS9KqUokXFGEPYW43t9tC42XHMfPtWVrimHS1HENS6U9A0+NSYrS1TQ==' | + openssl enc -aes-256-cbc -pbkdf2 -d -a -A -pass pass:$1) -export $( echo $dot_env_secret | grep "=" | grep -v "#" | xargs ) +export $(echo $dot_env_secret | grep "=" | grep -v "#" | xargs) : ${VPN_PEM_PASS:?Missing but needed} : ${VPN_USER:?Missing but needed} @@ -17,16 +42,17 @@ export $( echo $dot_env_secret | grep "=" | grep -v "#" | xargs ) expect $DIR/vpn.exp $VPN_PEM_PASS $VPN_USER $VPN_USER_PASS $2 -sudo ip route delete 10.0.0.0/8 dev $VPN metric 50 || true -sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true -sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true +# NOTE: check README.md for dns config +# EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN") +# NEW="${EXISTING:+$EXISTING,}cci.nokia.net" -EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN") -NEW="${EXISTING:+$EXISTING,}cci.nokia.net" +route_cleanup +# checks for ip is available after vpn connections (if not its somehow connection failed) vpn_ip="$(ip a l $VPN | awk '/inet / {print $2}' | cut -d/ -f1 | cut -d. -f1-3)" -if [[ -z $vpn_ip ]] ; then - exit 1 +if [[ -z $vpn_ip ]]; then + echo "Connection failed somehow?!" + exit 1 fi sudo ip route add 10.0.0.0/8 dev $VPN metric 50