alfonzso/nokia-auto-vpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added README.md and down function

Browse Source
This commit is contained in:
Zsolt Alföldi
2025-12-31 04:23:14 +01:00
parent 0c5f368d33
commit 45efe9cf38
2 changed files with 44 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -7,3 +7,9 @@ cat .env | openssl enc -a -A -aes-256-cbc -salt -pbkdf2 -pass pass:'paspaspaps'
# one line base64 password is in mybin file # one line base64 password is in mybin file
# last part of the command will check the encryption is OK or NOK # last part of the command will check the encryption is OK or NOK
``` ```
```bash
# dunno it is persistent or not, but script seems to configure it every time ...
sudo nmcli connection modify Nokia ipv4.dns-search cci.nokia.net,int.net.nokia.com,nsn-rdnet.net
curl -v https://infra.fi-646.vlab.nsn-rdnet.net:8443
```

50
nix.sh Normal file → Executable file
View File

@@ -1,15 +1,40 @@
#!/bin/env bash #!/bin/env bash
set -e -u -o pipefail set -e -u -o pipefail
DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null && pwd)" DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null && pwd)"
VPN=vpn0 VPN=${VPN:-vpn0}
down='false'
while getopts ':d' flag; do
case "${flag}" in
d) down='true' ;;
*)
echo "sudonixe nokia-auto-vpn 'dot_env_secret password' <TOPT for MS authenticator>"
exit 1
;;
esac
done
function route_cleanup() {
sudo ip route delete 10.0.0.0/8 dev $VPN metric 50 || true
sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true
sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true
}
if [[ "$down" = "true" ]]; then
sudo nmcli connection down Nokia || true
route_cleanup
echo "VPN is down, routes cleared up, exiting..."
exit 0
fi
: ${1:?Missing decrypt pass} : ${1:?Missing decrypt pass}
: ${2:?Missing topt but needed} : ${2:?Missing topt but needed}
dot_env_secret=$(echo 'U2FsdGVkX19eQYx+TShrhfCxm+MxGCZjtv6PqltQuPsjeJWGZMu34C3zTGjjbq/+vF+/B5arScbw8tnZIqwQq7ISqGTHmDbPS9KqUokXFGEPYW43t9tC42XHMfPtWVrimHS1HENS6U9A0+NSYrS1TQ==' | \ dot_env_secret=$(echo 'U2FsdGVkX19eQYx+TShrhfCxm+MxGCZjtv6PqltQuPsjeJWGZMu34C3zTGjjbq/+vF+/B5arScbw8tnZIqwQq7ISqGTHmDbPS9KqUokXFGEPYW43t9tC42XHMfPtWVrimHS1HENS6U9A0+NSYrS1TQ==' |
openssl enc -aes-256-cbc -pbkdf2 -d -a -A -pass pass:$1) openssl enc -aes-256-cbc -pbkdf2 -d -a -A -pass pass:$1)
export $( echo $dot_env_secret | grep "=" | grep -v "#" | xargs ) export $(echo $dot_env_secret | grep "=" | grep -v "#" | xargs)
: ${VPN_PEM_PASS:?Missing but needed} : ${VPN_PEM_PASS:?Missing but needed}
: ${VPN_USER:?Missing but needed} : ${VPN_USER:?Missing but needed}
@@ -17,16 +42,17 @@ export $( echo $dot_env_secret | grep "=" | grep -v "#" | xargs )
expect $DIR/vpn.exp $VPN_PEM_PASS $VPN_USER $VPN_USER_PASS $2 expect $DIR/vpn.exp $VPN_PEM_PASS $VPN_USER $VPN_USER_PASS $2
sudo ip route delete 10.0.0.0/8 dev $VPN metric 50 || true # NOTE: check README.md for dns config
sudo ip route delete 100.0.0.0/8 dev $VPN metric 50 || true # EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN")
sudo ip route delete 135.0.0.0/8 dev $VPN metric 50 || true # NEW="${EXISTING:+$EXISTING,}cci.nokia.net"
EXISTING=$(nmcli -g ipv4.dns-search connection show "$VPN") route_cleanup
NEW="${EXISTING:+$EXISTING,}cci.nokia.net"
# checks for ip is available after vpn connections (if not its somehow connection failed)
vpn_ip="$(ip a l $VPN | awk '/inet / {print $2}' | cut -d/ -f1 | cut -d. -f1-3)" vpn_ip="$(ip a l $VPN | awk '/inet / {print $2}' | cut -d/ -f1 | cut -d. -f1-3)"
if [[ -z $vpn_ip ]] ; then if [[ -z $vpn_ip ]]; then
exit 1 echo "Connection failed somehow?!"
exit 1
fi fi
sudo ip route add 10.0.0.0/8 dev $VPN metric 50 sudo ip route add 10.0.0.0/8 dev $VPN metric 50