always-on-openconnect-vpn/routing.sh

#!/bin/bash

ROUTE_FILE=routes.txt
DOMAIN_FILE=domains.txt

VPN_SLICE=vpn-slice

if ! command -v $VPN_SLICE &> /dev/null
then
    echo "$VPN_SLICE is not in path"

    if test -f "/usr/local/Cellar/vpn-slice/0.15/bin/vpn-slice"; then
        echo "Found vpn-slice elsewhere"
        VPN_SLICE="/usr/local/Cellar/vpn-slice/0.15/bin/vpn-slice"
    else
        echo "Please make sure vpn-slice is in path"
        exit
    fi
fi

if [ "$reason" != "connect" ]; then
  $VPN_SLICE
  exit
fi

echo "Setting up routing"

# Add subnet to list
add_subnet ()
{
    IP=${1%/*}
    S=${1#*/}
    M=$(( 0xffffffff ^ ((1 << (32-S)) -1) ))
    MASK="$(( (M>>24) & 0xff )).$(( (M>>16) & 0xff )).$(( (M>>8) & 0xff )).$(( M & 0xff ))"
	export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$IP
    export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=$MASK
    export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=$S
    export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1))

    echo "Adding subnet $IP with mask $MASK to list"
}

# Initialize empty split tunnel list
export CISCO_SPLIT_INC=0

# Delete DNS info provided by VPN server to use internet DNS
# Comment following line to use DNS beyond VPN tunnel
unset INTERNAL_IP4_DNS

if test -f "$ROUTE_FILE"; then
    echo "Loading subnets from $ROUTE_FILE"
    while read p; do
        case "$p" in \#*) continue ;; esac
        if [ "$p" != "" ]; then
            echo "Subnet: ${p}"
            add_subnet $p
        fi
    done <$ROUTE_FILE

else
    echo "$ROUTE_FILE does not exist. This should not happen."
fi

if test -f "$DOMAIN_FILE"; then
    echo "Loading domains from $DOMAIN_FILE"
    while read d; do
        case "$d" in \#*) continue ;; esac
        echo "Domain: ${d}"
        if [ "$d" != "" ]; then
            for p in `dig +short "$d" a | grep '^[.0-9]*$'`; do
                echo "Resolved IP for domain ${d}: ${p}"
                add_subnet $p/32
            done
        fi
    done <$DOMAIN_FILE

else
    echo "$DOMAIN_FILE does not exist. Ignoring."
fi

# Load default script
$VPN_SLICE -S
Added subnet routing support 2020-12-17 23:05:16 +00:00			`#!/bin/bash`

			`ROUTE_FILE=routes.txt`
Allow specifying external domain names to be routed through VPN 2023-12-14 14:45:26 +00:00			`DOMAIN_FILE=domains.txt`
Added subnet routing support 2020-12-17 23:05:16 +00:00
			`VPN_SLICE=vpn-slice`

			`if ! command -v $VPN_SLICE &> /dev/null`
			`then`
			`echo "$VPN_SLICE is not in path"`

			`if test -f "/usr/local/Cellar/vpn-slice/0.15/bin/vpn-slice"; then`
			`echo "Found vpn-slice elsewhere"`
			`VPN_SLICE="/usr/local/Cellar/vpn-slice/0.15/bin/vpn-slice"`
			`else`
			`echo "Please make sure vpn-slice is in path"`
			`exit`
			`fi`
			`fi`

			`if [ "$reason" != "connect" ]; then`
			`$VPN_SLICE`
			`exit`
			`fi`

			`echo "Setting up routing"`

			`# Add subnet to list`
			`add_subnet ()`
			`{`
			`IP=${1%/*}`
			`S=${1#*/}`
			`M=$(( 0xffffffff ^ ((1 << (32-S)) -1) ))`
			`MASK="$(( (M>>24) & 0xff )).$(( (M>>16) & 0xff )).$(( (M>>8) & 0xff )).$(( M & 0xff ))"`
			`export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_ADDR=$IP`
			`export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASK=$MASK`
			`export CISCO_SPLIT_INC_${CISCO_SPLIT_INC}_MASKLEN=$S`
			`export CISCO_SPLIT_INC=$(($CISCO_SPLIT_INC + 1))`

			`echo "Adding subnet $IP with mask $MASK to list"`
			`}`

			`# Initialize empty split tunnel list`
			`export CISCO_SPLIT_INC=0`

			`# Delete DNS info provided by VPN server to use internet DNS`
			`# Comment following line to use DNS beyond VPN tunnel`
			`unset INTERNAL_IP4_DNS`

			`if test -f "$ROUTE_FILE"; then`
			`echo "Loading subnets from $ROUTE_FILE"`
			`while read p; do`
			`case "$p" in \#*) continue ;; esac`
Allow specifying external domain names to be routed through VPN 2023-12-14 14:45:26 +00:00			`if [ "$p" != "" ]; then`
			`echo "Subnet: ${p}"`
			`add_subnet $p`
			`fi`
Added subnet routing support 2020-12-17 23:05:16 +00:00			`done <$ROUTE_FILE`

			`else`
			`echo "$ROUTE_FILE does not exist. This should not happen."`
			`fi`

Allow specifying external domain names to be routed through VPN 2023-12-14 14:45:26 +00:00			`if test -f "$DOMAIN_FILE"; then`
			`echo "Loading domains from $DOMAIN_FILE"`
			`while read d; do`
			`case "$d" in \#*) continue ;; esac`
			`echo "Domain: ${d}"`
			`if [ "$d" != "" ]; then`
			for p in `dig +short "$d" a \| grep '^[.0-9]*$'`; do
			`echo "Resolved IP for domain ${d}: ${p}"`
			`add_subnet $p/32`
			`done`
			`fi`
			`done <$DOMAIN_FILE`

			`else`
			`echo "$DOMAIN_FILE does not exist. Ignoring."`
			`fi`

Added subnet routing support 2020-12-17 23:05:16 +00:00			`# Load default script`
			`$VPN_SLICE -S`