Avec la contribution de certains de nos coll\u00e8gues, nous publions quelques scripts pour Linux permettant de g\u00e9rer la connexion et la d\u00e9connexion automatique au serveur VPN.
\nJean-Michel Carricand nous \u00e0 fait un script tr\u00e8s simple de connexion :<\/p>\n
#! \/bin\/bash\r\nfunction usage() {\r\n echo \"Usage: $0 {start|stop|restart} connection_name password\"\r\n exit 1\r\n}\r\nCONN=\"$2\"\r\nPASS=\"$3\"\r\nDEFAULTROUTE=`route -n | grep '^0.0.0.0' | tr -s ' ' ' ' | cut -d' ' -f2`\r\ncase \"$1\" in\r\n start)\r\n [ -z \"$2\" -o -z \"$3\" ] && usage\r\n $0 stop\r\n \/etc\/init.d\/ipsec start; sleep 2\r\n ipsec auto --up ufc-vpn; sleep 2\r\n route add 194.57.91.250 gw $DEFAULTROUTE\r\n \/etc\/init.d\/xl2tpd start; sleep 2\r\n echo \"c $CONN passwordfd $PASS\" > \/var\/run\/xl2tpd\/l2tp-control\r\n\t;;\r\n stop)\r\n echo \"d $CONN\" > \/var\/run\/xl2tpd\/l2tp-control; sleep 2\r\n \/etc\/init.d\/xl2tpd stop\r\n ipsec auto --down ufc-vpn\r\n \/etc\/init.d\/ipsec stop\r\n route del 194.57.91.250 gw $DEFAULTROUTE\r\n\t;;\r\n restart)\r\n $0 stop\r\n $0 start\r\n\t;;\r\n *)\r\n usage\r\n\t;;\r\nesac<\/small><\/pre>\nJ\u00e9r\u00f4me Rabouille (UFR-STGI) :<\/p>\n
#!\/bin\/bash\r\n# Ecrit par J\u00e9r\u00f4me Rabouille \/ UFR STGI\r\n# Montage du VPN UFC sous linux avec IPSEC(openswan) \/ xl2tpd\r\n# Test\u00e9 sous Ubuntu Hardy<\/em><\/small>\r\n\r\nVPN_NAME=\"ufc-vpn\" #nom du vpn dans \/etc\/ipsec\/conf<\/em>\r\nMACHINE_NAME_XL2TPD=ma_machine #nom de la machine dans \/etc\/xl2tpd\/xl2tpd.conf<\/em><\/small>\r\n\r\nL2TPD_SCRIPT=\/etc\/init.d\/xl2tpd\r\nL2TPD_PIPE=\/var\/run\/xl2tpd\/l2tp-control\r\nIPSEC_SCRIPT=\/etc\/init.d\/ipsec\r\nIPSEC_COMMAND=\/usr\/sbin\/ipsec<\/small>\r\n\r\nif [ \"$UID\" = \"0\" ]; then\r\n case \"$1\" in\r\n start)\r\n echo \"Saisir le mot de passe(ENT): \"\r\n read -s PASSWORD\r\n $IPSEC_SCRIPT start > \/dev\/null\r\n $L2TPD_SCRIPT start > \/dev\/null\r\n sleep 2\r\n $IPSEC_COMMAND auto --up $VPN_NAME > \/dev\/null\r\n echo \"c $MACHINE_NAME_XL2TPD passwordfd $PASSWORD\" > $L2TPD_PIPE\r\n sleep 3\r\n ppp_ip=\"`\/sbin\/ifconfig ppp0 | grep 'inet adr' | awk '{print $2}' | sed -e 's\/.*:\/\/'`\"\r\n echo \"IP LOCAL UFC:\" $ppp_ip\r\n ;;\r\n stop)\r\n echo \"d $MACHINE_NAME_XL2TPD\" > $L2TPD_PIPE\r\n $IPSEC_COMMAND auto --down $VPN_NAME > \/dev\/null\r\n sleep 2\r\n $L2TPD_SCRIPT stop > \/dev\/null\r\n $IPSEC_SCRIPT stop > \/dev\/null\r\n ;;\r\n *)\r\n echo \"usage: \"$0 \"[start|stop]\"\r\n echo \"Montage du VPN de l'UFC\"\r\n ;;\r\n esac\r\nelse\r\n echo \"ERREUR: Vous devez \u00eatre super utilisateur!\"\r\n exit 1\r\nfi\r\nexit 0\r\n<\/small><\/pre>\nC\u00e9dric Clerget (FEMTO-ST) :
\nAlors j’ai not\u00e9 quelques probl\u00e8mes sur mon PC du boulot et mon PC perso. Les deux PC tournent avec une Debian ETCH 64 bits. La connexion se fait sans probl\u00e8me, petit hic, si je souhaite utiliser les DNS FEMTO-ST lorsque je me connecte au realm femto-st je dois \u00e9diter \/etc\/resolv.conf afin d’y ajouter :
\nsearch femto-st.fr
\nnameserver 172.20.208.80
\nC’est ce que fait le script une fois connect\u00e9 (script intrusif, n’h\u00e9sitez pas a sauvegarder \/etc\/l2tp et \/etc\/ipsec avant).<\/p>\n
\r\n#! \/bin\/sh\r\n# A changer selon le lieu d'ou vous vous connectez<\/em>\r\nPASSERELLE=\"192.168.1.254\"\r\n# A changer selon votre localisation g\u00e9ographique<\/em>\r\nSERVEUR_VPN=\"194.57.91.250\"\r\n# chemin du certificat utilisateur<\/em>\r\nUSER_CERT=\"\/etc\/ipsec.d\/certs\/mycert.pem\"\r\n# La connexion au VPN impose l'utilisation unique du r\u00e9seau de l'UFC,\r\n# et par cons\u00e9quent l'utilisation du proxy de l'UFC afin de pouvoir surfer.\r\n# Si vous souhaitez utiliser votre connexion pour le surf ou autres choses\r\n# tout en restant dans le r\u00e9seau UFC, vous le pouvez en mettant la valeur\r\n# du champs suivant \u00e0 1<\/em>\r\nDUALROUTE_ACTIVE=1\r\nDUALROUTE_SCRIPT=\"\/etc\/ppp\/ip-up.d\/dualroute\"<\/small>\r\n\r\n# Pour la restauration des DNS de votre connexion internet, car la restauration\r\n# ne fonctionne pas avec pppd (bug ? feature ?)<\/em>\r\nRESOLV_BACKUP=\"\/etc\/resolv.conf.pppd-backup\"<\/small>\r\n\r\n# si vous d\u00e9sirez remplacer les DNS par d\u00e9faut attribuer lors de la connexion, sinon commentez les 5 lignes suivantes<\/em>\r\nRESOLV_CONF=`\r\ncat << RESOLV_CONF\r\nsearch femto-st.fr\r\nnameserver 172.20.208.80\r\nRESOLV_CONF`<\/small>\r\n\r\ninitialisation () {\r\n# Demande de saisi de l'utilisateur et du mot de passe<\/em>\r\n echo -n \"Utilisateur (ex : identifiant@realm) : \"\r\n read USER\r\n echo -n \"Mot de passe : \"\r\n read -s PASSWORD\r\n echo \"\"\r\n echo \"Connexion en cours ...\"<\/small>\r\n\r\n# g\u00e9n\u00e9ration du fichier \/etc\/ppp\/ip-up.d\/dualroute<\/em>\r\nDUALROUTE=`\r\ncat << DUALROUTE\r\n#!\/bin\/sh\r\nroute add -net 172.20.0.0 netmask 255.255.0.0 dev \\\\$1\r\nDUALROUTE`<\/small>\r\n\r\n# g\u00e9n\u00e9ration du fichier \/etc\/ipsec.conf<\/em>\r\nIPSEC_CONF=`\r\ncat << IPSEC_CONF\r\nversion 2\r\nconfig setup\r\nuniqueids=yes\r\nnhelpers=0\r\nnat_traversal=yes<\/small>\r\n\r\nconn %default\r\nauthby=rsasig\r\nleftrsasigkey=%cert\r\nrightrsasigkey=%cert\r\ntype=transport\r\nkeyingtries=1<\/small>\r\n\r\ninclude \/etc\/ipsec.d\/examples\/no_oe.conf<\/small>\r\n\r\nconn ufc-vpn\r\nrightprotoport=17\/1701\r\nleftprotoport=17\/1701\r\nkeyexchange=ike\r\npfs=no\r\nauto=add\r\nleft=%defaultroute\r\nleftcert=$USER_CERT\r\nleftrsasigkey=%cert\r\nright=$SERVEUR_VPN\r\nrightrsasigkey=%cert\r\nrightca=%same\r\nleftnexthop=$PASSERELLE\r\nIPSEC_CONF`\r\n\r\n# g\u00e9n\u00e9ration du fichier \/etc\/xl2tpd\/xl2tpd.conf<\/em>\r\nXL2TP_CONF=`\r\ncat << XL2TP_CONF\r\n[global]\r\nport = 1701\r\naccess control = no<\/small>\r\n\r\n[lac machine_lambda]\r\nlns = $SERVEUR_VPN\r\nredial = yes\r\nredial timeout = 10\r\nmax redials = 10\r\nlength bit = yes\r\nrefuse authentication = yes\r\nrefuse chap = yes\r\nrequire pap = yes\r\nname = perso\r\nppp debug = yes\r\npppoptfile = \/etc\/ppp\/options.l2tpd.client\r\nXL2TP_CONF`<\/small>\r\n\r\n# g\u00e9n\u00e9ration du fichier \/etc\/ppp\/options.l2tpd.client<\/em>\r\nif [ $DUALROUTE_ACTIVE == 0 ]; then\r\n REPLACEROUTE_OPTION=\"replacedefaultroute\"\r\nelse\r\n REPLACEROUTE_OPTION=\"noreplacedefaultroute\"\r\nfi\r\nOPTIONS_L2TP=`\r\ncat << OPTIONS_L2TP\r\ndefaultroute\r\n$REPLACEROUTE_OPTION\r\ndebug\r\nlock\r\nuser $USER\r\nnoipdefault\r\nusepeerdns\r\nnoauth\r\nlcp-echo-interval 20\r\nlcp-echo-failure 10\r\nnoaccomp\r\nOPTIONS_L2TP`<\/small>\r\n\r\n}<\/small>\r\n\r\ncase \"$1\" in\r\nstart)\r\n initialisation\r\n echo -e \"$IPSEC_CONF\" > \/etc\/ipsec.conf\r\n echo -e \"$XL2TP_CONF\" > \/etc\/xl2tpd\/xl2tpd.conf\r\n echo -e \"$OPTIONS_L2TP\" > \/etc\/ppp\/options.l2tpd.client\r\n if [[ ! -e $DUALROUTE_SCRIPT && $DUALROUTE_ACTIVE == 1 ]]; then\r\n echo -e \"$DUALROUTE\" > $DUALROUTE_SCRIPT\r\n chmod +x $DUALROUTE_SCRIPT\r\n fi\r\n \/etc\/init.d\/ipsec start > \/dev\/null && \/etc\/init.d\/xl2tpd start > \/dev\/null\r\n sleep 3\r\n if [ ! -z \"$PASSWORD\" ]; then\r\n ipsec auto --up ufc-vpn > \/dev\/null && echo \"c machine_lambda passwordfd $PASSWORD\" > \/var\/run\/xl2tpd\/l2tp-control\r\n fi\r\n if [ ! -z \"$RESOLV_CONF\" ]; then\r\n sleep 6\r\n echo -e \"$RESOLV_CONF\" > \/etc\/resolv.conf\r\n fi\r\n;;\r\nstop)\r\n echo -e \"D\u00e9connexion en cours ...\"\r\n echo \"d machine_lambda\" > \/var\/run\/xl2tpd\/l2tp-control && ipsec auto --down ufc-vpn > \/dev\/null\r\n\/etc\/init.d\/ipsec stop > \/dev\/null && \/etc\/init.d\/xl2tpd stop > \/dev\/null\r\n# restauration du fichier \/etc\/resolv.conf \u00e9craser par la connexion VPN<\/em>\r\n if [ -e \"$RESOLV_BACKUP\" ]; then\r\n mv $RESOLV_BACKUP \/etc\/resolv.conf\r\n fi\r\n# restauration de la route par d\u00e9faut afin de pouvoir utiliser de nouveau sa connexion internet<\/em>\r\n if [ $DUALROUTE_ACTIVE == 0 ]; then\r\n route add default gw $PASSERELLE\r\n fi\r\n rm -f $DUALROUTE_SCRIPT\r\n;;\r\n*)\r\n echo \"Usage: connexion-vpn {start|stop}\" >&2\r\n exit 3\r\n;;\r\nesac<\/small>\r\n:<\/small><\/pre>\n","protected":false},"excerpt":{"rendered":"Avec la contribution de certains de nos coll\u00e8gues, nous publions quelques scripts pour Linux permettant de g\u00e9rer la connexion et la d\u00e9connexion automatique au serveur VPN. Jean-Michel Carricand nous \u00e0 fait un script tr\u00e8s simple de connexion : #! \/bin\/bash function usage() { echo \u00ab\u00a0Usage: $0 {start|stop|restart} connection_name password\u00a0\u00bb exit 1 } CONN=\u00a0\u00bb$2″ PASS=\u00a0\u00bb$3″ DEFAULTROUTE=`route […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[103,104,6,102],"class_list":["post-97","post","type-post","status-publish","format-standard","hentry","category-informations-utilisateurs","tag-auto-connexion","tag-auto-deconnexion","tag-linux","tag-script"],"_links":{"self":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/97","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=97"}],"version-history":[{"count":0,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=\/wp\/v2\/posts\/97\/revisions"}],"wp:attachment":[{"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=97"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=97"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vpn.univ-fcomte.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=97"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}