-
Notifications
You must be signed in to change notification settings - Fork 12
Expand file tree
/
Copy pathvpnkillswitch.sh
More file actions
70 lines (60 loc) · 2.12 KB
/
vpnkillswitch.sh
File metadata and controls
70 lines (60 loc) · 2.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/bash
# Script to ensure VPN is running with kill switch functionality
DEBUG_MODE=true
DEBUG_PATH=/usr/vpnkillswitch/log.txt
restartVPN()
{
if [ "$DEBUG_MODE" = true ] ; then echo "Stopping Deluge..." >> $DEBUG_PATH ; fi
pkill deluged
if [ "$DEBUG_MODE" = true ] ; then echo "Restarting VPN..." >> $DEBUG_PATH ; fi
iptables -F
service openvpn restart
sleep 5
if [ "$DEBUG_MODE" = true ] ; then echo "Reconfiguring kill switch..." >> $DEBUG_PATH ; fi
# Get WAN IP
WAN_IP=$(wget -q -O - http://ipecho.net/plain)
# Configure IPTable rules
# Change eth0 to wlan0 (or whatever network interface is being used) for wireless
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
iptables -A INPUT -s 255.255.255.255 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/16 -d 10.0.0.0/16 -j ACCEPT
iptables -A OUTPUT -s 10.0.0.0/16 -d 10.0.0.0/16 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A OUTPUT -o eth0 ! -d $WAN_IP -j DROP
if [ "$DEBUG_MODE" = true ] ; then echo "Starting Deluge..." >> $DEBUG_PATH ; fi
deluged
}
VPN=$(service openvpn status)
PING=$(ping -c 1 google.com)
WAN_IP=$(wget -q -O - http://ipecho.net/plain)
IPT=$(iptables -L)
if [ "$DEBUG_MODE" = true ] ; then date >> $DEBUG_PATH ; fi
if [[ "$VPN" == *"is running"* ]]
then
if [ "$DEBUG_MODE" = true ] ; then echo "VPN is running" >> $DEBUG_PATH ; fi
if [[ "$PING" == *"1 received"* ]]
then
if [ "$DEBUG_MODE" = true ] ; then echo "Internet OK" >> $DEBUG_PATH ; fi
if [[ "$IPT" == *"$WAN_IP"* ]]
then
if [ "$DEBUG_MODE" = true ] ; then echo "IPTables OK" >> $DEBUG_PATH ; fi
else
if [ "$DEBUG_MODE" = true ] ; then echo "IPTables not configured properly" >> $DEBUG_PATH ; fi
restartVPN
fi
else
if [ "$DEBUG_MODE" = true ] ; then echo "Internet down... Need to restart VPN" >> $DEBUG_PATH ; fi
restartVPN
fi
else
if [ "$DEBUG_MODE" = true ] ; then echo "VPN is NOT running" >> $DEBUG_PATH ; fi
restartVPN
fi