-
Notifications
You must be signed in to change notification settings - Fork 33
/
linuxnva_autoconfig.sh
46 lines (46 loc) · 2.2 KB
/
linuxnva_autoconfig.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/bin/bash
if [[ -f /root/azure.nva.sas ]] && [[ -f /root/azure.nva.account ]] && [[ -f /root/azure.nva.guid ]]
then
echo "INFO: Configuration files found"
sas=$(sudo cat /root/azure.nva.sas)
storage_account_name=$(sudo cat /root/azure.nva.account)
storage_container_name=$(sudo cat /root/azure.nva.guid)
wget "https://${storage_account_name}.blob.core.windows.net/${storage_container_name}/ipsec.conf?${sas}" -O ./ipsec.conf
wget "https://${storage_account_name}.blob.core.windows.net/${storage_container_name}/ipsec.secrets?${sas}" -O ./ipsec.secrets
wget "https://${storage_account_name}.blob.core.windows.net/${storage_container_name}/bird.conf?${sas}" -O ./bird.conf
wget "https://${storage_account_name}.blob.core.windows.net/${storage_container_name}/vti.csv?${sas}" -O ./vti.csv.new
if [[ -n "$(diff ./ipsec.conf /etc/ipsec.conf)" ]] || [[ -n "$(diff ./ipsec.secrets /etc/ipsec.secrets)" ]]
then
sudo cp ./ipsec.conf /etc/ipsec.conf
sudo cp ./ipsec.secrets /etc/ipsec.secrets
sudo systemctl restart ipsec
fi
if [[ -n "$(diff ./bird.conf /etc/bird/bird.conf)" ]]
then
sudo cp ./bird.conf /etc/bird/bird.conf
sudo systemctl restart bird
fi
touch ./vti.csv
if [[ -n "$(diff ./vti.csv.new ./vti.csv)" ]]
then
while read line; do
local_pip=$(echo "$line" | cut -d, -f 1)
local_ip=$(echo "$line" | cut -d, -f 2)
remote_pip=$(echo "$line" | cut -d, -f 3)
remote_ip=$(echo "$line" | cut -d, -f 4)
if_name=$(echo "$line" | cut -d, -f 5)
if_mark=$(echo "$line" | cut -d, -f 6)
sudo ip tunnel add "$if_name" local "$local_ip" remote "$remote_pip" mode vti key "$if_mark"
sudo ip link set up dev "$if_name"
sudo sysctl -w "net.ipv4.conf.${if_name}.disable_policy=1"
sudo ip route add "${remote_ip}/32" dev "${if_name}"
sudo sed -i 's/# install_routes = yes/install_routes = no/' /etc/strongswan.d/charon.conf
sudo systemctl restart ipsec
done <./vti.csv.new
mv ./vti.csv.new ./vti.csv
else
rm ./vti.csv.new
fi
else
echo "ERROR: Configuration files not found"
fi