-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathsetup_gsngw.sh
227 lines (198 loc) · 6.92 KB
/
setup_gsngw.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
#!/bin/sh
#
# 使い方:
# $ url="https://raw.githubusercontent.com/geek-space-hq/setup_gsngw/master/setup_gsngw.sh";(curl -L "${url}" || wget -O - "${url}") > /tmp/s; sudo sh /tmp/s <ノード名> <IPアドレス>
#
if test -d /etc/tinc/gsnet; then
printf 'エラー: /etc/tinc/gsnet は既に存在します\n'
printf 'セットアップを中止します\n'
exit 1
fi
if echo "${1}" | grep -v '^[0-9a-z_][0-9a-z_]*$'; then
printf 'エラー: ノード名に使える文字は [a-z0-9_] のみです\n'
printf 'セットアップを中止します\n'
exit 1
fi
node_name="${1}"
ip_address="${2}"
printf 'NODE_NAME: %s\n' "${node_name}"
printf 'IP_ADDRESS: %s\n' "${ip_address}"
# tincのインストール
apt-get update
apt-get install -y tinc iptables
# 設定用ディレクトリの作成
mkdir /etc/tinc/gsnet
mkdir /etc/tinc/gsnet/hosts
# 自ノードのノード定義の作成
# いまのところ特に設定する内容は無い
sed 's/{NODE_NAME}/'"${node_name}"'/' > /etc/tinc/gsnet/hosts/"${node_name}" <<'EOF'
# {NODE_NAME}
EOF
#
# 接続先tincノードのノード定義ファイルの作成
#
## gsngw01 (miminashi拠点)
cat > /etc/tinc/gsnet/hosts/gsngw01 <<'EOF'
# gsngw01
Address = 153.127.23.44
Port = 655
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAs//3ZYJ7+cWRptqA/I6gzpvLL8DEG20pJYSMx6xcPunfazBnKb3w
ctz5xwJqTMpYzUQwTs0aIVqF/Rf3+yAIs/UPA1ToX3q3Lq588wIeIJ9R2jr9LOpU
o7dgDrE3GDdhOutgbGHqxWzsXlYVfQ1OLQtZFkyAJU5teK++cWmqpL15liZ+JxrI
Gkh+NnUVR1DJMh1eEWg/sZMYzIFKZ71BBduhDPo1vYzL83iqwB8LoKDNehd/zzSK
mBcxFLb8Bf2ob6c13cyISeFhuWVQMvV0HLDdddHUgBZqhPj9qmUSlnQ+EUHeiVRf
2DkrYX2zMIQ+FP0WCT9BdjVA/ZKnX72dtwIDAQAB
-----END RSA PUBLIC KEY-----
EOF
## suzukautako (島村拠点)
cat > /etc/tinc/gsnet/hosts/suzukautako <<'EOF'
# suzukautako
Address = 140.227.70.225
Port = 655
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAzzPh12lCjoWmnkyOFxQ4+ySQQ4WcYh11AdOoyGLTZCX3yA+jH6NO
2EJ6hx4kdvSEQfU1YRR5FJkD28nNsKYAoMhEsbRIJjn/uTCTw0NHFw6MbfDPgTlK
vqNhijTY3h3Z5mtciMm5Ooow4ZXywih3Ty2c8Gvc77jMMlWtZ+ay6XsSvFT26Cit
oFzKf2uGUT6JoibzTjZcXwfq/aMB4HDG5p5gpA80uYxrwbDnH5TTw6ZbKN2A0IZh
xgr5thmIcn+ihGgbJThZhQJ+UfRSlEYOx1TH5oRhUgcWvnNCuDpD7N2MAtZFSGPA
ouErT6lQ9C5K0qVk6n7Ou8UkvcZHO4qBaQIDAQAB
-----END RSA PUBLIC KEY-----
EOF
## linuweb (いるか拠点)
cat > /etc/tinc/gsnet/hosts/linuweb <<'EOF'
# linuweb
Address = dolphin-net.mydns.jp
Port = 655
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2U/CoLlNVBbbVmZthMJY874szpLNkxVzfKt0N5xaIyqd2x1fapev
OQjtodz1OnriyeL8hfVaHgqzDjpkWsCbdWrE1xqPZO5h66utspug6qbII4ntXXbq
KWUpM+6fZu0qtmp7hSCU//wJIqBGDC5AcQqmUdpY3Kv4knxQ5/F0g4XUyMrn58YM
4m+04UZ9OOQGgpyX4e2vS3VDN76Y/dbR+a8nzbhIcmPVzQhkqPcrC24fwYukvsjx
VGzpoWRx9iYbayS2D6hv5auhL1JBI4Zx+uNBuhIz4dAMMSyIksW9PthQsMPZbW+x
2Ga4SZlJDgLCLOpt8FPdccTWbo27dwpVGwIDAQAB
-----END RSA PUBLIC KEY-----
EOF
## nagasaki (にむC拠点)
cat > /etc/tinc/gsnet/hosts/nagasaki <<'EOF'
# nagasaki
Address = nagasaki.hiyoco.club
Port = 655
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA/hZ2f4TyZMHVuZ0xBaQFpqqGKM0fzSeWWbRO7/Tu/bnphPXnkKJy
oJ155eklyy1lc+Syt+MWs+epbyZz1dJZMLkf4b7Bi+M46bDrCYdod4P1KZsFfjFL
Pju/vthOEF3T3Wc8iQo7VcSM1IBu/ILBN+LPWiYRBf3+BDtRD1C1+lT5YR0DJaWO
rqD9Al+4XnPIjLUy0gw5h4+joC7FD2X2fbTksD+fk5rgysXlU/C6AncRU7U7iTBh
HJAoR6wVk4uf533Ri4C6wqAVUdUYNfGJCKf24is+Oun046iBUWu+fY6wCrdKpyGq
w97eARBoit60i6Z/coiYqBrYmewR0tSMzwIDAQAB
-----END RSA PUBLIC KEY-----
EOF
## rabbit_house(すみどら拠点)
cat > /etc/tinc/gsnet/hosts/rabbit_house <<'EOF'
# rabbit_house
Address = rabbit-house.smdr.io
Port = 655
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA2YqqCPwg9NgiYbUkHtGhUwQ83u0aIqLNdxeFBX8BatP1hVzXEUAW
/EzLV9SzvkAMKrYypiiJpS9mZ+hctuvGiA5Ci72txrrWW+/UHix9cAHinHRMkBCq
9MF8BzWsOfhyfcpBozRGfBscoBtq3w408m+YnNzp6hv8Q+nbQgWGYEj7P2PW3PUe
wVyh3oOu8PPtaRD1RYgoPdfzkYXmcJTVQFheuZ5dG3vZV3ttlghD9YrQSepzGpyG
X9sorXTYsVs/MJ2gNYGdvuoLJzAWsVNReeVmXC2R/arbtvWmM7QhTkIt7yyOiovh
f9gnQBP7NW0dNuP0jdQAt/2RU5KmXpoJJwIDAQAB
-----END RSA PUBLIC KEY-----
EOF
# tinc.conf の作成
# gsngw01 -> miminashi拠点, suzukautako -> 島村拠点
sed -e 's/{NODE_NAME}/'"${node_name}"'/' > /etc/tinc/gsnet/tinc.conf <<'EOF'
Name = {NODE_NAME}
Mode = switch
Device = /dev/net/tun
ConnectTo = gsngw01
ConnectTo = suzukautako
ConnectTo = linuweb
ConnectTo = nagasaki
ConnectTo = rabbit_house
EOF
# tinc-up スクリプトの作成
# このシェルスクリプトはVPNセッションの開始時に実行される
sed 's/{IP_ADDRESS}/'"${ip_address}"'/' > /etc/tinc/gsnet/tinc-up <<'EOF'
#!/bin/sh
ip link add br0 type bridge
ip link set br0 up
ip link set $INTERFACE up
ip link set dev $INTERFACE master br0
ip link set dev eth1 master br0
ip addr add {IP_ADDRESS}/8 dev br0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables-restore < /etc/tinc/gsnet/nat.iptables
EOF
chmod +x /etc/tinc/gsnet/tinc-up
# iptables(NAT)の設定ファイルの作成
cat > /etc/tinc/gsnet/nat.iptables <<'EOF'
# Generated by xtables-save v1.8.2 on Thu Jul 15 00:21:02 2021
*filter
:INPUT ACCEPT [46687:11733996]
:FORWARD ACCEPT [1617:74797]
:OUTPUT ACCEPT [295135:228581507]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i br0 -o eth0 -j DROP
COMMIT
# Completed on Thu Jul 15 00:21:02 2021
# Generated by xtables-save v1.8.2 on Thu Jul 15 00:21:02 2021
*nat
:PREROUTING ACCEPT [15990:4356696]
:INPUT ACCEPT [12944:3533125]
:POSTROUTING ACCEPT [410:45315]
:OUTPUT ACCEPT [175:24583]
-A POSTROUTING -o br0 -j MASQUERADE
COMMIT
# Completed on Thu Jul 15 00:21:02 2021
# Generated by xtables-save v1.8.2 on Thu Jul 15 00:21:02 2021
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Thu Jul 15 00:21:02 2021
# Generated by xtables-save v1.8.2 on Thu Jul 15 00:21:02 2021
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Thu Jul 15 00:21:02 2021
EOF
# tinc-down スクリプトの作成
# このシェルスクリプトはVPNセッションの終了時に実行される
cat > /etc/tinc/gsnet/tinc-down <<'EOF'
#!/bin/sh
ip link set dev $INTERFACE nomaster
ip link set dev $INTERFACE down
ip link set dev eth1 nomaster
ip link set dev br0 down
ip link del dev br0
EOF
chmod +x /etc/tinc/gsnet/tinc-down
# 鍵ペアの生成
# tincの src/conf.c:541 を見ると標準入力と標準出力のどちらかが端末でない場合はデフォルトのファイル名を用いるようなので、`| cat` をつけている
tincd -K -n gsnet | cat
# デバッグログの有効化
sed -i -e '/^# EXTRA="-d"$/ s/# //' /etc/default/tinc
# サービスの有効化
systemctl enable [email protected]
# 完了メッセージを表示する
printf '\n'
printf 'tincのセットアップが完了しました\n'
printf 'Discordの #闇ネット チャンネルに以下の内容をコピペしてください\n'
printf '\n'
printf '\e[34m' # 青くする
printf '```\n'
cat /etc/tinc/gsnet/hosts/"${node_name}"
printf '```\n'
printf '\e[m' # 元の色にする
printf '\n'
printf 'Enterを押すとOSを再起動します'
read -r l
reboot