From 31dfb04e021087827055c6223532bfb25757b73e Mon Sep 17 00:00:00 2001 From: jdgregson Date: Fri, 22 Jan 2021 21:17:39 -0800 Subject: [PATCH 1/4] OpenVPN: button cycles through VPN configs or resets connection --- .../library/remote-access/openvpn/payload.sh | 50 ++++++++++++++++--- 1 file changed, 42 insertions(+), 8 deletions(-) diff --git a/payloads/library/remote-access/openvpn/payload.sh b/payloads/library/remote-access/openvpn/payload.sh index 37bf7b3..be55d7b 100755 --- a/payloads/library/remote-access/openvpn/payload.sh +++ b/payloads/library/remote-access/openvpn/payload.sh @@ -1,15 +1,16 @@ #!/bin/bash -# +# # Title: OpenVPN -# Description: Create a connection to a VPN-connection to an OpenVPN-server. Optionally: Send traffic from the clients through said tunnel. +# Description: Create a VPN connection to an OpenVPN server. Optionally, send +# traffic from the clients through said tunnel. # Author: Hak5 -# Version: 1.0 +# Version: 1.1 # Category: remote-access # Target: Any # Net Mode: BRIDGE, VPN # Set to 1 to allow clients to use the VPN -FOR_CLIENTS=0 +FOR_CLIENTS=1 DNS_SERVER="8.8.8.8" @@ -29,12 +30,9 @@ function start() { DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) - # Update factory default payload - cp ${DIR}/payload.sh /root/payloads/switch3/payload.sh - # Set NETMODE to BRIDGE and wait 3 seconds # to ensure that things can settle - + [[ "$FOR_CLIENTS" == "1" ]] && { /usr/bin/NETMODE VPN } || { @@ -56,6 +54,42 @@ function start() { setdns & LED ATTACK + + # Cycle between VPN configs when the button is pressed. The default + # "config.ovpn" will be loaded on startup, and pressing the button will + # cycle through all numbered VPN configs. To use this, add additional VPN + # configs named "config1.ovpn", "config2.ovpn", etc. + # + # If no numbered configs exist, the button functions as a way to reset the + # VPN connection. + while true; do + NO_LED=true BUTTON + + # Stop openvpn and update the LED + LED SETUP + /etc/init.d/openvpn stop + + # Determine which config to load next + configpath=$(uci get openvpn.vpn.config) + configfile=$(echo "${configpath}" | grep -Eo 'config[0-9]*') + confignumber=$(echo "${configfile}" | grep -Eo '[0-9]*') + if [ -z "${confignumber}" ]; then + confignumber="0" + fi + nextconfignumber="$(($confignumber + 1))" + if [ -f "${DIR}/config${nextconfignumber}.ovpn" ]; then + uci set openvpn.vpn.config="${DIR}/config${nextconfignumber}.ovpn" + elif [ -f "${DIR}/config1.ovpn" ]; then + uci set openvpn.vpn.config="${DIR}/config1.ovpn" + else + uci set openvpn.vpn.config="${DIR}/config.ovpn" + fi + uci commit + + # Start openvpn and update the LED + /etc/init.d/openvpn start + LED ATTACK + done } # Start the payload From 32d21937c523e61411e9d5a9f69500a962c227e8 Mon Sep 17 00:00:00 2001 From: jdgregson Date: Fri, 22 Jan 2021 21:21:27 -0800 Subject: [PATCH 2/4] Set FOR_CLIENTS back to 0 --- .../library/remote-access/openvpn/payload.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/payloads/library/remote-access/openvpn/payload.sh b/payloads/library/remote-access/openvpn/payload.sh index be55d7b..03ca124 100755 --- a/payloads/library/remote-access/openvpn/payload.sh +++ b/payloads/library/remote-access/openvpn/payload.sh @@ -1,16 +1,16 @@ #!/bin/bash # -# Title: OpenVPN -# Description: Create a VPN connection to an OpenVPN server. Optionally, send -# traffic from the clients through said tunnel. -# Author: Hak5 -# Version: 1.1 -# Category: remote-access -# Target: Any -# Net Mode: BRIDGE, VPN +# Title: OpenVPN +# Description: Create a VPN connection to an OpenVPN server. Optionally, send +# traffic from the clients through said tunnel. +# Author: Hak5 +# Version: 1.1 +# Category: remote-access +# Target: Any +# Net Mode: BRIDGE, VPN # Set to 1 to allow clients to use the VPN -FOR_CLIENTS=1 +FOR_CLIENTS=0 DNS_SERVER="8.8.8.8" From 9d2b2615a5518a4513b8f972053f23b02e187a6a Mon Sep 17 00:00:00 2001 From: jdgregson Date: Fri, 22 Jan 2021 21:32:19 -0800 Subject: [PATCH 3/4] Misc formatting fixes --- payloads/library/remote-access/openvpn/payload.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/payloads/library/remote-access/openvpn/payload.sh b/payloads/library/remote-access/openvpn/payload.sh index 03ca124..a848ec6 100755 --- a/payloads/library/remote-access/openvpn/payload.sh +++ b/payloads/library/remote-access/openvpn/payload.sh @@ -30,9 +30,7 @@ function start() { DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) - # Set NETMODE to BRIDGE and wait 3 seconds - # to ensure that things can settle - + # Set NETMODE to BRIDGE and wait 3 seconds to ensure that things can settle [[ "$FOR_CLIENTS" == "1" ]] && { /usr/bin/NETMODE VPN } || { @@ -71,8 +69,8 @@ function start() { # Determine which config to load next configpath=$(uci get openvpn.vpn.config) - configfile=$(echo "${configpath}" | grep -Eo 'config[0-9]*') - confignumber=$(echo "${configfile}" | grep -Eo '[0-9]*') + configfile=$(echo "${configpath}" | grep -Eo "config[0-9]*") + confignumber=$(echo "${configfile}" | grep -Eo "[0-9]*") if [ -z "${confignumber}" ]; then confignumber="0" fi From 6e01d57d7520934d81cb0aa01e4f78bcf8b37f20 Mon Sep 17 00:00:00 2001 From: jdgregson Date: Fri, 22 Jan 2021 22:54:07 -0800 Subject: [PATCH 4/4] Simplified VPN config cycling --- .../library/remote-access/openvpn/payload.sh | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/payloads/library/remote-access/openvpn/payload.sh b/payloads/library/remote-access/openvpn/payload.sh index a848ec6..4a8734a 100755 --- a/payloads/library/remote-access/openvpn/payload.sh +++ b/payloads/library/remote-access/openvpn/payload.sh @@ -60,6 +60,7 @@ function start() { # # If no numbered configs exist, the button functions as a way to reset the # VPN connection. + next=1 while true; do NO_LED=true BUTTON @@ -68,21 +69,15 @@ function start() { /etc/init.d/openvpn stop # Determine which config to load next - configpath=$(uci get openvpn.vpn.config) - configfile=$(echo "${configpath}" | grep -Eo "config[0-9]*") - confignumber=$(echo "${configfile}" | grep -Eo "[0-9]*") - if [ -z "${confignumber}" ]; then - confignumber="0" - fi - nextconfignumber="$(($confignumber + 1))" - if [ -f "${DIR}/config${nextconfignumber}.ovpn" ]; then - uci set openvpn.vpn.config="${DIR}/config${nextconfignumber}.ovpn" + if [ -f "${DIR}/config${next}.ovpn" ]; then + uci set openvpn.vpn.config="${DIR}/config${next}.ovpn" + uci commit + next=$(($next + 1)) elif [ -f "${DIR}/config1.ovpn" ]; then uci set openvpn.vpn.config="${DIR}/config1.ovpn" - else - uci set openvpn.vpn.config="${DIR}/config.ovpn" + uci commit + next=1 fi - uci commit # Start openvpn and update the LED /etc/init.d/openvpn start