Subject: VPN & SSH-IP-TUNNEL - A test script in Perl.
To: None <netbsd-help@netbsd.org>
From: Gan Uesli Starling <oinkfreebiker@att.net>
List: netbsd-help
Date: 02/24/2002 10:23:48
Howdy,
Lately, I've been a pest about ssh-ip-tunnel, I know. You all probably think
I'm dense. Anyway, thanks. I might still need a bit of advice. But before
that, let me offer a tiny payaback, so that others may later find it in the
archive.
I got tired of all the time typing the same commands to test my tunnel. So I
wrote a Perl script to do those things. I include it herewith, at the end.
Put the perl script in /usr/pkg/sbin/vpnck the same as will already be the sh
script /usr/pkg/sbin/vpn. Do chmod 755 to vpnck there. Then edit the tail of
/usr/pkg/sbin/vpn to include two extra final lines, thus...
<two-final-lines>
sleep 2s;
./vpnck | more
</two-final-lines>
...on each machine, remote and local. Then when you start up ssh-ip-tunnel on
either of them, you will get a status report, of sorts. You can also run
vpnck by itself at any time. It's a bit slow, if you have a point-to-point on
a 56K modem at the same time, though. So be patient for output, some extra
seconds, less than a minute. Anyway, here's what you get.
Below is what the output looks like on the machine gus.starling.ws from which
I make the call "vpn thinkpad start"...
<perl-script-output>
gus#
gus# vpnck
%%%%%%% Checking VPN stats for SSH and PPPD %%%%%%%
Filtered "netstat -r" says:
Internet:
Destination Gateway Mtu Interface
default 199.69.200.57 1500 ppp1
192.168.1 link#1 1500 fxp0
thinkpad 00:04:5a:91:ec:05 1500 fxp0
192.168.100.2 192.168.100.1 1500 ppp0
199.69.200.57 8.detroit14rh16rt. 1500 ppp1
Filtered "ifconfig -a" says:
ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 12.87.99.8 -> 199.69.200.57 netmask 0xff000000
inet6 fe80::203:47ff:fea0:4927%ppp1 -> :: prefixlen 64 scopeid 0x4
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:03:47:a0:49:27
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::203:47ff:fea0:4927%fxp0 prefixlen 64 scopeid 0x1
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:03:47:a0:49:27
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::203:47ff:fea0:4927%fxp0 prefixlen 64 scopeid 0x1
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.1 -> 192.168.100.2 netmask 0xfffffffc
inet6 fe80::203:47ff:fea0:4927%ppp0 -> :: prefixlen 64 scopeid 0x3
ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 12.87.99.8 -> 199.69.200.57 netmask 0xff000000
inet6 fe80::203:47ff:fea0:4927%ppp1 -> :: prefixlen 64 scopeid 0x4
SSH server pids: 1968
SSH client pids: 3057 Batchmode
%%%%%%% Check is complete %%%%%%%
gus#
</perl-script-output>
And below is what the output looks like on the machine thinkpad which
accepted the connection when gus.starling.ws ran "vpn peer start"...
<perl-script-output>
thinkpad: {105}
thinkpad: {105} vpnck
%%%%%%% Checking VPN stats for SSH and PPPD %%%%%%%
Filtered "netstat -r" says:
Internet:
Destination Gateway Mtu Interface
192.168.1 link#18 1500 ne2
gus 00:03:47:a0:49:27 1500 ne2
gus_ah 192.168.100.2 1500 ppp0
Filtered "ifconfig -a" says:
ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:04:5a:91:ec:05
media: Ethernet manual
inet 192.168.1.7 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::204:5aff:fe91:ec05%ne2 prefixlen 64 scopeid 0x12
ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:04:5a:91:ec:05
media: Ethernet manual
inet 192.168.1.7 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::204:5aff:fe91:ec05%ne2 prefixlen 64 scopeid 0x12
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.2 -> 192.168.1.200 netmask 0xfffffffc
inet6 fe80::204:5aff:fe91:ec05%ppp0 -> :: prefixlen 64 scopeid 0x2
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
SSH server pids: 1706 , 1719 vpnuser@ttyp0
SSH client pids:
%%%%%%% Check is complete %%%%%%%
thinkpad: {106}
</perl-script-output>
Here is the Perl script itself...
<perl-script>
#!/usr/pkg/bin/perl
# Report status of vpn from ssh-ip-tunnel on NetBSD 1.5.2
# Put in same path as "vpn" from pkg ssh-ip-tunnel, chmod = 755.
# Append lines "sleep 2s;" and "./vpnck | more" to end of "vpn".
# In vi, set tabstop to 2. Go "<Esc>:set tabstop=2<return>" else columns >
80.
# Copyright (c) 2002 Gan Uesli Starling
print "\n%%%%%%% Checking VPN stats for SSH and PPPD %%%%%%%\n";
# INIT SOME STUFF
$vpn_str = "";
@vpn_ary = ();
@net_ary = ();
# TELL ABOUT NETSTAT STUFF
$vpn_str = `netstat -r`; # Get in full.
@vpn_ary = split("\n", $vpn_str); # Split on rows.
print "\nFiltered \"netstat -r\" says: \n";
LOOP_1:foreach $line (@vpn_ary) { # For every row...
if ($line !~ /localhost/) { # ignore unwanted...
@line = split(" ",($line)); # columnize...
if ($#line >= 4) { # skip major section headings...
push(@net_ary, $line[6]); # keep iface id columns...
# BEGIN FORMAT -- DO NOT INDENT
format STDOUT =
@<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<
$line[0],$line[1],$line[5],$line[6]
.
write; # show important stuff...
# FORMAT DONE -- RESUME INDENT
}
if ($#line == 0) {
# Comment out line below to include routing tables below "Internet".
last LOOP_1 if ($line =~ "XNS"); # break out after "Internet" section.
print("\n$line[0]\n");
}
}
}
# TELL ABOUT IFCONFIG STUFF
print "\nFiltered \"ifconfig -a\" says: \n\n";
# Show ifconfig for results of 'netstat -r' filtering.
$dup_str = ""; #
foreach $line (@net_ary) {
if (($line !~ /Interface/)) { # don't ifconfig heading name...
$line = `ifconfig $line`; # get for kept interfaces...
print "$line"; # show it.
@dup_ary = split(" ", $line); # columnize...
$dup_str = "$dup_str $dup_ary[0]"; # remember 1st columns...
}
}
# TELL ABOUT OTHER PPP IFCONFIG STUFF
$ppp_str = `ifconfig -a | grep "ppp"`; # Get ifconfig for all ppp's...
$ppp_str =~ s/flags=.+\n//g; # Lose line after "flags=".
$ppp_str =~ s/\s{2,}.+\n//g; # Lose all indented lines.
$ppp_str =~ s/:/ /g; # Lose the colons.
@ppp_ary = split(" ", $ppp_str); # Split into separate ppp's.
foreach $ppp_str (@ppp_ary) { # For each ppp...
if ($dup_str !~ /$ppp_str/) { # if not dup of above...
print `ifconfig $ppp_str`; # show the ifconfig.
}
}
$vpn_str = `/bin/ps -xa | grep ssh`; # Grep ps to match "ssh".
@vpn_ary = split("\n", $vpn_str); # Split on rows.
# TELL ABOUT SSH SERVERS
print "\nSSH server pids: ";
$pids_sshd = ();
foreach $line (@vpn_ary) { # For grep'd ssh-matches...
@line = split(" ",($line)); # columnize...
if ($line[4] =~ /sshd/) { # match only servers...
if ($line[5] =~ /^\s*$/) {$line[5] = "";} # lose blank...
push(@pids_sshd, ("$line[0] $line[5]")); # keep any matching...
}
}
print join(", ", @pids_sshd); # show matches.
# TELL ABOUT SSH CLIENTS
print "\nSSH client pids: ";
@pids_ssh = ();
foreach $line (@vpn_ary) { # For grep'd ssh-matches...
if ($line =~ /Batchmode/) {$blurb = "Batchmode";} else {$blurb = "";}
@line = split(" ",($line)); # columnize...
if (($line[4] =~ /ssh/) && ($line[4] !~ /sshd/)) { # match clients only...
push(@pids_ssh, ("$line[0] $blurb")); # keep any matching...
}
}
print join(", ", @pids_ssh); # show matches.
print "\n\n%%%%%%% Check is complete %%%%%%%\n\n";
# EOF
</perl-script>
For what it's worth, enjoy. Thanks,
Gan
--
Mysterious Starling -- Rarest Extinct Bird
_
<(+)__ Gan Uesli Starling
((__/)=- Kalamazoo, MI, USA
`||`
++ http://starling.ws
Newbie-2-Newbie NetBSD Unix How-To Pages at...
http://om-ah-hum.com/share/gus_netbsd_index.html