Subject: RE: VPN & SSH-IP-TUNNEL - A test script in Perl. (again)
To: None <netbsd-help@netbsd.org>
From: Gan Uesli Starling <oinkfreebiker@att.net>
List: netbsd-help
Date: 02/24/2002 12:20:53
Okay, let's try again. Here is the script, with the word-wrap at line 5 of
the perl script repaired for 80 colums (versus 78 as in my former email).
Somehow, the tail of my last email looks truncated in the archive. Alas...
WHAT IT IS FOR: Testing a VPN installed with pkg ssh-ip-tunnel
I got tired of all the time typing the same commands to test my installation
the package ssh-ip-tunnel. So I wrote a Perl script to do those things. I
include it herewith, at the end.
Put the perl script in /usr/pkg/sbin/vpnck the same as will already be the sh
script /usr/pkg/sbin/vpn. Do chmod 755 to vpnck there. Then edit the tail of
/usr/pkg/sbin/vpn to include two extra final lines, thus...
<two-final-lines>
sleep 2s;
./vpnck | more
</two-final-lines>
...on each machine, remote and local. Then when you start up ssh-ip-tunnel on
either of them, you will get a status report, of sorts. You can also run
vpnck by itself at any time. It's a bit slow, if you have a point-to-point on
a 56K modem at the same time, though. So be patient for output, some extra
seconds, less than a minute. Anyway, here's what you get.
Below is what the output looks like on the machine gus.starling.ws from which
I make the call "vpn thinkpad start"...
<perl-script-output>
gus#
gus# vpnck
%%%%%%% Checking VPN stats for SSH and PPPD %%%%%%%
Filtered "netstat -r" says:
Internet:
Destination Gateway Mtu Interface
default 199.69.200.57 1500 ppp1
192.168.1 link#1 1500 fxp0
thinkpad 00:04:5a:91:ec:05 1500 fxp0
192.168.100.2 192.168.100.1 1500 ppp0
199.69.200.57 8.detroit14rh16rt. 1500 ppp1
Filtered "ifconfig -a" says:
ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 12.87.99.8 -> 199.69.200.57 netmask 0xff000000
inet6 fe80::203:47ff:fea0:4927%ppp1 -> :: prefixlen 64 scopeid 0x4
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:03:47:a0:49:27
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::203:47ff:fea0:4927%fxp0 prefixlen 64 scopeid 0x1
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:03:47:a0:49:27
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::203:47ff:fea0:4927%fxp0 prefixlen 64 scopeid 0x1
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.1 -> 192.168.100.2 netmask 0xfffffffc
inet6 fe80::203:47ff:fea0:4927%ppp0 -> :: prefixlen 64 scopeid 0x3
ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 12.87.99.8 -> 199.69.200.57 netmask 0xff000000
inet6 fe80::203:47ff:fea0:4927%ppp1 -> :: prefixlen 64 scopeid 0x4
SSH server pids: 1968
SSH client pids: 3057 Batchmode
%%%%%%% Check is complete %%%%%%%
gus#
</perl-script-output>
And below is what the output looks like on the machine thinkpad which
accepted the connection when gus.starling.ws ran "vpn peer start"...
<perl-script-output>
thinkpad: {105}
thinkpad: {105} vpnck
%%%%%%% Checking VPN stats for SSH and PPPD %%%%%%%
Filtered "netstat -r" says:
Internet:
Destination Gateway Mtu Interface
192.168.1 link#18 1500 ne2
gus 00:03:47:a0:49:27 1500 ne2
gus_ah 192.168.100.2 1500 ppp0
Filtered "ifconfig -a" says:
ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:04:5a:91:ec:05
media: Ethernet manual
inet 192.168.1.7 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::204:5aff:fe91:ec05%ne2 prefixlen 64 scopeid 0x12
ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:04:5a:91:ec:05
media: Ethernet manual
inet 192.168.1.7 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::204:5aff:fe91:ec05%ne2 prefixlen 64 scopeid 0x12
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.2 -> 192.168.1.200 netmask 0xfffffffc
inet6 fe80::204:5aff:fe91:ec05%ppp0 -> :: prefixlen 64 scopeid 0x2
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
SSH server pids: 1706 , 1719 vpnuser@ttyp0
SSH client pids:
%%%%%%% Check is complete %%%%%%%
thinkpad: {106}
</perl-script-output>
Here is the Perl script itself...
<perl-script>
#!/usr/pkg/bin/perl
# Report status of vpn from ssh-ip-tunnel on NetBSD 1.5.2
# Put in same path as "vpn" from pkg ssh-ip-tunnel, chmod = 755.
# Append lines "sleep 2s;" and "./vpnck | more" to end of "vpn".
# In vi, set tabstop to 2. Go "<Esc>:set tabstop=2<return>" else columns >
80.
# Copyright (c) 2002 Gan Uesli Starling
print "\n%%%%%%% Checking VPN stats for SSH and PPPD %%%%%%%\n";
# INIT SOME STUFF
$vpn_str = "";
@vpn_ary = ();
@net_ary = ();
# TELL ABOUT NETSTAT STUFF
$vpn_str = `netstat -r`; # Get in full.
@vpn_ary = split("\n", $vpn_str); # Split on rows.
print "\nFiltered \"netstat -r\" says: \n";
LOOP_1:foreach $line (@vpn_ary) { # For every row...
if ($line !~ /localhost/) { # ignore unwanted...
@line = split(" ",($line)); # columnize...
if ($#line >= 4) { # skip major section headings...
push(@net_ary, $line[6]); # keep iface id columns...
# BEGIN FORMAT -- DO NOT INDENT
format STDOUT =
@<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<
$line[0],$line[1],$line[5],$line[6]
.
write; # show important stuff...
# FORMAT DONE -- RESUME INDENT
}
if ($#line == 0) {
# Comment out line below to include routing tables below "Internet".
last LOOP_1 if ($line =~ "XNS"); # break out after "Internet" section.
print("\n$line[0]\n");
}
}
}
# TELL ABOUT IFCONFIG STUFF
print "\nFiltered \"ifconfig -a\" says: \n\n";
# Show ifconfig for results of 'netstat -r' filtering.
$dup_str = ""; #
foreach $line (@net_ary) {
if (($line !~ /Interface/)) { # don't ifconfig heading name...
$line = `ifconfig $line`; # get for kept interfaces...
print "$line"; # show it.
@dup_ary = split(" ", $line); # columnize...
$dup_str = "$dup_str $dup_ary[0]"; # remember 1st columns...
}
}
# TELL ABOUT OTHER PPP IFCONFIG STUFF
$ppp_str = `ifconfig -a | grep "ppp"`; # Get ifconfig for all ppp's...
$ppp_str =~ s/flags=.+\n//g; # Lose line after "flags=".
$ppp_str =~ s/\s{2,}.+\n//g; # Lose all indented lines.
$ppp_str =~ s/:/ /g; # Lose the colons.
@ppp_ary = split(" ", $ppp_str); # Split into separate ppp's.
foreach $ppp_str (@ppp_ary) { # For each ppp...
if ($dup_str !~ /$ppp_str/) { # if not dup of above...
print `ifconfig $ppp_str`; # show the ifconfig.
}
}
$vpn_str = `/bin/ps -xa | grep ssh`; # Grep ps to match "ssh".
@vpn_ary = split("\n", $vpn_str); # Split on rows.
# TELL ABOUT SSH SERVERS
print "\nSSH server pids: ";
$pids_sshd = ();
foreach $line (@vpn_ary) { # For grep'd ssh-matches...
@line = split(" ",($line)); # columnize...
if ($line[4] =~ /sshd/) { # match only servers...
if ($line[5] =~ /^\s*$/) {$line[5] = "";} # lose blank...
push(@pids_sshd, ("$line[0] $line[5]")); # keep any matching...
}
}
print join(", ", @pids_sshd); # show matches.
# TELL ABOUT SSH CLIENTS
print "\nSSH client pids: ";
@pids_ssh = ();
foreach $line (@vpn_ary) { # For grep'd ssh-matches...
if ($line =~ /Batchmode/) {$blurb = "Batchmode";} else {$blurb = "";}
@line = split(" ",($line)); # columnize...
if (($line[4] =~ /ssh/) && ($line[4] !~ /sshd/)) { # match clients only...
push(@pids_ssh, ("$line[0] $blurb")); # keep any matching...
}
}
print join(", ", @pids_ssh); # show matches.
print "\n\n%%%%%%% Check is complete %%%%%%%\n\n";
# EOF
</perl-script>
For what it's worth, enjoy. Thanks,
Gan
--
Mysterious Starling -- Rarest Extinct Bird
_
<(+)__ Gan Uesli Starling
((__/)=- Kalamazoo, MI, USA
`||`
++ http://starling.ws
Newbie-2-Newbie NetBSD Unix How-To Pages at...
http://om-ah-hum.com/share/gus_netbsd_index.html