Subject: Re: VPN & SSH-IP-TUNNEL - A test script in Perl.
To: None <netbsd-help@netbsd.org>
From: Gan Uesli Starling <oinkfreebiker@att.net>
List: netbsd-help
Date: 02/24/2002 10:38:18
OOPS -- Forgot I had my e-mail set to word-wrap at 78 columns. The script
needs all 80. Here is a re-submit. Or else you can just edit out the line
feed in line 5 of the script where "80." wrapped down one line. Sorry!!!
Howdy,
Lately, I've been a pest about ssh-ip-tunnel, I know. You all probably think
I'm dense. Anyway, thanks. I might still need a bit of advice. But before
that, let me offer a tiny payaback, so that others may later find it in the
archive.
I got tired of all the time typing the same commands to test my tunnel. So I
wrote a Perl script to do those things. I include it herewith, at the end.
Put the perl script in /usr/pkg/sbin/vpnck the same as will already be the sh
script /usr/pkg/sbin/vpn. Do chmod 755 to vpnck there. Then edit the tail of
/usr/pkg/sbin/vpn to include two extra final lines, thus...
<two-final-lines>
sleep 2s;
./vpnck | more
</two-final-lines>
...on each machine, remote and local. Then when you start up ssh-ip-tunnel on
either of them, you will get a status report, of sorts. You can also run
vpnck by itself at any time. It's a bit slow, if you have a point-to-point on
a 56K modem at the same time, though. So be patient for output, some extra
seconds, less than a minute. Anyway, here's what you get.
Below is what the output looks like on the machine gus.starling.ws from which
I make the call "vpn thinkpad start"...
<perl-script-output>
gus#
gus# vpnck
%%%%%%% Checking VPN stats for SSH and PPPD %%%%%%%
Filtered "netstat -r" says:
Internet:
Destination Gateway Mtu Interface
default 199.69.200.57 1500 ppp1
192.168.1 link#1 1500 fxp0
thinkpad 00:04:5a:91:ec:05 1500 fxp0
192.168.100.2 192.168.100.1 1500 ppp0
199.69.200.57 8.detroit14rh16rt. 1500 ppp1
Filtered "ifconfig -a" says:
ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 12.87.99.8 -> 199.69.200.57 netmask 0xff000000
inet6 fe80::203:47ff:fea0:4927%ppp1 -> :: prefixlen 64 scopeid 0x4
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:03:47:a0:49:27
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::203:47ff:fea0:4927%fxp0 prefixlen 64 scopeid 0x1
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:03:47:a0:49:27
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::203:47ff:fea0:4927%fxp0 prefixlen 64 scopeid 0x1
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.1 -> 192.168.100.2 netmask 0xfffffffc
inet6 fe80::203:47ff:fea0:4927%ppp0 -> :: prefixlen 64 scopeid 0x3
ppp1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 12.87.99.8 -> 199.69.200.57 netmask 0xff000000
inet6 fe80::203:47ff:fea0:4927%ppp1 -> :: prefixlen 64 scopeid 0x4
SSH server pids: 1968
SSH client pids: 3057 Batchmode
%%%%%%% Check is complete %%%%%%%
gus#
</perl-script-output>
And below is what the output looks like on the machine thinkpad which
accepted the connection when gus.starling.ws ran "vpn peer start"...
<perl-script-output>
thinkpad: {105}
thinkpad: {105} vpnck
%%%%%%% Checking VPN stats for SSH and PPPD %%%%%%%
Filtered "netstat -r" says:
Internet:
Destination Gateway Mtu Interface
192.168.1 link#18 1500 ne2
gus 00:03:47:a0:49:27 1500 ne2
gus_ah 192.168.100.2 1500 ppp0
Filtered "ifconfig -a" says:
ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:04:5a:91:ec:05
media: Ethernet manual
inet 192.168.1.7 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::204:5aff:fe91:ec05%ne2 prefixlen 64 scopeid 0x12
ne2: flags=8863<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST> mtu 1500
address: 00:04:5a:91:ec:05
media: Ethernet manual
inet 192.168.1.7 netmask 0xffffff00 broadcast 192.168.1.255
inet6 fe80::204:5aff:fe91:ec05%ne2 prefixlen 64 scopeid 0x12
ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.2 -> 192.168.1.200 netmask 0xfffffffc
inet6 fe80::204:5aff:fe91:ec05%ppp0 -> :: prefixlen 64 scopeid 0x2
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
SSH server pids: 1706 , 1719 vpnuser@ttyp0
SSH client pids:
%%%%%%% Check is complete %%%%%%%
thinkpad: {106}
</perl-script-output>
Here is the Perl script itself...
<perl-script>
#!/usr/pkg/bin/perl
# Report status of vpn from ssh-ip-tunnel on NetBSD 1.5.2
# Put in same path as "vpn" from pkg ssh-ip-tunnel, chmod = 755.
# Append lines "sleep 2s;" and "./vpnck | more" to end of "vpn".
# In vi, set tabstop to 2. Go "<Esc>:set tabstop=2<return>" else columns > 80.
# Copyright (c) 2002 Gan Uesli Starling
print "\n%%%%%%% Checking VPN stats for SSH and PPPD %%%%%%%\n";
# INIT SOME STUFF
$vpn_str = "";
@vpn_ary = ();
@net_ary = ();
# TELL ABOUT NETSTAT STUFF
$vpn_str = `netstat -r`; # Get in full.
@vpn_ary = split("\n", $vpn_str); # Split on rows.
print "\nFiltered \"netstat -r\" says: \n";
LOOP_1:foreach $line (@vpn_ary) { # For every row...
if ($line !~ /localhost/) { # ignore unwanted...
@line = split(" ",($line)); # columnize...
if ($#line >= 4) { # skip major section headings...
push(@net_ary, $line[6]); # keep iface id columns...
# BEGIN FORMAT -- DO NOT INDENT
format STDOUT =
@<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<@<<<<<<<<<<<<<<<<<<<
$line[0],$line[1],$line[5],$line[6]