forked from MacMiniVault/Mac-Scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvpnscript.sh
87 lines (86 loc) · 3.34 KB
/
vpnscript.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/bin/bash
#############################################
# ORIGINAL AUTHOR: JON SCHWENN @JONSCHWENN #
# CONTRIBUTOR: ALEX LEACH @AJLEACH #
# MAC MINI VAULT - MAC HOSTING #
# MACMINIVAULT.COM - @MACMINIVAULT #
# VERSION 4.00 RELEASE DATE MAY 09, 2019 #
# DESC: THIS SCRIPT SETS UP A VPN SERVER #
# THAT PLACES VPN CLIENTS IN A LOCAL #
# VLAN, ALLOWING CLIENTS TO ROUTE #
# ALL TRAFFIC THROUGH REMOTE MAC #
# ONLY USING THE SINGLE PUBLIC IP #
#############################################
#REQUIREMENTS:
# MACOS 10.12 OR 10.13 OR 10.14
# VPN ENABLER FOR MOJAVE INSTALLED / CONFIGURED
# NO MACOS SERVER (SERVICES DISABLED / UNINSTALLED)
# NO VLANS CONFIGURED
# THIS SCRIPT WILL BACKUP AND REPLACE FIREWALL CONFIGS
#############################################
#CHECK FOR MACOS AND ENSURE SERVER.APP IS NOT INSTALLED
OSX=no
if [[ $(sw_vers -productVersion | grep '10.12') && $(serverinfo --configured | grep 'NOT') ]]
then
OSX=yes
fi
if [[ $(sw_vers -productVersion | grep '10.13') && $(serverinfo --configured | grep 'NOT') ]]
then
OSX=yes
fi
if [[ $(sw_vers -productVersion | grep '10.14') && $(serverinfo --configured | grep 'NOT') ]]
then
OSX=yes
fi
if [ $OSX = yes ]
then
echo "Congratulations, you are running macOS and have do not have Server.app installed...."
#CHECK IF SCRIPT HAS BEEN RUN BEFORE
if [ -e /etc/vpn_MMV ]; then
echo "THIS VPN SCRIPT CANNOT BE RUN MORE THAN ONCE. INSTALLATION ABORTED. NO CHANGES HAVE BEEN MADE."
exit 1
else
#CREATE TEST FILE TO ENSURE SCRIPT IS NOT EXECUTED MULTIPLE TIMES
sudo touch /etc/vpn_MMV
#START VLAN SETTINGS
sudo networksetup -createVLAN LAN Ethernet 1
sudo networksetup -setmanual LAN\ Configuration 10.0.0.1 255.255.255.0 10.0.0.1
#START FIREWALL SETTINGS
#SETTING PERMS FOR EDITING - WILL SET PERMS BACK
sudo chmod 666 /etc/pf.anchors/com.apple
sudo cp /etc/pf.anchors/com.apple /etc/pf-backup
sudo sed -i -e '8i\
nat-anchor "100.customNATRules/*"\
rdr-anchor "100.customNATRules/*"\
load anchor "100.customNATRules" from "/etc/pf.anchors/customNATRules"
' /etc/pf.anchors/com.apple
#SET PERMS BACK
sudo chmod 644 /etc/pf.anchors/com.apple
#CREATE CUSTOM NAT RULES - SETTING PERMS FOR EDITING - WILL SET PERMS BACK
sudo touch /etc/pf.anchors/customNATRules
sudo chmod 666 /etc/pf.anchors/customNATRules
sudo cat << EOF > /etc/pf.anchors/customNATRules
nat on en0 from 10.0.0.0/24 to any -> (en0)
pass from {lo0, 10.0.0.0/24} to any keep state
EOF
#SET PERMS BACK
sudo chmod 644 /etc/pf.anchors/customNATRules
#ENABLE PF AND ENABLE KERNEL IP FORWARDING
sudo pfctl -f /etc/pf.conf > /dev/null 2>&1
echo 'net.inet.ip.forwarding=1' | sudo tee -a /etc/sysctl.conf > /dev/null 2>&1
#COPY AND CREATE PLIST
sudo cp /System/Library/LaunchDaemons/com.apple.pfctl.plist /Library/LaunchDaemons/net.mmvpf.pfctl.plist
sudo sed -i '' 's/com.apple.pfctl/net.mmvpf.pfctl/' /Library/LaunchDaemons/net.mmvpf.pfctl.plist
sudo sed -i '' 's/>-f</>-e</' /Library/LaunchDaemons/net.mmvpf.pfctl.plist
sudo sed -i '' '/pf\.conf/d' /Library/LaunchDaemons/net.mmvpf.pfctl.plist
sudo launchctl load -w /Library/LaunchDaemons/net.mmvpf.pfctl.plist
echo "VPN SETUP SUCCESSFUL"
echo "REBOOT TO TAKE EFFECT"
echo "ONCE REBOOTED, MAKE SURE VPN ENABLER IS TURNED ON"
fi
exit 0
#END IF STATEMENT CHECKING FOR MACOS
else
echo "ERROR: YOU ARE NOT RUNNING MACOS 10.12/10.13/10.14 OR YOU HAVE SERVER.APP INSTALLED"
exit 1
fi