#!/bin/bash
#
# Stand alone generic sshvpn client example.
# Untested, so use at your own risk.

INTERFACE="tun0"
PEER="1.2.3.4"
CLIENT_IP="192.168.5.2"
SERVER_IP="192.168.5.1"
SSH="/usr/bin/ssh"
RTTABLE="tun0.out" # Check /etc/iproute2/rt_tables and add a line "201 tun0.out" or similar

die() {	echo "ERROR: $1"; exit 1; }

up() {

	if [ ! -d /sys/devices/virtual/misc/tun ]; then
		modprobe tun || die "Unable to load tun/tap support."
	fi

	${SSH} -i /etc/sshvpn/id_dsa-"${INTERFACE}" -S /var/run/ssh-"${INTERFACE}"-control \
	       -o "ServerAliveInterval 66" -M -f -w 0:0 "${PEER}" true \
	       || die "Unable to establish ssh connection."
	       
	until ifconfig "${INTERFACE}" up 2>/dev/null; do sleep 1; done

	# Network configuration
	ifconfig "${INTERFACE}" "${CLIENT_IP}" pointopoint "${SERVER_IP}" up

	# Optional / Needs advanced routing support.
	# Set tun0 as default gateway for pakets with source IP of tun0.
	# The global default gateway remains untouched.
	ip rule add from ${CLIENT_IP} table ${RTTABLE}
	ip route add ${SERVER_IP} dev tun0 table ${RTTABLE}
	ip route add default via ${SERVER_IP} dev ${INTERFACE} table ${RTTABLE}
	
}

down() {
	${SSH} -S /var/run/ssh-"${INTERFACE}"-control -O exit "${PEER}" || exit 1
}

check() {
	${SSH} -S /var/run/ssh-"${INTERFACE}"-control -O check "${PEER}"
}

case "$1" in
up)
	up
	;;
down)
	down
	;;
check)
	check
	;;
*)
	echo "Usage: $0 {up|down|check}"
	exit 1
esac