Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
88 lines (86 sloc) 3.34 KB
#!/bin/bash
#############################################
# ORIGINAL AUTHOR: JON SCHWENN @JONSCHWENN #
# CONTRIBUTOR: ALEX LEACH @AJLEACH #
# MAC MINI VAULT - MAC HOSTING #
# MACMINIVAULT.COM - @MACMINIVAULT #
# VERSION 4.00 RELEASE DATE MAY 09, 2019 #
# DESC: THIS SCRIPT SETS UP A VPN SERVER #
# THAT PLACES VPN CLIENTS IN A LOCAL #
# VLAN, ALLOWING CLIENTS TO ROUTE #
# ALL TRAFFIC THROUGH REMOTE MAC #
# ONLY USING THE SINGLE PUBLIC IP #
#############################################
#REQUIREMENTS:
# MACOS 10.12 OR 10.13 OR 10.14
# VPN ENABLER FOR MOJAVE INSTALLED / CONFIGURED
# NO MACOS SERVER (SERVICES DISABLED / UNINSTALLED)
# NO VLANS CONFIGURED
# THIS SCRIPT WILL BACKUP AND REPLACE FIREWALL CONFIGS
#############################################
#CHECK FOR MACOS AND ENSURE SERVER.APP IS NOT INSTALLED
OSX=no
if [[ $(sw_vers -productVersion | grep '10.12') && $(serverinfo --configured | grep 'NOT') ]]
then
OSX=yes
fi
if [[ $(sw_vers -productVersion | grep '10.13') && $(serverinfo --configured | grep 'NOT') ]]
then
OSX=yes
fi
if [[ $(sw_vers -productVersion | grep '10.14') && $(serverinfo --configured | grep 'NOT') ]]
then
OSX=yes
fi
if [ $OSX = yes ]
then
echo "Congratulations, you are running macOS and have do not have Server.app installed...."
#CHECK IF SCRIPT HAS BEEN RUN BEFORE
if [ -e /etc/vpn_MMV ]; then
echo "THIS VPN SCRIPT CANNOT BE RUN MORE THAN ONCE. INSTALLATION ABORTED. NO CHANGES HAVE BEEN MADE."
exit 1
else
#CREATE TEST FILE TO ENSURE SCRIPT IS NOT EXECUTED MULTIPLE TIMES
sudo touch /etc/vpn_MMV
#START VLAN SETTINGS
sudo networksetup -createVLAN LAN Ethernet 1
sudo networksetup -setmanual LAN\ Configuration 10.0.0.1 255.255.255.0 10.0.0.1
#START FIREWALL SETTINGS
#SETTING PERMS FOR EDITING - WILL SET PERMS BACK
sudo chmod 666 /etc/pf.anchors/com.apple
sudo cp /etc/pf.anchors/com.apple /etc/pf-backup
sudo sed -i -e '8i\
nat-anchor "100.customNATRules/*"\
rdr-anchor "100.customNATRules/*"\
load anchor "100.customNATRules" from "/etc/pf.anchors/customNATRules"
' /etc/pf.anchors/com.apple
#SET PERMS BACK
sudo chmod 644 /etc/pf.anchors/com.apple
#CREATE CUSTOM NAT RULES - SETTING PERMS FOR EDITING - WILL SET PERMS BACK
sudo touch /etc/pf.anchors/customNATRules
sudo chmod 666 /etc/pf.anchors/customNATRules
sudo cat << EOF > /etc/pf.anchors/customNATRules
nat on en0 from 10.0.0.0/24 to any -> (en0)
pass from {lo0, 10.0.0.0/24} to any keep state
EOF
#SET PERMS BACK
sudo chmod 644 /etc/pf.anchors/customNATRules
#ENABLE PF AND ENABLE KERNEL IP FORWARDING
sudo pfctl -f /etc/pf.conf > /dev/null 2>&1
echo 'net.inet.ip.forwarding=1' | sudo tee -a /etc/sysctl.conf > /dev/null 2>&1
#COPY AND CREATE PLIST
sudo cp /System/Library/LaunchDaemons/com.apple.pfctl.plist /Library/LaunchDaemons/net.mmvpf.pfctl.plist
sudo sed -i '' 's/com.apple.pfctl/net.mmvpf.pfctl/' /Library/LaunchDaemons/net.mmvpf.pfctl.plist
sudo sed -i '' 's/>-f</>-e</' /Library/LaunchDaemons/net.mmvpf.pfctl.plist
sudo sed -i '' '/pf\.conf/d' /Library/LaunchDaemons/net.mmvpf.pfctl.plist
sudo launchctl load -w /Library/LaunchDaemons/net.mmvpf.pfctl.plist
echo "VPN SETUP SUCCESSFUL"
echo "REBOOT TO TAKE EFFECT"
echo "ONCE REBOOTED, MAKE SURE VPN ENABLER IS TURNED ON"
fi
exit 0
#END IF STATEMENT CHECKING FOR MACOS
else
echo "ERROR: YOU ARE NOT RUNNING MACOS 10.12/10.13/10.14 OR YOU HAVE SERVER.APP INSTALLED"
exit 1
fi
You can’t perform that action at this time.