#!/bin/bash # Script de configuração, ativação e desativação do serviço de VPN da Universidade Estadual da Paraíba - UEPB para sistemas Linux compatíveis com Debian, Ubuntu e derivados. # Nome da conexão StrongSwan CONN_NAME1="vpn-fg-geral" CONN_NAME2="vpn-fg-geral-v6" # DNS usados na VPN DNS1="200.129.73.131" DNS2="200.129.73.132" DNS6_1="2001:12f0:9c2:73::131" DNS6_2="2001:12f0:9c2:73::132" # Configuração das variáveis de ambiente/configuração RESOLV="/etc/resolv.conf" BACKUP="/etc/resolv.conf.bak" PSK="\"58](X-LE:N+xpisS]S\"" SUDO_PASSWORD=$(zenity --entry --title="VPN UEPB" --height="50" --width="400" --text="Digite a senha do usuário do computador" --hide-text) ############### FUNÇÕES ACESSÓRIAS ########################## install_packages() { echo "Atualizando o sistema..." echo "$SUDO_PASSWORD" | /usr/bin/sudo -S apt-get update &>/dev/null echo "Instalando strongswan..." echo "$SUDO_PASSWORD" | /usr/bin/sudo -S apt-get -y install strongswan &>/dev/null echo "Instalando strongswan-swanctl..." if ! dpkg -s strongswan-swanctl &>/dev/null; then echo "$SUDO_PASSWORD" | /usr/bin/sudo -S apt-get -y install strongswan-swanctl &>/dev/null fi echo "Instalando libcharon-extra-plugins..." if ! dpkg -s libcharon-extra-plugins &>/dev/null; then echo "$SUDO_PASSWORD" | /usr/bin/sudo -S apt-get -y install libcharon-extra-plugins &>/dev/null fi echo "Instalando zenity..." if ! dpkg -s zenity &>/dev/null; then echo "$SUDO_PASSWORD" | /usr/bin/sudo -S apt-get -y install zenity &>/dev/null fi } create_conf() { echo "Criando o arquivo de configuração..." touch ./ipsec.conf echo "conn vpn-fg-geral" >> ./ipsec.conf echo " keyexchange=ikev1" >> ./ipsec.conf echo " aggressive=yes" >> ./ipsec.conf echo " left=%defaultroute" >> ./ipsec.conf echo " leftsourceip=%config,%config6" >> ./ipsec.conf echo " leftauth=psk" >> ./ipsec.conf echo " leftauth2=xauth" >> ./ipsec.conf echo " xauth_identity=$CPF" >> ./ipsec.conf echo " right=200.129.73.145" >> ./ipsec.conf echo " rightauth=psk" >> ./ipsec.conf echo " rightid=%any" >> ./ipsec.conf echo " ike=aes256-sha512-ecp384" >> ./ipsec.conf echo " esp=aes256-sha512-ecp384" >> ./ipsec.conf echo " rightsubnet=0.0.0.0/0" >> ./ipsec.conf echo " installpolicy=yes" >> ./ipsec.conf echo " auto=add" >> ./ipsec.conf echo "conn vpn-fg-geral-v6" >> ./ipsec.conf echo " also=vpn-fg-geral " >> ./ipsec.conf echo " leftsubnet=2001:12f0:9c2:100:127:2:0::/112" >> ./ipsec.conf echo " rightsubnet=::/0" >> ./ipsec.conf echo " auto=add" >> ./ipsec.conf echo "$SUDO_PASSWORD" | /usr/bin/sudo -S mv ./ipsec.conf /etc/ipsec.conf echo "Arquivo de configuração criado." } create_secrets() { echo "Criando arquivo de autenticação..." touch ./ipsec.secrets echo "include ipsec.d/ipsec.nm-l2tp.secrets" >> ./ipsec.secrets echo "200.129.73.145 : PSK $PSK" >> ./ipsec.secrets echo "\"$CPF\" : XAUTH \"$SENHA_SUAP\"" >> ./ipsec.secrets echo "$SUDO_PASSWORD" | /usr/bin/sudo -S mv ./ipsec.secrets /etc/ipsec.secrets echo "Arquivo de autenticação criado." } ############### FUNÇÃO PARA SUBIR A VPN ##################### start_vpn() { echo "Subindo a VPN UEPB..." CPF=$(zenity --entry --title="VPN UEPB" --height="50" --width="400" --text="Digite o seu CPF" --entry-text="CPF") SENHA_SUAP=$(zenity --entry --title="VPN UEPB" --height="50" --width="400" --text="Digite a sua senha do SUAP" --hide-text) if ! dpkg -s strongswan &>/dev/null; then echo "0" echo "# Instalando pacotes necessários..." install_packages fi create_conf create_secrets echo "20" echo "# Reiniciando StrongSwan..." echo "$SUDO_PASSWORD" | /usr/bin/sudo ipsec restart sleep 2 echo "40" echo "# Subindo túneis IPSEC ($CONN_NAME1 e $CONN_NAME2)..." echo "$SUDO_PASSWORD" | /usr/bin/sudo ipsec up "$CONN_NAME1" echo "$SUDO_PASSWORD" | /usr/bin/sudo ipsec up "$CONN_NAME2" if [ $? -ne 0 ]; then echo "[ERRO] Falha ao iniciar o túnel IPSEC." exit 1 fi echo "60" echo "# Aguardando interface virtual da VPN..." sleep 3 if [ ! -f "$BACKUP" ]; then echo "[+] Criando backup de $RESOLV em $BACKUP" echo "$SUDO_PASSWORD" | /usr/bin/sudo cp "$RESOLV" "$BACKUP" fi # Remover entradas duplicadas do resolv.conf echo "$SUDO_PASSWORD" | /usr/bin/sudo sed -i "/$DNS1/d" "$RESOLV" echo "$SUDO_PASSWORD" | /usr/bin/sudo sed -i "/$DNS2/d" "$RESOLV" echo "$SUDO_PASSWORD" | /usr/bin/sudo sed -i "/$DNS6_1/d" "$RESOLV" echo "$SUDO_PASSWORD" | /usr/bin/sudo sed -i "/$DNS6_2/d" "$RESOLV" echo "80" echo "# Adicionando DNS específicos da VPN..." echo -e "\n# DNS adicionados pela VPN" | echo "$SUDO_PASSWORD" | /usr/bin/sudo tee -a "$RESOLV" echo "nameserver $DNS1" | echo "$SUDO_PASSWORD" | /usr/bin/sudo tee -a "$RESOLV" echo "nameserver $DNS2" | echo "$SUDO_PASSWORD" | /usr/bin/sudo tee -a "$RESOLV" echo "nameserver $DNS6_1" | echo "$SUDO_PASSWORD" | /usr/bin/sudo tee -a "$RESOLV" echo "nameserver $DNS6_2" | echo "$SUDO_PASSWORD" | /usr/bin/sudo tee -a "$RESOLV" echo "$SUDO_PASSWORD" | /usr/bin/sudo -S rm /etc/ipsec.secrets echo "100" echo "# VPN ativada e DNS aplicados!" } ############### FUNÇÃO PARA DERRUBAR A VPN ################### stop_vpn() { echo " Derrubando a VPN UEPB..." echo "25" echo "# Derrubando túneis IPSEC ($CONN_NAME1 e $CONN_NAME2)..." echo "$SUDO_PASSWORD" | /usr/bin/sudo ipsec down "$CONN_NAME2" echo "$SUDO_PASSWORD" | /usr/bin/sudo ipsec down "$CONN_NAME1" echo "50" echo "# Restaurando arquivo de DNS..." if [ -f "$BACKUP" ]; then echo "$SUDO_PASSWORD" | /usr/bin/sudo cp "$BACKUP" "$RESOLV" echo "[OK] DNS restaurado a partir do backup." else echo "[AVISO] Nenhum backup encontrado — DNS não restaurado." fi echo "75" echo "# Reiniciando serviço IPSEC..." echo "$SUDO_PASSWORD" | /usr/bin/sudo ipsec restart echo "100" echo "# VPN encerrada." } if echo "$SUDO_PASSWORD" | /usr/bin/sudo -S ipsec status | grep -q "none"; then (start_vpn) | zenity --progress --title="VPN UEPB" --height="100" --width="400" --auto-kill else (stop_vpn) | zenity --progress --title="VPN UEPB" --height="100" --width="400" --auto-kill fi