racks/pawdance
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Compare commits

base: racks:release
Branches Tags
racks:main
racks:release
...
compare: racks:main
Branches Tags
racks:main
racks:release

4 commits
release ... main

Author SHA1 Message Date
racks
05c9664df1 Update README.md 
fix error loading image in log
 2025-10-07 00:05:30 +02:00
racks
8f9e40ee65 Update pawdance 2025-07-25 20:50:24 +02:00
racks
3bd8792e49 Update README.md 2025-07-25 17:15:10 +02:00
racks
8ee69d6e7f Update README.md 2025-07-25 17:09:55 +02:00
2 changed files with 32 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

47
README.md
View file

@ -1,4 +1,4 @@
<img align="right" height="216" src="https://cloud.protogen.engineering/public.php/dav/files/6PPN3gmR75Ccqmc/" />
<img align="right" height="216" src="https://raskinthewild.com/pawdanse.png" />
<br clear="bottom">
<br clear="bottom">
<br clear="bottom">
@ -78,36 +78,38 @@ vim pawdance-client.conf
Example **client** config:
```bash
# pawdance client example config
ROLE="client"
# ---------------------------------------------------------------------------
# pawdance
# ---------------------------------------------------------------------------
ROLE="client" # client or server
# How to reach the server
CONNECT_MODE="dns" # dns | ip | auto
REMOTE_HOST="vps.your.domain"
# REMOTE_CONNECT_IP4="203.0.113.42"
CONNECT_MODE="auto" # dns|ip|auto
REMOTE_HOST="vpn.example.com" # used when dns/auto
# REMOTE_CONNECT_IP4="203.0.113.42" # used when ip/auto with no REMOTE_HOST.
# REMOTE_CONNECT_IP6="2001:db8::42"
CONNECT_PREFER="ipv4" # auto | ipv4 | ipv6
CONNECT_PREFER="auto" # auto|ipv4|ipv6
REMOTE_USER="stinky"
# --- SSH authentication -----------------------------------------------------
REMOTE_USER="youruser"
SSH_KEY_MODE="false" # true = pass explicit key; false = default chain
SSH_KEY="/home/alice/.ssh/id_ed25519" # only if SSH_KEY_MODE=true
# Tunnel interface
# --- Tunnel parameters ------------------------------------------------------
TUN_INDEX="1"
TUN_DEV="tun${TUN_INDEX}"
LOCAL_IP4="10.0.1.2/24"
REMOTE_IP4="10.0.1.1"
LOCAL_IP6="2001:db8:1::2/64"
REMOTE_IP6="2001:db8:1::1"
MTU="1500"
# Optional: postquantum crypto overrides
# --- Crypto preferences -----------------------------------------
SSH_KEX="mlkem768x25519-sha256"
SSH_CIPHERS="chacha20-poly1305@openssh.com"
SSH_MACS="hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com"
# Push wholeinternet routes through the tunnel?
# use remote server as vpn for all traffic.
# if set to false, vpn becomes transparent.
DEFAULT_ROUTE_IPV4="true"
DEFAULT_ROUTE_IPV6="true"
```
@ -123,20 +125,24 @@ vim srv-config.conf
Example **server** config:
```bash
# ---------------------------------------------------------------------------
# pawdance
# ---------------------------------------------------------------------------
ROLE="server"
# --- Tunnel parameters ------------------------------------------------------
TUN_INDEX="1"
TUN_DEV="tun${TUN_INDEX}"
LOCAL_IP4="10.0.1.1/24"
LOCAL_IP6="2001:db8:1::1/64"
MTU="1500"
# allow VPN clients to access other networks?
VPN_FORWARD="true" # adds iptables/ip6tables FORWARD rules
# allow clients to accsess networks on the server?
VPN_FORWARD="true" # iptables/ip6tables FORWARD rules
# keep this true (required for routing)
IP_FORWARD="true" # sets net.ipv4.ip_forward + net.ipv6.conf.all.forwarding
#keep this to true. It is required for the tunnel to work.
# this enables net.ipv4.ip_forward + net.ipv6.conf.all.forwarding
IP_FORWARD="true"
```
@ -185,6 +191,7 @@ This removes:
* any iptables/ip6tables **FORWARD** rules added by Pawdance
(Kernel forwarding sysctls remain as you set them.)
useful if script was terminated forcefully. Or you wanna remove tun from server.
---

28
pawdance
View file

@ -1,28 +1,10 @@
#!/usr/bin/env bash
# pawdance.sh EXACT client *and* server logic driven by an easytoedit config file
# -----------------------------------------------------------------------------
# Modes (ROLE in config):
# client brings up a pointtopoint tunnel by SSHwing into the server.
# server creates the matching tunnel locally and (optionally) enables routing.
#
# Connection source (CONNECT_MODE):
# dns resolve REMOTE_HOST on every run.
# ip use the hardcoded REMOTE_CONNECT_IP4 and/or REMOTE_CONNECT_IP6.
# auto if REMOTE_HOST is set use dns, otherwise ip (default).
#
# Extra dial options:
# CONNECT_PREFER which address family to try first (auto|ipv4|ipv6).
# SSH_KEY_MODE set to "true" to pass an explicit private key via -i.
# SSH_KEY absolute path to that key (required if SSH_KEY_MODE=true).
#
# -----------------------------------------------------------------------------
# v4.5.1 better --help, commented example configs, SSH_KEY_MODE support.
# -----------------------------------------------------------------------------
# pawdance.sh - EXACT client *and* server logic driven by an easytoedit config file
#
set -euo pipefail
SCRIPT_NAME="pawdance"
VERSION="4.5.1"
VERSION="4.5.2"
CONFIG_FILE=""
SUBCMD=""
@ -249,7 +231,7 @@ client_up() {
[[ -n "$REMOTE_IP6_RESOLVED" && -n "$IPV6_GW" ]] && \
$SUDO ip -6 route add "$REMOTE_IP6_RESOLVED" via "$IPV6_GW" dev "$IFACE6"
log "Setting default routes (metric 1)…"
log "Setting default routes (metric1)…"
[[ "$DEFAULT_ROUTE_IPV4" == "true" && -n "$REMOTE_IP4" ]] && \
$SUDO ip route add default via "$REMOTE_IP4" dev "$TUN_DEV" metric 1
[[ "$DEFAULT_ROUTE_IPV6" == "true" && -n "$REMOTE_IP6" ]] && \
@ -308,7 +290,7 @@ server_up() {
# -------------- CLI --------------
usage() {
cat <<EOF
$SCRIPT_NAME $VERSION vpn wrapper over SSH
$SCRIPT_NAME $VERSION - vpn wrapper over SSH
Subcommands:
up --config <file> Bring tunnel up (client or server, per ROLE).