Dejan/TeamviewerVpn-s7SiemensPLC-guide
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
TeamviewerVpn-s7SiemensPLC-.../teamviewer-gateway-setup-linux.sh

375 lines
12 KiB
Bash
Raw Normal View History

Upload files to "/"
2026-02-16 19:36:31 +00:00
#!/bin/bash
#========================================
# TeamViewer VPN Gateway Setup Script
# For Remote PC (Gateway) - Linux
#========================================
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
echo ""
echo "========================================"
echo "TeamViewer VPN Gateway Setup"
echo "Remote PC Configuration"
echo "========================================"
echo ""
# Check if running as root
if [[ $EUID -ne 0 ]]; then
echo -e "${RED}ERROR: This script must be run as root (use sudo)${NC}"
exit 1
fi
#========================================
# Configuration Variables
#========================================
echo "Enter your configuration details:"
echo ""
read -p "Enter PLC Network (e.g., 192.168.10.0/24): " PLC_NETWORK
read -p "Enter PLC IP to test (e.g., 192.168.10.100): " PLC_IP
read -p "Enter local network interface connected to PLC (e.g., eth0, enp3s0): " LOCAL_INTERFACE
echo ""
echo "Configuration Summary:"
echo "----------------------"
echo "PLC Network: $PLC_NETWORK"
echo "PLC IP: $PLC_IP"
echo "Local Interface: $LOCAL_INTERFACE"
echo ""
read -p "Is this correct? (y/n): " CONFIRM
if [[ ! "$CONFIRM" =~ ^[Yy]$ ]]; then
echo "Setup cancelled."
exit 0
fi
#========================================
# Step 1: Install Required Packages
#========================================
echo ""
echo -e "${BLUE}[Step 1/8] Installing required packages...${NC}"
if [ -f /etc/debian_version ]; then
# Debian/Ubuntu
echo "Detected Debian/Ubuntu system"
apt-get update
apt-get install -y iptables iptables-persistent net-tools iputils-ping netcat
elif [ -f /etc/redhat-release ]; then
# RHEL/CentOS
echo "Detected RHEL/CentOS system"
yum install -y iptables iptables-services net-tools iputils nc
else
echo -e "${YELLOW}WARNING: Unknown distribution${NC}"
echo "Please ensure iptables and network tools are installed."
fi
echo -e "${GREEN}Required packages installed${NC}"
#========================================
# Step 2: Check TeamViewer Installation
#========================================
echo ""
echo -e "${BLUE}[Step 2/8] Checking TeamViewer installation...${NC}"
if command -v teamviewer &> /dev/null; then
echo -e "${GREEN}TeamViewer found: $(teamviewer --version)${NC}"
else
echo -e "${YELLOW}TeamViewer not found${NC}"
read -p "Do you want to install TeamViewer now? (y/n): " INSTALL_TV
if [[ "$INSTALL_TV" =~ ^[Yy]$ ]]; then
if [ -f /etc/debian_version ]; then
wget https://download.teamviewer.com/download/linux/teamviewer_amd64.deb -O /tmp/teamviewer.deb
dpkg -i /tmp/teamviewer.deb || apt-get install -f -y
rm /tmp/teamviewer.deb
elif [ -f /etc/redhat-release ]; then
wget https://download.teamviewer.com/download/linux/teamviewer.x86_64.rpm -O /tmp/teamviewer.rpm
yum install -y /tmp/teamviewer.rpm
rm /tmp/teamviewer.rpm
fi
echo -e "${GREEN}TeamViewer installed${NC}"
fi
fi
# Enable and start TeamViewer daemon
if ! systemctl is-active --quiet teamviewerd; then
systemctl enable teamviewerd
systemctl start teamviewerd
echo -e "${GREEN}TeamViewer daemon started${NC}"
fi
#========================================
# Step 3: Configure Unattended Access
#========================================
echo ""
echo -e "${BLUE}[Step 3/8] Configuring TeamViewer for unattended access...${NC}"
echo ""
echo "IMPORTANT: You need to configure TeamViewer manually:"
echo "1. Open TeamViewer application"
echo "2. Go to Extras → Options"
echo "3. Set a strong password for unattended access"
echo "4. Enable 'Start TeamViewer with system'"
echo "5. Note your TeamViewer ID for future connections"
echo ""
if command -v teamviewer &> /dev/null; then
teamviewer info | grep "TeamViewer ID" || echo "TeamViewer ID not available yet - open TeamViewer GUI to activate"
fi
read -p "Press Enter when you've configured TeamViewer..."
#========================================
# Step 4: Test PLC Network Access
#========================================
echo ""
echo -e "${BLUE}[Step 4/8] Testing PLC network access...${NC}"
# Check if interface exists and is up
if ip link show $LOCAL_INTERFACE &> /dev/null; then
echo -e "${GREEN}Interface $LOCAL_INTERFACE exists${NC}"
# Show interface IP
IP_ADDR=$(ip addr show $LOCAL_INTERFACE | grep "inet " | awk '{print $2}')
echo "Interface IP: $IP_ADDR"
else
echo -e "${RED}ERROR: Interface $LOCAL_INTERFACE not found!${NC}"
echo "Available interfaces:"
ip link show
exit 1
fi
# Test ping to PLC
echo ""
echo "Testing connectivity to PLC ($PLC_IP)..."
if ping -c 4 $PLC_IP &> /dev/null; then
echo -e "${GREEN}PLC is reachable from this gateway!${NC}"
else
echo -e "${RED}WARNING: Cannot ping PLC!${NC}"
echo "Please verify:"
echo " - PLC IP is correct: $PLC_IP"
echo " - PLC is powered on and connected"
echo " - Network cable is connected"
echo " - This PC is on the same network as PLC"
read -p "Continue anyway? (y/n): " CONTINUE
if [[ ! "$CONTINUE" =~ ^[Yy]$ ]]; then
exit 1
fi
fi
# Test S7 communication port
echo ""
echo "Testing S7 communication port (TCP 102)..."
if nc -zv $PLC_IP 102 2>&1 | grep -q "succeeded"; then
echo -e "${GREEN}Port 102 is accessible!${NC}"
else
echo -e "${YELLOW}WARNING: Port 102 not accessible${NC}"
echo "This may be normal if PLC is not configured for remote access yet."
fi
#========================================
# Step 5: Enable IP Forwarding
#========================================
echo ""
echo -e "${BLUE}[Step 5/8] Enabling IP forwarding...${NC}"
# Check current setting
IP_FORWARD=$(cat /proc/sys/net/ipv4/ip_forward)
if [ "$IP_FORWARD" == "1" ]; then
echo -e "${GREEN}IP forwarding already enabled${NC}"
else
echo "Enabling IP forwarding..."
sysctl -w net.ipv4.ip_forward=1
# Make persistent
if ! grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf; then
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
fi
sysctl -p
echo -e "${GREEN}IP forwarding enabled${NC}"
fi
#========================================
# Step 6: Configure Firewall Rules
#========================================
echo ""
echo -e "${BLUE}[Step 6/8] Configuring firewall rules...${NC}"
# Detect TeamViewer VPN interface (will be created when VPN connects)
echo "TeamViewer VPN interface will be created when VPN connection is established"
echo "Typically named: teamviewer0 or similar"
echo ""
read -p "Enter TeamViewer VPN interface name (or press Enter for 'teamviewer0'): " TV_INTERFACE
TV_INTERFACE=${TV_INTERFACE:-teamviewer0}
echo ""
echo "Configuring iptables rules for:"
echo " TeamViewer VPN Interface: $TV_INTERFACE"
echo " Local PLC Interface: $LOCAL_INTERFACE"
# Check if firewalld is running
if systemctl is-active --quiet firewalld; then
echo ""
echo "Detected firewalld. Configuring firewalld rules..."
# Add TeamViewer interface to trusted zone
firewall-cmd --zone=trusted --add-interface=$TV_INTERFACE --permanent 2>/dev/null || echo "Interface will be added when it exists"
firewall-cmd --zone=trusted --add-interface=$LOCAL_INTERFACE --permanent
# Enable masquerading
firewall-cmd --zone=public --add-masquerade --permanent
# Reload firewall
firewall-cmd --reload
echo -e "${GREEN}firewalld rules configured${NC}"
else
echo ""
echo "Configuring iptables rules..."
# Allow forwarding between TeamViewer VPN and local network
iptables -A FORWARD -i $TV_INTERFACE -o $LOCAL_INTERFACE -j ACCEPT 2>/dev/null || echo "Rule will apply when interface exists"
iptables -A FORWARD -i $LOCAL_INTERFACE -o $TV_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
# Save iptables rules
if [ -f /etc/debian_version ]; then
# Save for iptables-persistent
iptables-save > /etc/iptables/rules.v4
elif [ -f /etc/redhat-release ]; then
# Save for iptables-services
service iptables save
fi
echo -e "${GREEN}iptables rules configured${NC}"
fi
#========================================
# Step 7: Create Startup Script
#========================================
echo ""
echo -e "${BLUE}[Step 7/8] Creating startup script...${NC}"
cat > /usr/local/bin/teamviewer-gateway-setup.sh <<'EOFSCRIPT'
#!/bin/bash
# TeamViewer Gateway - Network Setup Script
# This script runs at startup to ensure proper routing
# Configuration (will be replaced during setup)
TV_INTERFACE="__TV_INTERFACE__"
LOCAL_INTERFACE="__LOCAL_INTERFACE__"
# Wait for TeamViewer VPN interface to be available
for i in {1..30}; do
if ip link show $TV_INTERFACE &> /dev/null; then
echo "TeamViewer VPN interface found"
break
fi
echo "Waiting for TeamViewer VPN interface... ($i/30)"
sleep 2
done
# Ensure IP forwarding is enabled
sysctl -w net.ipv4.ip_forward=1
# Add firewall rules if not using firewalld
if ! systemctl is-active --quiet firewalld; then
iptables -A FORWARD -i $TV_INTERFACE -o $LOCAL_INTERFACE -j ACCEPT 2>/dev/null
iptables -A FORWARD -i $LOCAL_INTERFACE -o $TV_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null
fi
echo "TeamViewer gateway setup complete"
EOFSCRIPT
# Replace placeholders
sed -i "s/__TV_INTERFACE__/$TV_INTERFACE/" /usr/local/bin/teamviewer-gateway-setup.sh
sed -i "s/__LOCAL_INTERFACE__/$LOCAL_INTERFACE/" /usr/local/bin/teamviewer-gateway-setup.sh
chmod +x /usr/local/bin/teamviewer-gateway-setup.sh
# Create systemd service
cat > /etc/systemd/system/teamviewer-gateway.service <<EOF
[Unit]
Description=TeamViewer VPN Gateway Setup
After=network-online.target teamviewerd.service
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/teamviewer-gateway-setup.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable teamviewer-gateway.service
echo -e "${GREEN}Startup script created and enabled${NC}"
#========================================
# Step 8: Summary and Next Steps
#========================================
echo ""
echo "========================================"
echo -e "${GREEN}Gateway Setup Complete!${NC}"
echo "========================================"
echo ""
echo "Configuration Summary:"
echo "----------------------"
echo "TeamViewer ID: $(teamviewer info 2>/dev/null | grep "TeamViewer ID" || echo "Check TeamViewer GUI")"
echo "Local Interface: $LOCAL_INTERFACE"
echo "Local IP: $(ip addr show $LOCAL_INTERFACE | grep "inet " | awk '{print $2}')"
echo "PLC Network: $PLC_NETWORK"
echo "PLC IP: $PLC_IP"
echo "TeamViewer VPN Interface: $TV_INTERFACE (created when VPN connects)"
echo ""
echo "Services Status:"
echo "----------------"
systemctl status teamviewerd --no-pager -l || echo "TeamViewer: Not running"
echo ""
echo "Next Steps:"
echo "-----------"
echo "1. Keep this PC running and connected to internet"
echo "2. From your remote computer:"
echo " - Open TeamViewer"
echo " - Connect to this PC's TeamViewer ID via VPN"
echo " - Add static route to PLC network"
echo ""
echo "3. Test connectivity from remote computer:"
echo " ping <remote_gateway_vpn_ip>"
echo " ping $PLC_IP"
echo ""
echo "4. Open TIA Portal and connect to PLC"
echo ""
echo "Useful Commands:"
echo "----------------"
echo "Check TeamViewer status: systemctl status teamviewerd"
echo "View TeamViewer ID: teamviewer info"
echo "Check firewall rules: iptables -L -n -v"
echo "Check IP forwarding: cat /proc/sys/net/ipv4/ip_forward"
echo "Test PLC connectivity: ping $PLC_IP"
echo ""
read -p "Press Enter to finish..."
Reference in a new issue Copy permalink