#!/bin/bash #======================================== # TeamViewer VPN Gateway Setup Script # For Remote PC (Gateway) - Linux #======================================== set -e # Colors for output RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' # No Color echo "" echo "========================================" echo "TeamViewer VPN Gateway Setup" echo "Remote PC Configuration" echo "========================================" echo "" # Check if running as root if [[ $EUID -ne 0 ]]; then echo -e "${RED}ERROR: This script must be run as root (use sudo)${NC}" exit 1 fi #======================================== # Configuration Variables #======================================== echo "Enter your configuration details:" echo "" read -p "Enter PLC Network (e.g., 192.168.10.0/24): " PLC_NETWORK read -p "Enter PLC IP to test (e.g., 192.168.10.100): " PLC_IP read -p "Enter local network interface connected to PLC (e.g., eth0, enp3s0): " LOCAL_INTERFACE echo "" echo "Configuration Summary:" echo "----------------------" echo "PLC Network: $PLC_NETWORK" echo "PLC IP: $PLC_IP" echo "Local Interface: $LOCAL_INTERFACE" echo "" read -p "Is this correct? (y/n): " CONFIRM if [[ ! "$CONFIRM" =~ ^[Yy]$ ]]; then echo "Setup cancelled." exit 0 fi #======================================== # Step 1: Install Required Packages #======================================== echo "" echo -e "${BLUE}[Step 1/8] Installing required packages...${NC}" if [ -f /etc/debian_version ]; then # Debian/Ubuntu echo "Detected Debian/Ubuntu system" apt-get update apt-get install -y iptables iptables-persistent net-tools iputils-ping netcat elif [ -f /etc/redhat-release ]; then # RHEL/CentOS echo "Detected RHEL/CentOS system" yum install -y iptables iptables-services net-tools iputils nc else echo -e "${YELLOW}WARNING: Unknown distribution${NC}" echo "Please ensure iptables and network tools are installed." fi echo -e "${GREEN}Required packages installed${NC}" #======================================== # Step 2: Check TeamViewer Installation #======================================== echo "" echo -e "${BLUE}[Step 2/8] Checking TeamViewer installation...${NC}" if command -v teamviewer &> /dev/null; then echo -e "${GREEN}TeamViewer found: $(teamviewer --version)${NC}" else echo -e "${YELLOW}TeamViewer not found${NC}" read -p "Do you want to install TeamViewer now? (y/n): " INSTALL_TV if [[ "$INSTALL_TV" =~ ^[Yy]$ ]]; then if [ -f /etc/debian_version ]; then wget https://download.teamviewer.com/download/linux/teamviewer_amd64.deb -O /tmp/teamviewer.deb dpkg -i /tmp/teamviewer.deb || apt-get install -f -y rm /tmp/teamviewer.deb elif [ -f /etc/redhat-release ]; then wget https://download.teamviewer.com/download/linux/teamviewer.x86_64.rpm -O /tmp/teamviewer.rpm yum install -y /tmp/teamviewer.rpm rm /tmp/teamviewer.rpm fi echo -e "${GREEN}TeamViewer installed${NC}" fi fi # Enable and start TeamViewer daemon if ! systemctl is-active --quiet teamviewerd; then systemctl enable teamviewerd systemctl start teamviewerd echo -e "${GREEN}TeamViewer daemon started${NC}" fi #======================================== # Step 3: Configure Unattended Access #======================================== echo "" echo -e "${BLUE}[Step 3/8] Configuring TeamViewer for unattended access...${NC}" echo "" echo "IMPORTANT: You need to configure TeamViewer manually:" echo "1. Open TeamViewer application" echo "2. Go to Extras → Options" echo "3. Set a strong password for unattended access" echo "4. Enable 'Start TeamViewer with system'" echo "5. Note your TeamViewer ID for future connections" echo "" if command -v teamviewer &> /dev/null; then teamviewer info | grep "TeamViewer ID" || echo "TeamViewer ID not available yet - open TeamViewer GUI to activate" fi read -p "Press Enter when you've configured TeamViewer..." #======================================== # Step 4: Test PLC Network Access #======================================== echo "" echo -e "${BLUE}[Step 4/8] Testing PLC network access...${NC}" # Check if interface exists and is up if ip link show $LOCAL_INTERFACE &> /dev/null; then echo -e "${GREEN}Interface $LOCAL_INTERFACE exists${NC}" # Show interface IP IP_ADDR=$(ip addr show $LOCAL_INTERFACE | grep "inet " | awk '{print $2}') echo "Interface IP: $IP_ADDR" else echo -e "${RED}ERROR: Interface $LOCAL_INTERFACE not found!${NC}" echo "Available interfaces:" ip link show exit 1 fi # Test ping to PLC echo "" echo "Testing connectivity to PLC ($PLC_IP)..." if ping -c 4 $PLC_IP &> /dev/null; then echo -e "${GREEN}PLC is reachable from this gateway!${NC}" else echo -e "${RED}WARNING: Cannot ping PLC!${NC}" echo "Please verify:" echo " - PLC IP is correct: $PLC_IP" echo " - PLC is powered on and connected" echo " - Network cable is connected" echo " - This PC is on the same network as PLC" read -p "Continue anyway? (y/n): " CONTINUE if [[ ! "$CONTINUE" =~ ^[Yy]$ ]]; then exit 1 fi fi # Test S7 communication port echo "" echo "Testing S7 communication port (TCP 102)..." if nc -zv $PLC_IP 102 2>&1 | grep -q "succeeded"; then echo -e "${GREEN}Port 102 is accessible!${NC}" else echo -e "${YELLOW}WARNING: Port 102 not accessible${NC}" echo "This may be normal if PLC is not configured for remote access yet." fi #======================================== # Step 5: Enable IP Forwarding #======================================== echo "" echo -e "${BLUE}[Step 5/8] Enabling IP forwarding...${NC}" # Check current setting IP_FORWARD=$(cat /proc/sys/net/ipv4/ip_forward) if [ "$IP_FORWARD" == "1" ]; then echo -e "${GREEN}IP forwarding already enabled${NC}" else echo "Enabling IP forwarding..." sysctl -w net.ipv4.ip_forward=1 # Make persistent if ! grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf; then echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf fi sysctl -p echo -e "${GREEN}IP forwarding enabled${NC}" fi #======================================== # Step 6: Configure Firewall Rules #======================================== echo "" echo -e "${BLUE}[Step 6/8] Configuring firewall rules...${NC}" # Detect TeamViewer VPN interface (will be created when VPN connects) echo "TeamViewer VPN interface will be created when VPN connection is established" echo "Typically named: teamviewer0 or similar" echo "" read -p "Enter TeamViewer VPN interface name (or press Enter for 'teamviewer0'): " TV_INTERFACE TV_INTERFACE=${TV_INTERFACE:-teamviewer0} echo "" echo "Configuring iptables rules for:" echo " TeamViewer VPN Interface: $TV_INTERFACE" echo " Local PLC Interface: $LOCAL_INTERFACE" # Check if firewalld is running if systemctl is-active --quiet firewalld; then echo "" echo "Detected firewalld. Configuring firewalld rules..." # Add TeamViewer interface to trusted zone firewall-cmd --zone=trusted --add-interface=$TV_INTERFACE --permanent 2>/dev/null || echo "Interface will be added when it exists" firewall-cmd --zone=trusted --add-interface=$LOCAL_INTERFACE --permanent # Enable masquerading firewall-cmd --zone=public --add-masquerade --permanent # Reload firewall firewall-cmd --reload echo -e "${GREEN}firewalld rules configured${NC}" else echo "" echo "Configuring iptables rules..." # Allow forwarding between TeamViewer VPN and local network iptables -A FORWARD -i $TV_INTERFACE -o $LOCAL_INTERFACE -j ACCEPT 2>/dev/null || echo "Rule will apply when interface exists" iptables -A FORWARD -i $LOCAL_INTERFACE -o $TV_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT # Save iptables rules if [ -f /etc/debian_version ]; then # Save for iptables-persistent iptables-save > /etc/iptables/rules.v4 elif [ -f /etc/redhat-release ]; then # Save for iptables-services service iptables save fi echo -e "${GREEN}iptables rules configured${NC}" fi #======================================== # Step 7: Create Startup Script #======================================== echo "" echo -e "${BLUE}[Step 7/8] Creating startup script...${NC}" cat > /usr/local/bin/teamviewer-gateway-setup.sh <<'EOFSCRIPT' #!/bin/bash # TeamViewer Gateway - Network Setup Script # This script runs at startup to ensure proper routing # Configuration (will be replaced during setup) TV_INTERFACE="__TV_INTERFACE__" LOCAL_INTERFACE="__LOCAL_INTERFACE__" # Wait for TeamViewer VPN interface to be available for i in {1..30}; do if ip link show $TV_INTERFACE &> /dev/null; then echo "TeamViewer VPN interface found" break fi echo "Waiting for TeamViewer VPN interface... ($i/30)" sleep 2 done # Ensure IP forwarding is enabled sysctl -w net.ipv4.ip_forward=1 # Add firewall rules if not using firewalld if ! systemctl is-active --quiet firewalld; then iptables -A FORWARD -i $TV_INTERFACE -o $LOCAL_INTERFACE -j ACCEPT 2>/dev/null iptables -A FORWARD -i $LOCAL_INTERFACE -o $TV_INTERFACE -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null fi echo "TeamViewer gateway setup complete" EOFSCRIPT # Replace placeholders sed -i "s/__TV_INTERFACE__/$TV_INTERFACE/" /usr/local/bin/teamviewer-gateway-setup.sh sed -i "s/__LOCAL_INTERFACE__/$LOCAL_INTERFACE/" /usr/local/bin/teamviewer-gateway-setup.sh chmod +x /usr/local/bin/teamviewer-gateway-setup.sh # Create systemd service cat > /etc/systemd/system/teamviewer-gateway.service </dev/null | grep "TeamViewer ID" || echo "Check TeamViewer GUI")" echo "Local Interface: $LOCAL_INTERFACE" echo "Local IP: $(ip addr show $LOCAL_INTERFACE | grep "inet " | awk '{print $2}')" echo "PLC Network: $PLC_NETWORK" echo "PLC IP: $PLC_IP" echo "TeamViewer VPN Interface: $TV_INTERFACE (created when VPN connects)" echo "" echo "Services Status:" echo "----------------" systemctl status teamviewerd --no-pager -l || echo "TeamViewer: Not running" echo "" echo "Next Steps:" echo "-----------" echo "1. Keep this PC running and connected to internet" echo "2. From your remote computer:" echo " - Open TeamViewer" echo " - Connect to this PC's TeamViewer ID via VPN" echo " - Add static route to PLC network" echo "" echo "3. Test connectivity from remote computer:" echo " ping " echo " ping $PLC_IP" echo "" echo "4. Open TIA Portal and connect to PLC" echo "" echo "Useful Commands:" echo "----------------" echo "Check TeamViewer status: systemctl status teamviewerd" echo "View TeamViewer ID: teamviewer info" echo "Check firewall rules: iptables -L -n -v" echo "Check IP forwarding: cat /proc/sys/net/ipv4/ip_forward" echo "Test PLC connectivity: ping $PLC_IP" echo "" read -p "Press Enter to finish..."