298 lines
9 KiB
Bash
298 lines
9 KiB
Bash
#!/bin/bash
|
|
|
|
#========================================
|
|
# TeamViewer VPN - PLC Access Setup Script
|
|
# For Linux
|
|
#========================================
|
|
|
|
set -e
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m' # No Color
|
|
|
|
echo ""
|
|
echo "========================================"
|
|
echo "TeamViewer VPN - PLC Access Setup"
|
|
echo "========================================"
|
|
echo ""
|
|
|
|
# Check if running as root
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo -e "${RED}ERROR: This script must be run as root (use sudo)${NC}"
|
|
exit 1
|
|
fi
|
|
|
|
#========================================
|
|
# Configuration Variables - CUSTOMIZE THESE
|
|
#========================================
|
|
|
|
echo "Enter your configuration details:"
|
|
echo ""
|
|
|
|
read -p "Enter PLC Network (e.g., 192.168.10.0/24): " PLC_NETWORK
|
|
read -p "Enter Remote Gateway VPN IP (e.g., 7.254.0.2): " REMOTE_VPN_IP
|
|
|
|
echo ""
|
|
echo "Configuration Summary:"
|
|
echo "----------------------"
|
|
echo "PLC Network: $PLC_NETWORK"
|
|
echo "Remote VPN IP: $REMOTE_VPN_IP"
|
|
echo ""
|
|
|
|
read -p "Is this correct? (y/n): " CONFIRM
|
|
if [[ ! "$CONFIRM" =~ ^[Yy]$ ]]; then
|
|
echo "Setup cancelled."
|
|
exit 0
|
|
fi
|
|
|
|
#========================================
|
|
# Step 1: Check TeamViewer Installation
|
|
#========================================
|
|
|
|
echo ""
|
|
echo -e "${BLUE}[Step 1/6] Checking TeamViewer installation...${NC}"
|
|
|
|
if command -v teamviewer &> /dev/null; then
|
|
echo -e "${GREEN}TeamViewer found: $(teamviewer --version)${NC}"
|
|
else
|
|
echo -e "${YELLOW}WARNING: TeamViewer not found in PATH${NC}"
|
|
echo "TeamViewer may not be installed or not in PATH."
|
|
echo ""
|
|
read -p "Do you want to install TeamViewer now? (y/n): " INSTALL_TV
|
|
|
|
if [[ "$INSTALL_TV" =~ ^[Yy]$ ]]; then
|
|
echo "Installing TeamViewer..."
|
|
|
|
# Detect distribution
|
|
if [ -f /etc/debian_version ]; then
|
|
# Debian/Ubuntu
|
|
echo "Detected Debian/Ubuntu system"
|
|
wget https://download.teamviewer.com/download/linux/teamviewer_amd64.deb -O /tmp/teamviewer.deb
|
|
dpkg -i /tmp/teamviewer.deb || apt-get install -f -y
|
|
rm /tmp/teamviewer.deb
|
|
elif [ -f /etc/redhat-release ]; then
|
|
# RHEL/CentOS
|
|
echo "Detected RHEL/CentOS system"
|
|
wget https://download.teamviewer.com/download/linux/teamviewer.x86_64.rpm -O /tmp/teamviewer.rpm
|
|
yum install -y /tmp/teamviewer.rpm
|
|
rm /tmp/teamviewer.rpm
|
|
else
|
|
echo -e "${RED}ERROR: Unsupported distribution${NC}"
|
|
echo "Please install TeamViewer manually from: https://www.teamviewer.com"
|
|
exit 1
|
|
fi
|
|
|
|
echo -e "${GREEN}TeamViewer installed successfully!${NC}"
|
|
else
|
|
echo "Skipping TeamViewer installation."
|
|
echo "Please install manually if needed."
|
|
fi
|
|
fi
|
|
|
|
# Check if TeamViewer daemon is running
|
|
if systemctl is-active --quiet teamviewerd; then
|
|
echo -e "${GREEN}TeamViewer daemon is running${NC}"
|
|
else
|
|
echo -e "${YELLOW}TeamViewer daemon is not running${NC}"
|
|
read -p "Do you want to start TeamViewer daemon? (y/n): " START_TV
|
|
if [[ "$START_TV" =~ ^[Yy]$ ]]; then
|
|
systemctl start teamviewerd
|
|
systemctl enable teamviewerd
|
|
echo -e "${GREEN}TeamViewer daemon started${NC}"
|
|
fi
|
|
fi
|
|
|
|
#========================================
|
|
# Step 2: Check Network Connectivity
|
|
#========================================
|
|
|
|
echo ""
|
|
echo -e "${BLUE}[Step 2/6] Checking network connectivity...${NC}"
|
|
|
|
echo "Testing internet connection..."
|
|
if ping -c 1 8.8.8.8 &> /dev/null; then
|
|
echo -e "${GREEN}Internet connection: OK${NC}"
|
|
else
|
|
echo -e "${RED}WARNING: No internet connection detected!${NC}"
|
|
echo "TeamViewer requires internet to establish VPN."
|
|
fi
|
|
|
|
#========================================
|
|
# Step 3: Check IP Forwarding
|
|
#========================================
|
|
|
|
echo ""
|
|
echo -e "${BLUE}[Step 3/6] Checking IP forwarding...${NC}"
|
|
|
|
IP_FORWARD=$(cat /proc/sys/net/ipv4/ip_forward)
|
|
if [ "$IP_FORWARD" == "1" ]; then
|
|
echo -e "${GREEN}IP forwarding is already enabled${NC}"
|
|
else
|
|
echo -e "${YELLOW}IP forwarding is disabled${NC}"
|
|
read -p "Do you want to enable IP forwarding? (y/n): " ENABLE_FORWARD
|
|
|
|
if [[ "$ENABLE_FORWARD" =~ ^[Yy]$ ]]; then
|
|
echo "Enabling IP forwarding..."
|
|
sysctl -w net.ipv4.ip_forward=1
|
|
|
|
# Make persistent
|
|
if ! grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf; then
|
|
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
|
|
echo -e "${GREEN}IP forwarding enabled and made persistent${NC}"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
#========================================
|
|
# Step 4: Display Current Routes
|
|
#========================================
|
|
|
|
echo ""
|
|
echo -e "${BLUE}[Step 4/6] Current network routes:${NC}"
|
|
echo ""
|
|
ip route show | grep -E "192\.168\.|10\.|172\."
|
|
echo ""
|
|
|
|
#========================================
|
|
# Step 5: Add Static Route to PLC Network
|
|
#========================================
|
|
|
|
echo ""
|
|
echo -e "${BLUE}[Step 5/6] Adding static route to PLC network...${NC}"
|
|
|
|
# Check if route already exists
|
|
if ip route show | grep -q "$PLC_NETWORK"; then
|
|
echo -e "${YELLOW}WARNING: Route to $PLC_NETWORK already exists!${NC}"
|
|
echo ""
|
|
ip route show | grep "$PLC_NETWORK"
|
|
echo ""
|
|
read -p "Do you want to delete existing route and recreate? (y/n): " DELETE_ROUTE
|
|
|
|
if [[ "$DELETE_ROUTE" =~ ^[Yy]$ ]]; then
|
|
echo "Deleting existing route..."
|
|
ip route del $PLC_NETWORK
|
|
sleep 1
|
|
else
|
|
echo "Keeping existing route. Skipping route creation."
|
|
SKIP_ROUTE=1
|
|
fi
|
|
fi
|
|
|
|
if [ -z "$SKIP_ROUTE" ]; then
|
|
echo "Adding route: $PLC_NETWORK via $REMOTE_VPN_IP"
|
|
|
|
if ip route add $PLC_NETWORK via $REMOTE_VPN_IP; then
|
|
echo -e "${GREEN}Route added successfully!${NC}"
|
|
|
|
echo ""
|
|
read -p "Make this route persistent (survive reboot)? (y/n): " MAKE_PERSISTENT
|
|
|
|
if [[ "$MAKE_PERSISTENT" =~ ^[Yy]$ ]]; then
|
|
echo "Creating systemd service for persistent route..."
|
|
|
|
cat > /etc/systemd/system/teamviewer-plc-route.service <<EOF
|
|
[Unit]
|
|
Description=TeamViewer VPN Route to PLC Network
|
|
After=network-online.target teamviewerd.service
|
|
Wants=network-online.target
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart=/sbin/ip route add $PLC_NETWORK via $REMOTE_VPN_IP
|
|
ExecStop=/sbin/ip route del $PLC_NETWORK
|
|
RemainAfterExit=yes
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
|
|
systemctl daemon-reload
|
|
systemctl enable teamviewer-plc-route.service
|
|
echo -e "${GREEN}Persistent route service created and enabled${NC}"
|
|
echo "Service will start automatically after reboot"
|
|
fi
|
|
else
|
|
echo -e "${RED}ERROR: Failed to add route!${NC}"
|
|
echo "This may happen if:"
|
|
echo " - TeamViewer VPN is not connected"
|
|
echo " - VPN IP is incorrect"
|
|
echo " - Insufficient permissions"
|
|
fi
|
|
fi
|
|
|
|
#========================================
|
|
# Step 6: Verify Configuration
|
|
#========================================
|
|
|
|
echo ""
|
|
echo -e "${BLUE}[Step 6/6] Verifying configuration...${NC}"
|
|
echo ""
|
|
|
|
echo "TeamViewer VPN Interface Status:"
|
|
ip addr show | grep -A 5 teamviewer || echo -e "${YELLOW}TeamViewer VPN interface not found!${NC}"
|
|
|
|
echo ""
|
|
echo "Current routes to PLC network:"
|
|
ip route show | grep "$PLC_NETWORK" || echo -e "${YELLOW}No route found${NC}"
|
|
|
|
#========================================
|
|
# Display Connection Test Instructions
|
|
#========================================
|
|
|
|
echo ""
|
|
echo "========================================"
|
|
echo -e "${GREEN}Setup Complete!${NC}"
|
|
echo "========================================"
|
|
echo ""
|
|
echo "Next Steps:"
|
|
echo "-----------"
|
|
echo "1. Ensure TeamViewer VPN connection is active"
|
|
echo "2. Test connectivity:"
|
|
echo " ping $REMOTE_VPN_IP"
|
|
echo " ping <PLC_IP> (e.g., 192.168.10.100)"
|
|
echo ""
|
|
echo "3. Open TIA Portal (via Wine or Windows VM) and connect to PLC"
|
|
echo ""
|
|
echo "To remove the route later, run:"
|
|
echo " sudo ip route del $PLC_NETWORK"
|
|
echo ""
|
|
|
|
#========================================
|
|
# Optional: Test Connectivity Now
|
|
#========================================
|
|
|
|
read -p "Do you want to test connectivity now? (y/n): " TEST_NOW
|
|
|
|
if [[ "$TEST_NOW" =~ ^[Yy]$ ]]; then
|
|
echo ""
|
|
echo "Testing connection to remote VPN gateway..."
|
|
ping -c 4 $REMOTE_VPN_IP || echo -e "${RED}Ping failed!${NC}"
|
|
|
|
echo ""
|
|
read -p "Enter PLC IP to test (e.g., 192.168.10.100): " PLC_IP
|
|
|
|
if [ -n "$PLC_IP" ]; then
|
|
echo "Testing connection to PLC..."
|
|
ping -c 4 $PLC_IP || echo -e "${RED}Ping failed!${NC}"
|
|
|
|
echo ""
|
|
echo "Testing S7 communication port (102)..."
|
|
if command -v nc &> /dev/null; then
|
|
nc -zv $PLC_IP 102 || echo -e "${RED}Port 102 is not reachable${NC}"
|
|
else
|
|
echo -e "${YELLOW}netcat (nc) not found. Cannot test port.${NC}"
|
|
echo "Install with: apt-get install netcat or yum install nc"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
echo "========================================"
|
|
echo "Script finished!"
|
|
echo "========================================"
|
|
echo ""
|