-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgetconfig.py
executable file
·105 lines (95 loc) · 4.01 KB
/
getconfig.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/usr/bin/env python3
import os
import boto3
import argparse
import traceback
import pprint
#import xml.etree.ElementTree as xml
import untangle
from jinja2 import Environment, FileSystemLoader
parser = argparse.ArgumentParser()
parser.add_argument("-p",
help="AWS Profile",
dest="profile",
required=True,
action="store",
default=[])
parser.add_argument("--region",
help="AWS Region. Defaults to profile region.",
dest="region",
required=True,
action="store",
default=[])
parser.add_argument("--id",
help="VPN ID",
dest="vpnid",
required=True,
action="store",
default=[])
parser.add_argument("--vti",
help="Virtual Tunnel Interface (list separated by space)",
dest="vti",
required=True,
nargs='+',
type=str
)
parser.add_argument("--localip",
help="Local IP used for the tunnel. Use the RFC1918 address if doing NAT Traversal",
dest="localip",
required=True,
action="store",
default=[])
parser.add_argument("--ipsec",
help="Additionally dump the ipsec configuration",
dest="ipsec",
required=False,
action="store_true")
args = parser.parse_args()
try:
session = boto3.Session(profile_name=args.profile, region_name=args.region)
ec2 = session.client('ec2')
vpns = ec2.describe_vpn_connections(VpnConnectionIds=[args.vpnid])
config_xml = vpns['VpnConnections'][0]['CustomerGatewayConfiguration']
#pprint.pprint(config_xml)
obj = untangle.parse(config_xml)
vpnid = obj.vpn_connection['id']
tun1 = obj.vpn_connection.ipsec_tunnel[0]
tun2 = obj.vpn_connection.ipsec_tunnel[1]
tun1 = {
'vpnid': vpnid,
'vti': args.vti[0],
'local_ip': args.localip,
'mtu': 1436,
'psk': tun1.ike.pre_shared_key.cdata,
'remote_ip': tun1.vpn_gateway.tunnel_outside_address.ip_address.cdata,
'local_public_ip': tun1.customer_gateway.tunnel_outside_address.ip_address.cdata,
'local_neighbor_ip': tun1.customer_gateway.tunnel_inside_address.ip_address.cdata + '/' + \
tun1.customer_gateway.tunnel_inside_address.network_cidr.cdata,
'remote_neighbor_ip': tun1.vpn_gateway.tunnel_inside_address.ip_address.cdata,
'remote_asn': tun1.vpn_gateway.bgp.asn.cdata,
'local_asn': tun1.customer_gateway.bgp.asn.cdata,
'hold_time': tun1.vpn_gateway.bgp.hold_time.cdata,
}
tun2 = {
'vpnid': vpnid,
'vti': args.vti[1],
'local_ip': args.localip,
'mtu': 1436,
'psk': tun2.ike.pre_shared_key.cdata,
'remote_ip': tun2.vpn_gateway.tunnel_outside_address.ip_address.cdata,
'local_public_ip': tun2.customer_gateway.tunnel_outside_address.ip_address.cdata,
'local_neighbor_ip': tun2.customer_gateway.tunnel_inside_address.ip_address.cdata + '/' + \
tun2.customer_gateway.tunnel_inside_address.network_cidr.cdata,
'remote_neighbor_ip': tun2.vpn_gateway.tunnel_inside_address.ip_address.cdata,
'remote_asn': tun2.vpn_gateway.bgp.asn.cdata,
'local_asn': tun2.customer_gateway.bgp.asn.cdata,
'hold_time': tun2.vpn_gateway.bgp.hold_time.cdata,
}
template_path = os.path.dirname(os.path.abspath(__file__))
env = Environment(loader=FileSystemLoader(template_path), trim_blocks=True)
print(env.get_template('tunnel_template.tpl').render(tun=tun1))
print(env.get_template('tunnel_template.tpl').render(tun=tun2))
if args.ipsec == True:
print(env.get_template('ipsec_template.tpl').render())
except Exception as e:
print(e, traceback.print_exc())