feat: added traffic forwarding script

11270155 · César Galvis · ea44cfdd · 11270155 · 11270155
Commit 11270155 authored Apr 23, 2025 by César Galvis
Hide whitespace changes
Inline Side-by-side

Showing with 56 additions and 5 deletions

Vagrantfile Vagrantfile +2 -5

EnableTrafficForwarding.ps1 src/scripts/ps/EnableTrafficForwarding.ps1 +54 -0

No files found.
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -34,10 +34,7 @@ Vagrant.configure("2") do |config|
  config.vm.provision "shell", path: "src/scripts/ps/ChocolateyInstallPackages.ps1"
  ## Wireguard Install and setup
  config.vm.provision "shell", path: "src/scripts/ps/WireguardInstall.ps1"
-  ## Reboot computer after provisioning
+  ## Enable traffic forwarding
-  config.trigger.after [:provision] do |t|
+  config.vm.provision "shell", path: "src/scripts/ps/EnableTrafficForwarding.ps1"
-    t.name = "Reboot after provisioning"
-    t.run = { :inline => "vagrant reload" }
-  end
 end
--- a/src/scripts/ps/EnableTrafficForwarding.ps1
+++ b/src/scripts/ps/EnableTrafficForwarding.ps1
+# === CONFIGURATION ===
+# Name of the VPN interface (Fortinet client) and the WireGuard interface
+$vpnInterfaceName = "Fortinet"  # Change if different
+$wgInterfaceName = "WireGuard"
+# === HELPER FUNCTION ===
+function Enable-ICS {
+    param (
+        [string]$SharedInterface,
+        [string]$TargetInterface
+    )
+    $networkListManager = New-Object -ComObject HNetCfg.HNetShare
+    $connections = $networkListManager.EnumEveryConnection()
+    foreach ($conn in $connections) {
+        $props = $networkListManager.NetConnectionProps($conn)
+        $config = $networkListManager.INetSharingConfigurationForINetConnection($conn)
+        if ($props.Name -eq $SharedInterface) {
+            # Enable sharing on the VPN interface
+            if (-not $config.SharingEnabled) {
+                Write-Host "→ Enabling ICS on '$SharedInterface'"
+                $config.EnableSharing(0)  # 0 = outbound
+            }
+        }
+        if ($props.Name -eq $TargetInterface) {
+            # Check if sharing is already enabled on the target interface
+            if ($config.SharingEnabled) {
+                Write-Host "ICS is already enabled on '$TargetInterface'"
+            } else {
+                Write-Host "ICS does not need to be enabled on '$TargetInterface'"
+            }
+        }
+    }
+}
+# === VERIFY INTERFACES ===
+$netAdapters = Get-NetAdapter
+$vpnFound = $netAdapters | Where-Object { $_.InterfaceDescription -like "*$vpnInterfaceName*" }
+$wgFound = $netAdapters | Where-Object { $_.InterfaceDescription -like "*$wgInterfaceName*" }
+if (-not $vpnFound) {
+    Write-Host "Could not find VPN interface '$vpnInterfaceName'"
+    exit 1
+}
+if (-not $wgFound) {
+    Write-Host "Could not find WireGuard interface '$wgInterfaceName'"
+    exit 1
+}
+# === APPLY ICS ===
+Enable-ICS -SharedInterface $vpnFound.Name -TargetInterface $wgFound.Name
+Write-Host "ICS enabled: '$vpnInterfaceName' + '$wgInterfaceName'"