I am having trouble getting a port forwarding script I am working on to run correctly. I have saved it as openvpn-event, Done the chmod shown in the wiki to make it executable and enabled JFFS in the UI. System log does show the script being called when the VPN client connects.
Shown above I have inserted some logger commands to make sure it is going through the commands.
When I run it from SSH using ./jffs/scripts/openvpn-event it works perfectly as expected. Gets a new port and sets the iptables rules. I have tried using a sleep 60 but that didn't change anything.
Script is as follows :
The PATH command is there as I used the following post so I could use the shasum command :
https://www.snbforums.com/threads/cryptographic-hash-script.59988/#post-524178
Can anyone assist with figuring out why this works manually but not when run automatically when the VPN client up/down event occurs?
Code:
Jan 17 15:36:46 custom_script: Running /jffs/scripts/openvpn-event (args: tun11 1500 1557 10.42.11.6 10.42.11.5)
Jan 17 15:36:46 user: setting path
Jan 17 15:36:46 user: Setting oldport
Jan 17 15:37:01 user: Got PIA Port 27068
Shown above I have inserted some logger commands to make sure it is going through the commands.
When I run it from SSH using ./jffs/scripts/openvpn-event it works perfectly as expected. Gets a new port and sets the iptables rules. I have tried using a sleep 60 but that didn't change anything.
Script is as follows :
Code:
#!/bin/sh
logger "setting path"
PATH=${PATH}:/jffs/bin
logger "Setting oldport"
# Get old port and store value
oldport=$(grep -o '[0-9]*' /jffs/scripts/oldpiaport)
echo oldport is $oldport
port_forward_assignment( )
{
echo 'Loading port forward assignment information...'
if [ "$(uname)" == "Linux" ]; then
client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
fi
if [ "$(uname)" == "Darwin" ]; then
client_id=`head -n 100 /dev/urandom | shasum -a 256 | tr -d " -"`
fi
json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
json=$oldport
fi
logger "Got PIA Port $json"
# Delete old rules if they exist
iptables -D INPUT -i tun11 -p tcp --dport $oldport -j ACCEPT
iptables -D INPUT -i tun11 -p udp --dport $oldport -j ACCEPT
iptables -t nat -D PREROUTING -p tcp --dport $oldport -j DNAT --to-destination 192.168.0.20:45885
iptables -t nat -D PREROUTING -p udp --dport $oldport -j DNAT --to-destination 192.168.0.20:45885
# Write new port value and convert
echo $json > /jffs/scripts/oldpiaport
piaport=$(grep -o '[0-9]*' /jffs/scripts/oldpiaport)
echo piaport is $piaport
# Create new rules for forward
iptables -I INPUT -i tun11 -p tcp --dport $piaport -j ACCEPT
iptables -I INPUT -i tun11 -p udp --dport $piaport -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport $piaport -j DNAT --to-destination 192.168.0.20:45885
iptables -t nat -I PREROUTING -p udp --dport $piaport -j DNAT --to-destination 192.168.0.20:45885
}
port_forward_assignment
exit 0
The PATH command is there as I used the following post so I could use the shasum command :
https://www.snbforums.com/threads/cryptographic-hash-script.59988/#post-524178
Can anyone assist with figuring out why this works manually but not when run automatically when the VPN client up/down event occurs?