Menu
What's new
By:
Filters Better Search

[SOLVED] Why does the openvpn vpnclient2-route-up script fail?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

W

waeking

Regular Contributor
LOOK at this post for corrected scripts https://www.snbforums.com/threads/s...ient2-route-up-script-fail.49634/#post-441378
Code: 
#!/bin/sh
#
# Enable port forwarding when using Private Internet Access
#
TRANSUSER=USER
TRANSPASS=PASSWORD
TRANSHOST=IP1
TRANSGUI=IP2
TRANSPORT=IP1PORT

#port_forward_assignment
  CLIENT_ID=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
echo $CLIENT_ID > /tmp/mnt/Merlin/openvpn.d/client.id
  JSON=`curl --interface $dev "http://209.222.18.222:2000/?client_id=$CLIENT_ID" 2>/dev/null`
echo $JSON > /tmp/mnt/Merlin/openvpn.d/json
# delete old port from file and add new port
PORT=$(echo $JSON | awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
echo $PORT > /tmp/mnt/Merlin/openvpn.d/port.forward
#echo "Creating New Forwarding rules for port:"$PORT" on device "$dev" and forwading to "$TRANSHOST
        iptables -I FORWARD -i $dev -p udp -d $TRANSHOST --dport $PORT -j ACCEPT
        iptables -I FORWARD -i $dev -p tcp -d $TRANSHOST --dport $PORT -j ACCEPT
        iptables -t nat -I PREROUTING -i $dev -p udp --dport $PORT -j DNAT --to-destination $TRANSHOST
        iptables -t nat -I PREROUTING -i $dev -p tcp --dport $PORT -j DNAT --to-destination $TRANSHOST
#transmission_change_port
transmission-remote $TRANSGUI:$TRANSPORT --auth $TRANSUSER:$TRANSPASS --port $PORT

This is for PIA
ClIENT_ID shows up in file. However the JSON does not show up in file. This script just creates an empty file. I am just using echo to debug where things are going wrong and those lines will be deleted once this is running properly.
 
Last edited:
I think that it may have to do with the vpn not completely setup when this is run. Is there a way to test with a positive ping though the tunnel before the curl command is executed? Or to rerun the curl command until a port is given? perhaps with a sleep 5 seconds between tries and a max of say 10 tries.
 
Last edited:
You can't include any commands that access the internet from the scripts called by openvpn-event. The tunnel is not actually up until all the script phases exit (I ran into this when trying to use STUN to get the VPN address from within the openvpn phase scripts).

What you need to do is start another script from within route-up, which waits for the tunnel to be available.
 
Thanks I have created this script called vpnclient2-port-forward
Code: 
#!/bin/sh
# vpnclient2-port-forward
#
# Enable port forwarding when using Private Internet Access
#
TRANSUSER=USER
TRANSPASS=PASSWORD
TRANSHOST=IP1
TRANSGUI=IP2
TRANSPORT=IP1PORT
dev=$1

#wait for tunnel to be up
timeout=2 # Wait for two seconds for a reply.
ip=209.222.18.222 # Use IP address assigned to tunnel endpoint.
while ! ping -I $dev -W "$timeout" -c 1 "$ip" &>/dev/null; do
  sleep 1
done

#port_forward_assignment
  CLIENT_ID=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
  JSON=`curl --interface $dev "http://209.222.18.222:2000/?client_id=$CLIENT_ID" 2>/dev/null`
echo $JSON > /tmp/mnt/Merlin/openvpn.d/json
# delete old port from file and add new port
PORT=$(echo $JSON | awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
echo $PORT > /tmp/mnt/Merlin/openvpn.d/port.forward
#echo "Creating New Forwarding rules for port:"$PORT" on device "$dev" and forwading to "$TRANSHOST
       iptables -I FORWARD -i $dev -p udp -d $TRANSHOST --dport $PORT -j ACCEPT
       iptables -I FORWARD -i $dev -p tcp -d $TRANSHOST --dport $PORT -j ACCEPT
       iptables -t nat -I PREROUTING -i $dev -p udp --dport $PORT -j DNAT --to-destination $TRANSHOST
       iptables -t nat -I PREROUTING -i $dev -p tcp --dport $PORT -j DNAT --to-destination $TRANSHOST
#transmission_change_port
transmission-remote $TRANSGUI:$TRANSPORT --auth $TRANSUSER:$TRANSPASS --port $PORT

When
Code: 
service restart_vpnclient2
./vpnclient2-port-forward tun12
all works well and the script waits

In vpnclient2-route-up is not working
Code: 
#!/bin/sh
vpnclient2-port-forward $dev
Any ideas?
 
Last edited:
I call it explicitly with
sh vpnclient2-port-forward $dev

and spell 'forward' correctly (not 'forwad') :)
 
Last edited:
john9527 said:
I call it explicitly with
sh vpnclient2-port-forward $dev

and spell 'forward' correctly (not 'forwad') :)
Click to expand...

It is nice to have some fresh eyes to see somethings that are so obvious.
Thanks I had it correct on the router just not here on the forum. I have also change call it with
sh vpnclient2-port-forward $dev
still not working, seems as though it is still not waiting. I can still run ./vpnclient2-port-forward tun12 after and it will take a new port.
 
Last edited:
Try to simplify first....
try replacing all the ping check code with just a
sleep 5
(that's what I'm currently using for my STUN problem)

Then, if you want to refine further.....make the check wait until
$(nvram get vpn_client2_state) == 2
 
I can't seem to get the sleep to work even at sleep 30 at the beginning. If I add sleep 5 after a successful ping and then curl. I can run a command like this sucessfully
Code: 
service restart_vpnclient2 && ./vpnclient2-port-forward tun12

however I still cannot get anything to run when called just with sh vpnclient2-port-forward $dev in vpnclient2-route-up.

could you elaborate on the $(nvram get vpn_client2_state) == 2

Code: 
while ! echo $(nvram get vpn_client2_state) == 2; do sleep 1; done
something like this?

Almost seems as thought the route up script waits until the port-forward script times out and then cancels the rest of the port forward script.
 
Sorry...forgot to tell you to have the script run in the background.....add an & at the end
sh vpnclient2_port_forward $dev &

For the better test, try this
Code: 
while [ "$(nvram get vpn_client2_state)" != "2" ]; do
        sleep 1
done
 
Well this is embarrassing.... What is needed to do was correct the path to the script
instead of calling sh vpnclient2-port-forward. I had to call sh/jffs/scripts/vpnclient2-port-forward &
I am not sure why that would make a difference when they are in the same location. But all is working now.

Thanks so much!
 
For Future People
vpnclient2-port-forward
Code: 
#!/bin/sh
# vpnclient2-port-forward
#
# Need to install the following
# opkg install coreutils-sha256sum
# opkg install transmission-remote-openssl
#
# Enable port forwarding when using Private Internet Access
# And change the port in transmission
#
TRANSUSER=USER
TRANSPASS=PASSWORD
TRANSHOST=IP1
TRANSGUI=IP2
TRANSPORT=IP1PORT

#wait for tunnel to be up
## CHANGE vpn_clientX_state to correct tunnel
state="vpn_client"`echo $dev|cut -c5`"_state"
while [ "$(nvram get $state)" != "2" ]; do
        sleep 1
done
#port_forward_assignment
CLIENT_ID=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
forwarded_port=$(curl --interface $dev "http://209.222.18.222:2000/\?client_id=$CLIENT_ID" 2>/dev/null | awk -F ':' '{ print $2 }'| awk -F '}' '{ print $1 }')
# delete old port from file and add new port
PORT=$forwarded_port
echo $PORT > /tmp/mnt/Merlin/openvpn.d/port.forward
echo "Creating New Forwarding rules for port:"$PORT" on device "$dev" and forwading to "$TRANSHOST
        iptables -I FORWARD -i $dev -p udp -d $TRANSHOST --dport $PORT -j ACCEPT
        iptables -I FORWARD -i $dev -p tcp -d $TRANSHOST --dport $PORT -j ACCEPT
        iptables -t nat -I PREROUTING -i $dev -p udp --dport $PORT -j DNAT --to-destination $TRANSHOST
        iptables -t nat -I PREROUTING -i $dev -p tcp --dport $PORT -j DNAT --to-destination $TRANSHOST
#transmission_change_port
transmission-remote $TRANSGUI:$TRANSPORT --auth $TRANSUSER:$TRANSPASS --port $PORT
vpnclient2-route-up
Code: 
#!/bin/sh
sh /jffs/scripts/vpnclient2-port-forward $dev &
vpnclient2-route-down
Code: 
#!/bin/sh
PORT=$(cat/tmp/mnt/Merlin/openvpn.d/port.forward)
TRANSHOST=IP1
#iptables_old_port_forward
        iptables -D FORWARD -i $dev -p udp -d $TRANSHOST --dport $PORT -j ACCEPT
        iptables -D FORWARD -i $dev -p tcp -d $TRANSHOST --dport $PORT -j ACCEPT
        iptables -t nat -D PREROUTING -i $dev -p udp --dport $PORT -j DNAT --to-destination $TRANSHOST
        iptables -t nat -D PREROUTING -i $dev -p tcp --dport $PORT -j DNAT --to-destination $TRANSHOST
 
Last edited:
You must log in or register to reply here.

Similar threads

GShlomi
Sharing my DualWan with port forwarding and DDNS experience
Replies
0
Views
171
GShlomi
GShlomi
G
VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN
Replies
4
Views
440
Grefyne
G
C
Asus Merlin Router / OpenVPN client / Port forwards how?
Replies
1
Views
812
cw-kid
C
P
Need help with openvpn-event script
Replies
1
Views
2K
Psykotik
P
M
Found a strange behavior of script running with crontab cru on ac86u and ax86u 386.3_2
Replies
11
Views
2K
MissingTwins
M
Similar threads
Thread starter Title Forum Replies Date
B (solved) Dnscrypt blocked-names.txt automatically deleted upon modification Asuswrt-Merlin 4
G Miracast problems solved by router reboot -RT-AC86U 386.12_4 Asuswrt-Merlin 0
W Solved Solved (for me): WiFi issues and/or crashes with Merlin on RT-AC86U Asuswrt-Merlin 1
magicus [solved] More than 64 static DHCP addresses? Asuswrt-Merlin 3
J Solved *SOLVED* Asus RT-AX86U Pro on latest Merlin 3004.388.4, cannot get RT-AC68U (on any firmware) to connect as a AI Mesh Node Asuswrt-Merlin 3
M SOLVED: very asymmetric UL/DL speed on 2.5G line Asuswrt-Merlin 25
Calafax AX86U setup & ethernet-only access--solved Asuswrt-Merlin 13
G Device list does not display devices Asuswrt-Merlin 2
A LAN - IPTV - what does it do, and how to reproduce it on other than asus devices? Asuswrt-Merlin 1
Coldblackice Does ASUS Merlin's QoS consider DSCP? Asuswrt-Merlin 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 677 (members: 17, guests: 660)
Top