portforward.sh

#!/bin/sh

exitOnError(){
  # $1 must be set to $?
  status=$1
  message=$2
  [ "$message" != "" ] || message="Undefined error"
  if [ $status != 0 ]; then
    printf "[ERROR] $message, with status $status)\n"
    exit $status
  fi
}

warnOnError(){
  # $1 must be set to $?
  status=$1
  message=$2
  [ "$message" != "" ] || message="Undefined error"
  if [ $status != 0 ]; then
    printf "[WARNING] $message, with status $status)\n"
  fi
}

printf "[INFO] Reading forwarded port\n"
printf " * Generating client ID...\n"
client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
exitOnError $? "Unable to generate Client ID"
printf " * Obtaining forward port from PIA server...\n"
json=`wget -qO- "http://209.222.18.222:2000/?client_id=$client_id"`
exitOnError $? "Could not obtain response from PIA server (does your PIA server support port forwarding?)"
if [ "$json" == "" ]; then
  printf "[ERROR] Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding\n"
  exit 1
fi
printf " * Parsing JSON response...\n"
port=`echo $json | jq .port`
exitOnError $? "Cannot find port in JSON response"
printf " * Writing forwarded port to file...\n"
port_status_folder=`dirname "${PORT_FORWARDING_STATUS_FILE}"`
warnOnError $? "Cannot find parent directory of ${PORT_FORWARDING_STATUS_FILE}"
mkdir -p "${port_status_folder}"
warnOnError $? "Cannot create containing directory ${port_status_folder}"
echo "$port" > "${PORT_FORWARDING_STATUS_FILE}"
warnOnError $? "Cannot write port to ${PORT_FORWARDING_STATUS_FILE}"
printf " * Detecting current VPN IP address...\n"
ip=`wget -qO- https://duckduckgo.com/\?q=ip | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"`
warnOnError $? "Cannot detect remote VPN IP on https://duckduckgo.com"
printf " * Forwarded port accessible at $ip:$port\n"
printf " * Detecting target VPN interface...\n"
vpn_device=$(cat /openvpn/target/config.ovpn | grep 'dev ' | cut -d" " -f 2)0
exitOnError $? "Unable to find VPN interface in /openvpn/target/config.ovpn"
printf " * Accepting input traffic through $vpn_device to port $port...\n"
iptables -A INPUT -i $vpn_device -p tcp --dport $port -j ACCEPT
exitOnError $? "Unable to allow the forwarded port in TCP"
iptables -A INPUT -i $vpn_device -p udp --dport $port -j ACCEPT
exitOnError $? "Unable to allow the forwarded port in UDP"
printf "[INFO] Port forwarded successfully\n"
Added port forwarding, fixes #14 2019-06-26 17:24:10 +02:00			`#!/bin/sh`

Large refactoring: proxy+firewall+readme - Cleaner logs - HTTP proxy is working... finally - Firewall was adjusted - Firewall cannot be turned off anymore - portforward script changes the firewall - readme reworked - Possibility to pass commands to Openvpn with Docker command 2019-06-29 13:42:44 +02:00			`exitOnError(){`
			`# $1 must be set to $?`
			`status=$1`
			`message=$2`
			`[ "$message" != "" ] \|\| message="Undefined error"`
			`if [ $status != 0 ]; then`
			`printf "[ERROR] $message, with status $status)\n"`
			`exit $status`
			`fi`
			`}`

Port forwarding script rework - Warns instead of failure for some errors - Clearer output 2019-09-10 10:31:44 -04:00			`warnOnError(){`
			`# $1 must be set to $?`
			`status=$1`
			`message=$2`
			`[ "$message" != "" ] \|\| message="Undefined error"`
			`if [ $status != 0 ]; then`
			`printf "[WARNING] $message, with status $status)\n"`
			`fi`
			`}`

Fix/improve port forwarding handling 2019-07-15 22:02:40 +02:00			`printf "[INFO] Reading forwarded port\n"`
Port forwarding script rework - Warns instead of failure for some errors - Clearer output 2019-09-10 10:31:44 -04:00			`printf " * Generating client ID...\n"`
Added port forwarding, fixes #14 2019-06-26 17:24:10 +02:00			client_id=`head -n 100 /dev/urandom \| sha256sum \| tr -d " -"`
Fix/improve port forwarding handling 2019-07-16 20:44:12 +02:00			`exitOnError $? "Unable to generate Client ID"`
Port forwarding script rework - Warns instead of failure for some errors - Clearer output 2019-09-10 10:31:44 -04:00			`printf " * Obtaining forward port from PIA server...\n"`
Fix/improve port forwarding handling 2019-07-16 20:44:12 +02:00			json=`wget -qO- "http://209.222.18.222:2000/?client_id=$client_id"`
Port forwarding script rework - Warns instead of failure for some errors - Clearer output 2019-09-10 10:31:44 -04:00			`exitOnError $? "Could not obtain response from PIA server (does your PIA server support port forwarding?)"`
Added port forwarding, fixes #14 2019-06-26 17:24:10 +02:00			`if [ "$json" == "" ]; then`
Port forwarding script rework - Warns instead of failure for some errors - Clearer output 2019-09-10 10:31:44 -04:00			`printf "[ERROR] Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding\n"`
Fix/improve port forwarding handling 2019-07-16 20:44:12 +02:00			`exit 1`
Added port forwarding, fixes #14 2019-06-26 17:24:10 +02:00			`fi`
Port forwarding script rework - Warns instead of failure for some errors - Clearer output 2019-09-10 10:31:44 -04:00			`printf " * Parsing JSON response...\n"`
Fix/improve port forwarding handling 2019-07-15 22:02:40 +02:00			port=`echo $json \| jq .port`
Port forwarding script rework - Warns instead of failure for some errors - Clearer output 2019-09-10 10:31:44 -04:00			`exitOnError $? "Cannot find port in JSON response"`
			`printf " * Writing forwarded port to file...\n"`
Make forwarded_port file location configurable (#43) * Make port forwarding status file dynamic * Readme updates 2019-09-02 16:38:41 +02:00			port_status_folder=`dirname "${PORT_FORWARDING_STATUS_FILE}"`
Port forwarding script rework - Warns instead of failure for some errors - Clearer output 2019-09-10 10:31:44 -04:00			`warnOnError $? "Cannot find parent directory of ${PORT_FORWARDING_STATUS_FILE}"`
			`mkdir -p "${port_status_folder}"`
			`warnOnError $? "Cannot create containing directory ${port_status_folder}"`
Make forwarded_port file location configurable (#43) * Make port forwarding status file dynamic * Readme updates 2019-09-02 16:38:41 +02:00			`echo "$port" > "${PORT_FORWARDING_STATUS_FILE}"`
Port forwarding script rework - Warns instead of failure for some errors - Clearer output 2019-09-10 10:31:44 -04:00			`warnOnError $? "Cannot write port to ${PORT_FORWARDING_STATUS_FILE}"`
			`printf " * Detecting current VPN IP address...\n"`
			ip=`wget -qO- https://duckduckgo.com/\?q=ip \| grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"`
			`warnOnError $? "Cannot detect remote VPN IP on https://duckduckgo.com"`
			`printf " * Forwarded port accessible at $ip:$port\n"`
			`printf " * Detecting target VPN interface...\n"`
			`vpn_device=$(cat /openvpn/target/config.ovpn \| grep 'dev ' \| cut -d" " -f 2)0`
			`exitOnError $? "Unable to find VPN interface in /openvpn/target/config.ovpn"`
			`printf " * Accepting input traffic through $vpn_device to port $port...\n"`
Fix/improve port forwarding handling 2019-07-15 22:02:40 +02:00			`iptables -A INPUT -i $vpn_device -p tcp --dport $port -j ACCEPT`
Fix/improve port forwarding handling 2019-07-16 20:48:24 +02:00			`exitOnError $? "Unable to allow the forwarded port in TCP"`
Fix/improve port forwarding handling 2019-07-15 22:02:40 +02:00			`iptables -A INPUT -i $vpn_device -p udp --dport $port -j ACCEPT`
Fix/improve port forwarding handling 2019-07-16 20:48:24 +02:00			`exitOnError $? "Unable to allow the forwarded port in UDP"`
Port forwarding script rework - Warns instead of failure for some errors - Clearer output 2019-09-10 10:31:44 -04:00			`printf "[INFO] Port forwarded successfully\n"`