admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Port forwarding script rework

Browse Source 
- Warns instead of failure for some errors
- Clearer output
This commit is contained in:
Quentin McGaw
2019-09-10 10:31:44 -04:00
parent 0d41564f7d
commit a7f70f0980
1 changed files with 30 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
portforward.sh
View File

@@ -11,32 +11,47 @@ exitOnError(){
fi fi
} }
warnOnError(){
# $1 must be set to $?
status=$1
message=$2
[ "$message" != "" ] || message="Undefined error"
if [ $status != 0 ]; then
printf "[WARNING] $message, with status $status)\n"
fi
}
printf "[INFO] Reading forwarded port\n" printf "[INFO] Reading forwarded port\n"
printf " * Generating client ID...\n"
client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"` client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
exitOnError $? "Unable to generate Client ID" exitOnError $? "Unable to generate Client ID"
printf " * Obtaining forward port from PIA server...\n"
json=`wget -qO- "http://209.222.18.222:2000/?client_id=$client_id"` json=`wget -qO- "http://209.222.18.222:2000/?client_id=$client_id"`
exitOnError $? "Could not obtain response from PIA server (does your PIA server support port forwarding?)"
if [ "$json" == "" ]; then if [ "$json" == "" ]; then
printf " * Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding\n" printf "[ERROR] Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding\n"
exit 1 exit 1
fi fi
printf " * Parsing JSON response...\n"
port=`echo $json | jq .port` port=`echo $json | jq .port`
exitOnError $? "Cannot find port in JSON response"
printf " * Writing forwarded port to file...\n"
port_status_folder=`dirname "${PORT_FORWARDING_STATUS_FILE}"` port_status_folder=`dirname "${PORT_FORWARDING_STATUS_FILE}"`
if [ ! -d "${port_status_folder}" ]; then warnOnError $? "Cannot find parent directory of ${PORT_FORWARDING_STATUS_FILE}"
mkdir -p "${port_status_folder}" mkdir -p "${port_status_folder}"
fi warnOnError $? "Cannot create containing directory ${port_status_folder}"
echo "$port" > "${PORT_FORWARDING_STATUS_FILE}" echo "$port" > "${PORT_FORWARDING_STATUS_FILE}"
printf " * Written forwarded port to ${PORT_FORWARDING_STATUS_FILE}\n" warnOnError $? "Cannot write port to ${PORT_FORWARDING_STATUS_FILE}"
ip=`wget -qO- https://duckduckgo.com/?q=ip | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"` printf " * Detecting current VPN IP address...\n"
exitOnError $? "Unable to read remote VPN IP" ip=`wget -qO- https://duckduckgo.com/\?q=ip | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"`
printf " * Forwarded port is $port on remote VPN IP $ip\n" warnOnError $? "Cannot detect remote VPN IP on https://duckduckgo.com"
printf " * Detecting target VPN interface..." printf " * Forwarded port accessible at $ip:$port\n"
TARGET_PATH="/openvpn/target" printf " * Detecting target VPN interface...\n"
vpn_device=$(cat $TARGET_PATH/config.ovpn | grep 'dev ' | cut -d" " -f 2)0 vpn_device=$(cat /openvpn/target/config.ovpn | grep 'dev ' | cut -d" " -f 2)0
exitOnError $? "Unable to find VPN interface" exitOnError $? "Unable to find VPN interface in /openvpn/target/config.ovpn"
printf "$vpn_device\n" printf " * Accepting input traffic through $vpn_device to port $port...\n"
printf " * Accepting input traffic through $vpn_device to port $port..."
iptables -A INPUT -i $vpn_device -p tcp --dport $port -j ACCEPT iptables -A INPUT -i $vpn_device -p tcp --dport $port -j ACCEPT
exitOnError $? "Unable to allow the forwarded port in TCP" exitOnError $? "Unable to allow the forwarded port in TCP"
iptables -A INPUT -i $vpn_device -p udp --dport $port -j ACCEPT iptables -A INPUT -i $vpn_device -p udp --dport $port -j ACCEPT
exitOnError $? "Unable to allow the forwarded port in UDP" exitOnError $? "Unable to allow the forwarded port in UDP"
printf "DONE\n" printf "[INFO] Port forwarded successfully\n"