From 3888566d8c0db24b2db99702d3e03492523c90dc Mon Sep 17 00:00:00 2001 From: binhex Date: Tue, 13 Mar 2018 14:19:43 +0000 Subject: [PATCH] fix tcp --- build/root/install.sh | 32 ++++++++++++++++++-------------- run/root/iptable.sh | 10 ++++++++++ 2 files changed, 28 insertions(+), 14 deletions(-) diff --git a/build/root/install.sh b/build/root/install.sh index 9493d01..d1e4aa3 100644 --- a/build/root/install.sh +++ b/build/root/install.sh @@ -107,20 +107,27 @@ if [[ $VPN_ENABLED == "yes" ]]; then # convert CRLF (windows) to LF (unix) for ovpn /usr/bin/dos2unix "${VPN_CONFIG}" 1> /dev/null - # parse values from ovpn file - export vpn_remote_line=$(cat "${VPN_CONFIG}" | grep -P -o -m 1 '(?<=^remote\s)[^\n\r]+' | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') - if [[ ! -z "${vpn_remote_line}" ]]; then + # get first matching 'remote' line in ovpn + vpn_remote_line=$(cat "${VPN_CONFIG}" | grep -P -o -m 1 '^remote\s.*') + + if [ -n "${vpn_remote_line}" ]; then + + # remove all remote lines as we cannot cope with multi remote lines + sed -i '/^remote\s.*/d' "${VPN_CONFIG}" + + # if remote line contains old format 'tcp' then replace with newer 'tcp-client' format + vpn_remote_line=$(echo "${vpn_remote_line}" | sed "s/tcp$/tcp-client/g") + + # write the single remote line back to the ovpn file on line 1 + sed -i -e "1i${vpn_remote_line}" "${VPN_CONFIG}" + echo "[info] VPN remote line defined as '${vpn_remote_line}'" | ts '%Y-%m-%d %H:%M:%.S' + else + echo "[crit] VPN configuration file ${VPN_CONFIG} does not contain 'remote' line, showing contents of file before exit..." | ts '%Y-%m-%d %H:%M:%.S' cat "${VPN_CONFIG}" && exit 1 - fi - export VPN_REMOTE=$(echo "${vpn_remote_line}" | grep -P -o -m 1 '^[^\s\r\n]+' | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') - if [[ ! -z "${VPN_REMOTE}" ]]; then - echo "[info] VPN_REMOTE defined as '${VPN_REMOTE}'" | ts '%Y-%m-%d %H:%M:%.S' - else - echo "[crit] VPN_REMOTE not found in ${VPN_CONFIG}, exiting..." | ts '%Y-%m-%d %H:%M:%.S' && exit 1 fi export VPN_PORT=$(echo "${vpn_remote_line}" | grep -P -o -m 1 '(?<=\s)\d{2,5}(?=\s)?+' | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') @@ -132,6 +139,8 @@ if [[ $VPN_ENABLED == "yes" ]]; then export VPN_PROTOCOL=$(cat "${VPN_CONFIG}" | grep -P -o -m 1 '(?<=^proto\s)[^\r\n]+' | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') if [[ ! -z "${VPN_PROTOCOL}" ]]; then + # if 'proto' is old format 'tcp' then forcibly set to newer 'tcp-client' format + sed -i "s/^proto\stcp$/proto tcp-client/g" "${VPN_CONFIG}" echo "[info] VPN_PROTOCOL defined as '${VPN_PROTOCOL}'" | ts '%Y-%m-%d %H:%M:%.S' else export VPN_PROTOCOL=$(echo "${vpn_remote_line}" | grep -P -o -m 1 'udp|tcp-client|tcp$' | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') @@ -143,11 +152,6 @@ if [[ $VPN_ENABLED == "yes" ]]; then fi fi - # required for use in iptables - if [[ "${VPN_PROTOCOL}" == "tcp-client" ]]; then - export VPN_PROTOCOL="tcp" - fi - VPN_DEVICE_TYPE=$(cat "${VPN_CONFIG}" | grep -P -o -m 1 '(?<=^dev\s)[^\r\n\d]+' | sed -e 's~^[ \t]*~~;s~[ \t]*$~~') if [[ ! -z "${VPN_DEVICE_TYPE}" ]]; then export VPN_DEVICE_TYPE="${VPN_DEVICE_TYPE}0" diff --git a/run/root/iptable.sh b/run/root/iptable.sh index 41a1b24..1be5c9d 100644 --- a/run/root/iptable.sh +++ b/run/root/iptable.sh @@ -1,5 +1,10 @@ #!/bin/bash +# change openvpn config 'tcp-client' to compatible iptables 'tcp' +if [[ "${VPN_PROTOCOL}" == "tcp-client" ]]; then + export VPN_PROTOCOL="tcp" +fi + # ip route ### @@ -223,3 +228,8 @@ echo "[info] iptables defined as follows..." echo "--------------------" iptables -S echo "--------------------" + +# change iptable 'tcp' to openvpn config compatible 'tcp-client' (this file is sourced) +if [[ "${VPN_PROTOCOL}" == "tcp" ]]; then + export VPN_PROTOCOL="tcp-client" +fi