Port forwarding request during "up" script

How to customize and extend your OpenVPN installation.
Post Reply
lumps
OpenVpn Newbie
Posts: 5
Joined: Sat Apr 25, 2020 3:01 am

Port forwarding request during "up" script

Post by lumps » Sat Apr 25, 2020 3:28 am

My VPN provider requires an HTTP call to retrieve a port for port forwarding. This request needs to be done during the first 2 minutes after connecting. I am running a clear linux server and have been attempting to add this to the up.sh script (via my openvpn.conf file).

The script itself seems to work correctly if I call it manually after starting the openvpn service. but when the script runs as the UP script, the HTTP call seems to happen before the vpn connection is established. I have confirmed this by adding a call to ifconfig.co/city and always see my city and not my VPN's city.

I have attempted to use ipchange and up with the same results. when I try route-up, it seems to never actually connect to VPN.

is there an event I can use that triggers after the VPN is really connected? Am I using this incorrectly?

Thanks!
David

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7389
Joined: Fri Jun 03, 2016 1:17 pm

Re: Port forwarding request during "up" script

Post by TinCanTech » Sat Apr 25, 2020 11:12 am

As a security measure, openvpn will not pass data over the VPN during script execution.
I don't know for sure but this may also effect "outside" connections ...

Use tcpdump or something to find out if your script sends data when run by openvpn.

lumps
OpenVpn Newbie
Posts: 5
Joined: Sat Apr 25, 2020 3:01 am

Re: Port forwarding request during "up" script

Post by lumps » Sat Apr 25, 2020 1:06 pm

Thanks you for your help!

Here is the code. this started as code from PIA's forum that I modified to update my qbittorent config. The Curl statement was added to check to see if I was connected to VPN when this script runs. so far I have not received anything other than my home city in response.

Maybe that's why it works "runs" during UP and IPCHANGE but hangs during route-up?

Code: Select all

#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
#  ./port_forwarding.sh

# set -x

port_forward_assignment( )
{
        client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`

        port=`curl -s "http://209.222.18.222:2000/?client_id=$client_id" | jq -r '.port' 2>/dev/null`
	curl -s "http://ifconfig.co/city" > /etc/openvpn/client/nope

        if [ "$port" == "" ]; then
                port='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
        else
                sed -i "s/\(PortRangeMin *= *\).*/\1$port/" /home/user/.config/qBittorrent/qBittorrent.conf
        fi
}


port_forward_assignment
systemctl start qbittorrent-nox@user

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7389
Joined: Fri Jun 03, 2016 1:17 pm

Re: Port forwarding request during "up" script

Post by TinCanTech » Sat Apr 25, 2020 2:40 pm

I don't support 3rd party scripts for free.

But for a fee I'll take a look ..

lumps
OpenVpn Newbie
Posts: 5
Joined: Sat Apr 25, 2020 3:01 am

Re: Port forwarding request during "up" script

Post by lumps » Sat Apr 25, 2020 3:43 pm

HA! i get your point. let me change my question a little to remove reference to other's

up.sh:

Code: Select all

#!/usr/bin/env bash

curl -s "http://ifconfig.co/city" > /etc/openvpn/client/nope

Is there a way to make this script run within 2 minutes of openVPN actually connecting? right now in UP its running before the vpn connection is really active. or can you think of a different mechanism then during openvpn's events?

thanks!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7389
Joined: Fri Jun 03, 2016 1:17 pm

Re: Port forwarding request during "up" script

Post by TinCanTech » Sat Apr 25, 2020 4:06 pm

As ever, try the documentation first .........

https://community.openvpn.net/openvpn/w ... nPage#lbAT

lumps
OpenVpn Newbie
Posts: 5
Joined: Sat Apr 25, 2020 3:01 am

Re: Port forwarding request during "up" script

Post by lumps » Sat Apr 25, 2020 4:17 pm

thank you for the link. I had previously reviewed this and tried all of them until they start being part of the shut down process:

UP, tls-verify and ipchange give me the wrong city (ie before I am actually routing through vpn). I thought route-up looked most promising but when I use this, VPN won't connect and the server can no longer access the network (tested via ping and curl). maybe this is the security constraints you previously referenced? not sure

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7389
Joined: Fri Jun 03, 2016 1:17 pm

Re: Port forwarding request during "up" script

Post by TinCanTech » Sat Apr 25, 2020 4:36 pm

lumps wrote:
Sat Apr 25, 2020 3:28 am
My VPN provider requires an HTTP call to retrieve a port for port forwarding. This request needs to be done during the first 2 minutes after connecting.
You need to report this issue to the provider.

lumps
OpenVpn Newbie
Posts: 5
Joined: Sat Apr 25, 2020 3:01 am

Re: Port forwarding request during "up" script

Post by lumps » Sat Apr 25, 2020 6:26 pm

This behavior is by design. IS there a way to call a script after the VPN connection is fully established?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7389
Joined: Fri Jun 03, 2016 1:17 pm

Re: Port forwarding request during "up" script

Post by TinCanTech » Sat Apr 25, 2020 6:40 pm

lumps wrote:
Sat Apr 25, 2020 6:26 pm
This behavior is by design.
Not designed by OpenVPN, which is why I suggest you report it to the admins who expect it.
lumps wrote:
Sat Apr 25, 2020 6:26 pm
IS there a way to call a script after the VPN connection is fully established?
Yes, manually, which is obviously what the admins above expect.

plasticassius
OpenVpn Newbie
Posts: 8
Joined: Tue Apr 14, 2020 9:15 am

Re: Port forwarding request during "up" script

Post by plasticassius » Thu May 07, 2020 1:14 pm

Take a look at my script at viewtopic.php?f=15&t=30114#p91647 . Specifically, I set a "flag" in route-up:

Code: Select all

echo '#up' >>$serv_start
which I then test for in the separate start process. This avoids sending traffic through the tunnel during the call back, and it makes the other process wait until the tunnel is up.

davi1td
OpenVpn Newbie
Posts: 1
Joined: Tue Jun 09, 2020 12:45 am

Re: Port forwarding request during "up" script

Post by davi1td » Tue Jun 09, 2020 12:58 am

Hi, here's my 2 cents ...
You must use --route-up, not --up or whatever else.
So in your config use:

Code: Select all

--route-up "/usr/local/whatever/somescript.sh"
in "/usr/local/whatever/somescript.sh" :

Code: Select all

#!/bin/sh
#You won't ever get access from here, give up and spawn a background process for that ...
/usr/local/whatever/ovpn-up.sh &
exit 0
in "/usr/local/whatever/ovpn-up.sh" you have 2 options, sleep 15 or more, or ping till ya get out! like below:

Code: Select all

#!/bin/sh
#So here we are in a loop waiting for 2 things, ovpnc3(or whatever interface) to have an IP, and succesful ping out to the inet!
#sleep 15 or .... :

VPNIP=`ifconfig ovpnc3 |awk '$1 == "inet" { print $2 }'`
while ! ping -S "$VPNIP" -c 1 8.8.8.8; do
    #echo "Waiting for VPNIP : "$VPNIP" - network interface might be down..."
    sleep 2
	VPNIP=`ifconfig ovpnc3 |awk '$1 == "inet" { print $2 }'`
done
#any code after here should work

exit 0
Good luck !
-TD

Post Reply