client-connect/disconnect scripts iptables premisson

Scripts with setup, destroy, and modify routing tables and firewall rulesets for client connections.
Post Reply
Samcruze
OpenVpn Newbie
Posts: 1
Joined: Thu Oct 31, 2019 4:50 pm

client-connect/disconnect scripts iptables premisson

Post by Samcruze » Thu Oct 31, 2019 4:55 pm

Hi, all.
I want to run a script with iptables rules to be used when connecting/disconnecting. When I try to run the client, I get this error.

Code: Select all

/etc/openvpn/server1up.sh tun1 1500 1570 10.8.1.14 10.8.1.13 init
modprobe: ERROR: could not insert 'ip_tables': Operation not permitted
iptables v1.6.0: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Thu Oct 31 17:45:40 2019 us=540401 WARNING: Failed running command (--up/--down): external program exited with error status: 3
Thu Oct 31 17:45:40 2019 us=540434 Exiting due to fatal error
OS: Ubuntu 16.04.6 LTS (GNU/Linux 4.4.0-166-generic x86_64)

Client config:

Code: Select all

client
dev tun1
proto udp
remote x.x.x.x 1199
;user nobody
;group nogroup
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-128-CBC
auth SHA256
comp-lzo
verb 5
log client2.log
auth-nocache
remote-cert-tls server
script-security 2
up /etc/openvpn/server1up.sh
down /etc/openvpn/server1down.sh
ls -il

Code: Select all

659673 -rwxr-xr-x 1 root root  1708 Oct 31 15:52 ca.crt
659806 -rwxr-xr-x 1 root root  1704 Oct 31 15:52 ca.key
659911 -rwxr-xr-x 1 root root 22539 Oct 31 17:45 client2.log
659904 -rwxr-xr-x 1 root root   424 Oct 31 15:52 dh2048.pem
659906 -rwxr-xr-x 1 root root   547 Oct 31 15:54 server1.conf
659908 -rwxr-xr-x 1 root root   186 Oct 31 15:55 server1down.sh
659905 -rwxr-xr-x 1 root root 20211 Oct 31 17:25 server1.log
659907 -rwxr-xr-x 1 root root   185 Oct 31 17:37 server1up.sh
659903 -rwxr-xr-x 1 root root   636 Oct 31 15:52 ta.key
659809 -rwxr-xr-x 1 root root  1301 May  8 15:50 update-resolv-conf
659910 -rwxr-xr-x 1 root root  6212 Oct 31 17:46 VPN_client_2.conf
659901 -rwxr-xr-x 1 root root  5565 Oct 31 15:52 vpnserver1.crt
659902 -rwxr-xr-x 1 root root  1704 Oct 31 15:52 vpnserver1.key
Bash script:

Code: Select all

#!/bin/bash
/sbin/ip rule add from 10.8.0.0/24 table vpn_net
/sbin/ip route add default dev tun1 table vpn_net
/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o tun1 -j MASQUERADE

Post Reply