Port forwarding request during "up" script
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Apr 25, 2020 3:01 am
Port forwarding request during "up" script
My VPN provider requires an HTTP call to retrieve a port for port forwarding. This request needs to be done during the first 2 minutes after connecting. I am running a clear linux server and have been attempting to add this to the up.sh script (via my openvpn.conf file).
The script itself seems to work correctly if I call it manually after starting the openvpn service. but when the script runs as the UP script, the HTTP call seems to happen before the vpn connection is established. I have confirmed this by adding a call to ifconfig.co/city and always see my city and not my VPN's city.
I have attempted to use ipchange and up with the same results. when I try route-up, it seems to never actually connect to VPN.
is there an event I can use that triggers after the VPN is really connected? Am I using this incorrectly?
Thanks!
David
The script itself seems to work correctly if I call it manually after starting the openvpn service. but when the script runs as the UP script, the HTTP call seems to happen before the vpn connection is established. I have confirmed this by adding a call to ifconfig.co/city and always see my city and not my VPN's city.
I have attempted to use ipchange and up with the same results. when I try route-up, it seems to never actually connect to VPN.
is there an event I can use that triggers after the VPN is really connected? Am I using this incorrectly?
Thanks!
David
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Port forwarding request during "up" script
As a security measure, openvpn will not pass data over the VPN during script execution.
I don't know for sure but this may also effect "outside" connections ...
Use tcpdump or something to find out if your script sends data when run by openvpn.
I don't know for sure but this may also effect "outside" connections ...
Use tcpdump or something to find out if your script sends data when run by openvpn.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Apr 25, 2020 3:01 am
Re: Port forwarding request during "up" script
Thanks you for your help!
Here is the code. this started as code from PIA's forum that I modified to update my qbittorent config. The Curl statement was added to check to see if I was connected to VPN when this script runs. so far I have not received anything other than my home city in response.
Maybe that's why it works "runs" during UP and IPCHANGE but hangs during route-up?
Here is the code. this started as code from PIA's forum that I modified to update my qbittorent config. The Curl statement was added to check to see if I was connected to VPN when this script runs. so far I have not received anything other than my home city in response.
Maybe that's why it works "runs" during UP and IPCHANGE but hangs during route-up?
Code: Select all
#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
# ./port_forwarding.sh
# set -x
port_forward_assignment( )
{
client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
port=`curl -s "http://209.222.18.222:2000/?client_id=$client_id" | jq -r '.port' 2>/dev/null`
curl -s "http://ifconfig.co/city" > /etc/openvpn/client/nope
if [ "$port" == "" ]; then
port='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
else
sed -i "s/\(PortRangeMin *= *\).*/\1$port/" /home/user/.config/qBittorrent/qBittorrent.conf
fi
}
port_forward_assignment
systemctl start qbittorrent-nox@user
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Port forwarding request during "up" script
I don't support 3rd party scripts for free.
But for a fee I'll take a look ..
But for a fee I'll take a look ..
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Apr 25, 2020 3:01 am
Re: Port forwarding request during "up" script
HA! i get your point. let me change my question a little to remove reference to other's
up.sh:
Is there a way to make this script run within 2 minutes of openVPN actually connecting? right now in UP its running before the vpn connection is really active. or can you think of a different mechanism then during openvpn's events?
thanks!
up.sh:
Code: Select all
#!/usr/bin/env bash
curl -s "http://ifconfig.co/city" > /etc/openvpn/client/nope
thanks!
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Port forwarding request during "up" script
As ever, try the documentation first .........
https://community.openvpn.net/openvpn/w ... nPage#lbAT
https://community.openvpn.net/openvpn/w ... nPage#lbAT
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Apr 25, 2020 3:01 am
Re: Port forwarding request during "up" script
thank you for the link. I had previously reviewed this and tried all of them until they start being part of the shut down process:
UP, tls-verify and ipchange give me the wrong city (ie before I am actually routing through vpn). I thought route-up looked most promising but when I use this, VPN won't connect and the server can no longer access the network (tested via ping and curl). maybe this is the security constraints you previously referenced? not sure
UP, tls-verify and ipchange give me the wrong city (ie before I am actually routing through vpn). I thought route-up looked most promising but when I use this, VPN won't connect and the server can no longer access the network (tested via ping and curl). maybe this is the security constraints you previously referenced? not sure
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 5
- Joined: Sat Apr 25, 2020 3:01 am
Re: Port forwarding request during "up" script
This behavior is by design. IS there a way to call a script after the VPN connection is fully established?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Port forwarding request during "up" script
Not designed by OpenVPN, which is why I suggest you report it to the admins who expect it.
Yes, manually, which is obviously what the admins above expect.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Tue Apr 14, 2020 9:15 am
Re: Port forwarding request during "up" script
Take a look at my script at viewtopic.php?f=15&t=30114#p91647 . Specifically, I set a "flag" in route-up: which I then test for in the separate start process. This avoids sending traffic through the tunnel during the call back, and it makes the other process wait until the tunnel is up.
Code: Select all
echo '#up' >>$serv_start
-
- OpenVpn Newbie
- Posts: 1
- Joined: Tue Jun 09, 2020 12:45 am
Re: Port forwarding request during "up" script
Hi, here's my 2 cents ...
You must use --route-up, not --up or whatever else.
So in your config use:
in "/usr/local/whatever/somescript.sh" :
in "/usr/local/whatever/ovpn-up.sh" you have 2 options, sleep 15 or more, or ping till ya get out! like below:
Good luck !
-TD
You must use --route-up, not --up or whatever else.
So in your config use:
Code: Select all
--route-up "/usr/local/whatever/somescript.sh"
Code: Select all
#!/bin/sh
#You won't ever get access from here, give up and spawn a background process for that ...
/usr/local/whatever/ovpn-up.sh &
exit 0
Code: Select all
#!/bin/sh
#So here we are in a loop waiting for 2 things, ovpnc3(or whatever interface) to have an IP, and succesful ping out to the inet!
#sleep 15 or .... :
VPNIP=`ifconfig ovpnc3 |awk '$1 == "inet" { print $2 }'`
while ! ping -S "$VPNIP" -c 1 8.8.8.8; do
#echo "Waiting for VPNIP : "$VPNIP" - network interface might be down..."
sleep 2
VPNIP=`ifconfig ovpnc3 |awk '$1 == "inet" { print $2 }'`
done
#any code after here should work
exit 0
-TD