Page 1 of 1
Port forwarding request during "up" script
Posted: Sat Apr 25, 2020 3:28 am
by lumps
My VPN provider requires an HTTP call to retrieve a port for port forwarding. This request needs to be done during the first 2 minutes after connecting. I am running a clear linux server and have been attempting to add this to the up.sh script (via my openvpn.conf file).
The script itself seems to work correctly if I call it manually after starting the openvpn service. but when the script runs as the UP script, the HTTP call seems to happen before the vpn connection is established. I have confirmed this by adding a call to ifconfig.co/city and always see my city and not my VPN's city.
I have attempted to use ipchange and up with the same results. when I try route-up, it seems to never actually connect to VPN.
is there an event I can use that triggers after the VPN is really connected? Am I using this incorrectly?
Thanks!
David
Re: Port forwarding request during "up" script
Posted: Sat Apr 25, 2020 11:12 am
by TinCanTech
As a security measure, openvpn will not pass data over the VPN during script execution.
I don't know for sure but this may also effect "outside" connections ...
Use tcpdump or something to find out if your script sends data when run by openvpn.
Re: Port forwarding request during "up" script
Posted: Sat Apr 25, 2020 1:06 pm
by lumps
Thanks you for your help!
Here is the code. this started as code from PIA's forum that I modified to update my qbittorent config. The Curl statement was added to check to see if I was connected to VPN when this script runs. so far I have not received anything other than my home city in response.
Maybe that's why it works "runs" during UP and IPCHANGE but hangs during route-up?
Code: Select all
#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
# ./port_forwarding.sh
# set -x
port_forward_assignment( )
{
client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
port=`curl -s "http://209.222.18.222:2000/?client_id=$client_id" | jq -r '.port' 2>/dev/null`
curl -s "http://ifconfig.co/city" > /etc/openvpn/client/nope
if [ "$port" == "" ]; then
port='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
else
sed -i "s/\(PortRangeMin *= *\).*/\1$port/" /home/user/.config/qBittorrent/qBittorrent.conf
fi
}
port_forward_assignment
systemctl start qbittorrent-nox@user
Re: Port forwarding request during "up" script
Posted: Sat Apr 25, 2020 2:40 pm
by TinCanTech
I don't support 3rd party scripts for free.
But for a fee I'll take a look ..
Re: Port forwarding request during "up" script
Posted: Sat Apr 25, 2020 3:43 pm
by lumps
HA! i get your point. let me change my question a little to remove reference to other's
up.sh:
Code: Select all
#!/usr/bin/env bash
curl -s "http://ifconfig.co/city" > /etc/openvpn/client/nope
Is there a way to make this script run within 2 minutes of openVPN actually connecting? right now in UP its running before the vpn connection is really active. or can you think of a different mechanism then during openvpn's events?
thanks!
Re: Port forwarding request during "up" script
Posted: Sat Apr 25, 2020 4:06 pm
by TinCanTech
Re: Port forwarding request during "up" script
Posted: Sat Apr 25, 2020 4:17 pm
by lumps
thank you for the link. I had previously reviewed this and tried all of them until they start being part of the shut down process:
UP, tls-verify and ipchange give me the wrong city (ie before I am actually routing through vpn). I thought route-up looked most promising but when I use this, VPN won't connect and the server can no longer access the network (tested via ping and curl). maybe this is the security constraints you previously referenced? not sure
Re: Port forwarding request during "up" script
Posted: Sat Apr 25, 2020 4:36 pm
by TinCanTech
lumps wrote: ↑Sat Apr 25, 2020 3:28 am
My VPN provider requires an HTTP call to retrieve a port for port forwarding. This request needs to be done during the first 2 minutes after connecting.
You need to report this issue to the provider.
Re: Port forwarding request during "up" script
Posted: Sat Apr 25, 2020 6:26 pm
by lumps
This behavior is by design. IS there a way to call a script after the VPN connection is fully established?
Re: Port forwarding request during "up" script
Posted: Sat Apr 25, 2020 6:40 pm
by TinCanTech
lumps wrote: ↑Sat Apr 25, 2020 6:26 pm
This behavior is by design.
Not designed by OpenVPN, which is why I suggest you report it to the
admins who expect it.
lumps wrote: ↑Sat Apr 25, 2020 6:26 pm
IS there a way to call a script after the VPN connection is fully established?
Yes, manually, which is obviously what the
admins above
expect.
Re: Port forwarding request during "up" script
Posted: Thu May 07, 2020 1:14 pm
by plasticassius
Take a look at my script at
viewtopic.php?f=15&t=30114#p91647 . Specifically, I set a "flag" in route-up:
which I then test for in the separate start process. This avoids sending traffic through the tunnel during the call back, and it makes the other process wait until the tunnel is up.
Re: Port forwarding request during "up" script
Posted: Tue Jun 09, 2020 12:58 am
by davi1td
Hi, here's my 2 cents ...
You must use --route-up, not --up or whatever else.
So in your config use:
Code: Select all
--route-up "/usr/local/whatever/somescript.sh"
in "/usr/local/whatever/somescript.sh" :
Code: Select all
#!/bin/sh
#You won't ever get access from here, give up and spawn a background process for that ...
/usr/local/whatever/ovpn-up.sh &
exit 0
in "/usr/local/whatever/ovpn-up.sh" you have 2 options, sleep 15 or more, or ping till ya get out! like below:
Code: Select all
#!/bin/sh
#So here we are in a loop waiting for 2 things, ovpnc3(or whatever interface) to have an IP, and succesful ping out to the inet!
#sleep 15 or .... :
VPNIP=`ifconfig ovpnc3 |awk '$1 == "inet" { print $2 }'`
while ! ping -S "$VPNIP" -c 1 8.8.8.8; do
#echo "Waiting for VPNIP : "$VPNIP" - network interface might be down..."
sleep 2
VPNIP=`ifconfig ovpnc3 |awk '$1 == "inet" { print $2 }'`
done
#any code after here should work
exit 0
Good luck !
-TD