打开 VPN 调用脚本:无法识别的选项:

打开 VPN 调用脚本:无法识别的选项:

Netgear R7000 路由器 Tomato v1.28.0000 -2017.2-kille72- K26ARM USB AIO-64K

我需要一些帮助来调试我的脚本。

目标:从 VPN API JSON 检索转发的端口号,使用 Transmission-remote 将端口号传递给正在运行的传输守护进程。

我的输入:

#!/opt/bin/bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
#  ./port_forwarding.sh
set -x
exec 5>/etc/openvpn/mylog
BASH_XTRACEFD="5"
PS4='$LINENO: '

TRANSUSER=me
TRANSPASS=mypass
TRANSHOST=192.168.1.251

/bin/echo waiting 20s for vpn to connect and trasmission to start
sleep 20

error( )
{
  /bin/echo "$@" 1>&2
  exit 1
}

error_and_usage( )
{
  /bin/echo "$@" 1>&2
  usage_and_exit 1
}

usage( )
{
  /bin/echo "Usage: `dirname $0`/$PROGRAM"
}

usage_and_exit( )
{
  usage
  exit $1
}

version( )
{
  /bin/echo "$PROGRAM version $VERSION"
}


port_forward_assignment( )
{
  client_id_file="/etc/openvpn/pia_client_id"
  if [ ! -f "$client_id_file" ]; then
    if hash /opt/bin/shasum 2>/dev/null; then
      /usr/bin/head -n 100 /dev/urandom | /opt/bin/shasum -a 256 | tr -d " -" > "$client_id_file"
    elif hash /opt/bin/sha256sum 2>/dev/null; then
      /usr/bin/head -n 100 /dev/urandom | /opt/bin/sha256sum | tr -d " -" > "$client_id_file"
    else
      /bin/echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
      exit 1
    fi
  fi
  client_id=`/bin/cat "$client_id_file"`
  json=`/opt/bin/curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
  if [ "$json" == "" ]; then
    json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
  fi

  /bin/echo server returned message: $json

#trim VPN forwarded port from JSON
PORT=$(echo $json | /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
/bin/echo if succesful port is:$PORT  

#change transmission port on the fly

/opt/bin/transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT"
/bin/echo your transmission details: $TRANSHOST $TRANSUSER $TRANSPASS
}

/bin/echo remember to reconnect to VPN before running this script. Run no longer than 2 minutes after connection or this will fail!

EXITCODE=0
PROGRAM=`basename $0`
VERSION=2.1

while /usr/bin/test $# -gt 0
do
  case $1 in
  --usage | --help | -h )
    usage_and_exit 0
    ;;
  --version | -v )
    version
    exit 0
    ;;
  *)
    error_and_usage "Unrecognised option: $1"
    ;;
  esac
  shift
done

port_forward_assignment

exit 0

问题:当我从 shell 运行此脚本时,它工作正常,但是当我在 openvpn 配置中调用该脚本时,我得到以下结果:

+ PS4='$LINENO: '
12: TRANSUSER=me
13: TRANSPASS=mypass
14: TRANSHOST=192.168.1.251
16: /bin/echo waiting 20s for vpn to connect and trasmission to start
17: sleep 20
79: /bin/echo remember to reconnect to VPN before running this script. Run no longer than 2 minutes after connection or this will 'fail!'
81: EXITCODE=0
882: basename /etc/openvpn/test.sh
82: PROGRAM=test.sh
83: VERSION=2.1
85: /usr/bin/test 1 -gt 0
87: case $1 in
96: error_and_usage 'Unrecognized option: [AF_INET]45.136.190.211 1198'
27: /bin/echo 'Unrecognized option: [AF_INET]46.136.190.211 1198'
28: usage_and_exit 1
38: usage
333: dirname /etc/openvpn/test.sh
33: /bin/echo 'Usage: /etc/openvpn/test.sh'
39: exit 1

在 shell 中运行时工作正常:

+ PS4='$LINENO: '
12: TRANSUSER=me
13: TRANSPASS=mypass
14: TRANSHOST=192.168.1.251
16: /bin/echo waiting 20s for vpn to connect and trasmission to start
17: sleep 20
79: /bin/echo remember to reconnect to VPN before running this script. Run no longer than 2 minutes after connection or this will 'fail!'
81: EXITCODE=0
882: basename ./test.sh
82: PROGRAM=test.sh
83: VERSION=2.1
85: /usr/bin/test 0 -gt 0
102: port_forward_assignment
50: client_id_file=/etc/openvpn/pia_client_id
51: '[' '!' -f /etc/openvpn/pia_client_id ']'
661: /bin/cat /etc/openvpn/pia_client_id
61: client_id=080db0a6e936918d405683447a78bf426223e9a1ea2ecce744722ac3241d4232
662: /opt/bin/curl 'http://209.222.18.222:2000/?client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232'
62: json='{"port":44257}'
63: '[' '{"port":44257}' == '' ']'
67: /bin/echo server returned message: '{"port":44257}'
770: echo '{"port":44257}'
770: /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}'
70: PORT=44257
71: /bin/echo if successful port is:44257
75: /opt/bin/transmission-remote 192.168.1.251 --auth me:mypass -p 44257
76: /bin/echo your transmission details: 192.168.1.251 me mypass
104: exit 0

我哪里错了?为什么当 OpenVPN 调用脚本时会失败,而不是在 shell 中运行时失败?我怎样才能找出 AF_INET 点呢?奇怪的是,错误中的IP地址是我的客户端VPN服务器和端口,而不是从JSON返回的转发端口号。

我的 OpenVPN 配置:

# Automatically generated configuration
daemon
client
dev tun11
proto udp
remote nl.privateinternetaccess.com 1198
resolv-retry 30
nobind
persist-key
persist-tun
comp-lzo adaptive
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
redirect-gateway def1
verb 3
script-security 2
up updown.sh
down updown.sh
ca ca.crt
status-version 2
status status

# Custom Configuration
syslog [progname]
persist-key
persist-tun
tls-client
auth-user-pass /tmp/password.txt
comp-lzo
verb 3
reneg-sec 0
ipchange "/etc/openvpn/test.sh"
script-security 3

编辑#

感谢下面的 Ipor Sircer,我设法通过不定义参数 1 来避免错误。我的输入现在看起来像这样(为了简化),但 OpenVPN 调用时的输出与直接运行脚本时的输出非常不同。

我的输入:

#!/opt/bin/bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
#  ./port_forwarding.sh
set -x
exec 5>/etc/openvpn/mylog
BASH_XTRACEFD="5"
PS4='$LINENO: '

TRANSUSER=me
TRANSPASS=mypass
TRANSHOST=192.168.1.251

  client_id_file="/etc/openvpn/pia_client_id"
  if [ ! -f "$client_id_file" ]; then
    if hash /opt/bin/shasum 2>/dev/null; then
      /usr/bin/head -n 100 /dev/urandom | /opt/bin/shasum -a 256 | tr -d " -" > "$client_id_file"
    elif hash /opt/bin/sha256sum 2>/dev/null; then
      /usr/bin/head -n 100 /dev/urandom | /opt/bin/sha256sum | tr -d " -" > "$client_id_file"
    else
      /bin/echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
      exit 1
    fi
  fi
  client_id=`/bin/cat "$client_id_file"`
  json=`/opt/bin/curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
  if [ "$json" == "" ]; then
    json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
  fi

  /bin/echo server returned message: $json

#trim VPN forwarded port from JSON
PORT=$(echo $json | /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
/bin/echo if successful port is:$PORT  

#change transmission port on the fly

/opt/bin/transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT"
/bin/echo your transmission details: $TRANSHOST $TRANSUSER $TRANSPASS

OpenVPN 输出:

+ PS4='$LINENO: '
12: TRANSUSER=me
13: TRANSPASS=pass
14: TRANSHOST=192.168.1.251
16: client_id_file=/etc/openvpn/pia_client_id
17: '[' '!' -f /etc/openvpn/pia_client_id ']'
227: /bin/cat /etc/openvpn/pia_client_id
27: client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232
228: /opt/bin/curl 'http://209.222.18.222:2000/?client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232'
28: json=
29: '[' '' == '' ']'
30: json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
33: /bin/echo server returned message: Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
336: echo Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
336: /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}'
36: PORT=
37: /bin/echo if successful port is:
41: /opt/bin/transmission-remote 192.168.1.251 --auth me:pass -p ''
42: /bin/echo your transmission details: 192.168.1.251 me pass

没有 OpenVPN:

16: client_id_file=/etc/openvpn/pia_client_id
17: '[' '!' -f /etc/openvpn/pia_client_id ']'
227: /bin/cat /etc/openvpn/pia_client_id
27: client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232
228: /opt/bin/curl 'http://209.222.18.222:2000/?client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232'
28: json='{"port":44257}'
29: '[' '{"port":44257}' == '' ']'
33: /bin/echo server returned message: '{"port":44257}'
336: echo '{"port":44257}'
336: /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}'
36: PORT=44257
37: /bin/echo if successful port is:44257

答案1

Openvpn 使用您定义为无法识别选项的 2 个参数调用您的脚本。

男子开放VPN:

“--ipchange命令

当我们的远程 IP 地址最初经过身份验证或发生更改时,运行命令 cmd。

cmd 由脚本(或可执行程序)的路径组成,后面可以选择跟随参数。路径和参数可以是单引号或双引号和/或使用反斜杠转义,并且应该用一个或多个空格分隔。

当cmd执行时两个参数附加在 cmd 中指定的任何参数之后, 如下:

指令IP 地址 端口号

答案2

空的原因json是因为curl失败。

失败的原因curl是因为;作为一项安全措施(因此按设计),OpenVPN 将不允许任何数据包通过隧道任何由二进制文件启动的脚本openvpn仍在执行。

您将需要找到另一种方法来调用脚本。

这就是为什么这是正确答案以及为什么不应删除该答案的原因:

客户端正在连接到remote nl.privateinternetaccess.com 1198

VPN 服务提供商服务器通常重定向全部VPN 上的流量。

--ipchange script我们找到这个命令:json=`/opt/bin/curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`

因此:curl http://209.222.18.222:2000 etc尝试使用 VPN 进行连接IP 209.222.18.222,openvpn 将不是允许任何数据包通过 VPN,直到全部脚本已完成。

这也被问过并回答过@https://forums.openvpn.net/viewtopic.php?f=15&t=25114#p73956

注意:我已竭尽全力验证此答案是否准确https://unix.stackexchange.com/users/257736/dodgexander没有对这里或 openvpn.net 上收到的任何答复做出回应

相关内容