Netgear R7000 路由器 Tomato v1.28.0000 -2017.2-kille72- K26ARM USB AIO-64K
我需要一些帮助来调试我的脚本。
目标:从 VPN API JSON 检索转发的端口号,使用 Transmission-remote 将端口号传递给正在运行的传输守护进程。
我的输入:
#!/opt/bin/bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
# ./port_forwarding.sh
set -x
exec 5>/etc/openvpn/mylog
BASH_XTRACEFD="5"
PS4='$LINENO: '
TRANSUSER=me
TRANSPASS=mypass
TRANSHOST=192.168.1.251
/bin/echo waiting 20s for vpn to connect and trasmission to start
sleep 20
error( )
{
/bin/echo "$@" 1>&2
exit 1
}
error_and_usage( )
{
/bin/echo "$@" 1>&2
usage_and_exit 1
}
usage( )
{
/bin/echo "Usage: `dirname $0`/$PROGRAM"
}
usage_and_exit( )
{
usage
exit $1
}
version( )
{
/bin/echo "$PROGRAM version $VERSION"
}
port_forward_assignment( )
{
client_id_file="/etc/openvpn/pia_client_id"
if [ ! -f "$client_id_file" ]; then
if hash /opt/bin/shasum 2>/dev/null; then
/usr/bin/head -n 100 /dev/urandom | /opt/bin/shasum -a 256 | tr -d " -" > "$client_id_file"
elif hash /opt/bin/sha256sum 2>/dev/null; then
/usr/bin/head -n 100 /dev/urandom | /opt/bin/sha256sum | tr -d " -" > "$client_id_file"
else
/bin/echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
exit 1
fi
fi
client_id=`/bin/cat "$client_id_file"`
json=`/opt/bin/curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
fi
/bin/echo server returned message: $json
#trim VPN forwarded port from JSON
PORT=$(echo $json | /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
/bin/echo if succesful port is:$PORT
#change transmission port on the fly
/opt/bin/transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT"
/bin/echo your transmission details: $TRANSHOST $TRANSUSER $TRANSPASS
}
/bin/echo remember to reconnect to VPN before running this script. Run no longer than 2 minutes after connection or this will fail!
EXITCODE=0
PROGRAM=`basename $0`
VERSION=2.1
while /usr/bin/test $# -gt 0
do
case $1 in
--usage | --help | -h )
usage_and_exit 0
;;
--version | -v )
version
exit 0
;;
*)
error_and_usage "Unrecognised option: $1"
;;
esac
shift
done
port_forward_assignment
exit 0
问题:当我从 shell 运行此脚本时,它工作正常,但是当我在 openvpn 配置中调用该脚本时,我得到以下结果:
+ PS4='$LINENO: '
12: TRANSUSER=me
13: TRANSPASS=mypass
14: TRANSHOST=192.168.1.251
16: /bin/echo waiting 20s for vpn to connect and trasmission to start
17: sleep 20
79: /bin/echo remember to reconnect to VPN before running this script. Run no longer than 2 minutes after connection or this will 'fail!'
81: EXITCODE=0
882: basename /etc/openvpn/test.sh
82: PROGRAM=test.sh
83: VERSION=2.1
85: /usr/bin/test 1 -gt 0
87: case $1 in
96: error_and_usage 'Unrecognized option: [AF_INET]45.136.190.211 1198'
27: /bin/echo 'Unrecognized option: [AF_INET]46.136.190.211 1198'
28: usage_and_exit 1
38: usage
333: dirname /etc/openvpn/test.sh
33: /bin/echo 'Usage: /etc/openvpn/test.sh'
39: exit 1
在 shell 中运行时工作正常:
+ PS4='$LINENO: '
12: TRANSUSER=me
13: TRANSPASS=mypass
14: TRANSHOST=192.168.1.251
16: /bin/echo waiting 20s for vpn to connect and trasmission to start
17: sleep 20
79: /bin/echo remember to reconnect to VPN before running this script. Run no longer than 2 minutes after connection or this will 'fail!'
81: EXITCODE=0
882: basename ./test.sh
82: PROGRAM=test.sh
83: VERSION=2.1
85: /usr/bin/test 0 -gt 0
102: port_forward_assignment
50: client_id_file=/etc/openvpn/pia_client_id
51: '[' '!' -f /etc/openvpn/pia_client_id ']'
661: /bin/cat /etc/openvpn/pia_client_id
61: client_id=080db0a6e936918d405683447a78bf426223e9a1ea2ecce744722ac3241d4232
662: /opt/bin/curl 'http://209.222.18.222:2000/?client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232'
62: json='{"port":44257}'
63: '[' '{"port":44257}' == '' ']'
67: /bin/echo server returned message: '{"port":44257}'
770: echo '{"port":44257}'
770: /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}'
70: PORT=44257
71: /bin/echo if successful port is:44257
75: /opt/bin/transmission-remote 192.168.1.251 --auth me:mypass -p 44257
76: /bin/echo your transmission details: 192.168.1.251 me mypass
104: exit 0
我哪里错了?为什么当 OpenVPN 调用脚本时会失败,而不是在 shell 中运行时失败?我怎样才能找出 AF_INET 点呢?奇怪的是,错误中的IP地址是我的客户端VPN服务器和端口,而不是从JSON返回的转发端口号。
我的 OpenVPN 配置:
# Automatically generated configuration
daemon
client
dev tun11
proto udp
remote nl.privateinternetaccess.com 1198
resolv-retry 30
nobind
persist-key
persist-tun
comp-lzo adaptive
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
redirect-gateway def1
verb 3
script-security 2
up updown.sh
down updown.sh
ca ca.crt
status-version 2
status status
# Custom Configuration
syslog [progname]
persist-key
persist-tun
tls-client
auth-user-pass /tmp/password.txt
comp-lzo
verb 3
reneg-sec 0
ipchange "/etc/openvpn/test.sh"
script-security 3
编辑#
感谢下面的 Ipor Sircer,我设法通过不定义参数 1 来避免错误。我的输入现在看起来像这样(为了简化),但 OpenVPN 调用时的输出与直接运行脚本时的输出非常不同。
我的输入:
#!/opt/bin/bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
# ./port_forwarding.sh
set -x
exec 5>/etc/openvpn/mylog
BASH_XTRACEFD="5"
PS4='$LINENO: '
TRANSUSER=me
TRANSPASS=mypass
TRANSHOST=192.168.1.251
client_id_file="/etc/openvpn/pia_client_id"
if [ ! -f "$client_id_file" ]; then
if hash /opt/bin/shasum 2>/dev/null; then
/usr/bin/head -n 100 /dev/urandom | /opt/bin/shasum -a 256 | tr -d " -" > "$client_id_file"
elif hash /opt/bin/sha256sum 2>/dev/null; then
/usr/bin/head -n 100 /dev/urandom | /opt/bin/sha256sum | tr -d " -" > "$client_id_file"
else
/bin/echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
exit 1
fi
fi
client_id=`/bin/cat "$client_id_file"`
json=`/opt/bin/curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
fi
/bin/echo server returned message: $json
#trim VPN forwarded port from JSON
PORT=$(echo $json | /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
/bin/echo if successful port is:$PORT
#change transmission port on the fly
/opt/bin/transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT"
/bin/echo your transmission details: $TRANSHOST $TRANSUSER $TRANSPASS
OpenVPN 输出:
+ PS4='$LINENO: '
12: TRANSUSER=me
13: TRANSPASS=pass
14: TRANSHOST=192.168.1.251
16: client_id_file=/etc/openvpn/pia_client_id
17: '[' '!' -f /etc/openvpn/pia_client_id ']'
227: /bin/cat /etc/openvpn/pia_client_id
27: client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232
228: /opt/bin/curl 'http://209.222.18.222:2000/?client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232'
28: json=
29: '[' '' == '' ']'
30: json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
33: /bin/echo server returned message: Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
336: echo Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
336: /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}'
36: PORT=
37: /bin/echo if successful port is:
41: /opt/bin/transmission-remote 192.168.1.251 --auth me:pass -p ''
42: /bin/echo your transmission details: 192.168.1.251 me pass
没有 OpenVPN:
16: client_id_file=/etc/openvpn/pia_client_id
17: '[' '!' -f /etc/openvpn/pia_client_id ']'
227: /bin/cat /etc/openvpn/pia_client_id
27: client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232
228: /opt/bin/curl 'http://209.222.18.222:2000/?client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232'
28: json='{"port":44257}'
29: '[' '{"port":44257}' == '' ']'
33: /bin/echo server returned message: '{"port":44257}'
336: echo '{"port":44257}'
336: /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}'
36: PORT=44257
37: /bin/echo if successful port is:44257
答案1
Openvpn 使用您定义为无法识别选项的 2 个参数调用您的脚本。
男子开放VPN:
“--ipchange命令
当我们的远程 IP 地址最初经过身份验证或发生更改时,运行命令 cmd。
cmd 由脚本(或可执行程序)的路径组成,后面可以选择跟随参数。路径和参数可以是单引号或双引号和/或使用反斜杠转义,并且应该用一个或多个空格分隔。
当cmd执行时两个参数附加在 cmd 中指定的任何参数之后, 如下:
指令IP 地址 端口号”
答案2
空的原因json
是因为curl
失败。
失败的原因curl
是因为;作为一项安全措施(因此按设计),OpenVPN 将不允许任何数据包通过隧道任何由二进制文件启动的脚本openvpn
仍在执行。
您将需要找到另一种方法来调用脚本。
这就是为什么这是正确答案以及为什么不应删除该答案的原因:
客户端正在连接到remote nl.privateinternetaccess.com 1198
VPN 服务提供商服务器通常重定向全部VPN 上的流量。
在--ipchange script
我们找到这个命令:json=`/opt/bin/curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
因此:curl http://209.222.18.222:2000 etc
尝试使用 VPN 进行连接IP 209.222.18.222
,openvpn 将不是允许任何数据包通过 VPN,直到全部脚本已完成。
这也被问过并回答过@https://forums.openvpn.net/viewtopic.php?f=15&t=25114#p73956
注意:我已竭尽全力验证此答案是否准确https://unix.stackexchange.com/users/257736/dodgexander没有对这里或 openvpn.net 上收到的任何答复做出回应