我的 openvpn client.conf 包含一个选项“--up /home/averagejoey2000/bin/port_forward.sh”,但每当我运行时,该过程都会失败,因为当脚本不接受任何参数时,openvpn 会将参数附加到脚本中。systemctl [email protected]
openvpn-client@CA_Toronto.service - OpenVPN tunnel for CA_Toronto
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Tue 2017-02-14 09:16:02 PST; 4s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 28780 ExecStart=/usr/sbin/openvpn --suppress-timestamps --up /home/averagejoey2000/bin/port_forwarding.sh --nobind --config %i.conf (code=exited, status=1/FAILURE)
Main PID: 28780 (code=exited, status=1/FAILURE)
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: /usr/bin/ip addr add dev tun0 local 10.11.10.6 peer 10.11.10.5
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: /home/averagejoey2000/bin/port_forwarding.sh tun0 1500 1558 10.11.10.6 10.11.10.5 init
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: Unrecognized option: tun0
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: Usage: /home/averagejoey2000/bin/port_forwarding.sh
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: WARNING: Failed running command (--up/--down): external program exited with error status: 1
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: Exiting due to fatal error
Feb 14 09:16:02 Mjolnir4 systemd[1]: openvpn-client@CA_Toronto.service: Main process exited, code=exited, status=1/FAILURE
Feb 14 09:16:02 Mjolnir4 systemd[1]: Failed to start OpenVPN tunnel for CA_Toronto.
Feb 14 09:16:02 Mjolnir4 systemd[1]: openvpn-client@CA_Toronto.service: Unit entered failed state.
Feb 14 09:16:02 Mjolnir4 systemd[1]: openvpn-client@CA_Toronto.service: Failed with result 'exit-code'.`
我不知道要附加什么,这样tun0 1500 1558 10.11.10.6 10.11.10.5 init就不会作为参数传递给~/bin/port_forwarding.sh
EDIT1 port_forwarding.sh
#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
# ./port_forwarding.sh
error( )
{
echo "$@" 1>&2
exit 1
}
error_and_usage( )
{
echo "$@" 1>&2
usage_and_exit 1
}
usage( )
{
echo "Usage: `dirname $0`/$PROGRAM"
}
usage_and_exit( )
{
usage
exit $1
}
version( )
{
echo "$PROGRAM version $VERSION"
}
port_forward_assignment( )
{
echo 'Loading port forward assignment information...'
if [ "$(uname)" == "Linux" ]; then
client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
fi
if [ "$(uname)" == "Darwin" ]; then
client_id=`head -n 100 /dev/urandom | shasum -a 256 | tr -d " -"`
fi
json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
fi
echo $json
}
EXITCODE=0
PROGRAM=`basename $0`
VERSION=2.1
while test $# -gt 0
do
case $1 in
--usage | --help | -h )
usage_and_exit 0
;;
--version | -v )
version
exit 0
;;
*)
error_and_usage "Unrecognized option: $1"
;;
esac
shift
done
port_forward_assignment
exit 0
从https://www.privateinternetaccess.com/forum/discussion/23431/new-pia-port-forwarding-api
EDIT2 评论 Max-P Max-P 发表于 2 月 1 日 帖子:90 附加说明:必须在连接到 VPN 后 2 分钟内请求端口。超过此时间点,API 将不再可用,并将拒绝连接。 引用 OpenVPN OpenVPN 发表于 2 月 1 日 帖子:81 这个新 API 比旧 API 好在哪里?有什么区别?请解释。 引用 Max-P Max-P 发表于 2 月 1 日 帖子:90 @OpenVPN:大多数情况下,使用起来更容易、更安全。以前的 API 需要调用网站,这必须在 VPN 上完成,以便 API 可以看到您在哪个服务器上。您还必须向它传递您的本地地址,这通常涉及解析ifconfig或ip addr,并且您必须每小时调用一次才能保留您的端口。总的来说,这需要一点努力。现在,您只需将其作为--up脚本放在原版 OpenVPN 上,就可以完成它了 :) 引用
答案1
为什么你认为这个脚本应该在 OpenVPN 启动时运行?你引用的网页绝不提到它;此外,OpenVPN 中的 up/down 脚本用于执行路由的自定义配置(例如,如果新路由属于与默认路由不同的路由表),这就是为什么它们会传递您在日志中看到的大量变量。
此外,你的脚本不需要传递任何变量,这就是为什么你可以安全地转换这两行
error_and_usage "Unrecognized option: $1"
;;
进入
;;
您的脚本应该可以正常工作。请记住,您的输出(回显 $json)将进入系统日志;如果您希望在其他地方找到它,请务必修改回显 $json行作为
echo $json >> /path/to/some/convenient/file