Systemd openvpn up 脚本不起作用

Systemd openvpn up 脚本不起作用

我的 openvpn client.conf 包含一个选项“--up /home/averagejoey2000/bin/port_forward.sh”,但每当我运行时,该过程都会失败,因为当脚本不接受任何参数时,openvpn 会将参数附加到脚本中。systemctl [email protected]

 openvpn-client@CA_Toronto.service - OpenVPN tunnel for CA_Toronto
   Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Tue 2017-02-14 09:16:02 PST; 4s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
  Process: 28780 ExecStart=/usr/sbin/openvpn --suppress-timestamps --up /home/averagejoey2000/bin/port_forwarding.sh --nobind --config %i.conf (code=exited, status=1/FAILURE)
 Main PID: 28780 (code=exited, status=1/FAILURE)


Feb 14 09:16:02 Mjolnir4 openvpn[28780]: /usr/bin/ip addr add dev tun0 local 10.11.10.6 peer 10.11.10.5
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: /home/averagejoey2000/bin/port_forwarding.sh tun0 1500 1558 10.11.10.6 10.11.10.5 init
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: Unrecognized option: tun0
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: Usage: /home/averagejoey2000/bin/port_forwarding.sh
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: WARNING: Failed running command (--up/--down): external program exited with error status: 1
Feb 14 09:16:02 Mjolnir4 openvpn[28780]: Exiting due to fatal error
Feb 14 09:16:02 Mjolnir4 systemd[1]: openvpn-client@CA_Toronto.service: Main process exited, code=exited, status=1/FAILURE
Feb 14 09:16:02 Mjolnir4 systemd[1]: Failed to start OpenVPN tunnel for CA_Toronto.
Feb 14 09:16:02 Mjolnir4 systemd[1]: openvpn-client@CA_Toronto.service: Unit entered failed state.
Feb 14 09:16:02 Mjolnir4 systemd[1]: openvpn-client@CA_Toronto.service: Failed with result 'exit-code'.`

我不知道要附加什么,这样tun0 1500 1558 10.11.10.6 10.11.10.5 init就不会作为参数传递给~/bin/port_forwarding.sh

EDIT1 port_forwarding.sh

#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
#  ./port_forwarding.sh

error( )
{
  echo "$@" 1>&2
  exit 1
}

error_and_usage( )
{
  echo "$@" 1>&2
  usage_and_exit 1
}

usage( )
{
  echo "Usage: `dirname $0`/$PROGRAM"
}

usage_and_exit( )
{
  usage
  exit $1
}

version( )
{
  echo "$PROGRAM version $VERSION"
}


port_forward_assignment( )
{
  echo 'Loading port forward assignment information...'
  if [ "$(uname)" == "Linux" ]; then
    client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
  fi
  if [ "$(uname)" == "Darwin" ]; then
    client_id=`head -n 100 /dev/urandom | shasum -a 256 | tr -d " -"`
  fi

  json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
  if [ "$json" == "" ]; then
    json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
  fi

  echo $json
}

EXITCODE=0
PROGRAM=`basename $0`
VERSION=2.1

while test $# -gt 0
do
  case $1 in
  --usage | --help | -h )
    usage_and_exit 0
    ;;
  --version | -v )
    version
    exit 0
    ;;
  *)
    error_and_usage "Unrecognized option: $1"
    ;;
  esac
  shift
done

port_forward_assignment

exit 0

https://www.privateinternetaccess.com/forum/discussion/23431/new-pia-port-forwarding-api

EDIT2 评论 Max-P Max-P 发表于 2 月 1 日 帖子:90 附加说明:必须在连接到 VPN 后 2 分钟内请求端口。超过此时间点,API 将不再可用,并将拒绝连接。 引用 OpenVPN OpenVPN 发表于 2 月 1 日 帖子:81 这个新 API 比旧 API 好在哪里?有什么区别?请解释。 引用 Max-P Max-P 发表于 2 月 1 日 帖子:90 @OpenVPN:大多数情况下,使用起来更容易、更安全。以前的 API 需要调用网站,这必须在 VPN 上完成,以便 API 可以看到您在哪个服务器上。您还必须向它传递您的本地地址,这通常涉及解析ifconfigip addr,并且您必须每小时调用一次才能保留您的端口。总的来说,这需要一点努力。现在,您只需将其作为--up脚本放在原版 OpenVPN 上,就可以完成它了 :) 引用

答案1

为什么你认为这个脚本应该在 OpenVPN 启动时运行?你引用的网页绝不提到它;此外,OpenVPN 中的 up/down 脚本用于执行路由的自定义配置(例如,如果新路由属于与默认路由不同的路由表),这就是为什么它们会传递您在日志中看到的大量变量。

此外,你的脚本不需要传递任何变量,这就是为什么你可以安全地转换这两行

error_and_usage "Unrecognized option: $1"
    ;;

进入

    ;;

您的脚本应该可以正常工作。请记住,您的输出(回显 $json)将进入系统日志;如果您希望在其他地方找到它,请务必修改回显 $json行作为

echo $json >> /path/to/some/convenient/file

相关内容