Quote:
Originally Posted by NotAComputerGuy
Firerat, I'm really sorry to be such a newbie, but could you be a little more explicit in how I would use that? I've copied that into a file, made it executable and placed it in /etc/openvpn/ but I'm unsure what I do with it? Or should I just run it? Will that 'fix' openvpn until it updates? What did you mean by to get it to write add -i?
Thank you for your time and effort, I'm sorry for being quite confused
|
Sorry, my fault
it is just a sed, ( stream editor )
just copy and paste it 'as is'
you will see the /etc/init.d/openvpn, only a modified version.
if you do "sed -i -e ....." instead of "sed -e ....." it will edit 'inline', i.e. save the changes. ( in this case you will need root )
actually, probably better to make it do a backup
"sed -i.backup -e ....."
The original will be saved as openvpn.backup
edit the "patch_script" replacing all of the YOUR.GATEWAY.IP.HERE, and add the -i.backup
to 'execute' it, just do
Code:
sh /path/to/patch_script
what it is actually doing is
adding the below, just above the line "start_vpn () {"
Code:
fix_ssh () {
ip rule add fwmark 65 table novpn
ip route add default via YOUR.GATEWAY.IP.HERE dev eth0 table novpn
ip route flush cache
iptables -t mangle -A OUTPUT -p tcp --sport 22 -j MARK --set-mark 65
iptables -A INPUT -i tun0 -p tcp -m tcp --dport 22 -j DROP
}
undo_fix_ssh () {
iptables -D INPUT -i tun0 -p tcp -m tcp --dport 22 -j DROP
iptables -t mangle -D OUTPUT -p tcp --sport 22 -j MARK --set-mark 65
ip route del default via YOUR.GATEWAY.IP.HERE dev eth0 table novpn
ip rule del fwmark 65 table novpn
ip route flush cache
}
it is also adding "&& fix_ssh" and "&& undo_fix_ssh" to the end of start_vpn and stop_vpn lines
so whenever the openvpn runs its start_vpn function it then runs the fix_ssh function ( unless start_vpn fails ), and the undo part runs when stop_vpn as run
Technically it is a 'fudge', because it will blindly run for every VPN,
I assumed you only have the one client configured
it is also a bit dumb in that it will keep adding the {undo_}fix_ssh functions
you could fix that with
Code:
#!/bin/bash
grep -q fix_ssh /etc/init.d/openvpn || sed ........
so the sed only runs if grep didn't find fix_ssh
Hope that makes sense