admin/gluetun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Scans through corresponding REGION.OVPN file to find domain name and port

Browse Source
This commit is contained in:
Quentin McGaw
2018-06-07 18:33:03 -04:00
parent 7aa43274b1
commit 081227edf2
1 changed files with 36 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
entrypoint.sh
View File

@@ -1,54 +1,65 @@
#!/bin/sh #!/bin/sh
printf "\nGetting public IP address..." # Obtaining your original IP address to use for the healthcheck
printf "\nGetting non VPN public IP address..."
export INITIAL_IP=$(wget -qqO- 'https://duckduckgo.com/?q=what+is+my+ip' | grep -ow 'Your IP address is [0-9.]*[0-9]' | grep -ow '[0-9][0-9.]*') export INITIAL_IP=$(wget -qqO- 'https://duckduckgo.com/?q=what+is+my+ip' | grep -ow 'Your IP address is [0-9.]*[0-9]' | grep -ow '[0-9][0-9.]*')
printf "DONE\nChanging DNS to localhost..." printf "$INITIAL_IP"
# Setting up cloudflare DNS 1.1.1.1 over TLS
printf "\nChanging DNS to localhost..."
echo "nameserver 127.0.0.1" > /etc/resolv.conf echo "nameserver 127.0.0.1" > /etc/resolv.conf
echo "options ndots:0" >> /etc/resolv.conf echo "options ndots:0" >> /etc/resolv.conf
printf "DONE\nStarting Unbound to connect to Cloudflare DNS 1.1.1.1 at its TLS endpoint..." printf "DONE"
printf "\nLaunching Unbound daemon to connect to Cloudflare DNS 1.1.1.1 at its TLS endpoint..."
unbound unbound
printf "DONE\nSetting firewall for killswitch purposes...\n Detecting local subnet..." printf "DONE"
printf "\nSetting firewall for killswitch purposes..."
printf "\n * Detecting local subnet..."
SUBNET=$(ip route show default | tail -n 1 | awk '// {print $1}') SUBNET=$(ip route show default | tail -n 1 | awk '// {print $1}')
printf "$SUBNET\n Detecting IP addresses corresponding to $REGION.privateinternetaccess.com..." printf "$SUBNET"
VPNIPS=$(nslookup $REGION.privateinternetaccess.com localhost | tail -n +5 | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}') printf "\n * Detecting parameters to be used for region $REGION, protocol $PROTOCOL and encryption $ENCRYPTION..."
CONNECTIONSTRING=$(grep -i "/openvpn-$PROTOCOL-$ENCRYPTION/$REGION.ovpn" -e 'privateinternetaccess.com')
PORT=$(echo $CONNECTIONSTRING | cut -d' ' -f3)
PIADOMAIN=$(echo $CONNECTIONSTRING | cut -d' ' -f2)
printf "\n * Port: $PORT"
printf "\n * Domain: $PIADOMAIN"
printf "\n * Detecting IP addresses corresponding to $PIADOMAIN..."
VPNIPS=$(nslookup $PIADOMAIN localhost | tail -n +5 | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}')
for ip in $VPNIPS for ip in $VPNIPS
do do
printf "\n $ip" printf "\n $ip"
done done
printf "\n Deleting all iptables rules..." printf "\n * Deleting all iptables rules..."
iptables --flush iptables --flush
iptables --delete-chain iptables --delete-chain
iptables -t nat --flush iptables -t nat --flush
iptables -t nat --delete-chain iptables -t nat --delete-chain
iptables -P OUTPUT DROP iptables -P OUTPUT DROP
printf "DONE\n Adding rules to accept local loopback traffic..." printf "DONE"
printf "\n * Adding rules to accept local loopback traffic..."
iptables -A INPUT -j ACCEPT -i lo iptables -A INPUT -j ACCEPT -i lo
iptables -A OUTPUT -j ACCEPT -o lo iptables -A OUTPUT -j ACCEPT -o lo
printf "DONE\n Adding rules to accept traffic of subnet $SUBNET..." printf "DONE"
printf "\n * Adding rules to accept traffic of subnet $SUBNET..."
#iptables -A INPUT --src $SUBNET -j ACCEPT -i eth0 #iptables -A INPUT --src $SUBNET -j ACCEPT -i eth0
iptables -A OUTPUT -d $SUBNET -j ACCEPT -o eth0 iptables -A OUTPUT -d $SUBNET -j ACCEPT -o eth0
printf "DONE\n Determining port to be used with PIA..." printf "DONE"
if [ "$PROTOCOL-$ENCRYPTION" == "tcp-normal" ]; then
PORT=502
elif [ "$PROTOCOL-$ENCRYPTION" == "tcp-strong" ]; then
PORT=501
elif [ "$PROTOCOL-$ENCRYPTION" == "udp-normal" ]; then
PORT=1198
elif [ "$PROTOCOL-$ENCRYPTION" == "udp-strong" ]; then
PORT=1197
fi
printf "$PROTOCOL $PORT"
for ip in $VPNIPS for ip in $VPNIPS
do do
printf "\n Adding rules to accept traffic with VPN IP address $ip on port $PROTOCOL $PORT..." printf "\n * Adding rules to accept traffic with $ip on port $PROTOCOL $PORT..."
iptables -A OUTPUT -j ACCEPT -d $ip -o eth0 -p $PROTOCOL -m $PROTOCOL --dport $PORT iptables -A OUTPUT -j ACCEPT -d $ip -o eth0 -p $PROTOCOL -m $PROTOCOL --dport $PORT
iptables -A INPUT -j ACCEPT -s $ip -i eth0 -p $PROTOCOL -m $PROTOCOL --sport $PORT iptables -A INPUT -j ACCEPT -s $ip -i eth0 -p $PROTOCOL -m $PROTOCOL --sport $PORT
printf "DONE" printf "DONE"
done done
printf "\n Adding rules to accept traffic going through the tun device..." printf "\n * Adding rules to accept traffic going through the tun device..."
iptables -A INPUT -j ACCEPT -i tun0 iptables -A INPUT -j ACCEPT -i tun0
iptables -A OUTPUT -j ACCEPT -o tun0 iptables -A OUTPUT -j ACCEPT -o tun0
printf "DONE\nStarting OpenVPN using $PROTOCOL with $ENCRYPTION encryption\n" printf "DONE"
printf "\n * Starting OpenVPN using the following parameters:"
printf "\n * Domain: $PIADOMAIN"
printf "\n * Port: $PORT"
printf "\n * Protocol: $PROTOCOL"
printf "\n * Encryption: $ENCRYPTION"
cd /openvpn-$PROTOCOL-$ENCRYPTION cd /openvpn-$PROTOCOL-$ENCRYPTION
openvpn --config "$REGION.ovpn" --auth-user-pass /auth.conf openvpn --config "$REGION.ovpn" --auth-user-pass /auth.conf
printf "\n\nExiting..." printf "\nExiting...\n\n"