|
|
|
|
|
|
|
|
#!/bin/bash |
|
|
#!/bin/bash |
|
|
vpn_provider="$(echo $OPENVPN_PROVIDER | tr '[A-Z]' '[a-z]')" |
|
|
|
|
|
vpn_provider_configs="/etc/openvpn/$vpn_provider" |
|
|
|
|
|
if [ ! -d "$vpn_provider_configs" ]; then |
|
|
|
|
|
echo "Could not find OpenVPN provider: $OPENVPN_PROVIDER" |
|
|
|
|
|
echo "Please check your settings." |
|
|
|
|
|
exit 1 |
|
|
|
|
|
|
|
|
VPN_PROVIDER="${OPENVPN_PROVIDER,,}" |
|
|
|
|
|
VPN_PROVIDER_CONFIGS="/etc/openvpn/${VPN_PROVIDER}" |
|
|
|
|
|
|
|
|
|
|
|
if [[ "${OPENVPN_PROVIDER}" == "**None**" ]] || [[ -z "${OPENVPN_PROVIDER-}" ]]; then |
|
|
|
|
|
echo "OpenVPN provider not set. Exiting." |
|
|
|
|
|
exit 1 |
|
|
|
|
|
elif [[ ! -d "${VPN_PROVIDER_CONFIGS}" ]]; then |
|
|
|
|
|
echo "Could not find OpenVPN provider: ${OPENVPN_PROVIDER}" |
|
|
|
|
|
echo "Please check your settings." |
|
|
|
|
|
exit 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
echo "Using OpenVPN provider: $OPENVPN_PROVIDER" |
|
|
|
|
|
|
|
|
|
|
|
if [ ! -z "$OPENVPN_CONFIG" ] |
|
|
|
|
|
then |
|
|
|
|
|
n=$(echo "$OPENVPN_CONFIG" | wc -w) |
|
|
|
|
|
if [ $n -gt 1 ] |
|
|
|
|
|
then |
|
|
|
|
|
rnd=$((RANDOM%n+1)) |
|
|
|
|
|
srv=$(echo "$OPENVPN_CONFIG" | awk -vrnd=$rnd '{print $rnd}') |
|
|
|
|
|
echo "$n servers found in OPENVPN_CONFIG, $srv chosen randomly" |
|
|
|
|
|
OPENVPN_CONFIG=$srv |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [ -f $vpn_provider_configs/"${OPENVPN_CONFIG}".ovpn ] |
|
|
|
|
|
then |
|
|
|
|
|
echo "Starting OpenVPN using config ${OPENVPN_CONFIG}.ovpn" |
|
|
|
|
|
OPENVPN_CONFIG=$vpn_provider_configs/${OPENVPN_CONFIG}.ovpn |
|
|
|
|
|
else |
|
|
|
|
|
echo "Supplied config ${OPENVPN_CONFIG}.ovpn could not be found." |
|
|
|
|
|
echo "Using default OpenVPN gateway for provider ${vpn_provider}" |
|
|
|
|
|
OPENVPN_CONFIG=$vpn_provider_configs/default.ovpn |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
echo "Using OpenVPN provider: ${OPENVPN_PROVIDER}" |
|
|
|
|
|
|
|
|
|
|
|
if [[ -n "${OPENVPN_CONFIG-}" ]]; then |
|
|
|
|
|
readarray -t OPENVPN_CONFIG_ARRAY <<< "${OPENVPN_CONFIG//,/$'\n'}" |
|
|
|
|
|
if (( ${#OPENVPN_CONFIG_ARRAY[@]} > 1 )); then |
|
|
|
|
|
OPENVPN_CONFIG_RANDOM=$((RANDOM%${#OPENVPN_CONFIG_ARRAY[@]})) |
|
|
|
|
|
echo "${#OPENVPN_CONFIG_ARRAY[@]} servers found in OPENVPN_CONFIG, ${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]} chosen randomly" |
|
|
|
|
|
OPENVPN_CONFIG="${OPENVPN_CONFIG_ARRAY[${OPENVPN_CONFIG_RANDOM}]}" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [[ -f "${VPN_PROVIDER_CONFIGS}/${OPENVPN_CONFIG}".ovpn ]]; then |
|
|
|
|
|
echo "Starting OpenVPN using config ${OPENVPN_CONFIG}.ovpn" |
|
|
|
|
|
OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/${OPENVPN_CONFIG}.ovpn" |
|
|
|
|
|
else |
|
|
|
|
|
echo "Supplied config ${OPENVPN_CONFIG}.ovpn could not be found." |
|
|
|
|
|
echo "Using default OpenVPN gateway for provider ${VPN_PROVIDER}" |
|
|
|
|
|
OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/default.ovpn" |
|
|
|
|
|
fi |
|
|
else |
|
|
else |
|
|
echo "No VPN configuration provided. Using default." |
|
|
|
|
|
OPENVPN_CONFIG=$vpn_provider_configs/default.ovpn |
|
|
|
|
|
|
|
|
echo "No VPN configuration provided. Using default." |
|
|
|
|
|
OPENVPN_CONFIG="${VPN_PROVIDER_CONFIGS}/default.ovpn" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
# add OpenVPN user/pass |
|
|
# add OpenVPN user/pass |
|
|
if [ "${OPENVPN_USERNAME}" = "**None**" ] || [ "${OPENVPN_PASSWORD}" = "**None**" ] ; then |
|
|
|
|
|
if [ ! -f /config/openvpn-credentials.txt ] ; then |
|
|
|
|
|
|
|
|
if [[ "${OPENVPN_USERNAME}" == "**None**" ]] || [[ "${OPENVPN_PASSWORD}" == "**None**" ]] ; then |
|
|
|
|
|
if [[ ! -f /config/openvpn-credentials.txt ]] ; then |
|
|
echo "OpenVPN credentials not set. Exiting." |
|
|
echo "OpenVPN credentials not set. Exiting." |
|
|
exit 1 |
|
|
exit 1 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
else |
|
|
else |
|
|
echo "Setting OPENVPN credentials..." |
|
|
echo "Setting OPENVPN credentials..." |
|
|
mkdir -p /config |
|
|
mkdir -p /config |
|
|
echo $OPENVPN_USERNAME > /config/openvpn-credentials.txt |
|
|
|
|
|
echo $OPENVPN_PASSWORD >> /config/openvpn-credentials.txt |
|
|
|
|
|
|
|
|
echo "${OPENVPN_USERNAME}" > /config/openvpn-credentials.txt |
|
|
|
|
|
echo "${OPENVPN_PASSWORD}" >> /config/openvpn-credentials.txt |
|
|
chmod 600 /config/openvpn-credentials.txt |
|
|
chmod 600 /config/openvpn-credentials.txt |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
# add transmission credentials from env vars |
|
|
# add transmission credentials from env vars |
|
|
echo $TRANSMISSION_RPC_USERNAME > /config/transmission-credentials.txt |
|
|
|
|
|
echo $TRANSMISSION_RPC_PASSWORD >> /config/transmission-credentials.txt |
|
|
|
|
|
|
|
|
echo "${TRANSMISSION_RPC_USERNAME}" > /config/transmission-credentials.txt |
|
|
|
|
|
echo "${TRANSMISSION_RPC_PASSWORD}" >> /config/transmission-credentials.txt |
|
|
|
|
|
|
|
|
# Persist transmission settings for use by transmission-daemon |
|
|
# Persist transmission settings for use by transmission-daemon |
|
|
dockerize -template /etc/transmission/environment-variables.tmpl:/etc/transmission/environment-variables.sh |
|
|
dockerize -template /etc/transmission/environment-variables.tmpl:/etc/transmission/environment-variables.sh |
|
|
|
|
|
|
|
|
TRANSMISSION_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/openvpn/tunnelUp.sh --down /etc/openvpn/tunnelDown.sh" |
|
|
TRANSMISSION_CONTROL_OPTS="--script-security 2 --up-delay --up /etc/openvpn/tunnelUp.sh --down /etc/openvpn/tunnelDown.sh" |
|
|
|
|
|
|
|
|
if [ "true" = "$ENABLE_UFW" ]; then |
|
|
|
|
|
|
|
|
## If we use UFW or the LOCAL_NETWORK we need to grab network config info |
|
|
|
|
|
if [[ "${ENABLE_UFW,,}" == "true" ]] || [[ -n "${LOCAL_NETWORK-}" ]]; then |
|
|
|
|
|
eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') |
|
|
|
|
|
## IF we use UFW_ALLOW_GW_NET along with ENABLE_UFW we need to know what our netmask CIDR is |
|
|
|
|
|
if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then |
|
|
|
|
|
eval $(ip r l dev ${INT} | awk '{if($5=="link"){print "GW_CIDR="$1; exit}}') |
|
|
|
|
|
fi |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
## Open port to any address |
|
|
|
|
|
function ufwAllowPort { |
|
|
|
|
|
typeset -n portNum=${1} |
|
|
|
|
|
if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ -n "${portNum-}" ]]; then |
|
|
|
|
|
echo "allowing ${portNum} through the firewall" |
|
|
|
|
|
ufw allow ${portNum} |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
## Open port to specific address. |
|
|
|
|
|
function ufwAllowPortLong { |
|
|
|
|
|
typeset -n portNum=${1} sourceAddress=${2} |
|
|
|
|
|
|
|
|
|
|
|
if [[ "${ENABLE_UFW,,}" == "true" ]] && [[ -n "${portNum-}" ]] && [[ -n "${sourceAddress-}" ]]; then |
|
|
|
|
|
echo "allowing ${sourceAddress} through the firewall to port ${portNum}" |
|
|
|
|
|
ufw allow from ${sourceAddress} to any port ${portNum} |
|
|
|
|
|
fi |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if [[ "${ENABLE_UFW,,}" == "true" ]]; then |
|
|
# Enable firewall |
|
|
# Enable firewall |
|
|
echo "enabling firewall" |
|
|
echo "enabling firewall" |
|
|
sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw |
|
|
sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw |
|
|
ufw enable |
|
|
ufw enable |
|
|
|
|
|
|
|
|
if [ "true" = "$TRANSMISSION_PEER_PORT_RANDOM_ON_START" ]; then |
|
|
|
|
|
PEER_PORT="$TRANSMISSION_PEER_PORT_RANDOM_LOW:$TRANSMISSION_PEER_PORT_RANDOM_HIGH/tcp" |
|
|
|
|
|
|
|
|
if [[ "${TRANSMISSION_PEER_PORT_RANDOM_ON_START,,}" == "true" ]]; then |
|
|
|
|
|
PEER_PORT="${TRANSMISSION_PEER_PORT_RANDOM_LOW}:${TRANSMISSION_PEER_PORT_RANDOM_HIGH}" |
|
|
else |
|
|
else |
|
|
PEER_PORT=$TRANSMISSION_PEER_PORT |
|
|
|
|
|
|
|
|
PEER_PORT="${TRANSMISSION_PEER_PORT}" |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
echo "allowing $PEER_PORT through the firewall" |
|
|
|
|
|
ufw allow $PEER_PORT |
|
|
|
|
|
|
|
|
ufwAllowPort PEER_PORT |
|
|
|
|
|
|
|
|
if [ "true" = "$WEBPROXY_ENABLED" ]; then |
|
|
|
|
|
echo "allowing $WEBPROXY_PORT through the firewall" |
|
|
|
|
|
ufw allow $WEBPROXY_PORT |
|
|
|
|
|
|
|
|
if [[ "${WEBPROXY_ENABLED,,}" == "true" ]]; then |
|
|
|
|
|
ufwAllowPort WEBPROXY_PORT |
|
|
|
|
|
fi |
|
|
|
|
|
if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then |
|
|
|
|
|
ufwAllowPortLong TRANSMISSION_RPC_PORT GW_CIDR |
|
|
|
|
|
else |
|
|
|
|
|
ufwAllowPortLong TRANSMISSION_RPC_PORT GW |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') |
|
|
|
|
|
echo "allowing access to $TRANSMISSION_RPC_PORT from $GW" |
|
|
|
|
|
ufw allow proto tcp from $GW to any port $TRANSMISSION_RPC_PORT |
|
|
|
|
|
if [ ! -z "${UFW_EXTRA_PORTS}" ]; then |
|
|
|
|
|
|
|
|
if [[ -n "${UFW_EXTRA_PORTS-}" ]]; then |
|
|
for port in ${UFW_EXTRA_PORTS//,/ }; do |
|
|
for port in ${UFW_EXTRA_PORTS//,/ }; do |
|
|
echo "allowing access to ${port} from $GW" |
|
|
|
|
|
ufw allow proto tcp from $GW to any port ${port} |
|
|
|
|
|
|
|
|
if [[ "${UFW_ALLOW_GW_NET,,}" == "true" ]]; then |
|
|
|
|
|
ufwAllowPortLong port GW_CIDR |
|
|
|
|
|
else |
|
|
|
|
|
ufwAllowPortLong port GW |
|
|
|
|
|
fi |
|
|
done |
|
|
done |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
if [ -n "${LOCAL_NETWORK-}" ]; then |
|
|
|
|
|
eval $(/sbin/ip r l m 0.0.0.0 | awk '{if($5!="tun0"){print "GW="$3"\nINT="$5; exit}}') |
|
|
|
|
|
if [ -n "${GW-}" -a -n "${INT-}" ]; then |
|
|
|
|
|
echo "adding route to local network $LOCAL_NETWORK via $GW dev $INT" |
|
|
|
|
|
/sbin/ip r a "$LOCAL_NETWORK" via "$GW" dev "$INT" |
|
|
|
|
|
if [ "true" = "$ENABLE_UFW" ]; then |
|
|
|
|
|
echo "allowing access to $TRANSMISSION_RPC_PORT from $LOCAL_NETWORK" |
|
|
|
|
|
ufw allow proto tcp from $LOCAL_NETWORK to any port $TRANSMISSION_RPC_PORT |
|
|
|
|
|
if [ ! -z "${UFW_EXTRA_PORTS}" ]; then |
|
|
|
|
|
for port in ${UFW_EXTRA_PORTS//,/ }; do |
|
|
|
|
|
echo "allowing access to ${port} from $LOCAL_NETWORK" |
|
|
|
|
|
ufw allow proto tcp from $LOCAL_NETWORK to any port ${port} |
|
|
|
|
|
done |
|
|
|
|
|
|
|
|
if [[ -n "${LOCAL_NETWORK-}" ]]; then |
|
|
|
|
|
if [[ -n "${GW-}" ]] && [[ -n "${INT-}" ]]; then |
|
|
|
|
|
for localNet in ${LOCAL_NETWORK//,/ }; do |
|
|
|
|
|
echo "adding route to local network ${localNet} via ${GW} dev ${INT}" |
|
|
|
|
|
/sbin/ip r a "${localNet}" via "${GW}" dev "${INT}" |
|
|
|
|
|
if [[ "${ENABLE_UFW,,}" == "true" ]]; then |
|
|
|
|
|
ufwAllowPortLong TRANSMISSION_RPC_PORT localNet |
|
|
|
|
|
if [[ -n "${UFW_EXTRA_PORTS-}" ]]; then |
|
|
|
|
|
for port in ${UFW_EXTRA_PORTS//,/ }; do |
|
|
|
|
|
ufwAllowPortLong port localNet |
|
|
|
|
|
done |
|
|
|
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
done |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
exec openvpn $TRANSMISSION_CONTROL_OPTS $OPENVPN_OPTS --config "$OPENVPN_CONFIG" |
|
|
|
|
|
|
|
|
exec openvpn ${TRANSMISSION_CONTROL_OPTS} ${OPENVPN_OPTS} --config "${OPENVPN_CONFIG}" |