![VPN 호출 스크립트 열기: 인식할 수 없는 옵션: [AF_INET]](https://linux55.com/image/120520/VPN%20%ED%98%B8%EC%B6%9C%20%EC%8A%A4%ED%81%AC%EB%A6%BD%ED%8A%B8%20%EC%97%B4%EA%B8%B0%3A%20%EC%9D%B8%EC%8B%9D%ED%95%A0%20%EC%88%98%20%EC%97%86%EB%8A%94%20%EC%98%B5%EC%85%98%3A%20%5BAF_INET%5D.png)
넷기어 R7000 라우터 토마토 v1.28.0000 -2017.2-kille72- K26ARM USB AIO-64K
내 스크립트를 디버깅하는 데 도움이 필요합니다.
목표: VPN API JSON에서 전달된 포트 번호를 검색하고 전송 원격을 사용하여 포트 번호를 실행 중인 전송 데몬에 전달합니다.
내 입력:
#!/opt/bin/bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
# ./port_forwarding.sh
set -x
exec 5>/etc/openvpn/mylog
BASH_XTRACEFD="5"
PS4='$LINENO: '
TRANSUSER=me
TRANSPASS=mypass
TRANSHOST=192.168.1.251
/bin/echo waiting 20s for vpn to connect and trasmission to start
sleep 20
error( )
{
/bin/echo "$@" 1>&2
exit 1
}
error_and_usage( )
{
/bin/echo "$@" 1>&2
usage_and_exit 1
}
usage( )
{
/bin/echo "Usage: `dirname $0`/$PROGRAM"
}
usage_and_exit( )
{
usage
exit $1
}
version( )
{
/bin/echo "$PROGRAM version $VERSION"
}
port_forward_assignment( )
{
client_id_file="/etc/openvpn/pia_client_id"
if [ ! -f "$client_id_file" ]; then
if hash /opt/bin/shasum 2>/dev/null; then
/usr/bin/head -n 100 /dev/urandom | /opt/bin/shasum -a 256 | tr -d " -" > "$client_id_file"
elif hash /opt/bin/sha256sum 2>/dev/null; then
/usr/bin/head -n 100 /dev/urandom | /opt/bin/sha256sum | tr -d " -" > "$client_id_file"
else
/bin/echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
exit 1
fi
fi
client_id=`/bin/cat "$client_id_file"`
json=`/opt/bin/curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
fi
/bin/echo server returned message: $json
#trim VPN forwarded port from JSON
PORT=$(echo $json | /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
/bin/echo if succesful port is:$PORT
#change transmission port on the fly
/opt/bin/transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT"
/bin/echo your transmission details: $TRANSHOST $TRANSUSER $TRANSPASS
}
/bin/echo remember to reconnect to VPN before running this script. Run no longer than 2 minutes after connection or this will fail!
EXITCODE=0
PROGRAM=`basename $0`
VERSION=2.1
while /usr/bin/test $# -gt 0
do
case $1 in
--usage | --help | -h )
usage_and_exit 0
;;
--version | -v )
version
exit 0
;;
*)
error_and_usage "Unrecognised option: $1"
;;
esac
shift
done
port_forward_assignment
exit 0
문제: 이 스크립트를 셸에서 실행하면 제대로 작동하지만 openvpn 구성에서 호출하면 다음과 같은 결과가 나타납니다.
+ PS4='$LINENO: '
12: TRANSUSER=me
13: TRANSPASS=mypass
14: TRANSHOST=192.168.1.251
16: /bin/echo waiting 20s for vpn to connect and trasmission to start
17: sleep 20
79: /bin/echo remember to reconnect to VPN before running this script. Run no longer than 2 minutes after connection or this will 'fail!'
81: EXITCODE=0
882: basename /etc/openvpn/test.sh
82: PROGRAM=test.sh
83: VERSION=2.1
85: /usr/bin/test 1 -gt 0
87: case $1 in
96: error_and_usage 'Unrecognized option: [AF_INET]45.136.190.211 1198'
27: /bin/echo 'Unrecognized option: [AF_INET]46.136.190.211 1198'
28: usage_and_exit 1
38: usage
333: dirname /etc/openvpn/test.sh
33: /bin/echo 'Usage: /etc/openvpn/test.sh'
39: exit 1
쉘에서 실행하면 잘 작동합니다.
+ PS4='$LINENO: '
12: TRANSUSER=me
13: TRANSPASS=mypass
14: TRANSHOST=192.168.1.251
16: /bin/echo waiting 20s for vpn to connect and trasmission to start
17: sleep 20
79: /bin/echo remember to reconnect to VPN before running this script. Run no longer than 2 minutes after connection or this will 'fail!'
81: EXITCODE=0
882: basename ./test.sh
82: PROGRAM=test.sh
83: VERSION=2.1
85: /usr/bin/test 0 -gt 0
102: port_forward_assignment
50: client_id_file=/etc/openvpn/pia_client_id
51: '[' '!' -f /etc/openvpn/pia_client_id ']'
661: /bin/cat /etc/openvpn/pia_client_id
61: client_id=080db0a6e936918d405683447a78bf426223e9a1ea2ecce744722ac3241d4232
662: /opt/bin/curl 'http://209.222.18.222:2000/?client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232'
62: json='{"port":44257}'
63: '[' '{"port":44257}' == '' ']'
67: /bin/echo server returned message: '{"port":44257}'
770: echo '{"port":44257}'
770: /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}'
70: PORT=44257
71: /bin/echo if successful port is:44257
75: /opt/bin/transmission-remote 192.168.1.251 --auth me:mypass -p 44257
76: /bin/echo your transmission details: 192.168.1.251 me mypass
104: exit 0
내가 어디서 잘못됐나요? 스크립트가 호출될 때는 OpenVPN이 실패하지만 셸에서 실행될 때는 실패하지 않는 이유는 무엇입니까? AF_INET 포인트를 어떻게 알 수 있나요? 이상하게도 오류의 IP 주소는 JSON에서 반환된 전달 포트 번호가 아니라 내 클라이언트 VPN 서버 및 포트입니다.
내 OpenVPN 구성:
# Automatically generated configuration
daemon
client
dev tun11
proto udp
remote nl.privateinternetaccess.com 1198
resolv-retry 30
nobind
persist-key
persist-tun
comp-lzo adaptive
ncp-ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
cipher AES-128-CBC
redirect-gateway def1
verb 3
script-security 2
up updown.sh
down updown.sh
ca ca.crt
status-version 2
status status
# Custom Configuration
syslog [progname]
persist-key
persist-tun
tls-client
auth-user-pass /tmp/password.txt
comp-lzo
verb 3
reneg-sec 0
ipchange "/etc/openvpn/test.sh"
script-security 3
편집하다#
아래 Ipor Sircer 덕분에 매개변수 1을 정의하지 않음으로써 오류를 피할 수 있었습니다. 이제 내 입력은 단순화하기 위해 다음과 같지만 OpenVPN이 호출될 때의 출력은 스크립트를 직접 실행할 때와 매우 다릅니다.
내 입력:
#!/opt/bin/bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
# ./port_forwarding.sh
set -x
exec 5>/etc/openvpn/mylog
BASH_XTRACEFD="5"
PS4='$LINENO: '
TRANSUSER=me
TRANSPASS=mypass
TRANSHOST=192.168.1.251
client_id_file="/etc/openvpn/pia_client_id"
if [ ! -f "$client_id_file" ]; then
if hash /opt/bin/shasum 2>/dev/null; then
/usr/bin/head -n 100 /dev/urandom | /opt/bin/shasum -a 256 | tr -d " -" > "$client_id_file"
elif hash /opt/bin/sha256sum 2>/dev/null; then
/usr/bin/head -n 100 /dev/urandom | /opt/bin/sha256sum | tr -d " -" > "$client_id_file"
else
/bin/echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
exit 1
fi
fi
client_id=`/bin/cat "$client_id_file"`
json=`/opt/bin/curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
fi
/bin/echo server returned message: $json
#trim VPN forwarded port from JSON
PORT=$(echo $json | /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
/bin/echo if successful port is:$PORT
#change transmission port on the fly
/opt/bin/transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT"
/bin/echo your transmission details: $TRANSHOST $TRANSUSER $TRANSPASS
OpenVPN 출력:
+ PS4='$LINENO: '
12: TRANSUSER=me
13: TRANSPASS=pass
14: TRANSHOST=192.168.1.251
16: client_id_file=/etc/openvpn/pia_client_id
17: '[' '!' -f /etc/openvpn/pia_client_id ']'
227: /bin/cat /etc/openvpn/pia_client_id
27: client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232
228: /opt/bin/curl 'http://209.222.18.222:2000/?client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232'
28: json=
29: '[' '' == '' ']'
30: json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
33: /bin/echo server returned message: Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
336: echo Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
336: /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}'
36: PORT=
37: /bin/echo if successful port is:
41: /opt/bin/transmission-remote 192.168.1.251 --auth me:pass -p ''
42: /bin/echo your transmission details: 192.168.1.251 me pass
OpenVPN이 없는 경우:
16: client_id_file=/etc/openvpn/pia_client_id
17: '[' '!' -f /etc/openvpn/pia_client_id ']'
227: /bin/cat /etc/openvpn/pia_client_id
27: client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232
228: /opt/bin/curl 'http://209.222.18.222:2000/?client_id=080db0a6e936918d405683447a78bf426273e9a1ea2ecce744722ac3241d4232'
28: json='{"port":44257}'
29: '[' '{"port":44257}' == '' ']'
33: /bin/echo server returned message: '{"port":44257}'
336: echo '{"port":44257}'
336: /usr/bin/awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}'
36: PORT=44257
37: /bin/echo if successful port is:44257
답변1
Openvpn은 인식할 수 없는 옵션으로 정의한 2개의 매개변수를 사용하여 스크립트를 호출합니다.
남성용 개방형 VPN:
"--ipchange 명령
원격 IP 주소가 처음 인증되거나 변경되면 cmd 명령을 실행하십시오.
cmd는 스크립트(또는 실행 프로그램)에 대한 경로와 선택적으로 인수가 뒤따르는 경로로 구성됩니다. 경로와 인수는 작은따옴표나 큰따옴표로 묶거나 백슬래시로 이스케이프할 수 있으며 하나 이상의 공백으로 구분해야 합니다.
cmd가 실행되면두 매개변수는 cmd에 지정된 매개변수에 추가됩니다., 다음과 같습니다:
지침IP 주소 포트 번호"
답변2
비어있는 이유는 실패 json때문이다 curl.
실패 이유는 curl보안 조치 때문입니다.디자인에 의해), OpenVPN은 어떤 패킷도 터널을 통과하는 것을 허용하지 않습니다.어느바이너리로 시작된 스크립트는 openvpn계속 실행 중입니다.
스크립트를 호출하는 다른 방법을 찾아야 합니다.
이것이 정답인 이유와 이 답변을 삭제하면 안되는 이유는 다음과 같습니다.
클라이언트가 다음에 연결 중입니다.remote nl.privateinternetaccess.com 1198
VPN 서비스 제공업체 서버대개리디렉션모두VPN의 트래픽.
여기서 --ipchange script이 명령을 찾을 수 있습니다:json=`/opt/bin/curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
따라서 curl http://209.222.18.222:2000 etcVPN을 사용하여 연결을 시도하면 IP 209.222.18.222openvpn이아니요VPN을 통한 모든 패킷 허용모두스크립트가 완료되었습니다.
이것도 질문받고 답변받았습니다@https://forums.openvpn.net/viewtopic.php?f=15&t=25114#p73956
참고: 나는 이 답변이 정확한지 확인하기 위해 최선을 다했습니다.https://unix.stackexchange.com/users/257736/dodgexander여기 또는 openvpn.net에서 받은 응답에 응답이 없습니다.