bea/docker-deluge-openvpn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update update-port.sh

Browse Source 
a change to allow us to keep using port forwarding
This commit is contained in:
mizzi0n
2020-10-20 12:34:18 +01:00
committed by GitHub
parent e0eaa0e643
commit 56a6a6f619
1 changed files with 112 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
openvpn/pia/update-port.sh
View File

@@ -1,9 +1,9 @@
#! /bin/bash #!/bin/bash
#export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin
echo "Wait for tunnel to be fully initialized and PIA is ready to give us a port"
sleep 15
# Source our persisted env variables from container startup # Source our persisted env variables from container startup
## this is an amalgamation of two scripts to keep my PIA working, credit to the main authors, the original scripts linked in the READ.ME
#v0.2
. /etc/transmission/environment-variables.sh . /etc/transmission/environment-variables.sh
# Settings # Settings
@@ -14,49 +14,76 @@ transmission_passwd=$(tail -1 ${TRANSMISSION_PASSWD_FILE})
pia_client_id_file=/etc/transmission/pia_client_id pia_client_id_file=/etc/transmission/pia_client_id
transmission_settings_file=${TRANSMISSION_HOME}/settings.json transmission_settings_file=${TRANSMISSION_HOME}/settings.json
# sleep 5
# First get a port from PIA
#
new_client_id() { ###### PIA Variables ######
head -n 100 /dev/urandom | sha256sum | tr -d " -" | tee ${pia_client_id_file} curl_max_time=15
curl_retry=5
curl_retry_delay=15
user=$(sed -n 1p /config/openvpn-credentials.txt)
pass=$(sed -n 2p /config/openvpn-credentials.txt)
pf_host=$(ip route | head -1 | grep tun | awk '{ print $3 }')
###### Nextgen PIA port forwarding ##################
get_auth_token () {
tok=$(curl --insecure --silent --show-error --request POST --max-time $curl_max_time \
--header "Content-Type: application/json" \
--data "{\"username\":\"$user\",\"password\":\"$pass\"}" \
"https://www.privateinternetaccess.com/api/client/v2/token" | jq -r '.token')
[ $? -ne 0 ] && echo "Failed to acquire new auth token" && exit 1
#echo "$tok"
}
get_auth_token
yes '' | sed 3q
get_sig () {
pf_getsig=$(curl --insecure --get --silent --show-error \
--retry $curl_retry --retry-delay $curl_retry_delay --max-time $curl_max_time \
--data-urlencode "token=$tok" \
$verify \
"https://$pf_host:19999/getSignature")
if [ "$(echo $pf_getsig | jq -r .status)" != "OK" ]; then
echo "$(date): getSignature error"
echo $pf_getsig
echo "the has been a fatal_error"
fi
pf_payload=$(echo $pf_getsig | jq -r .payload)
pf_getsignature=$(echo $pf_getsig | jq -r .signature)
pf_port=$(echo $pf_payload | base64 -d | jq -r .port)
pf_token_expiry_raw=$(echo $pf_payload | base64 -d | jq -r .expires_at)
if date --help 2>&1 /dev/null | grep -i 'busybox' > /dev/null; then
pf_token_expiry=$(date -D %Y-%m-%dT%H:%M:%S --date="$pf_token_expiry_raw" +%s)
else
pf_token_expiry=$(date --date="$pf_token_expiry_raw" +%s)
fi
} }
pia_client_id="$(cat ${pia_client_id_file} 2>/dev/null)" bind_port () {
if [[ -z "${pia_client_id}" ]]; then pf_bind=$(curl --insecure --get --silent --show-error \
echo "Generating new client id for PIA" --retry $curl_retry --retry-delay $curl_retry_delay --max-time $curl_max_time \
pia_client_id=$(new_client_id) --data-urlencode "payload=$pf_payload" \
fi --data-urlencode "signature=$pf_getsignature" \
$verify \
"https://$pf_host:19999/bindPort")
if [ "$(echo $pf_bind | jq -r .status)" = "OK" ]; then
echo "the port has been bound to $pf_port $(date)"
else
echo "$(date): bindPort error"
echo $pf_bind
echo "the has been a fatal_error"
fi
}
# Get the port get_sig
port_assignment_url="http://209.222.18.222:2000/?client_id=$pia_client_id"
pia_response=$(curl -s -f "$port_assignment_url")
pia_curl_exit_code=$?
if [[ -z "$pia_response" ]]; then #echo "sig is $pf_getsig"
echo "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding" echo "port is $pf_port"
fi
# Check for curl error (curl will fail on HTTP errors with -f flag) bind_port
if [[ ${pia_curl_exit_code} -ne 0 ]]; then #echo "pf bind is $pf_bind"
echo "curl encountered an error looking up new port: $pia_curl_exit_code" new_port="$pf_port"
exit
fi
# Check for errors in PIA response
error=$(echo "$pia_response" | grep -oE "\"error\".*\"")
if [[ ! -z "$error" ]]; then
echo "PIA returned an error: $error"
exit
fi
# Get new port, check if empty
new_port=$(echo "$pia_response" | grep -oE "[0-9]+")
if [[ -z "$new_port" ]]; then
echo "Could not find new port from PIA"
exit
fi
echo "Got new port $new_port from PIA"
# #
# Now, set port in Transmission # Now, set port in Transmission
@@ -65,6 +92,8 @@ echo "Got new port $new_port from PIA"
# Check if transmission remote is set up with authentication # Check if transmission remote is set up with authentication
auth_enabled=$(grep 'rpc-authentication-required\"' "$transmission_settings_file" \ auth_enabled=$(grep 'rpc-authentication-required\"' "$transmission_settings_file" \
| grep -oE 'true|false') | grep -oE 'true|false')
if [[ "true" = "$auth_enabled" ]] if [[ "true" = "$auth_enabled" ]]
then then
echo "transmission auth required" echo "transmission auth required"
@@ -103,3 +132,44 @@ if [[ "$new_port" != "$transmission_peer_port" ]]; then
else else
echo "No action needed, port hasn't changed" echo "No action needed, port hasn't changed"
fi fi
echo ""
echo "initial setup complete!"
echo ""
echo "waiting for rebind loop................."
echo "token expiry $pf_token_expiry"
pf_remaining=$(( $pf_token_expiry - $(date +%s) ))
echo "remaining = $pf_remaining"
pf_bindinterval=$(( 30 * 60))
# Get a new token when the current one has less than this remaining
# Defaults to 7 days (same as desktop app)
pf_minreuse=$(( 60 * 60 * 24 * 7 ))
pf_remaining=0
pf_firstrun=1
vpn_ip=$(ip route | head -1 | grep tun | awk '{ print $3 }')
pf_host="$vpn_ip"
while true; do
pf_remaining=$(( $pf_token_expiry - $(date +%s) ))
# Get a new pf token as the previous one will expire soon
if [ $pf_remaining -lt $pf_minreuse ]; then
if [ $pf_firstrun -ne 1 ]; then
echo "$(date): PF token will expire soon. Getting new one."
else
echo "$(date): Getting PF token"
pf_firstrun=0
fi
get_sig
echo "$(date): Obtained PF token. Expires at $pf_token_expiry_raw"
bind_port
echo "$(date): Server accepted PF bind"
echo "$(date): Forwarding on port $pf_port"
echo "$(date): Rebind interval: $pf_bindinterval seconds"
fi
sleep $pf_bindinterval &
wait $!
bind_port
done