Move port forwarding scripts into provider folders, unify call and fix export syntax of environment variables

2020-08-22 15:24:12 +02:00
parent f8fa45e386
commit f5a305bb8e
5 changed files with 6 additions and 18 deletions
--- a/openvpn/perfectprivacy/update-port.sh
+++ b/openvpn/perfectprivacy/update-port.sh
@@ -0,0 +1,69 @@
+#! /bin/bash
+
+# Source our persisted env variables from container startup
+. /etc/transmission/environment-variables.sh
+
+# Settings
+TRANSMISSION_PASSWD_FILE=/config/transmission-credentials.txt
+
+transmission_username=$(head -1 $TRANSMISSION_PASSWD_FILE)
+transmission_passwd=$(tail -1 $TRANSMISSION_PASSWD_FILE)
+transmission_settings_file=${TRANSMISSION_HOME}/settings.json
+
+# Calculate the port
+
+IPADDRESS=$1
+echo "ipAddress to calculate port from $IPADDRESS"
+oct3=$(echo ${IPADDRESS} | tr "." " " | awk '{ print $3 }')
+oct4=$(echo ${IPADDRESS} | tr "." " " | awk '{ print $4 }')
+oct3binary=$(bc <<<"obase=2;$oct3" | awk '{ len = (8 - length % 8) % 8; printf "%.*s%s\n", len, "00000000", $0}')
+oct4binary=$(bc <<<"obase=2;$oct4" | awk '{ len = (8 - length % 8) % 8; printf "%.*s%s\n", len, "00000000", $0}')
+
+sum=${oct3binary}${oct4binary}
+portPartBinary=${sum:4}
+portPartDecimal=$((2#$portPartBinary))
+if [ ${#portPartDecimal} -ge 4 ]
+	then
+	new_port="1"${portPartDecimal}
+else
+	new_port="10"${portPartDecimal}
+fi
+echo "calculated port $new_port"
+
+#
+# Now, set port in Transmission
+#
+
+# Check if transmission remote is set up with authentication
+auth_enabled=$(grep 'rpc-authentication-required\"' $transmission_settings_file | grep -oE 'true|false')
+if [ "true" = "$auth_enabled" ]
+  then
+  echo "transmission auth required"
+  myauth="--auth $transmission_username:$transmission_passwd"
+else
+    echo "transmission auth not required"
+    myauth=""
+fi
+
+# get current listening port
+sleep 3
+transmission_peer_port=$(transmission-remote $myauth -si | grep Listenport | grep -oE '[0-9]+')
+if [ "$new_port" != "$transmission_peer_port" ]; then
+  if [ "true" = "$ENABLE_UFW" ]; then
+    echo "Update UFW rules before changing port in Transmission"
+
+    echo "denying access to $transmission_peer_port"
+    ufw deny ${transmission_peer_port}
+
+    echo "allowing $new_port through the firewall"
+    ufw allow ${new_port}
+  fi
+
+  transmission-remote ${myauth} -p "$new_port"
+
+  echo "Checking port..."
+  sleep 10
+  transmission-remote ${myauth} -pt
+else
+    echo "No action needed, port hasn't changed"
+fi
--- a/openvpn/persistEnvironment.py
+++ b/openvpn/persistEnvironment.py
@@ -37,7 +37,7 @@ for env_var in os.environ:
 with open(args.env_var_script_file, 'w') as script_file:
    for var_name, var_value in variables_to_persist.items():
        script_file.write(
-            'export {env_var} = {env_var_value}\n'.format(
+            'export {env_var}={env_var_value}\n'.format(
                env_var=var_name,
                env_var_value=var_value,
            ),
--- a/openvpn/pia/update-port.sh
+++ b/openvpn/pia/update-port.sh
@@ -0,0 +1,105 @@
+#! /bin/bash
+
+echo "Wait for tunnel to be fully initialized and PIA is ready to give us a port"
+sleep 15
+
+# Source our persisted env variables from container startup
+. /etc/transmission/environment-variables.sh
+
+# Settings
+TRANSMISSION_PASSWD_FILE=/config/transmission-credentials.txt
+
+transmission_username=$(head -1 ${TRANSMISSION_PASSWD_FILE})
+transmission_passwd=$(tail -1 ${TRANSMISSION_PASSWD_FILE})
+pia_client_id_file=/etc/transmission/pia_client_id
+transmission_settings_file=${TRANSMISSION_HOME}/settings.json
+
+#
+# First get a port from PIA
+#
+
+new_client_id() {
+    head -n 100 /dev/urandom | sha256sum | tr -d " -" | tee ${pia_client_id_file}
+}
+
+pia_client_id="$(cat ${pia_client_id_file} 2>/dev/null)"
+if [[ -z "${pia_client_id}" ]]; then
+   echo "Generating new client id for PIA"
+   pia_client_id=$(new_client_id)
+fi
+
+# Get the port
+port_assignment_url="http://209.222.18.222:2000/?client_id=$pia_client_id"
+pia_response=$(curl -s -f "$port_assignment_url")
+pia_curl_exit_code=$?
+
+if [[ -z "$pia_response" ]]; then
+    echo "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding"
+fi
+
+# Check for curl error (curl will fail on HTTP errors with -f flag)
+if [[ ${pia_curl_exit_code} -ne 0 ]]; then
+   echo "curl encountered an error looking up new port: $pia_curl_exit_code"
+   exit
+fi
+
+# Check for errors in PIA response
+error=$(echo "$pia_response" | grep -oE "\"error\".*\"")
+if [[ ! -z "$error" ]]; then
+   echo "PIA returned an error: $error"
+   exit
+fi
+
+# Get new port, check if empty
+new_port=$(echo "$pia_response" | grep -oE "[0-9]+")
+if [[ -z "$new_port" ]]; then
+    echo "Could not find new port from PIA"
+    exit
+fi
+echo "Got new port $new_port from PIA"
+
+#
+# Now, set port in Transmission
+#
+
+# Check if transmission remote is set up with authentication
+auth_enabled=$(grep 'rpc-authentication-required\"' "$transmission_settings_file" \
+                   | grep -oE 'true|false')
+if [[ "true" = "$auth_enabled" ]]
+  then
+  echo "transmission auth required"
+  myauth="--auth $transmission_username:$transmission_passwd"
+else
+    echo "transmission auth not required"
+    myauth=""
+fi
+
+# make sure transmission is running and accepting requests
+echo "waiting for transmission to become responsive"
+until torrent_list="$(transmission-remote $myauth -l)"; do sleep 10; done
+echo "transmission became responsive"
+output="$(echo "$torrent_list" | tail -n 2)"
+echo "$output"
+
+# get current listening port
+transmission_peer_port=$(transmission-remote $myauth -si | grep Listenport | grep -oE '[0-9]+')
+if [[ "$new_port" != "$transmission_peer_port" ]]; then
+  if [[ "true" = "$ENABLE_UFW" ]]; then
+    echo "Update UFW rules before changing port in Transmission"
+
+    echo "denying access to $transmission_peer_port"
+    ufw deny "$transmission_peer_port"
+
+    echo "allowing $new_port through the firewall"
+    ufw allow "$new_port"
+  fi
+
+  echo "setting transmission port to $new_port"
+  transmission-remote ${myauth} -p "$new_port"
+
+  echo "Checking port..."
+  sleep 10
+  transmission-remote ${myauth} -pt
+else
+    echo "No action needed, port hasn't changed"
+fi
--- a/openvpn/privatevpn/update-port.sh
+++ b/openvpn/privatevpn/update-port.sh
@@ -0,0 +1,84 @@
+#! /bin/bash
+
+# Source our persisted env variables from container startup
+. /etc/transmission/environment-variables.sh
+
+# Settings
+TRANSMISSION_PASSWD_FILE=/config/transmission-credentials.txt
+
+transmission_username=$(head -1 $TRANSMISSION_PASSWD_FILE)
+transmission_passwd=$(tail -1 $TRANSMISSION_PASSWD_FILE)
+transmission_settings_file=${TRANSMISSION_HOME}/settings.json
+
+#
+# Fetch forwarded port from PrivateVPN API
+#
+
+# Get the port
+tun_ip=$(ip address show dev tun0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1)
+pvpn_get_port_url="https://xu515.pvdatanet.com/v3/mac/port?ip%5B%5D=$tun_ip"
+pvpn_response=$(curl -s -f "$pvpn_get_port_url")
+pvpn_curl_exit_code=$?
+
+if [[ -z "$pvpn_response" ]]; then
+    echo "PrivateVPN port forward API returned a bad response"
+fi
+
+# Check for curl error (curl will fail on HTTP errors with -f flag)
+if [[ ${pvpn_curl_exit_code} -ne 0 ]]; then
+    echo "curl encountered an error looking up forwarded port: $pvpn_curl_exit_code"
+    exit
+fi
+
+# Check for errors in curl response
+error=$(echo "$pvpn_response" | grep -o "\"Not supported\"")
+if [[ ! -z "$error" ]]; then
+    echo "PrivateVPN API returned an error: $error - not all PrivateVPN servers support port forwarding. Try 'SE Stockholm'."
+    exit
+fi
+
+# Get new port, check if empty
+new_port=$(echo "$pvpn_response" | grep -oe 'Port [0-9]*' | awk '{print $2}' | cut -d/ -f1)
+if [[ -z "$new_port" ]]; then
+    echo "Could not find new port from PrivateVPN API"
+    exit
+fi
+echo "Got new port $new_port from PrivateVPN API"
+
+#
+# Now, set port in Transmission
+#
+
+# Check if transmission remote is set up with authentication
+auth_enabled=$(grep 'rpc-authentication-required\"' $transmission_settings_file | grep -oE 'true|false')
+if [ "true" = "$auth_enabled" ]
+  then
+  echo "transmission auth required"
+  myauth="--auth $transmission_username:$transmission_passwd"
+else
+    echo "transmission auth not required"
+    myauth=""
+fi
+
+# get current listening port
+sleep 3
+transmission_peer_port=$(transmission-remote $myauth -si | grep Listenport | grep -oE '[0-9]+')
+if [ "$new_port" != "$transmission_peer_port" ]; then
+  if [ "true" = "$ENABLE_UFW" ]; then
+    echo "Update UFW rules before changing port in Transmission"
+
+    echo "denying access to $transmission_peer_port"
+    ufw deny ${transmission_peer_port}
+
+    echo "allowing $new_port through the firewall"
+    ufw allow ${new_port}
+  fi
+
+  transmission-remote ${myauth} -p "$new_port"
+
+  echo "Checking port..."
+  sleep 10
+  transmission-remote ${myauth} -pt
+else
+    echo "No action needed, port hasn't changed"
+fi