-
-if ! ssh wrt test -e /etc/openvpn/client.key; then
- /a/bin/vpn-setup/vpn-mk-client-cert do wrt
- sleep 10 # wait for connection before we try to ssh
-fi
-
-
-ssh do bash <<'EOFOUTER'
-set -eE -o pipefail
-old_rules="$(iptables -t nat -S PREROUTING)"
-iptables -t nat -F PREROUTING
-
-rm -rf /root/port-forwards
-for port in 63324 63326; do
-for proto in udp tcp; do
-echo iptables -t nat -A PREROUTING -i eth0 -p $proto -m $proto --dport $port -j DNAT --to-destination 10.8.0.6:$port >> /root/port-forwards
-done
-done
-chmod +x /root/port-forwards
-
-sudo dd of=/etc/systemd/system/myport-forward.service <<EOF
-[Unit]
-Description=Turns on port forwarding rules
-
-[Service]
-Type=oneshot
-ExecStart=/root/port-forwards
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl daemon-reload # needed if the file was already there
-systemctl enable myport-forward.service
-
-/root/port-forwards
-diff <(echo "$old_rules") <(iptables -t nat -S PREROUTING) ||:
-EOFOUTER