use vpn

[automated-distro-installer] / wrt-setup-remote

diff --git a/wrt-setup-remote b/wrt-setup-remote
index 7bbdea6e41cf4f90336e13ed47f0f3e22bff52db..effae75b72b5fa2ea120fd4c889ed77bf14a379a 100755 (executable)
--- a/wrt-setup-remote
+++ b/wrt-setup-remote
@@ -12,3 +12,40 @@ if ! opkg list-installed|grep bash; then
 fi
 wrt-setup
 EOF
+
+if ! ssh wrt test -e /etc/openvpn/client.key; then
+    /a/bin/vpn-setup/vpn-mk-client-cert do wrt
+    sleep 10 # wait for connection before we try to ssh
+fi
+
+
+ssh do bash <<'EOFOUTER'
+set -eE -o pipefail
+old_rules="$(iptables -t nat -S PREROUTING)"
+iptables -t nat -F PREROUTING
+
+rm -rf /root/port-forwards
+for port in 63324 63326; do
+for proto in udp tcp; do
+echo iptables -t nat -A PREROUTING -i eth0 -p $proto -m $proto --dport $port -j DNAT --to-destination 10.8.0.6:$port >> /root/port-forwards
+done
+done
+chmod +x /root/port-forwards
+
+sudo dd of=/etc/systemd/system/myport-forward.service <<EOF
+[Unit]
+Description=Turns on port forwarding rules
+
+[Service]
+Type=oneshot
+ExecStart=/root/port-forwards
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl daemon-reload # needed if the file was already there
+systemctl enable myport-forward.service
+
+/root/port-forwards
+diff <(echo "$old_rules") <(iptables -t nat -S PREROUTING) ||:
+EOFOUTER