X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=wrt-setup-remote;h=effae75b72b5fa2ea120fd4c889ed77bf14a379a;hp=7bbdea6e41cf4f90336e13ed47f0f3e22bff52db;hb=7815dd8b158226f7186bf987d270b4f824902555;hpb=896f57cc86a9babea7bdb2bf39d95ba2c77beca6

diff --git a/wrt-setup-remote b/wrt-setup-remote
index 7bbdea6..effae75 100755
--- a/wrt-setup-remote
+++ b/wrt-setup-remote
@@ -12,3 +12,40 @@ if ! opkg list-installed|grep bash; then
 fi
 wrt-setup
 EOF
+
+if ! ssh wrt test -e /etc/openvpn/client.key; then
+    /a/bin/vpn-setup/vpn-mk-client-cert do wrt
+    sleep 10 # wait for connection before we try to ssh
+fi
+
+
+ssh do bash <<'EOFOUTER'
+set -eE -o pipefail
+old_rules="$(iptables -t nat -S PREROUTING)"
+iptables -t nat -F PREROUTING
+
+rm -rf /root/port-forwards
+for port in 63324 63326; do
+for proto in udp tcp; do
+echo iptables -t nat -A PREROUTING -i eth0 -p $proto -m $proto --dport $port -j DNAT --to-destination 10.8.0.6:$port >> /root/port-forwards
+done
+done
+chmod +x /root/port-forwards
+
+sudo dd of=/etc/systemd/system/myport-forward.service <<EOF
+[Unit]
+Description=Turns on port forwarding rules
+
+[Service]
+Type=oneshot
+ExecStart=/root/port-forwards
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl daemon-reload # needed if the file was already there
+systemctl enable myport-forward.service
+
+/root/port-forwards
+diff <(echo "$old_rules") <(iptables -t nat -S PREROUTING) ||:
+EOFOUTER