From d394509c7eb752e3ad02a89f72dd79612b7b821a Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Thu, 17 Nov 2022 08:50:54 -0600 Subject: [PATCH] Bugfix - Fixed an issue with IPTables rules not persisting after a reboot, if both IPsec VPN and OpenVPN are installed on the same server. We restart the openvpn-iptables.service in /etc/rc.local to make sure the rules are added. Ref: https://github.com/hwdsl2/wireguard-install/issues/2 --- openvpn-install.sh | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/openvpn-install.sh b/openvpn-install.sh index 09ee0e0..b1dbd62 100644 --- a/openvpn-install.sh +++ b/openvpn-install.sh @@ -435,6 +435,27 @@ EOF sysctl -e -q -p "$conf_opt" } +update_rclocal() { + ipt_cmd="systemctl restart openvpn-iptables.service" + if ! grep -qs "$ipt_cmd" /etc/rc.local; then + if [ ! -f /etc/rc.local ]; then + echo '#!/bin/sh' > /etc/rc.local + else + if [ "$os" = "ubuntu" ] || [ "$os" = "debian" ]; then + sed --follow-symlinks -i '/^exit 0/d' /etc/rc.local + fi + fi +cat >> /etc/rc.local <> /etc/rc.local + fi + chmod +x /etc/rc.local + fi +} + show_header() { cat <<'EOF' @@ -749,6 +770,7 @@ WantedBy=multi-user.target" >> /etc/systemd/system/openvpn-iptables.service systemctl enable --now openvpn-iptables.service >/dev/null 2>&1 ) fi + update_rclocal # If SELinux is enabled and a custom port was selected, we need this if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$port" != 1194 ]]; then # Install semanage if not already present @@ -972,6 +994,10 @@ else echo 0 > /proc/sys/net/ipv4/ip_forward echo 0 > /proc/sys/net/ipv6/conf/all/forwarding fi + ipt_cmd="systemctl restart openvpn-iptables.service" + if grep -qs "$ipt_cmd" /etc/rc.local; then + sed --follow-symlinks -i "/^$ipt_cmd/d" /etc/rc.local + fi if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then ( set -x