Make vpn port fully configurable

janole · Jun 9, 2024 · e856347 · e856347
1 parent ef2f063
commit e856347
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/rules.v4 b/rules.v4
@@ -3,12 +3,12 @@
 :INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [0:0]
--A INPUT -i eth0 -p udp -m state --state NEW,ESTABLISHED -m udp --dport 1194 -j ACCEPT
+-A INPUT -i eth0 -p udp -m state --state NEW,ESTABLISHED -m udp --dport ${VPN_PORT} -j ACCEPT
 -A INPUT -i tun0 -j ACCEPT
 -A FORWARD -i tun0 -j ACCEPT
 -A FORWARD -s 10.8.0.0/24 -i tun0 -o eth0 -j ACCEPT
 -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
--A OUTPUT -o eth0 -p udp -m state --state ESTABLISHED -m udp --sport 1194 -j ACCEPT
+-A OUTPUT -o eth0 -p udp -m state --state ESTABLISHED -m udp --sport ${VPN_PORT} -j ACCEPT
 -A OUTPUT -o tun0 -j ACCEPT
 COMMIT
 # Generated by iptables-save v1.8.9 (nf_tables)

diff --git a/scripts/start-vpn.sh b/scripts/start-vpn.sh
@@ -4,8 +4,10 @@ set -e
 
 openssl verify -verbose -CAfile ${VPNCAFILE} ${VPNCERTFILE}
 
-iptables-restore < /etc/iptables/rules.v4
+CONF="${SERVERCONF:-$TCPCONF}"
 
-echo "Starting with config ${SERVERCONF:-$TCPCONF} ..."
+VPN_PORT=`grep "^port " $CONF | sed -e "s/[^0-9]*//g"`
+envsubst < /etc/iptables/rules.v4 | iptables-restore
 
-exec openvpn --config ${SERVERCONF:-$TCPCONF}
+echo "Starting with config ${CONF} ..."
+exec openvpn --config ${CONF}