fix bug dperson#94

openvpn.sh

@@ -21,7 +21,7 @@ set -o nounset                              # Treat unset variables as an error
 ### cert_auth: setup auth passwd for accessing certificate
 # Arguments:
 #   passwd) Password to access the cert
-# Return: conf file that uses VPN provider's DNS resolvers
+# Return: conf file that supports certificate authentication
 cert_auth() { local passwd="$1"
     grep -q "^${passwd}\$" $auth || {
         echo "$passwd" >$auth
@@ -57,18 +57,19 @@ firewall() { local port=${1:-1194} docker_network=$(ip -o addr show dev eth0 |
         port=$(awk '/^remote / && NF ~ /^[0-9]*$/ {print $NF}' $conf |
                     grep ^ || echo 1194)
 
-    ip6tables -F OUTPUT
-    ip6tables -P OUTPUT DROP
-    ip6tables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-    ip6tables -A OUTPUT -o lo -j ACCEPT
-    ip6tables -A OUTPUT -o tap0 -j ACCEPT
-    ip6tables -A OUTPUT -o tun0 -j ACCEPT
-    ip6tables -A OUTPUT -d ${docker6_network} -j ACCEPT
-    ip6tables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
+    ip6tables -F OUTPUT 2>/dev/null
+    ip6tables -P OUTPUT DROP 2>/dev/null
+    ip6tables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT \
+                2>/dev/null
+    ip6tables -A OUTPUT -o lo -j ACCEPT 2>/dev/null
+    ip6tables -A OUTPUT -o tap0 -j ACCEPT 2>/dev/null
+    ip6tables -A OUTPUT -o tun0 -j ACCEPT 2>/dev/null
+    ip6tables -A OUTPUT -d ${docker6_network} -j ACCEPT 2>/dev/null
+    ip6tables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT 2>/dev/null
     ip6tables -A OUTPUT -p tcp -m owner --gid-owner vpn -j ACCEPT 2>/dev/null &&
-    ip6tables -A OUTPUT -p udp -m owner --gid-owner vpn -j ACCEPT || {
-        ip6tables -A OUTPUT -p tcp -m tcp --dport $port -j ACCEPT
-        ip6tables -A OUTPUT -p udp -m udp --dport $port -j ACCEPT; }
+    ip6tables -A OUTPUT -p udp -m owner --gid-owner vpn -j ACCEPT 2>/dev/null ||
+        { ip6tables -A OUTPUT -p tcp -m tcp --dport $port -j ACCEPT 2>/dev/null
+        ip6tables -A OUTPUT -p udp -m udp --dport $port -j ACCEPT 2>/dev/null; }
     iptables -F OUTPUT
     iptables -P OUTPUT DROP
     iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
@@ -92,7 +93,7 @@ firewall() { local port=${1:-1194} docker_network=$(ip -o addr show dev eth0 |
 return_route6() { local network="$1" gw=$(ip -6 route|awk '/default/{print $3}')
     ip -6 route | grep -q "$network" ||
         ip -6 route add to $network via $gw dev eth0
-    ip6tables -A OUTPUT --destination $network -j ACCEPT
+    ip6tables -A OUTPUT --destination $network -j ACCEPT 2>/dev/null
     [[ -e $route6 ]] &&grep -q "^$network\$" $route6 ||echo "$network" >>$route6
 }
 
@@ -154,7 +155,7 @@ vpn() { local server="$1" user="$2" pass="$3" port="${4:-1194}" i \
 # Return: configured NAT rule
 vpnportforward() { local port="$1"
     ip6tables -t nat -A OUTPUT -p tcp --dport $port -j DNAT \
-                --to-destination ::11:$port
+                --to-destination ::11:$port 2>/dev/null
     iptables -t nat -A OUTPUT -p tcp --dport $port -j DNAT \
                 --to-destination 127.0.0.11:$port
     echo "Setup forwarded port: $port"