Comments after remotes not handled correctly
JenswBE opened this issue · 2 comments
Thanks for the awesome image!
Issue
Unfortunately, while setting up a fresh config from Mullvad, I kept receiving: write UDP []: Operation not permitted (code=1).
After some digging it turns out the entry script doesn't correctly handle comments at the end of a remote config option.
Mullvad's config contains e.g. (real IP's replaced with examples):
remote 10.0.0.1 1195 # be-bru-001
remote 10.0.0.2 1195 # be-bru-004
The line to extract the remotes converts this into below result, as it expects to find an optional protocol in the third position:
# grep "^remote " | awk '{print $2, $3, $4}'
10.0.0.1 1195 #
10.0.0.2 1195 #
If using killswitch iptables, this generates error:
iptables v1.8.8 (legacy): unknown protocol "#" specified
Try `iptables -h' or 'iptables --help' for more information.
For killswitch nftables, no error shows, but the generated rules are off (note missing accept part):
oifname "eth0" ip daddr 10.0.0.1
oifname "eth0" ip daddr 10.0.0.2
Possible solution
I'm not an expert on OpenVPN configs, but in case the # sign is reserved for comments, following find/replace could be added to remove all of them:
sed -i 's/#.*//g' "$modified_config_file"I can create a PR for this solution if you agree.
@JenswBE you hit this one directly on the head :)
I'm working on a rewrite of this image since I've learned a good bit since the beginning. I added a fix for this in the rewrite branch. Can you verify that it works for you?
I described how to use that branch here: #76 (comment)