From a2adb59d693ae295cb1ef4c827d2d54796826667 Mon Sep 17 00:00:00 2001
From: r0p0s3c <rudolph.pereira+github@occamsec.com>
Date: Tue, 14 Feb 2017 15:34:24 -0500
Subject: [PATCH] move iptables/nat functionality to a function
 (setupIptablesAndRouting) This allows iptables rule update to be overridden
 by creating/supplying that function in, for example, ovpn_env.sh

---
 bin/ovpn_run | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/bin/ovpn_run b/bin/ovpn_run
index 7ba16b1..0112a0e 100755
--- a/bin/ovpn_run
+++ b/bin/ovpn_run
@@ -35,6 +35,18 @@ function addArg {
     fi
 }
 
+function setupIptablesAndRouting {
+    iptables -t nat -C POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE || {
+      iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE
+    }
+    for i in "${OVPN_ROUTES[@]}"; do
+        iptables -t nat -C POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE || {
+          iptables -t nat -A POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE
+        }
+    done
+}
+
+
 addArg "--config" "$OPENVPN/openvpn.conf"
 
 source "$OPENVPN/ovpn_env.sh"
@@ -53,14 +65,7 @@ fi
 
 # Setup NAT forwarding if requested
 if [ "$OVPN_DEFROUTE" != "0" ] || [ "$OVPN_NAT" == "1" ] ; then
-    iptables -t nat -C POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE || {
-      iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE
-    }
-    for i in "${OVPN_ROUTES[@]}"; do
-        iptables -t nat -C POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE || {
-          iptables -t nat -A POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE
-        }
-    done
+	setupIptablesAndRouting
 fi
 
 # Use a hacky hardlink as the CRL Needs to be readable by the user/group
@@ -85,4 +90,3 @@ fi
 
 echo "Running 'openvpn ${ARGS[@]} ${USER_ARGS[@]}'"
 exec openvpn ${ARGS[@]} ${USER_ARGS[@]}
-