WallaceTan

66.85.48.11:46149	2021-03-24T23:55:00.436923Z	200	HTTP/2.0	GET	/client/widget/account/status?embed_key=example-key
54.174.190.39:28126	2021-03-24T23:55:01.580521Z	101	HTTP/1.1	GET	/s/W/ws/4k4kvv8cha0g2zck/c/1616629988
34.75.189.161:39584	2021-03-24T23:55:01.614189Z	200	HTTP/2.0	GET	/client/widget/account/status?embed_key=example-key
34.74.9.21:3651	2021-03-24T23:55:02.181501Z	200	HTTP/2.0	GET	/client/widget/account/status?embed_key=example-key
66.85.52.126:13836	2021-03-24T23:55:02.917567Z	101	HTTP/1.1	GET	/s/W/ws/3Dx2u3AVV-kwtWLd/c/1616630096762
54.174.190.39:13810	2021-03-24T23:55:03.137890Z	101	HTTP/1.1	GET	/s/W/ws/29cf92fa3901ead5a8/c/1616630096165
66.85.52.122:49889	2021-03-24T23:55:25.997658Z	101	HTTP/1.1	GET	/s/W/ws/pP6m-Bfw0J+hpPmM/c/1616629995222
54.174.190.39:5630	2021-03-24T23:55:02.656376Z	101	HTTP/1.1	GET	/s/W/ws/z7zbl2tigdyzryva/c/1616629988
66.85.52.126:46789	2021-03-24T23:55:19.954843Z	101	HTTP/1.1	GET	/s/W/ws/GqGqTmsu4c2YnU4F/c/1616630119147
66.85.52.126:29512	2021-03-24T23:55:22.828505Z	101	

WallaceTan

#!/bin/sh

## Configure NAT to masquerade the source IP of packets sent to tun0 to router's IP
iptables -t nat -I POSTROUTING 1 -o tun0 -j MASQUERADE

## https://www.snbforums.com/threads/openvpn-client-with-2fa.79337/
## 1) Unnecessary to allow *outbound* rules with Asuswrt-Merlin,
##    as all *outbound* is allowed from default network (br0)
## 2) Don't use firmware's user-defined chains 'OVPN' as it may change in future versions.
## 3) Use INPUT and/or FORWARD chains.

WallaceTan

#!/bin/sh

iptables -I OVPN -o tun0 -j ACCEPT
iptables -t nat -I POSTROUTING 1 -o tun0 -j MASQUERADE

# Troubleshoot iptables rule with:
# iptables --line-numbers -vL FORWARD
# iptables --line-numbers -vL OVPN
# iptables -t nat --line-numbers -vL POSTROUTING

WallaceTan

#!/opt/bin/expect

set OTP [lindex $argv 0]
eval spawn /usr/sbin/openvpn --config /jffs/openvpn/client.ovpn --auth-user-pass /jffs/openvpn/client-credentials.txt
set prompt "CHALLENGE: Enter Authenticator Code"
interact -o -nobuffer -re $prompt return
send "$OTP\r"
interact

WallaceTan

username-on-line1
password-on-line2

# /usr/sbin/openvpn
# OpenVPN 2.5.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug  6 2021
# --auth-user-pass [up] : Authenticate with server using username/password.
#                   up is a file containing the username on the first line,
#                   and a password on the second. If either the password or both
#                   the username and the password are omitted OpenVPN will prompt
#                   for them from console.

WallaceTan

setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote my-vpn.server.com 1194 udp
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800

WallaceTan

# File Path: ~/bin/otp-{APP}-{USERNAME}.sh
#!/bin/bash
# Generate OTP with oathtool and SECRET-KEY from QR-code.
# Pipe to tee
# Strip the ending NEW-LINE ('\n')
# Pipe to MacOS clipboard
echo -e "$(/usr/local/bin/oathtool --totp -b [SECRET-KEY])" | tee >(tr -d '\n' | pbcopy)

WallaceTan

#!/bin/sh
echo -n $1 | md5sum | awk '{print $1}'

WallaceTan

#!/bin/sh
DYNU_PASSWORD="[your-password-at-dynu.com]"
DYNU_PASSWORD_MD5=`/jffs/md5.sh $DYNU_PASSWORD`
DYNU_DDNS_HOSTNAME="[your-hostname].ddnsfree.com"
DYNU_UPDATE_URL="https://api.dynu.com/nic/update"

CACHED_IP_FILE=/tmp/cachedip
SCRIPT_NAME=$(basename $0)
SCRIPT_PID=`/bin/pidof $SCRIPT_NAME`
SYSLOG_TAG="$SCRIPT_NAME[$SCRIPT_PID]"

WallaceTan

#!/bin/sh
NOIP_USERNAME="[your-username-at-noip.com]"
NOIP_PASSWORD="[your-password-at-noip.com]"
NOIP_DDNS_HOSTNAME="[your-hostname].ddns.net"
NOIP_UPDATE_URL="https://dynupdate.no-ip.com/nic/update"

CACHED_IP_FILE=/tmp/cached_ip
SCRIPT_NAME=$(basename $0)
SCRIPT_PID=`/bin/pidof $SCRIPT_NAME`
SYSLOG_TAG="$SCRIPT_NAME[$SCRIPT_PID]"