[arm-allstar] Curious issue - /usr/local/etc/rc.allstar

[David McGough]

Hi Rob,

No, the /etc/rc.local file doesn't typically get replaced / updated.  
However, there was a change to this file that got pushed late last year
(2019), replacing the existing file. Had your node not gotten updated 
after the initial setup? Or, perhaps you started from an older firmware 
image and then updated?

Anyhow, the 112.117.218.11 and 112.117.219.19 addresses in the sample file
are literally addresses from the 12.17.28.0/23 subnet, which is allocated
to me, with some extraneous digits (mainly "1" digits)  quickly
inserted/changed here and there. I tested that sample file on a working
server at my shop, just to confirm it was syntactically correct.

BTW, your original message to the list got trapped by the content filter. 
I recovered most of the text and included, below.

Happy New Year!

73, David KB4FXC



On Thu, 31 Dec 2020, Rob Seaman wrote:
> 
> Date: Thu, 31 Dec 2020 23:55:49 +0000
> From: Rob Seaman <vk6ld at outlook.com.au>
> To: "arm-allstar at hamvoip.org" <arm-allstar at hamvoip.org>
> Subject: Curious issue - /usr/local/etc/rc.allstar
> 
> 
> Hi All,
> 
> I'm running a few Allstar/Hamvoip nodes and using OpenVPN, so I can
> remotely connect to the nodes via SSH, without having the SSH port exposed
> to the wider internet.
> 
> A couple of weeks ago, two of the nodes weren't connecting to our local
> hub and were unreachable via SSH on the VPN.
> 
> Once I got access to the nodes, both had a strange 112.117.*.* IP address
> for tun0. What worried me more was these IP addresses were for a provider
> in a country known for hacking attempts!
> 
> After disabling the VPN and tracing through, I found the cause of the 
> issue.
> 
> For each node, I generate a unique .ovpn or .conf file on the OpenVPN
> server, which is usually the node-number.conf and drop this into the
> /etc/openvpn directory of the node.
> 
> On the node in the /etc/openvpn directory already is a default client.conf 
> file, which I never looked at.
> 
> I modify /usr/local/etc/rc.allstar on the node to point to the new
> nodenumber.conf file (e.g.: /etc/openvpn/start-openvpn 40000.conf) instead
> of the default client.conf, save then exit.
> 
> It appears at some point in the first couple of weeks of December 2020,
> the rc.allstar file I modified in September 2020, was replaced/updated
> with the 'default' template, dated Feb 15 2019. This node was built in
> February or April 2020 and I added the OpenVPN to it in September 2020, so
> strange it has defaulted back to an earlier date.
> 
> This caused the VPN to connect (or attempt) to connect to the IP address
> in the default /etc/openvpn/client.conf, which I found contained the
> 112.117.*.* IP address.
> 
> I worked around this for future scenarios by copying 
> /etc/openvpn/nodenumber.conf to /etc/openvpn/client.conf .
> 
> So just wondering if the replacing/updating the rc.allstar file on a node
> is usual activity and worried should I be that the node was or was
> attempting to connect to the 112.117.*.* IP address. I find it odd that a
> default OpenVPN client.conf to have a real public IP that goes to a
> provider in a country known for hacking attempts?
> 
> Regards,
> 
> Rob...
> VK6LD
> 
> 
>