Bugfix

- Fixed an issue with IPTables rules not persisting after a reboot,
  if both IPsec VPN and OpenVPN are installed on the same server.
  We restart the openvpn-iptables.service in /etc/rc.local to make
  sure the rules are added.
  Ref: https://github.com/hwdsl2/wireguard-install/issues/2

openvpn-install.sh

@@ -435,6 +435,27 @@ EOF
 	sysctl -e -q -p "$conf_opt"
 }
 
+update_rclocal() {
+	ipt_cmd="systemctl restart openvpn-iptables.service"
+	if ! grep -qs "$ipt_cmd" /etc/rc.local; then
+		if [ ! -f /etc/rc.local ]; then
+			echo '#!/bin/sh' > /etc/rc.local
+		else
+			if [ "$os" = "ubuntu" ] || [ "$os" = "debian" ]; then
+				sed --follow-symlinks -i '/^exit 0/d' /etc/rc.local
+			fi
+		fi
+cat >> /etc/rc.local <<EOF
+
+$ipt_cmd
+EOF
+		if [ "$os" = "ubuntu" ] || [ "$os" = "debian" ]; then
+			echo "exit 0" >> /etc/rc.local
+		fi
+		chmod +x /etc/rc.local
+	fi
+}
+
 show_header() {
 cat <<'EOF'
 
@@ -749,6 +770,7 @@ WantedBy=multi-user.target" >> /etc/systemd/system/openvpn-iptables.service
 			systemctl enable --now openvpn-iptables.service >/dev/null 2>&1
 		)
 	fi
+	update_rclocal
 	# If SELinux is enabled and a custom port was selected, we need this
 	if sestatus 2>/dev/null | grep "Current mode" | grep -q "enforcing" && [[ "$port" != 1194 ]]; then
 		# Install semanage if not already present
@@ -972,6 +994,10 @@ else
 					echo 0 > /proc/sys/net/ipv4/ip_forward
 					echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
 				fi
+				ipt_cmd="systemctl restart openvpn-iptables.service"
+				if grep -qs "$ipt_cmd" /etc/rc.local; then
+					sed --follow-symlinks -i "/^$ipt_cmd/d" /etc/rc.local
+				fi
 				if [[ "$os" = "debian" || "$os" = "ubuntu" ]]; then
 					(
 						set -x