[Clug-tech] OpenVPN scripting
Shawn Grover
sgrover at open2space.com
Thu Mar 12 14:39:28 PDT 2009
I resolved the problem with a different approach.
I have a script that I call when I want to initialize the VPN
connection. This script looks like this:
------------------------------------------------
#!/bin/bash
#######################################
## setup
######################################
cd /home/sgrover/Documents/vpn
# backup current resolv.conf file
sudo cp /etc/resolv.conf ./resolv.conf
# replace resolv.conf with Remote Network specific details
sudo cp ./remoteResolv.conf /etc/resolv.conf
#######################################
## connect
######################################
# Create the VPN connection
sudo openvpn --config open2space-TO-IPCop.ovpn
------------------------------------------------
When this script ran I was trying to get the next step executed via the
.ovpn config file (with the "up" and/or "route-up" commands. Instead
I've modified the script above to look like this:
------------------------------------------------
#!/bin/bash
#######################################
## setupp
######################################
cd /home/sgrover/Documents/vpn
# backup current resolv.conf file
sudo cp /etc/resolv.conf ./resolv.conf
# replace resolv.conf with Remote Network specific details
sudo cp ./remoteResolv.conf /etc/resolv.conf
#######################################
## connect
######################################
# Create the VPN connection
sudo openvpn --config open2space-TO-IPCop.ovpn &
#######################################
## wait a bit, then mount the resources
######################################
sleep 10s
/home/sgrover/vpn/setupEnvironment
------------------------------------------------
Where my "setupEnvironment" script does what I need to mount the remote
locations. Notice the & character after the openvpn command - returning
control back to my script.
This is a bit of a hack though. I think I might change the "sleep"
command to look for a keystroke instead. "Once connected, hit any key
to mount the remote resources..." type of thing. But, this is working
much better than I had before....
Now, I just need to figure out how to unmount the drives and close the
VPN connection. Unmounting is easy, but do I do it when the VPN
connection ends (which means I need the "down" option in the ovpn config
file, and I'm right back where I started with the script problem) or do
I link to OpenVPN find the running connection and send a signal to close
it... I've seen passing references to this capability somewhere, so
more research. For now, calling my "connectionEnd" script manually
isn't much of a hassle though.
Thanks for the input / sounding board.
Shawn
John Jardine wrote:
> Hi Shawn,
>
> What are the permissions and ownership of
> route-up /home/sgrover/Documents/vpn/setup
> down /home/sgrover/Documents/vpn/teardown?
>
> I'm guessing you're running your OpenVPN server as root. If those
> scripts are writable by other than root that may be triggering the
> problem.
>
> Cheers,
> J.J.
>
>
> On Thu, 2009-03-12 at 05:15 -0600, Shawn Grover wrote:
>> Hi All.
>>
>> I've searched Google for quite a while on this and am not finding the
>> magic bullet. I'm trying to execute a script after the VPN connection
>> is up, and another when the connection ends.
>>
>> I'm connecting manually with "openvpn --config myconfig.opvn". My
>> config file looks like this:
>>
>> #OpenVPN Server conf
>> tls-client
>> client
>> dev tun
>> proto udp
>> tun-mtu 1400
>> remote 111.222.111.222 1194
>> pkcs12 /home/sgrover/Documents/vpn/mykeyfile.p12
>> cipher BF-CBC
>> verb 3
>> ns-cert-type server
>> route-up /home/sgrover/Documents/vpn/setup
>> down /home/sgrover/Documents/vpn/teardown
>>
>> The last two lines seem like the *should* work. The setup script works
>> fine if I run it manually. But putting it into the config file fails.
>> I've tried "up" and "route-up" here with similar results. I'm seeing
>> the following in the output:
>>
>> openvpn_execve: external program may not be called due to setting of
>> --script-security level
>> Route script failed: external program fork failed
>>
>> I see this for both the up and down scripts.
>>
>> I found a reference that suggested I had to "return control to openvpn
>> immediately after calling my script", and this hinted that the
>> setup/teardown scripts should call a second script then exit. I revised
>> my setup script to be something like this:
>>
>> #!/bin/bash
>> /home/sgrover/Documents/vpn/doSetup &
>>
>> But that made no difference.
>>
>> The idea here is to mount remote directories when the VPN connection is
>> made, and unmount them when the VPN goes away.
>>
>> Any tips/suggestions? Thanks.
>>
>> Shawn
>>
>> _______________________________________________
>> clug-tech mailing list
>> clug-tech at clug.ca
>> http://clug.ca/mailman/listinfo/clug-tech_clug.ca
>
>
> _______________________________________________
> clug-tech mailing list
> clug-tech at clug.ca
> http://clug.ca/mailman/listinfo/clug-tech_clug.ca
More information about the clug-tech
mailing list