'openvpn-event' script working?

[henrikk]

I am running 3.0.0.4.270.26b.

I have been able to use scripts placed in /jffs/scripts just fine, but I cannot get the 'openvpn-event' script to work. It appears that it is not called.

Can someone verify the openvpn-event script is working for them?

Thanks,
- Henrik

 

[RMerlin]

I am running 3.0.0.4.270.26b.

I have been able to use scripts placed in /jffs/scripts just fine, but I cannot get the 'openvpn-event' script to work. It appears that it is not called.

Can someone verify the openvpn-event script is working for them?

Thanks,
- Henrik

That feature was added in 3.0.0.4.354.28.

 

[henrikk]

That feature was added in 3.0.0.4.354.28.

That explains it! Thanks... I'll have to upgrade sooner then expected.

- Henrik

 

[josh.zyman]

That feature was added in 3.0.0.4.354.28.

I have version 3.0.0.4.374.38_1 on RT-AC68U and openvpn-event is called if I turn on a client connection to a VPN server, but it is not called if I reboot.
The VPN connection is set to start with WAN, but the script it is not called.

Any ideas?

EDIT: noup, the scripts doesn't work at all. I have the script /jffs/scripts/openvpn-event as chmod 777 and in it I have the following code:

#!/bin/sh
logger "openvpn-event event called"

#call the script to load selective routing
sh loadSelectiveRouting

The result? The line is not written in the log and my custom script is not called.
In the script loadSelectiveRouting I have the line "touch /tmp/000wanstarted", but the file is not created
Is this user script still available with my version?

 

[RMerlin]

I have version 3.0.0.4.374.38_1 on RT-AC68U and openvpn-event is called if I turn on a client connection to a VPN server, but it is not called if I reboot.
The VPN connection is set to start with WAN, but the script it is not called.

Any ideas?

EDIT: noup, the scripts doesn't work at all. I have the script /jffs/scripts/openvpn-event as chmod 777 and in it I have the following code:

#!/bin/sh
logger "openvpn-event event called"

#call the script to load selective routing
sh loadSelectiveRouting

The result? The line is not written in the log and my custom script is not called.
In the script loadSelectiveRouting I have the line "touch /tmp/000wanstarted", but the file is not created
Is this user script still available with my version?

It should be, tho I haven't retested it since when it was implemented. I'll try to take a look at it over the weekend.

 

[Hothersale]

I'm having the same problem with the openvpn-event script never being called. Is this a known issue?

(I am on an older firmware version (3.0.0.4.374.34_2-sdk5), but I don't see any fix for this in any of the recent release notes.)

 

[RMerlin]

You are probably misunderstanding what this script is for.

For the OpenVPN server: the script gets executed when the server is started or stopped. This is used for applying custom firewall rules. I just tested it myself here and this is working fine. Don't forget to restart the OpenVPN server after creating the script.

For the OpenVPN client: the script gets executed when the client on the router connects to a remote server.

This script is NOT for events when a remote client connects to your router.

 

[Hothersale]

I am trying to automatically run a script when the router connects as an OpenVPN Client to my VPN provider. The script (which opens a port in the firewall among other things) works fine when I run it manually.

Using this code in openvpn-event as a simple test....

#!/bin/sh

touch /tmp/000_YAY

...the file fails to be written. It makes no difference if the OpenVPN Client connection Starts on WAN, or if I connect manually, the result is the same. I have set the read and execute permissions correctly, I've tried using both the Client 1 and Client 2 settings... I just don't understand it.

 

[Martineau]

I am trying to automatically run a script when the router connects as an OpenVPN Client to my VPN provider. The script (which opens a port in the firewall among other things) works fine when I run it manually.

Using this code in openvpn-event as a simple test....

#!/bin/sh

touch /tmp/000_YAY

...the file fails to be written. It makes no difference if the OpenVPN Client connection Starts on WAN, or if I connect manually, the result is the same. I have set the read and execute permissions correctly, I've tried using both the Client 1 and Client 2 settings... I just don't understand it.

To investigate your PEBKAC moment you can list the output of the following:

mount
ls /jffs/scripts -l
nvram get buildno

Alternatively create say xxx.sh, and include the following statements in the OpenVPN client Custom configuration

script-security 2
route-up /jffs/scripts/xxx.sh

to see if the debugging file is created.

Regards,

 

[Hothersale]

Here are the output results:

XXX@RT-N66U:/tmp# mount
rootfs on / type rootfs (rw)
/dev/root on / type squashfs (ro)
proc on /proc type proc (rw)
tmpfs on /tmp type tmpfs (rw)
devfs on /dev type tmpfs (rw,noatime)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw)
/dev/mtdblock4 on /jffs type jffs2 (rw,noatime)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/sdb1 on /tmp/mnt/sdb1 type ext2 (rw,nodev,noatime)
/dev/sda1 on /tmp/mnt/My_Passport type ufsd (rw,nodev,noatime,nls=utf8,fmask=0,dmask=0,force)

XXX@RT-N66U:/tmp# ls /jffs/scripts -1
firewall-start
openvpn-event
pia-port
post-mount
services-start
services-stop

XXX@RT-N66U:/tmp# nvram get buildno
374.34

See anything weird there?

I created /jffs/scripts/debug.sh and added the lines of code you suggested to the Custom Configuration and then restarted the Client connection, but I'm not sure where I should be looking for the debugging file. The System Log shows:

Mar  4 10:37:01 openvpn[1521]: WARNING: Failed running command (--route-up): could not execute external program

Thanks for the input.

 

[Martineau]

Here are the output results:

XXX@RT-N66U:/tmp# mount
rootfs on / type rootfs (rw)
/dev/root on / type squashfs (ro)
proc on /proc type proc (rw)
tmpfs on /tmp type tmpfs (rw)
devfs on /dev type tmpfs (rw,noatime)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw)
/dev/mtdblock4 on /jffs type jffs2 (rw,noatime)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/sdb1 on /tmp/mnt/sdb1 type ext2 (rw,nodev,noatime)
/dev/sda1 on /tmp/mnt/My_Passport type ufsd (rw,nodev,noatime,nls=utf8,fmask=0,dmask=0,force)

XXX@RT-N66U:/tmp# ls /jffs/scripts -1
firewall-start
openvpn-event
pia-port
post-mount
services-start
services-stop

XXX@RT-N66U:/tmp# nvram get buildno
374.34

See anything weird there?

I created /jffs/scripts/debug.sh and added the lines of code you suggested to the Custom Configuration and then restarted the Client connection, but I'm not sure where I should be looking for the debugging file. The System Log shows:

Mar  4 10:37:01 openvpn[1521]: WARNING: Failed running command (--route-up): could not execute external program

Thanks for the input.

The command I requested requires -l (lowercase l) NOT -1 ( numeric digit one)

ls /jffs/scripts -l

which goes to show how easy it is to create PEBKAC errors...
also presumably when bouncing the OpenVPN client, either /jffs/scripts/debug.sh doesn't exist or is not chmod 777

The location of the debugging file will be where YOU specified in the appropriate touch statement!!!!

/EDIT: Also you are using a unix editor to create the scripts or NOTEPAD++ in Unix EOL mode on a Wintel platform?

Regards,

 

[Hothersale]

Yes, it's incredibly easy to make mistakes! This is my first experience with Linux, and I am not a developer. I appreciate your patience.

Here's the proper output:

XXX@RT-N66U:/jffs/scripts# ls /jffs/scripts -l
-rwxrwxrwx    1 XXX   root             0 Mar  4 10:22 debug.sh
-rwxrwxrwx    1 XXX   root           130 Mar  3 14:49 firewall-start
-rwxrwxrwx    1 XXX   root            30 Mar  4 10:38 openvpn-event
-rwxrwxrwx    1 XXX   root           656 Mar  3 15:44 pia-port
-rwxrwxrwx    1 XXX   root            76 Feb 27 11:31 post-mount
-rwxrwxrwx    1 XXX   root            53 Feb 27 11:31 services-start
-rwxrwxrwx    1 XXX   root            43 Feb 27 11:31 services-stop

/jffs/scripts/debug.sh does exist, and is chmod 777, but I still get the "could not execute external program" in the system log.

Sorry I did not understand what you meant by "debugging file." (I thought I was looking for an error log of some sort to be produced.) The file /tmp/000_YAY still doesn't get created.

I am doing all edits through Putty using Nano.

 

[Martineau]

Yes, it's incredibly easy to make mistakes! This is my first experience with Linux, and I am not a developer. I appreciate your patience.

Here's the proper output:

XXX@RT-N66U:/jffs/scripts# ls /jffs/scripts -l
-rwxrwxrwx    1 XXX   root             0 Mar  4 10:22 debug.sh
-rwxrwxrwx    1 XXX   root           130 Mar  3 14:49 firewall-start
-rwxrwxrwx    1 XXX   root            30 Mar  4 10:38 openvpn-event
-rwxrwxrwx    1 XXX   root           656 Mar  3 15:44 pia-port
-rwxrwxrwx    1 XXX   root            76 Feb 27 11:31 post-mount
-rwxrwxrwx    1 XXX   root            53 Feb 27 11:31 services-start
-rwxrwxrwx    1 XXX   root            43 Feb 27 11:31 services-stop

/jffs/scripts/debug.sh does exist, and is chmod 777, but I still get the "could not execute external program" in the system log.

Sorry I did not understand what you meant by "debugging file." (I thought I was looking for an error log of some sort to be produced.) The file /tmp/000_YAY still doesn't get created.

I am doing all edits through Putty using Nano.

<sigh>

OK so could the reason be that /jffs/scripts/debug.sh doesn't create the file because it is an EMPTY SCRIPT FILE????

Regards,

 

[Hothersale]

Ah. Forgive my absurd ignorance. NOW I understand what you wanted me to do.

The debugging file is now successfully created when I bounce the Client connection.

 

[Martineau]

Ah. Forgive my absurd ignorance. NOW I understand what you wanted me to do.

The debugging file is now successfully created when I bounce the Client connection.

OK, in my personal experience I have never found openvpn-event to be reliable.

So calling a script from the OpenVPN client Custom directives works.

So I suggest you stick with either

up /jffs/scripts/xxxx.sh
or
route-up /jffs/scripts/yyyyy.sh

to achieve your objective of modifying the appropriate firewall rules when the OpenVPN client connects.
(See the OpenVPN user guide to determine the difference in the two OpenVPN client event options.)

Good luck

 

[Hothersale]

Thanks for the help. That gets me part way there. Using "up," the script finishes, but not all the commands work. I think some are unsupported.

(The script uses curl to post my IP address and credentials to an API that returns the port number that has been assigned to me, which I then add to the IP tables. ifconfig gets my ip address all right, but the curl command fails.)

 

[Martineau]

Thanks for the help. That gets me part way there. Using "up," the script finishes, but not all the commands work. I think some are unsupported.

(The script uses curl to post my IP address and credentials to an API that returns the port number that has been assigned to me, which I then add to the IP tables. ifconfig gets my ip address all right, but the curl command fails.)

I simply use wget to authenticate my UnBlock-US account on a web page API and subsequently it returns a value indicating if the API URL accepted my new I/P address which I then extract and send an email as confirmation.
(Useful to know if the router/WAN has switched to 3G USB !)

Regards,