In my /var/ipfire/ovpn/scripts/server.conf.local I had
[root@cf-fw ~]# cat /var/ipfire/ovpn/scripts/server.conf.local
#+
#local added by mike
#this is /var/ipfire/ovpn/scripts/server.conf.local
#-
#log /var/log/openvpn.log
script-security 2
client-connect /root/client-connect.py
client-disconnect /root/client-disconnect.sh
My client-connect and client-disconnect are being ignored and for the IPFire delivered ones.
How do I run my script?
I need to push a route out for a website that is hosted on AWS and the ip address changes.
My script does some stuff that could be removed but I need
www_hosts = socket.gethostbyname_ex(www)
routes.write(‘push “route %s 255.255.255.255”\n’ %www_hosts[2][i])
Thoughts?
I could change the client end but would rather not.
Be good if the IPFire script could call a local script as well.
It sounds like you are saying that your client-connect and disconnect lines are not being added to the server.conf file.
In the wiki it has the line:-
The OpenVPN server needs to be stopped, the configuration be saved (press the save button) and then be started again after the local configuration files were modified to write all made changes to the main configs.
Did you follow this sequence.
I just tried it and ended up with the following lines at the end of the server.conf file
#---------------------------
# Start of custom directives
# from server.conf.local #---------------------------
script-security 2
client-connect /root/client-connect.py
client-disconnect /root/client-disconnect.sh #-----------------------------
# End of custom directives #-----------------------------
It worked until I upgraded to the latest release, we were a bit behind.
IPFire is actively removing my lines and adding it own.
Edit:
And If I do that and it works then the IPFire supplied config wont work
Edit 2:
I think the issue maybe that I have not restarted the openvpn server via the WUI since I have upgraded so it has not written the server.conf file.
Not sure what you mean by half the local stuff was there. What is in the above Custom Directives section is what was mentioned in the first post.
I don’t believe there is a bug. When the server.conf file is updated it first puts in what is defined in the global section WUI plus some other commands such as the client-connect and client-disconnect commands. They are used to create the metrics for the graphs and tables that show OpenVPN client statistics.
Then the code takes whatever is in the server.conf.local and appends it to the server.conf file with the header and footer text. It does not replace any commands already in the global section.
Hi all,
may you run possibly in this problem → OpenVPN no more --client-(dis)connect scripts can be executed Multiple --client-disconnect scripts defined. The previously configured script is overridden.
while some testing it appears for me that OpenVPN do only executes one ‘–client-(dis)connect’ line in server.conf and IPFire do reserves that one per default.
An idea to overcome this can be read in the mailinglist topic.
<snip>
persist-key
persist-tun
verb 4
# Log clients connecting/disconnecting
client-connect "/usr/sbin/openvpn-metrics client-connect"
client-disconnect "/usr/sbin/openvpn-metrics client-disconnect"
#---------------------------
# Start of custom directives
# from server.conf.local
#---------------------------
#+
#local added by mike
#this is /var/ipfire/ovpn/scripts/server.conf.local
#-
#log /var/log/openvpn.log
script-security 2
client-connect /root/client-connect.py
client-disconnect /root/client-disconnect.sh
#-----------------------------
# End of custom directives
#-----------------------------
How is that going to work? You can only have 1 client-connect .
An idea to overcome this can be read in the mailinglist topic.
I know how to over come it, but every time I upgrade I will need to make sure change is sticky.
Be great if /usr/sbin/openvpn-metrics would call a local script!
It won’t work. You are trying to use commands that are already being used by the OpenVPN WUI as I mentioned.
As @ummeegge indicated with his link only one script can be executed since version 2.5 of OpenVPN.
He also indicates that there is a suggestion in that mailing list thread for getting your scripts run. Not sure if it will work for you or not but might be worth a try.
At the moment it is probably running my script and not IPFire. I need to check.
What is going to break or not work.
Stats mainly, which I don’t really care about, as the IPFire supplied version is replicating what I did a few years ago.
Seems to load data into a DB that is not used currently.
Not really, but could be argued that way if you like. slippery shoulders
I just need to add a note on my check list to ensure my script is run and not the IPFire one until a better solution is found coded for, I would just put a check in /usr/sbin/openvpn-metrics to see if a local file exists and then run that. But I don;t want to make that change since it may get whacked on an upgrade.
Did openvpn every support multiple client-connect options?
