openvpn client-connect script can't see local files?

user804711

12/21/22, 3:27 PM

I run an openvpn server and I connect to it from home. My home IP is dynamic and I want to store it in a file on the server.

OS is Debian 10 and OpenVPN 2.4.7.

server.conf:

proto udp
port 1234
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
reneg-sec 0
cipher AES-256-CBC
server 192.168.123.0 255.255.255.0
route 192.168.9.0 255.255.255.0
client-to-client
client-config-dir /etc/openvpn/clients
status /etc/openvpn/status
verb 3
log /var/log/openvpn.log
script-security 3
client-connect /etc/openvpn/openvpn-client-connect.sh

/etc/openvpn/openvpn-client-connect.sh:


awk -F ',' '/192.168.123.5/ { print $3 }' /etc/openvpn/status | awk -F ':' '{ print $1 }' > /home/s/home-ip
chown s:s /home/s/home-ip

But it doesn't work and openvpn.log says:

/etc/openvpn/openvpn-client-connect.sh: line 3: /home/s/home-ip: No such file or directory

Of course /home/s/home-ip do exist and when I execute /etc/openvpn/openvpn-client-connect.sh from shell, it all works. What's wrong here?

0 + 7

openvpn

NiKiZe

12/21/22, 4:34 PM

Check permissions, is /home/s readable by the openvpn service user?

Alex

12/21/22, 4:51 PM

Are you starting openvpn with systemd? If yes, then I might have a workaround for you

user804711

12/21/22, 6:28 PM

@Alex Yes, it starts with systemd (the default Debian setup) NiKiZe openvpn runs as root, there's no additional user

Alex

12/21/22, 6:39 PM

Please try writing the contents with tee instead of >

Tom Yan

12/22/22, 4:42 AM

@Alex the script isn't run by systemd but openvpn though

Tom Yan

12/22/22, 4:47 AM

However, perhaps you do need a shebang or something, or your script is broken in some way (bad quoting, etc.). The error doesn't look like one that cause by `chown`ing a non-existing file, but instead attempting to execute a non-existing file

Alex

12/22/22, 6:58 AM

I was going to propose writing an ExecPost with the systemd service but that would launch the script once, not per connection and he'd have to make some checks periodically with the script so it becomes pointless to have it in ExecPost. Thats why I asked but I changed my mind eventually. OP, write the contents to your file with tee not with > and see if openvpn likes it

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: openvpn client-connect script can't see local files?

TH: สคริปต์เชื่อมต่อไคลเอนต์ openvpn ไม่เห็นไฟล์ในเครื่อง?

RO: Scriptul de conectare client openvpn nu poate vedea fișierele locale?

RU: Сценарий подключения клиента openvpn не видит локальные файлы?

VI: tập lệnh kết nối máy khách openvpn không thể xem tệp cục bộ?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.