OpenVPN client notification (connected/disconnected)

blindly guessing …
do you have option script_security '2' in your /etc/config/openvpn ?
up.sh/down.sh must run smoothly so check it (run manually with dummy values to ensure all is fine)

also in openvpn.log there should have some more information about that “auth_failed” error. you can also set higher debug level on client side to get subsequent errors/warnings on client side.

also check permissions. who can run that script

Same issue here…
As soon as the up.sh is added to the server config, i can’t auth anymore (AUTH_FAILED). Execute the scripts from ssh works fine and the Mail is sent probably. I also added the option script_security ‘2’ and the chmod premissions are set correctly.

I guess that OPENVPN is not allowed to execute the scripts, what can i do?

Sorry i am not really familar with the permissions stuff, i thought this how to will work instantly on my omnia. Thanks for your support in advance!

I have it like this.

/etc/openvpn
-rwxrwxrwx    1 root     root           216 May  8  2018 down.sh
-rwxrwxrwx    1 root     root           216 May  8  2018 up.sh

just note: if you run openvpn instance under some non-root account, you have to change also the ownership (at least on group level. chmod root:nobody ./down.sh) . And also such user must have shell allowed/defined. So in case you use nobody:nogroup at use, that is usually with no-shell :slight_smile: …But in default setup (you just used Foris) this is not case …

Also if you change /etc/config/openvpn, you have to restart the service to apply it ( /etc/init.d/openvpn restart ).

ad_script: not only down.sh/up.sh, but you have to have rights to use “create_notification” and “notifier” tools. You can make it dummy just write the “message” to some file instead of sending it via notification.

aside i would increase verbosity of logging and log to extra file and inspect it …
you can do that on client side as well …

1 Like

Thanks for your reply. I just checked in Luci -> Status -> Processes my OpenVPN-Server, this seems to be executed by “root”. Now i have really no idea, what the reason could be…

Any ideas?

I removed some empty spaces of line beginnings of script, now the connected notification works. Disconnect still doesn’t work, even the script is same…

One more step to solution. Thanks for support, as soon as disconnect also works, i will let you know.

Now it works. Connect and Disconnect notification! The disconnect mail, just needs some minutes to arrive, if i connect and disconnect the vpn connection instantly.

It seems that the issue really was the spaces inside the scripts, no idea why it worked when i executed the scripts form shell. But it is fine for me now!

Thank you Maxmilian_Picmaus for support!

Regarding the email delay, notification is generated and is waiting in queue. There is cron job which monitor that queue and dispatch pedning ones.
ad_scripts: chm so up is fine, down is not … strange. so there must be something not right with that “down” one. I would check format/encoding (and if needed use dos2unix).
You can also check “auth” , using “up.sh” in both option directives (connect/disconnect), as you noted, code is almost the same :), so for your debug-testing it is fine. If that will work, just copy “up” as “down” and just change the “text inside” …
Good luck :slight_smile:

EDIT: issuing “notifier” command in terminal will give you some basic overview ; in “/tmp/user_notifiy” you can find folder for each listed message .(inside you can find some raw data files).