OpenVPN klient a staticke cesty

Dobry den, OpenVPN klient mi funguje korektne a potreboval by som pridat po pripojeni niekolko statickych ciest. Nechce sa mi to stale rucne pridavat. Viem o moznosti to “pushovat” zo servera, avsak vzdialeny admin nieco taketo nie je ochotny spravit. Vedeli by ste mi poradit? Skusal som pouzit option ‘route-up /etc/openvpn/skript.sh’ ale nefunguje to. Dakujem.

Dát vzdálenému adminovi po čuni … to by nepomohlo?

To se vzdáleně dělá těžko :wink:

2 Likes

Takze som sa dostal do takehoto stavu:
option script-security '2’
option up '/etc/openvpn/route-up.sh’
option down ‘/etc/openvpn/route-down.sh’

v route-up.sh a route-down.sh mam:
#!/bin/sh
echo ‘hello’

prava:
-rwxr-xr-x 1 root root 23 Jun 17 02:46 route-down.sh
-rwxr-xr-x 1 root root 23 Jun 17 02:46 route-up.sh

A nasledne chyba:
2017-06-17T00:46:48+02:00 err openvpn(test)[12199]: WARNING: Failed running command (–up/–down): external program fork failed
2017-06-17T00:46:48+02:00 notice openvpn(test)[12199]: Exiting due to fatal error

shell script musi zacinat #!/bin/sh

a pak:
route -n add -net 147.x.x.x/20 tun0

tam si pridej vlastni IP adresu/masku + rozhrani VPN, pripadne IP adresu toho rozhrani

Presne toto som skusal a aj skusam, no neuspesne:

config openvpn test
option enabled 1
option client 1
option dev tun
option proto tcp
option remote "myvpn.com1194"
option keepalive "10 1200"
option nobind 1
option ca "/etc/openvpn/ca.crt"
option auth_user_pass '/etc/openvpn/access’
option verb 3
option script-security '2 system’
option up ‘/etc/openvpn/route-up.sh’

cat /etc/openvpn/route-up.sh

#!/bin/sh
route -n add -net 192.168.2.0/24 tun0

2017-06-18T01:55:12+02:00 warning openvpn(test)[8788]: WARNING: External program may not be called unless ‘–script-security 2’ or higher is enabled. See --help text or man page for detailed info.
2017-06-18T01:55:12+02:00 err openvpn(test)[8788]: WARNING: Failed running command (–up/–down): external program fork failed

Stale nemas v hlavicce shell scriptu hash kriz #!/bin/sh

Povoleni script security je: option script_security ‘2’ a nejsem si jisty, jestli to nemusi byt jak v conf openvpn, tak v clientovi.

To sa len tu nezobrazuje, inak je tam.