up-delay script won't execute sshfs

How to customize and extend your OpenVPN installation.
flymike
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 14, 2016 11:28 pm

up-delay script won't execute sshfs

Postby flymike » Fri Dec 16, 2016 7:01 pm

I want to mount an sshfs file system that's dependent on a VPN, so I have an --up-delay --up script that contains the sshfs command. The script works when manually run after the VPN is started but, when run via --up in the config file, the sshfs command fails with rc=1 and "failed to open /dev/fuse: Operation not permitted".
I have determined that the --up script runs as root when executed by openvpn. I've also tried it with --route-up and --route-delay 5, and got the same error.

Any ideas?

.conf file

Code: Select all

client
dev tun
proto udp
remote myhost myport
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
log-append /var/log/openvpn/client-starchy.log
verb 4
mute 20
script-security 2
up-delay
up up_script


up_script

Code: Select all

#!/bin/bash

sshfs someuser@vpn-address:/path  /mount-point -o ro -o nonempty -o allow_other -o IdentityFile=/home/myuser/.ssh/id_rsa

Pippin
OpenVPN Expert
Posts: 247
Joined: Wed Jul 01, 2015 8:03 am

Re: up-delay script won't execute sshfs

Postby Pippin » Fri Dec 16, 2016 8:34 pm

Hi,

Try:

Code: Select all

up /full/path/to/up_script

flymike
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 14, 2016 11:28 pm

Re: up-delay script won't execute sshfs

Postby flymike » Fri Dec 16, 2016 9:00 pm

The script IS executing. That's how I knew it was executing with root.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2579
Joined: Fri Jun 03, 2016 1:17 pm

Re: up-delay script won't execute sshfs

Postby TinCanTech » Fri Dec 16, 2016 9:09 pm

As a security measure, client --up script is required to successfully complete before the VPN will pass data.

flymike
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 14, 2016 11:28 pm

Re: up-delay script won't execute sshfs

Postby flymike » Wed Jan 11, 2017 9:36 pm

Please note that the --up script works perfectly when executed independently. It only fails when called from OpenVPN as the --up script.
Although I use --up-delay, I did also try splitting the --up script into two, so that the actual --up script only launches a 2nd script in background and returns with zero to OpenVPN. The 2nd script contains a sleep 30 before executing sshfs.
It still fails.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2579
Joined: Fri Jun 03, 2016 1:17 pm

Re: up-delay script won't execute sshfs

Postby TinCanTech » Wed Jan 11, 2017 11:19 pm

flymike wrote:The script works when manually run after the VPN is started but, when run via --up in the config file, the sshfs command fails
TinCanTech wrote:As a security measure, client --up script is required to successfully complete before the VPN will pass data.
The VPN will not allow packets over the VPN until all scripts have successfully completed.

zeilenreiter
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 19, 2017 9:26 am

try using sudo / Re: up-delay script won't execute sshfs

Postby zeilenreiter » Thu Jan 19, 2017 9:40 am

Using 2 scripts works for me. The first script, which is referenced by the "up" option in then openvpn config, just calls the second script in background and returns 0 to signal openvpn that everything is fine.

The second script sleeps for 5 seconds and then executes sshfs using sudo:

Code: Select all

sudo -u [local user] sshfs [remote_user]@[host]:/[path] [mountpoint]

flymike
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 14, 2016 11:28 pm

Re: up-delay script won't execute sshfs

Postby flymike » Sun Jan 29, 2017 4:04 pm

I tried the 2 script solution, with a 15 second sleep, but get the error message "sudo: unable to execute /usr/bin/sshfs: Resource temporarily unavailable".
I did prefix the sshfs with "sudo -u some-local-user", but don't understand why sudo is needed, as the 2nd script is already running as root.


Return to “Scripting and Customizations”

Who is online

Users browsing this forum: No registered users and 1 guest