How to customize and extend your OpenVPN installation.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
flymike
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jun 14, 2016 11:28 pm
Post
by flymike » Fri Dec 16, 2016 7:01 pm
I want to mount an sshfs file system that's dependent on a VPN, so I have an --up-delay --up script that contains the sshfs command. The script works when manually run after the VPN is started but, when run via --up in the config file, the sshfs command fails with rc=1 and "failed to open /dev/fuse: Operation not permitted".
I have determined that the --up script runs as root when executed by openvpn. I've also tried it with --route-up and --route-delay 5, and got the same error.
Any ideas?
.conf file
Code: Select all
client
dev tun
proto udp
remote myhost myport
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
log-append /var/log/openvpn/client-starchy.log
verb 4
mute 20
script-security 2
up-delay
up up_script
up_script
Code: Select all
#!/bin/bash
sshfs someuser@vpn-address:/path /mount-point -o ro -o nonempty -o allow_other -o IdentityFile=/home/myuser/.ssh/id_rsa
-
flymike
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jun 14, 2016 11:28 pm
Post
by flymike » Fri Dec 16, 2016 9:00 pm
The script IS executing. That's how I knew it was executing with root.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Fri Dec 16, 2016 9:09 pm
As a security measure, client --up script is required to successfully complete before the VPN will pass data.
-
flymike
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jun 14, 2016 11:28 pm
Post
by flymike » Wed Jan 11, 2017 9:36 pm
Please note that the --up script works perfectly when executed independently. It only fails when called from OpenVPN as the --up script.
Although I use --up-delay, I did also try splitting the --up script into two, so that the actual --up script only launches a 2nd script in background and returns with zero to OpenVPN. The 2nd script contains a sleep 30 before executing sshfs.
It still fails.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Post
by TinCanTech » Wed Jan 11, 2017 11:19 pm
flymike wrote:The script works when manually run after the VPN is started but, when run via --up in the config file, the sshfs command fails
TinCanTech wrote:As a security measure, client --up script is required to successfully complete before the VPN will pass data.
The VPN will
not allow packets over the VPN until all scripts have successfully completed.
-
zeilenreiter
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Jan 19, 2017 9:26 am
Post
by zeilenreiter » Thu Jan 19, 2017 9:40 am
Using 2 scripts works for me. The first script, which is referenced by the "up" option in then openvpn config, just calls the second script in background and returns 0 to signal openvpn that everything is fine.
The second script sleeps for 5 seconds and then executes sshfs using sudo:
Code: Select all
sudo -u [local user] sshfs [remote_user]@[host]:/[path] [mountpoint]
-
flymike
- OpenVpn Newbie
- Posts: 5
- Joined: Tue Jun 14, 2016 11:28 pm
Post
by flymike » Sun Jan 29, 2017 4:04 pm
I tried the 2 script solution, with a 15 second sleep, but get the error message "sudo: unable to execute /usr/bin/sshfs: Resource temporarily unavailable".
I did prefix the sshfs with "sudo -u some-local-user", but don't understand why sudo is needed, as the 2nd script is already running as root.
-
cybertize
- OpenVpn Newbie
- Posts: 1
- Joined: Mon Jun 18, 2018 5:51 pm
Post
by cybertize » Mon Jun 18, 2018 5:57 pm
if this matter still interests anyone ...
I was having the same problem and my script only ran after I inserted this line on top of it (see the original update-resolv-conf script):
#! / bin / bash