Client connect script to email?

How to customize and extend your OpenVPN installation.
Post Reply
mikej1234
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 08, 2012 2:25 pm

Client connect script to email?

Post by mikej1234 » Thu Mar 08, 2012 2:28 pm

Hello,

Would anyone be willing to share a client connect script to send an email after a client successfully connects? I have a fully working OpenVPN server and this would be the icing on the cake. I'm running Postfix on the same server and have any email sent locally to root to be 'aliased' to my personal email (the building blocks are in place). I thought I would ask before I take a stab at it in case someone wants to share their awesome client connect email script :)

Mike

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Client connect script to email?

Post by janjust » Thu Mar 08, 2012 4:58 pm

errr, how about

Code: Select all

#!/bin/bash
echo "client $common_name has connected" | mail -s "openvpn log" root
?

Note that the client has not successfully connected during the 'client-connect' phase ; unfortunately there is no hook that is called AFTER the client has successfully connected.

mikej1234
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 08, 2012 2:25 pm

Re: Client connect script to email?

Post by mikej1234 » Thu Mar 08, 2012 7:12 pm

Thanks, janjust! Do i just save the script as the common_name and put it in the CCD directory defined in server.conf?

Thanks again,
Mike

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Client connect script to email?

Post by janjust » Fri Mar 09, 2012 10:36 am

nope, the client_connect script is a server-wide config setting ; add it using

Code: Select all

client-connect <path-to-script>

mikej1234
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 08, 2012 2:25 pm

Re: Client connect script to email?

Post by mikej1234 » Fri Mar 09, 2012 4:47 pm

Thanks again, Janjust. Unfortunately i cannot get it working. Once I add this line to my server.conf file, i get this error:

Unroutable control packet received from x.x.x.x:1194 (si=3 op=P_CONTROL_V1)

Here's my config (which works without the client-connect line)

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem
server 192.168.10.0 255.255.255.0
push "route 192.168.3.0 255.255.255.0"
client-config-dir /etc/openvpn/ccd
client-connect /etc/openvpn/scripts/clientconnect.sh
keepalive 10 120
comp-lzo
max-clients 5
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log         /var/log/openvpn/openvpn.log
verb 3
Any ideas?

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Client connect script to email?

Post by janjust » Mon Mar 12, 2012 12:00 pm

make sure your client-connect script returns '0' to indicate success, e.g.

Code: Select all

#!/bin/bash
echo "hello" | mail someuser
exit 0

mikej1234
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 08, 2012 2:25 pm

Re: Client connect script to email?

Post by mikej1234 » Mon Mar 12, 2012 5:17 pm

Hi Janjust, I tried adding the exit 0 line to my bash client-connect script but unfortunately it yielded same response when I tried to connect. Any other ideas?

Thanks again,
Mike

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Client connect script to email?

Post by janjust » Tue Mar 13, 2012 9:32 am

just to verify: is the line

Code: Select all

script-security 2
also present? or can you try using

Code: Select all

script-security 3 system
? Post the log file with 'verb 5' set during a failed connection attempt.

mikej1234
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 08, 2012 2:25 pm

Re: Client connect script to email?

Post by mikej1234 » Tue Mar 13, 2012 2:44 pm

Great, that worked!

I added the second line and the issue was corrected:

Code: Select all

script-security 3 system
I am using Postfix to send the email and I noticed in the log there was an issue firing the script (unrelated to the problem here). I have it working now.

Thank you for your help!
Mike

mikej1234
OpenVpn Newbie
Posts: 7
Joined: Thu Mar 08, 2012 2:25 pm

Re: Client connect script to email?

Post by mikej1234 » Wed Mar 14, 2012 1:51 pm

Hi All,

Thanks again to JanJust for the help.

Here is the final script I ended up with (running PostFix on Ubuntu 11.04 x64).

Code: Select all

#!/bin/bash
#Send an email when a client connects with today's time and date
NOW="$(date +"%H:%M:%S - %Y-%m-%d")"

sendmail alerts@company.com <<EOF
FROM: alerts@company.com
TO: me@company.com
SUBJECT: OpenVPN - CONNECTED: $common_name - $NOW
At $NOW, $common_name connected to the OpenVPN server.

IP:     $trusted_ip
PORT:   $trusted_port
MTU:    $tun_mtu
.
EOF
exit 0
Works great for me.

Cheers,
Mike

nickswe
OpenVpn Newbie
Posts: 3
Joined: Mon Jan 12, 2015 2:23 am

Re: Client connect script to email?

Post by nickswe » Mon Jan 12, 2015 5:47 am

Thanks for this post! This was exactly what I was looking for and I was able to get it up and running myself by using this post.

:D

koniuszkoMariano
OpenVpn Newbie
Posts: 5
Joined: Fri Mar 22, 2019 11:37 am

Re: Client connect script to email?

Post by koniuszkoMariano » Tue Feb 02, 2021 3:32 pm

Hello @mikej1234, I try Your script on my Debian 10 openvpn server and it fails. I make dir /etc/openvpn/scripts and add new file clientconnect.sh

Code: Select all

#!/bin/bash
#Send an email when a client connects with today's time and date
NOW="$(date +"%H:%M:%S - %Y-%m-%d")"

sendmail alerts@company.com <<EOF
FROM: alerts@company.com
TO: me@company.com
SUBJECT: OpenVPN - CONNECTED: $common_name - $NOW
At $NOW, $common_name connected to the OpenVPN server.

IP:     $trusted_ip
PORT:   $trusted_port
MTU:    $tun_mtu
.
EOF
exit 0
and add two lines to my server.conf:

Code: Select all

script-security 3 system
client-connect /etc/openvpn/scripts/clientconnect.sh
after restart openvpn it fails. Do I have to make something else?
Regards.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 9018
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client connect script to email?

Post by TinCanTech » Tue Feb 02, 2021 4:41 pm

koniuszkoMariano wrote:
Tue Feb 02, 2021 3:32 pm
script-security 3 system
The Manual wrote:OpenVPN releases before v2.3 also supported a method flag which indicated how OpenVPN should call external commands and scripts. This could be either execve or system. As of OpenVPN 2.3, this flag is no longer accepted

koniuszkoMariano
OpenVpn Newbie
Posts: 5
Joined: Fri Mar 22, 2019 11:37 am

Re: Client connect script to email?

Post by koniuszkoMariano » Tue Feb 02, 2021 7:21 pm

Thanks for fast answer, I also try without `script-security 3 system` and then my server was active but I cannot connect with any client.

Code: Select all

● openvpn-server@server.service - OpenVPN service for server
   Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-02-02 20:09:00 GMT; 39s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
 Main PID: 23975 (openvpn)
   Status: "Initialization Sequence Completed"
    Tasks: 1 (limit: 1144)
   Memory: 1.3M
   CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service
           └─23975 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf

Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 peer info: IV_COMP_STUBv2=1
Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 peer info: IV_TCPNL=1
Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 [lusia] Peer Connection Initiated with [AF_INET]62.21.9.164:47947
Feb 02 20:09:21 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Feb 02 20:09:21 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 WARNING: Failed running command (--client-connect): external program fork failed
Feb 02 20:09:22 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 PUSH: Received control message: 'PUSH_REQUEST'
Feb 02 20:09:22 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 Delayed exit in 5 seconds
Feb 02 20:09:22 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 SENT CONTROL [lusia]: 'AUTH_FAILED' (status=1)
Feb 02 20:09:27 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 SIGTERM[soft,delayed-exit] received, client-instance exiting
Regards
Last edited by koniuszkoMariano on Tue Feb 02, 2021 8:17 pm, edited 1 time in total.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 9018
Joined: Fri Jun 03, 2016 1:17 pm

Re: Client connect script to email?

Post by TinCanTech » Tue Feb 02, 2021 8:07 pm


Post Reply