Client connect script to email?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 08, 2012 2:25 pm
Client connect script to email?
Hello,
Would anyone be willing to share a client connect script to send an email after a client successfully connects? I have a fully working OpenVPN server and this would be the icing on the cake. I'm running Postfix on the same server and have any email sent locally to root to be 'aliased' to my personal email (the building blocks are in place). I thought I would ask before I take a stab at it in case someone wants to share their awesome client connect email script
Mike
Would anyone be willing to share a client connect script to send an email after a client successfully connects? I have a fully working OpenVPN server and this would be the icing on the cake. I'm running Postfix on the same server and have any email sent locally to root to be 'aliased' to my personal email (the building blocks are in place). I thought I would ask before I take a stab at it in case someone wants to share their awesome client connect email script
Mike
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Client connect script to email?
errr, how about
?
Note that the client has not successfully connected during the 'client-connect' phase ; unfortunately there is no hook that is called AFTER the client has successfully connected.
Code: Select all
#!/bin/bash
echo "client $common_name has connected" | mail -s "openvpn log" root
Note that the client has not successfully connected during the 'client-connect' phase ; unfortunately there is no hook that is called AFTER the client has successfully connected.
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 08, 2012 2:25 pm
Re: Client connect script to email?
Thanks, janjust! Do i just save the script as the common_name and put it in the CCD directory defined in server.conf?
Thanks again,
Mike
Thanks again,
Mike
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Client connect script to email?
nope, the client_connect script is a server-wide config setting ; add it using
Code: Select all
client-connect <path-to-script>
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 08, 2012 2:25 pm
Re: Client connect script to email?
Thanks again, Janjust. Unfortunately i cannot get it working. Once I add this line to my server.conf file, i get this error:
Unroutable control packet received from x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Here's my config (which works without the client-connect line)
Any ideas?
Unroutable control packet received from x.x.x.x:1194 (si=3 op=P_CONTROL_V1)
Here's my config (which works without the client-connect line)
Code: Select all
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem
server 192.168.10.0 255.255.255.0
push "route 192.168.3.0 255.255.255.0"
client-config-dir /etc/openvpn/ccd
client-connect /etc/openvpn/scripts/clientconnect.sh
keepalive 10 120
comp-lzo
max-clients 5
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn/openvpn.log
verb 3
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Client connect script to email?
make sure your client-connect script returns '0' to indicate success, e.g.
Code: Select all
#!/bin/bash
echo "hello" | mail someuser
exit 0
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 08, 2012 2:25 pm
Re: Client connect script to email?
Hi Janjust, I tried adding the exit 0 line to my bash client-connect script but unfortunately it yielded same response when I tried to connect. Any other ideas?
Thanks again,
Mike
Thanks again,
Mike
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Client connect script to email?
just to verify: is the line
also present? or can you try using
? Post the log file with 'verb 5' set during a failed connection attempt.
Code: Select all
script-security 2
Code: Select all
script-security 3 system
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 08, 2012 2:25 pm
Re: Client connect script to email?
Great, that worked!
I added the second line and the issue was corrected:
I am using Postfix to send the email and I noticed in the log there was an issue firing the script (unrelated to the problem here). I have it working now.
Thank you for your help!
Mike
I added the second line and the issue was corrected:
Code: Select all
script-security 3 system
Thank you for your help!
Mike
-
- OpenVpn Newbie
- Posts: 7
- Joined: Thu Mar 08, 2012 2:25 pm
Re: Client connect script to email?
Hi All,
Thanks again to JanJust for the help.
Here is the final script I ended up with (running PostFix on Ubuntu 11.04 x64).
Works great for me.
Cheers,
Mike
Thanks again to JanJust for the help.
Here is the final script I ended up with (running PostFix on Ubuntu 11.04 x64).
Code: Select all
#!/bin/bash
#Send an email when a client connects with today's time and date
NOW="$(date +"%H:%M:%S - %Y-%m-%d")"
sendmail alerts@company.com <<EOF
FROM: alerts@company.com
TO: me@company.com
SUBJECT: OpenVPN - CONNECTED: $common_name - $NOW
At $NOW, $common_name connected to the OpenVPN server.
IP: $trusted_ip
PORT: $trusted_port
MTU: $tun_mtu
.
EOF
exit 0
Cheers,
Mike
-
- OpenVpn Newbie
- Posts: 3
- Joined: Mon Jan 12, 2015 2:23 am
Re: Client connect script to email?
Thanks for this post! This was exactly what I was looking for and I was able to get it up and running myself by using this post.
-
- OpenVpn Newbie
- Posts: 5
- Joined: Fri Mar 22, 2019 11:37 am
Re: Client connect script to email?
Hello @mikej1234, I try Your script on my Debian 10 openvpn server and it fails. I make dir /etc/openvpn/scripts and add new file clientconnect.sh
and add two lines to my server.conf:
after restart openvpn it fails. Do I have to make something else?
Regards.
Code: Select all
#!/bin/bash
#Send an email when a client connects with today's time and date
NOW="$(date +"%H:%M:%S - %Y-%m-%d")"
sendmail alerts@company.com <<EOF
FROM: alerts@company.com
TO: me@company.com
SUBJECT: OpenVPN - CONNECTED: $common_name - $NOW
At $NOW, $common_name connected to the OpenVPN server.
IP: $trusted_ip
PORT: $trusted_port
MTU: $tun_mtu
.
EOF
exit 0
Code: Select all
script-security 3 system
client-connect /etc/openvpn/scripts/clientconnect.sh
Regards.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Client connect script to email?
The Manual wrote:OpenVPN releases before v2.3 also supported a method flag which indicated how OpenVPN should call external commands and scripts. This could be either execve or system. As of OpenVPN 2.3, this flag is no longer accepted
-
- OpenVpn Newbie
- Posts: 5
- Joined: Fri Mar 22, 2019 11:37 am
Re: Client connect script to email?
Thanks for fast answer, I also try without `script-security 3 system` and then my server was active but I cannot connect with any client.
Regards
Code: Select all
● openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-02-02 20:09:00 GMT; 39s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 23975 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 1144)
Memory: 1.3M
CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service
└─23975 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf
Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 peer info: IV_COMP_STUBv2=1
Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 peer info: IV_TCPNL=1
Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 [lusia] Peer Connection Initiated with [AF_INET]62.21.9.164:47947
Feb 02 20:09:21 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Feb 02 20:09:21 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 WARNING: Failed running command (--client-connect): external program fork failed
Feb 02 20:09:22 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 PUSH: Received control message: 'PUSH_REQUEST'
Feb 02 20:09:22 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 Delayed exit in 5 seconds
Feb 02 20:09:22 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 SENT CONTROL [lusia]: 'AUTH_FAILED' (status=1)
Feb 02 20:09:27 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 SIGTERM[soft,delayed-exit] received, client-instance exiting
Last edited by koniuszkoMariano on Tue Feb 02, 2021 8:17 pm, edited 1 time in total.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm