up-delay script won't execute sshfs

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
flymike
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 14, 2016 11:28 pm

up-delay script won't execute sshfs

Post by flymike » Fri Dec 16, 2016 7:01 pm

I want to mount an sshfs file system that's dependent on a VPN, so I have an --up-delay --up script that contains the sshfs command. The script works when manually run after the VPN is started but, when run via --up in the config file, the sshfs command fails with rc=1 and "failed to open /dev/fuse: Operation not permitted".
I have determined that the --up script runs as root when executed by openvpn. I've also tried it with --route-up and --route-delay 5, and got the same error.

Any ideas?

.conf file

Code: Select all

client
dev tun
proto udp
remote myhost myport
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
log-append /var/log/openvpn/client-starchy.log
verb 4
mute 20
script-security 2
up-delay
up up_script
up_script

Code: Select all

#!/bin/bash

sshfs someuser@vpn-address:/path  /mount-point -o ro -o nonempty -o allow_other -o IdentityFile=/home/myuser/.ssh/id_rsa

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: up-delay script won't execute sshfs

Post by Pippin » Fri Dec 16, 2016 8:34 pm

Hi,

Try:

Code: Select all

up /full/path/to/up_script

flymike
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 14, 2016 11:28 pm

Re: up-delay script won't execute sshfs

Post by flymike » Fri Dec 16, 2016 9:00 pm

The script IS executing. That's how I knew it was executing with root.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: up-delay script won't execute sshfs

Post by TinCanTech » Fri Dec 16, 2016 9:09 pm

As a security measure, client --up script is required to successfully complete before the VPN will pass data.

flymike
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 14, 2016 11:28 pm

Re: up-delay script won't execute sshfs

Post by flymike » Wed Jan 11, 2017 9:36 pm

Please note that the --up script works perfectly when executed independently. It only fails when called from OpenVPN as the --up script.
Although I use --up-delay, I did also try splitting the --up script into two, so that the actual --up script only launches a 2nd script in background and returns with zero to OpenVPN. The 2nd script contains a sleep 30 before executing sshfs.
It still fails.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: up-delay script won't execute sshfs

Post by TinCanTech » Wed Jan 11, 2017 11:19 pm

flymike wrote:The script works when manually run after the VPN is started but, when run via --up in the config file, the sshfs command fails
TinCanTech wrote:As a security measure, client --up script is required to successfully complete before the VPN will pass data.
The VPN will not allow packets over the VPN until all scripts have successfully completed.

zeilenreiter
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 19, 2017 9:26 am

try using sudo / Re: up-delay script won't execute sshfs

Post by zeilenreiter » Thu Jan 19, 2017 9:40 am

Using 2 scripts works for me. The first script, which is referenced by the "up" option in then openvpn config, just calls the second script in background and returns 0 to signal openvpn that everything is fine.

The second script sleeps for 5 seconds and then executes sshfs using sudo:

Code: Select all

sudo -u [local user] sshfs [remote_user]@[host]:/[path] [mountpoint]

flymike
OpenVpn Newbie
Posts: 5
Joined: Tue Jun 14, 2016 11:28 pm

Re: up-delay script won't execute sshfs

Post by flymike » Sun Jan 29, 2017 4:04 pm

I tried the 2 script solution, with a 15 second sleep, but get the error message "sudo: unable to execute /usr/bin/sshfs: Resource temporarily unavailable".
I did prefix the sshfs with "sudo -u some-local-user", but don't understand why sudo is needed, as the 2nd script is already running as root.

cybertize
OpenVpn Newbie
Posts: 1
Joined: Mon Jun 18, 2018 5:51 pm

Re: up-delay script won't execute sshfs

Post by cybertize » Mon Jun 18, 2018 5:57 pm

if this matter still interests anyone ...

I was having the same problem and my script only ran after I inserted this line on top of it (see the original update-resolv-conf script):

#! / bin / bash

Post Reply