Using scripting inside ccd-configs

How to customize and extend your OpenVPN installation.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
kaspergrubbe
OpenVpn Newbie
Posts: 2
Joined: Mon Jan 22, 2018 6:06 pm

Using scripting inside ccd-configs

Post by kaspergrubbe » Mon Jan 22, 2018 6:14 pm

I noticed that the following was allowed inside the server-configuration:

Code: Select all

 if dev tun AND (topology == net30 OR topology == p2p):
   ifconfig 10.8.0.1 10.8.0.2
   if !nopool:
     ifconfig-pool 10.8.0.4 10.8.0.251
   route 10.8.0.0 255.255.255.0
   if client-to-client:
     push "route 10.8.0.0 255.255.255.0"
   else if topology == net30:
     push "route 10.8.0.1"

 if dev tap OR (dev tun AND topology == subnet):
   ifconfig 10.8.0.1 255.255.255.0
   if !nopool:
     ifconfig-pool 10.8.0.2 10.8.0.253 255.255.255.0
   push "route-gateway 10.8.0.1"
   if route-gateway unset:
     route-gateway 10.8.0.2
(from the server section of https://community.openvpn.net/openvpn/w ... n24ManPage)

I then thought if it was possible to script the ccd-configs, so I enabled `push-peer-info` which should allow me to see user variables, I then added `setenv SKIP_REDIRECT_GATEWAY 1` to my client config, and did the following to my ccd-config:

Code: Select all

if !UV_SKIP_REDIRECT_GATEWAY:
  push "redirect-gateway def1 bypass-dhcp"
However, this is not understood by OpenVPN, and I recieve the following error message in my logs:

Code: Select all

Mon Jan 22 17:59:29 2018 Options error: Unrecognized option or missing parameter(s) in /etc/openvpn/ccd/kasper:1: if (2.3.10)
So I guess scripting is not allowed inside client configs. Is there a way for me to dynamically do this? And is the scripting in configs documented somewhere?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: Using scripting inside ccd-configs

Post by TinCanTech » Mon Jan 22, 2018 6:22 pm

There is NO scripting or $vars allowed within the config files themselves.

Your copy/paste of the --server macro simply states what --server does under the hood.
It is not something you can use directly.

kaspergrubbe
OpenVpn Newbie
Posts: 2
Joined: Mon Jan 22, 2018 6:06 pm

Re: Using scripting inside ccd-configs

Post by kaspergrubbe » Mon Jan 22, 2018 6:32 pm

TinCanTech wrote:
Mon Jan 22, 2018 6:22 pm
Your copy/paste of the --server macro simply states what --server does under the hood.
Oh my eyes must be tired, yes you are right, it states exactly that:
For example, --server 10.8.0.0 255.255.255.0 expands as follows:
.

Too bad, that would have been really cool (and easy) way of achieving my goal :|

Thanks for your quick answer.

Post Reply