I have a NFS share I'd like to serve over the VPN. On my clients, I tried using an UP and a DOWN script to manage the NFS mount, but it's not working as I expect.
In my UP script, I have the mount command for the NFS share...the odd thing is that while the script runs as root (an "id" command in the script reveals UID 0, GID 0), I'm getting a "not permitted" error from the mount command. Running the same mount command outside the OpenVPN UP script works fine, as does running it inside the script with an "at now +1 minute" wrapper.
Same is true in my DOWN script. We check the mounted filesystems for any mounted on the VPN subnet, and try to automatically unmount them as OpenVPN stops. The "umount" command fails on the same "not permitted" error, even though the script seems to be running at root.
Also, we tried adding "/bin/mount" and "/bin/umount" to SUDO such that anyone can mount/unmount filesystems (yes, we know the risks). I can login with a user account having no special privileges and "sudo mount" or "sudo umount" work fine...but using these same commands in my OpenVPN UP and DOWN scripts still give me a "not permitted" error.
I'm thinking that mount/unmount must be doing some sort of network I/O that lands in OpenVPN code, and OpenVPN returns an EPERM error because my scripts are running. Does this sound likely?
Whatever the cause, is there another way to do what I want?
Running Ubuntu Linux 18.04 with OpenVPN 2.3.10.
How to customize and extend your OpenVPN installation.
2 posts • Page 1 of 1
- OpenVPN Protagonist
- Posts: 7145
- Joined: Fri Jun 03, 2016 1:17 pm
2.3.10 is 4+ years old and openvpn is a very active project ..
As for your scripts:
- Openvpn does not pass the normal environment to scripts
- Scripts have a security setting parameter --script-security