signal environment variable in client-disconnect script?

How to customize and extend your OpenVPN installation.
Post Reply
fboliva
OpenVpn Newbie
Posts: 4
Joined: Wed Jun 10, 2020 5:07 pm

signal environment variable in client-disconnect script?

Post by fboliva » Wed Jun 10, 2020 5:41 pm

Hello guys,

How are you? I hope you are well and safe.

I have been doing a lot of research on the Internet, I have read a lot of documentation (including all OpenVPN documentation) and I would like your opinion, suggestions and help.

I have an OpenVPN server running perfectly and, on that server, I configured the scripts (client-connect and client-disconnect) to write individual files (per user) so that I can quickly find information about connections and solve any problems.

Within the scripts (client-connect and client-disconnect) I use the environment variables to write the user records in csv files ... so far, so good ... but if I need to know the user disconnection reason, I have to look in the openvpn log ... which is not practical at all.

I know that there is a "signal" environment variable and it returns exactly the information I need, but it doesn't work on client-disconnect ... only on the down script.

Is there any way to use this variable in the client-disconnect script, or some other way (or another variable)? If it doesn't exist, don't you think it would be interesting to have this feature - a new environment variable (or even that same "signal" environment variable) that can return this information in the client-connect and client-disconnect scripts?

Thanks in advance!

Best Regards!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7389
Joined: Fri Jun 03, 2016 1:17 pm

Re: signal environment variable in client-disconnect script?

Post by TinCanTech » Wed Jun 10, 2020 6:28 pm

fboliva wrote:
Wed Jun 10, 2020 5:41 pm
I know that there is a "signal" environment variable and it returns exactly the information I need, but it doesn't work on client-disconnect ... only on the down script.
The signal variable signifies the reason why the current running openvpn process is exiting or restarting. It has nothing what-so-ever to do with what is happening to the remote peer.

fboliva
OpenVpn Newbie
Posts: 4
Joined: Wed Jun 10, 2020 5:07 pm

Re: signal environment variable in client-disconnect script?

Post by fboliva » Wed Jun 10, 2020 7:19 pm

The signal variable signifies the reason why the current running openvpn process is exiting or restarting. It has nothing what-so-ever to do with what is happening to the remote peer.
Hello!

Thanks indeed for your reply!

As can be read in openvpn manual:
https://openvpn.net/community-resources ... envpn-2-4/

signal
The reason for exit or restart. Can be one of sigusr1, sighup, sigterm, sigint, inactive (controlled by –inactive option), ping-exit (controlled by –ping-exit option), ping-restart (controlled by –ping-restart option),connection-reset (triggered on TCP connection reset), error, or unknown (unknown signal).

Note that signal, in openvpn.log shows detailed info about user/client/remote peer disconnection: SIGTERM[soft,remote-exit] , SIGTERM[soft,inactive], SIGUSR1[soft,ping-restart], etc... so, yes, the variable shows exactly why the remote peer was disconnected.

As I already wrote, an environment variable like signal (or even the signal environment variable itself) that could be used in the client-disconnect script could be useful to return this information within client-disconnect script... I didn't say it has to be exactly that variable, I just mentioned it, stating that it has the information I need (and indeed this environment variable does have that kind of information about the remote peer disconnection).

Best Regards,

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7389
Joined: Fri Jun 03, 2016 1:17 pm

Re: signal environment variable in client-disconnect script?

Post by TinCanTech » Wed Jun 10, 2020 7:48 pm

fboliva wrote:
Wed Jun 10, 2020 7:19 pm
signal
The reason for exit or restart. Can be one of sigusr1, sighup, sigterm, sigint, inactive (controlled by –inactive option), ping-exit (controlled by –ping-exit option), ping-restart (controlled by –ping-restart option),connection-reset (triggered on TCP connection reset), error, or unknown (unknown signal).
All of which relate to the current running openvpn process not the remote peer.
fboliva wrote:
Wed Jun 10, 2020 7:19 pm
Note that signal, in openvpn.log shows detailed info about user/client/remote peer disconnection: SIGTERM[soft,remote-exit] , SIGTERM[soft,inactive], SIGUSR1[soft,ping-restart], etc... so, yes, the variable shows exactly why the remote peer was disconnected.
They may "look" like signal but it is not signal the openvpn variable which relates to the local running process.

I am not saying what you want cannot be done (although, only so much of it can be done) but that is not how it *is* done. There may even be some internal code which is not exposed to the scripts .. but I don't know about that.

No matter what you believe, if you are proposing a change then you will need to discuss that with the devs.

fboliva
OpenVpn Newbie
Posts: 4
Joined: Wed Jun 10, 2020 5:07 pm

Re: signal environment variable in client-disconnect script?

Post by fboliva » Fri Jun 12, 2020 4:48 pm

Hi,

Thanks once again for your time and patience!

First of all, I apologize for the delay in replying... the work over the past few days has been quite intense.
All of which relate to the current running openvpn process not the remote peer.
Potato potato... :lol:

Why? if properly set, with the explicit-exit-notify parameter in the server config and in client config, you'll be able to find in the server log file the reason for the client disconnection... and yes, I have tested before post this topic to this forum.

The main question, which is why I created this topic is: the environment variable exists, but it only returns information in the down script. It would be useful, not only for me (but I imagine that for all OpenVPN administrators too) that this environment variable could also be used in the client-disconnect script in order to have access to this information without having to search the main openvpn log file every time a user complains about a problem.

Note that there was already a similar question (not exactly the same) in this forum in 2011
viewtopic.php?f=4&t=8991

Best regards!

fboliva
OpenVpn Newbie
Posts: 4
Joined: Wed Jun 10, 2020 5:07 pm

Re: signal environment variable in client-disconnect script?

Post by fboliva » Fri Jun 12, 2020 10:41 pm

Hi again Friend,

Do not worry! I changed the code (also created a patch), created a new environment variable that reads the signal_string and can be used by the client-disconnect script ... it's working as I needed/suggested it!

Best Regards,

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 7389
Joined: Fri Jun 03, 2016 1:17 pm

Re: signal environment variable in client-disconnect script?

Post by TinCanTech » Fri Jun 12, 2020 11:31 pm

I look forward to seeing your patch on the mailing list.

Post Reply