How to call a script after a tunnel is fully established

[netmass]

Hi all,

I have OpenVPN running in server mode. I have set up the --client-connect and --learn-address scripts and they are executing just fine.

Inside one of these scripts (either one) I want to use SSH to access the remote private VPN address over the VPN connection. The IP address of the remote is presented to the script. However, it seems that in both scripts, the tunnel is not fully established (it appears the routes have not been entered in to the VPN server).

How can I get a script called when a client connects and the tunnel is fully configured (i.e. routes added) such that an SSH to the IP address would make a successful connection?

It seems like another script option like "--tunnel-established" would be required...

Is there an easier way?

Thanks in advance for any thoughts,

- Steve

[ecrist]

The client-connect option should work. Try adding a few Seine delay into your script a d see if that helps.

Sent from my HTC Glacier using Tapatalk

[janjust]

when the --client-connect and --learn-address scripts are executed the tunnel is indeed not completely established yet. your best bet is , like ecrist said, to wait a few seconds after the learn-address script finishes and then try to SSH to the VPN client side.

[netmass]

Hi all,

Thanks for the feedback. So... short of "forking" some process that waits a few seconds and then does something over the tunnel, there is no way to get access to the tunnel without adding a new script callback?

- Steve

P.S. Besides complexity and timing issues, the forked process would also not have access to information about the tunnel going back down in the meantime.