Page 1 of 1

Client Connect Script and Bundle

Posted: Mon Sep 04, 2017 6:44 am
by BobbyNewmark
unfortunately the search function of the board doesn't allow to search for "client connect script", so I have to post the question anyways (actually it's two).
1. How to I have the OpenVpn Access server run scripts on connection/disconnection of clients. I achieved this on a normal OpenVpn server through the "client-connect" entry in the server configuration.
2. Is it possible to bundle additional files together with OpenVpn Connect client, so every client that is downloaded by a user contains them?


Re: Client Connect Script and Bundle

Posted: Tue Sep 05, 2017 8:27 am
by novaflash
You can set scripts on connect or disconnect by creating a group in the Group Permissions page, and enabling client side scripting on that group. If you don't use groups otherwise, then you can go to the dropdown menu in Group Permissions and just set that one group as the default for all users, if you want the script to apply to all users.

The scripting language can be whatever is available on the client side. For example for Linux clients you can use bash or python or perl or whatever. With the shebang on the first line you can define what interpreter to use. By default if you leave out the shebang just standard bash commands are run. It's similar for Mac, and likewise with Windows command prompt batch scripting is assumed unless otherwise specified with a shebang.

It's not possible to bundle additional files, but you can create a file share on the network reachable through VPN that you can call from the client side script like \\\share\setup.exe or whatever.

Re: Client Connect Script and Bundle

Posted: Thu Sep 07, 2017 6:08 am
by BobbyNewmark
Thanks a lot for that information. It will definitely come in handy when automatically distributing some software to the clients, but I was rather looking for running scripts on the server when a client connects/disconnects. The entries I mentioned are in the server configuration on a normal OpenVpn server.

Re: Client Connect Script and Bundle

Posted: Thu Sep 07, 2017 6:59 am
by novaflash
Sorry, that is actually not possible unless you use a post_auth script, and then it only runs when a client connects.

I think the original decision to disable that had to do with security or something, I don't really know since I wasn't around when that limitation was introduced.