Page 1 of 1

Client ignoring up/down script options

Posted: Thu Mar 25, 2021 11:12 am
by elkali
So my ovpn file has the usual lines:

Code: Select all

script-security 2
up "/etc/openvpn/update-resolv-conf"
down "/etc/openvpn/update-resolv-conf"
The actual /etc/openvpn/update-resolv-conf file is a custom made script I tweaked to manage the resolvconf entries in mac. This script is tested and working fine when I use brew's command line openvpn client.

The script also works fine when I use Tunnelblick

However, OpenVPN Connect clients (tested both v2 and v3) completely ignore the up/down entries in the config file. Nada. I look in the connection logs, there is nothing suggesting that the scripts are executed. I added a logging line in the script to dump into a /tmp/ file info about the time of call and env received, in case there was some issue like that, yet nothing. It seems simply as if the script is completely bypassed.

I have been completely unable to find information regarding this issue, with all the leads taking me to dead ends.

Any help would be highly appreciated.

(edited to fix bbcode block)

Re: Client ignoring up/down script options

Posted: Thu Mar 25, 2021 11:55 am
by elkali
In the log, I find the following:

Code: Select all

30 [script-security] [2] 
31 [up] [/etc/openvpn/update-resolv-conf] 
32 [down] [/etc/openvpn/update-resolv-conf] 
So the options are parsed. It still somehow does not get executed.

Re: Client ignoring up/down script options

Posted: Thu Mar 25, 2021 1:19 pm
by elkali
Ok I just realised that the above come under a

Code: Select all

UNUSED OPTIONS
block...

At least that explains why are they ignored. I would like to see why this client ignores such options

Re: Client ignoring up/down script options

Posted: Thu Apr 08, 2021 5:00 pm
by chunkySpecial
I am seeing this "unused options" with DHCP options pushed down from my server as well (DNS server addresses, specifically). It would be nice to at least have up/down scripts as a way to workaround that, but... those are also unused options.

It would be great if the OpenVPN client application supported standard OpenVPN options.