OpenVPN Support Forum

Community Support Forum
https://forums.openvpn.net/

Client connect script to email?

https://forums.openvpn.net/viewtopic.php?t=10024

Page 1 of 1

Client connect script to email?

Posted: Thu Mar 08, 2012 2:28 pm
by mikej1234
Hello,

Would anyone be willing to share a client connect script to send an email after a client successfully connects? I have a fully working OpenVPN server and this would be the icing on the cake. I'm running Postfix on the same server and have any email sent locally to root to be 'aliased' to my personal email (the building blocks are in place). I thought I would ask before I take a stab at it in case someone wants to share their awesome client connect email script :)

Mike

Re: Client connect script to email?

Posted: Thu Mar 08, 2012 4:58 pm
by janjust
errr, how about

Code: Select all

#!/bin/bash
echo "client $common_name has connected" | mail -s "openvpn log" root
?

Note that the client has not successfully connected during the 'client-connect' phase ; unfortunately there is no hook that is called AFTER the client has successfully connected.

Re: Client connect script to email?

Posted: Thu Mar 08, 2012 7:12 pm
by mikej1234
Thanks, janjust! Do i just save the script as the common_name and put it in the CCD directory defined in server.conf?

Thanks again,
Mike

Re: Client connect script to email?

Posted: Fri Mar 09, 2012 10:36 am
by janjust
nope, the client_connect script is a server-wide config setting ; add it using

Code: Select all

client-connect <path-to-script>

Re: Client connect script to email?

Posted: Fri Mar 09, 2012 4:47 pm
by mikej1234
Thanks again, Janjust. Unfortunately i cannot get it working. Once I add this line to my server.conf file, i get this error:

Unroutable control packet received from x.x.x.x:1194 (si=3 op=P_CONTROL_V1)

Here's my config (which works without the client-connect line)

Code: Select all

port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key  # This file should be kept secret
dh /etc/openvpn/keys/dh2048.pem
server 192.168.10.0 255.255.255.0
push "route 192.168.3.0 255.255.255.0"
client-config-dir /etc/openvpn/ccd
client-connect /etc/openvpn/scripts/clientconnect.sh
keepalive 10 120
comp-lzo
max-clients 5
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log         /var/log/openvpn/openvpn.log
verb 3
Any ideas?

Re: Client connect script to email?

Posted: Mon Mar 12, 2012 12:00 pm
by janjust
make sure your client-connect script returns '0' to indicate success, e.g.

Code: Select all

#!/bin/bash
echo "hello" | mail someuser
exit 0

Re: Client connect script to email?

Posted: Mon Mar 12, 2012 5:17 pm
by mikej1234
Hi Janjust, I tried adding the exit 0 line to my bash client-connect script but unfortunately it yielded same response when I tried to connect. Any other ideas?

Thanks again,
Mike

Re: Client connect script to email?

Posted: Tue Mar 13, 2012 9:32 am
by janjust
just to verify: is the line

Code: Select all

script-security 2
also present? or can you try using

Code: Select all

script-security 3 system
? Post the log file with 'verb 5' set during a failed connection attempt.

Re: Client connect script to email?

Posted: Tue Mar 13, 2012 2:44 pm
by mikej1234
Great, that worked!

I added the second line and the issue was corrected:

Code: Select all

script-security 3 system
I am using Postfix to send the email and I noticed in the log there was an issue firing the script (unrelated to the problem here). I have it working now.

Thank you for your help!
Mike

Re: Client connect script to email?

Posted: Wed Mar 14, 2012 1:51 pm
by mikej1234
Hi All,

Thanks again to JanJust for the help.

Here is the final script I ended up with (running PostFix on Ubuntu 11.04 x64).

Code: Select all

#!/bin/bash
#Send an email when a client connects with today's time and date
NOW="$(date +"%H:%M:%S - %Y-%m-%d")"

sendmail alerts@company.com <<EOF
FROM: alerts@company.com
TO: me@company.com
SUBJECT: OpenVPN - CONNECTED: $common_name - $NOW
At $NOW, $common_name connected to the OpenVPN server.

IP:     $trusted_ip
PORT:   $trusted_port
MTU:    $tun_mtu
.
EOF
exit 0
Works great for me.

Cheers,
Mike

Re: Client connect script to email?

Posted: Mon Jan 12, 2015 5:47 am
by nickswe
Thanks for this post! This was exactly what I was looking for and I was able to get it up and running myself by using this post.

:D

Re: Client connect script to email?

Posted: Tue Feb 02, 2021 3:32 pm
by koniuszkoMariano
Hello @mikej1234, I try Your script on my Debian 10 openvpn server and it fails. I make dir /etc/openvpn/scripts and add new file clientconnect.sh

Code: Select all

#!/bin/bash
#Send an email when a client connects with today's time and date
NOW="$(date +"%H:%M:%S - %Y-%m-%d")"

sendmail alerts@company.com <<EOF
FROM: alerts@company.com
TO: me@company.com
SUBJECT: OpenVPN - CONNECTED: $common_name - $NOW
At $NOW, $common_name connected to the OpenVPN server.

IP:     $trusted_ip
PORT:   $trusted_port
MTU:    $tun_mtu
.
EOF
exit 0
and add two lines to my server.conf:

Code: Select all

script-security 3 system
client-connect /etc/openvpn/scripts/clientconnect.sh
after restart openvpn it fails. Do I have to make something else?
Regards.

Re: Client connect script to email?

Posted: Tue Feb 02, 2021 4:41 pm
by TinCanTech
koniuszkoMariano wrote:
Tue Feb 02, 2021 3:32 pm
 script-security 3 system
The Manual wrote:OpenVPN releases before v2.3 also supported a method flag which indicated how OpenVPN should call external commands and scripts. This could be either execve or system. As of OpenVPN 2.3, this flag is no longer accepted

Re: Client connect script to email?

Posted: Tue Feb 02, 2021 7:21 pm
by koniuszkoMariano
Thanks for fast answer, I also try without `script-security 3 system` and then my server was active but I cannot connect with any client.

Code: Select all

● openvpn-server@server.service - OpenVPN service for server
   Loaded: loaded (/lib/systemd/system/openvpn-server@.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2021-02-02 20:09:00 GMT; 39s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
 Main PID: 23975 (openvpn)
   Status: "Initialization Sequence Completed"
    Tasks: 1 (limit: 1144)
   Memory: 1.3M
   CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service
           └─23975 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --config server.conf

Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 peer info: IV_COMP_STUBv2=1
Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 peer info: IV_TCPNL=1
Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Feb 02 20:09:21 OpenVPN openvpn[23975]: 62.21.9.164:47947 [lusia] Peer Connection Initiated with [AF_INET]62.21.9.164:47947
Feb 02 20:09:21 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 MULTI_sva: pool returned IPv4=10.8.0.2, IPv6=(Not enabled)
Feb 02 20:09:21 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 WARNING: Failed running command (--client-connect): external program fork failed
Feb 02 20:09:22 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 PUSH: Received control message: 'PUSH_REQUEST'
Feb 02 20:09:22 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 Delayed exit in 5 seconds
Feb 02 20:09:22 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 SENT CONTROL [lusia]: 'AUTH_FAILED' (status=1)
Feb 02 20:09:27 OpenVPN openvpn[23975]: lus/62.21.9.164:47947 SIGTERM[soft,delayed-exit] received, client-instance exiting
Regards

Re: Client connect script to email?

Posted: Tue Feb 02, 2021 8:07 pm
by TinCanTech
viewtopic.php?f=30&t=22603
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/