Email Notification - OpenVPN Client Connect (Common Name)
-
@Armstrong Not yet, will advise.
-
@provels said in Email Notification - OpenVPN Client Connect (Common Name):
/root/notify.sh
and /root/disconnect.shBecause these are script files, or plain text files that contain commands, the script files should be marked as "executable".
chmod +x /root/notify.sh chmod +x /root/disconnect.shcheck :
[2.4.5-RC][admin@pfsense.brit-hotel-fumel.net]/root: ls -al notify.sh -rwxr-xr-x 2 root wheel 504 Jun 26 2019 notify.sh [2.4.5-RC][admin@pfsense.brit-hotel-fumel.net]/root: ls -al disconnect.sh -rwxr-xr-x 2 root wheel 504 Jun 26 2019 disconnect.shAlso, be sure for this (file encoding) :
[2.4.5-RC][admin@pfsense.brit-hotel-fumel.net]/root: file notify.sh notify.sh: PHP script, ASCII text executablesame thing for "disconnect.sh".
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@Gertjan said in Email Notification - OpenVPN Client Connect (Common Name):
chmod +x /root/notify.sh
chmod +x /root/disconnect.shThat was it. Student Driver here. Sorry. Works a treat! Thanks to both of you. Glad I read this post!
-
@Gertjan Ah yeah, I should've mentioned that it needs to be executable too.
I decided to go full on and just implement over the wire. Scripts work fine.
The only thing I would ask, is that the "disconnect" part doesn't seem to send the disconnect notification until I reconnect? I disconnect, no email, then when I re-connect after a short period I receive two notifications:
13:08:17 user_name: username vpn_client_ip: x.x.x.x on 18 March during : 120 seconds DISCONNECTED
13:08:17 user_name: username vpn_client_ip x.x.x.x 18 MarchIt doesn't really bother me, I only wanted to know the users, but just out of curiosity.
Thank you for your help!
-
@Armstrong My disco msg lagged a little, but did come about a minute after. Your messages may have overlapped.
EDIT - 2 minutes
-
@provels Yup just tested that (with a little patience), it does indeed send through after about a minute. Must just take a bit for it to fully "close" the connection.
-
Also before I go, I made one change (connecting IP) so adding it to this post if anyone wants that too and would like to just copy and paste.
#!/usr/local/bin/php -q <?php require_once("/etc/inc/notices.inc"); $local_connect_value = " user_name: " . getenv('common_name') . " vpn_client_ip: " . getenv('ifconfig_pool_remote_ip') . " from: " . getenv('trusted_ip') . " on " . date('F j, Y, g:i a'); if ( strrchr (__FILE__ , 'disconnect') ) { $local_connect_value .= ", duration : " . getenv('time_duration') . " seconds, received : " . getenv('bytes_received') . " bytes, send : " . getenv('bytes_sent') ." bytes. DISCONNECTED."; } notify_all_remote($local_connect_value); ?>Thanks for the input everyone!
-
@Armstrong Great to have if someone happens to snag your creds. Thanks.
-
Hi, I followed the comments and set up the @Armstrong script but I'm not getting any notification.
I created the files, gave the permissions, added the two lines to openvpn and restarted the service. -
@mikekoke Dumb question, do you have notifications set up in Pfsense to send you emails?
-
Yes of course, I also took the test and received the notification.
-
@mikekoke Gotta ask.
You can connect to the VPN and disconnect as well, no errors with syntax or anything? It should work right away (latest OpenVPN version) so I can only suggest some other issue in your configuration.
I would try my original script and config (
client-connect /root/notify.sh) and see if that works for you firstly. If it doesn't then there's more amiss than I could tell you. -
I can connect to the VPN and everything works correctly, the script I am using is the first one, that of your post.
-
@mikekoke Can you run that notify script from the terminal verbose and see what happens?
It sounds like there's a problem with notifications, if everything's running but you're not getting an email. As I said it works straight away if you have email notifications on and everything on the latest version.
-
When I try to run it it exits written: Exception: Zend Extension ./disconnect.sh does not exist
edit: Problem solved. Thanks for your help.
-
@mikekoke What was the issue?
-
I had to create the files from the terminal.
-
@Armstrong said in Email Notification - OpenVPN Client Connect (Common Name):
i felt free to make some cahnges for a readable output.
the output from disconnect.sh received via e-mail looks now like this.
as far as i'm concerned with this output i don't need the connect.sh cuz as the more users there are
the more e-mails you'll receive.the source for disconnect.sh is here.
#!/usr/local/bin/php -q <?php require_once("/etc/inc/notices.inc"); $local_connect_value = " \n user_name: " . getenv('common_name') . " \n vpn_client_ip: " . getenv('ifconfig_pool_remote_ip') ." connected from " . getenv('trusted_ip') . " on " . date('F j, Y, g:i a'); if ( strrchr (__FILE__ , 'disconnect') ) { $local_connect_value .= ", \n duration : " . round(((getenv('time_duration'))/3600),2) . " hours, or " . round(((getenv('time_duration'))/60),2) . " minutes, or " . getenv('time_duration') . " seconds,\n upload from vpn-client (received) : " . round(((getenv('bytes_received'))/1048576),2) . " MB, \n download to vpn-client (send) : " . round(((getenv('bytes_sent'))/1048576),2) ." MB. \n DISCONNECTED."; } notify_all_remote($local_connect_value); ?>to reduce the mass on mails i was thinkin to use disconnect.sh with (client specific overrides)
but it was not workin and ended with someting like this:
Options error: option 'client-disconnect' cannot be used in this contextThe main reason i wanted to do this, i put my clients in categries like
- management (trusted)
- sysops (trusted)
- employees (trusted ;)
- contractors (notification needed)
so that notification will only be sent if (untrusted or notification needed) as i mentioned earlier reduce tons of mails.
but i'll open a topic on this one and edit this post later on.any hints are welcome
#stayHealthy -
@noplan That definitely looks a lot better format-wise, thanks for the update. PHP isn't my strongest area.
I only have a small number of users so it's OK with me to have the number of emails I do, though for a larger organization it makes sense. I'm afraid I couldn't comment on the use of client overrides, but someone else may be able to provide advice.
-
i'm so happy that you came up with a version i can play on.
and look its workin. pretty fine.if someone digs into it a cool thing would be a email
and a weekly report send by cron
vpn-client | date | time-in | time-out | client-vpn-ip | client foreign ip | duration connection (hours) | received (MB) | send (MB) |mybe a nice project.
so a weekly report of VPN-clients "timesheets" could be generatedbut maybe all things niceToHave on a firewall ;)
writtin this post
i am thinking to write the informations vom disconnect.sh into a txt file and send it via cron to
another machine doing the formating and generating a sweet pdf. (this could be fun i think )#stayHealthy
