OpenVPN on pfsense 2.4 no longer run script on link-up



  • Hello.

    I have been using Privat Internet Access advanced port forwarding following the guide linked below (thanx to AccountIsTaken)
    https://forum.pfsense.org/index.php?topic=71725.msg729466#msg729466

    On pfsense 2.3 i executed the script by adding the following to the /etc/devd.conf

    notify 0 {
            match "system"          "IFNET";
            match "subsystem"       "(ovpnc5)";
            match "type"            "LINK_UP";
            action "/usr/local/bin/piaport/DelugePort_2.sh";
    };
    

    This no longer works on pfsense 2.4

    I have also tride adding the belowe lines to OpenVPN -> Advanced Configuration -> Custom options

    route-up /usr/local/bin/piaport/DelugePort_2.sh
    

    is there any way to make this work on pfsense 2.4?


  • Rebel Alliance Developer Netgate

    What happens if you try to run that script by hand?



  • Hello.
    Running the script from ssh console works 100%


  • Rebel Alliance Developer Netgate

    It's possible the script takes some shortcuts like not specifying full paths to programs, so it may work from the shell but not when launched from other subsystems.

    You may have to contact the author of the script and ask them for an updated version for pfSense 2.4.



  • Hi.

    I found what is causing the problem.

    the script below only works from ssh:

    #!/bin/sh
    CONFFILE=/cf/conf/config.xml
    TMP_CONFFILE=/tmp/config.dp2
    
    #Interface name of vpn connection
    INTERFACE='ovpnc5'
    
    #Delay for 5 seconds to ensure vpn is up
    sleep 5
    
    #Generate a client ID.
    CLIENT_ID=`head -n 100 /dev/urandom | sha256 | tr -d " -"`
    
    #Get a forwarded port from PIA
    PORT=`curl --interface $INTERFACE "http://209.222.18.222:2000/?client_id=$CLIENT_ID"`
    
    #Cleanup port output
    PORTNUM=`echo $PORT | grep -oE "[0-9]+"`
    
    # Some error detection. If PORTNUM is not 5 characters, we know that
    # an error has been returned. We log it to syslog, and exit.
    if [ ${#PORTNUM} -ne 5 ]; then
    	logger "Deluge-Port_2 - Error setting port"
    	exit 0
    fi
    
    logger "Deluge-Port_2 - Port number acquired: $PORTNUM"
    
    # Update the port forward rules in the config file.
    xml ed -u '//alias[name="DelugePort_2"]/address' -v $PORTNUM $CONFFILE > $TMP_CONFFILE
    
    # Put the config file in the correct location.
    cp $TMP_CONFFILE $CONFFILE
    
    # Force pfSense to re-read it's config
    rm /tmp/config.cache
    
    #Reload the filter
    /etc/rc.filter_configure
    
    logger "Deluge-Port_2 - New port number ($PORTNUM) inserted into config file."
    

    This is the line where the problem is```
    #Get a forwarded port from PIA
    PORT=curl --interface $INTERFACE "http://209.222.18.222:2000/?client_id=$CLIENT_ID"

    
    When removing```
    --interface $INTERFACE
    ```from that line the VPN connects, and I can launch script from "OpenVPN -> Advanced Configuration -> Custom options"```
    route-up /usr/local/bin/piaport/DelugePort_2.sh
    ```  but I get an error setting port.
    I need to specify the correct interface to make this work.
    
    Maybe some one knows of a workaround


  • At a guess the VPN interface is no longer called "ovpnc5" but something else and curl balks at a non-existent interface.



  • @kpa:

    At a guess the VPN interface is no longer called "ovpnc5" but something else and curl balks at a non-existent interface.

    Strange thing it does works from ssh.


  • Rebel Alliance Developer Netgate

    That script is poorly written. It must specify full paths for all programs. For example, curl should be /usr/local/bin/curl and head should be /usr/bin/head

    That is the most common reason a script would work when run by hand (from a full shell environment with a populated path) and not when executed from another daemon (with a bare or minimal environment)



  • Thank you jimp and kpa for taking time to reply to my post.

    I think this script has to wait for the vpn to be up and running before it launches.

    Anyway I have found the solution to launching the script correct over at https://forum.pfsense.org/index.php?topic=71725.msg756541#msg756541


Log in to reply