OpenVPN on pfsense 2.4 no longer run script on link-up

Hakon74

Hello.

I have been using Privat Internet Access advanced port forwarding following the guide linked below (thanx to AccountIsTaken)
https://forum.pfsense.org/index.php?topic=71725.msg729466#msg729466

On pfsense 2.3 i executed the script by adding the following to the /etc/devd.conf

notify 0 {
        match "system"          "IFNET";
        match "subsystem"       "(ovpnc5)";
        match "type"            "LINK_UP";
        action "/usr/local/bin/piaport/DelugePort_2.sh";
};

This no longer works on pfsense 2.4

I have also tride adding the belowe lines to OpenVPN -> Advanced Configuration -> Custom options

route-up /usr/local/bin/piaport/DelugePort_2.sh

is there any way to make this work on pfsense 2.4?

jimp

What happens if you try to run that script by hand?

Hakon74

Hello.
Running the script from ssh console works 100%

jimp

It's possible the script takes some shortcuts like not specifying full paths to programs, so it may work from the shell but not when launched from other subsystems.

You may have to contact the author of the script and ask them for an updated version for pfSense 2.4.

Hakon74

Hi.

I found what is causing the problem.

the script below only works from ssh:

#!/bin/sh
CONFFILE=/cf/conf/config.xml
TMP_CONFFILE=/tmp/config.dp2

#Interface name of vpn connection
INTERFACE='ovpnc5'

#Delay for 5 seconds to ensure vpn is up
sleep 5

#Generate a client ID.
CLIENT_ID=`head -n 100 /dev/urandom | sha256 | tr -d " -"`

#Get a forwarded port from PIA
PORT=`curl --interface $INTERFACE "http://209.222.18.222:2000/?client_id=$CLIENT_ID"`

#Cleanup port output
PORTNUM=`echo $PORT | grep -oE "[0-9]+"`

# Some error detection. If PORTNUM is not 5 characters, we know that
# an error has been returned. We log it to syslog, and exit.
if [ ${#PORTNUM} -ne 5 ]; then
	logger "Deluge-Port_2 - Error setting port"
	exit 0
fi

logger "Deluge-Port_2 - Port number acquired: $PORTNUM"

# Update the port forward rules in the config file.
xml ed -u '//alias[name="DelugePort_2"]/address' -v $PORTNUM $CONFFILE > $TMP_CONFFILE

# Put the config file in the correct location.
cp $TMP_CONFFILE $CONFFILE

# Force pfSense to re-read it's config
rm /tmp/config.cache

#Reload the filter
/etc/rc.filter_configure

logger "Deluge-Port_2 - New port number ($PORTNUM) inserted into config file."

This is the line where the problem is```
#Get a forwarded port from PIA
PORT=curl --interface $INTERFACE "http://209.222.18.222:2000/?client_id=$CLIENT_ID"

When removing```
--interface $INTERFACE
```from that line the VPN connects, and I can launch script from "OpenVPN -> Advanced Configuration -> Custom options"```
route-up /usr/local/bin/piaport/DelugePort_2.sh
```  but I get an error setting port.
I need to specify the correct interface to make this work.

Maybe some one knows of a workaround

kpa

At a guess the VPN interface is no longer called "ovpnc5" but something else and curl balks at a non-existent interface.

Hakon74

@kpa:

At a guess the VPN interface is no longer called "ovpnc5" but something else and curl balks at a non-existent interface.

Strange thing it does works from ssh.

jimp

That script is poorly written. It must specify full paths for all programs. For example, curl should be /usr/local/bin/curl and head should be /usr/bin/head

That is the most common reason a script would work when run by hand (from a full shell environment with a populated path) and not when executed from another daemon (with a bare or minimal environment)

Hakon74

Thank you jimp and kpa for taking time to reply to my post.

I think this script has to wait for the vpn to be up and running before it launches.

Anyway I have found the solution to launching the script correct over at https://forum.pfsense.org/index.php?topic=71725.msg756541#msg756541