OpenVPN on pfsense 2.4 no longer run script on link-up
-
Hello.
I have been using Privat Internet Access advanced port forwarding following the guide linked below (thanx to AccountIsTaken)
https://forum.pfsense.org/index.php?topic=71725.msg729466#msg729466On pfsense 2.3 i executed the script by adding the following to the /etc/devd.conf
notify 0 { match "system" "IFNET"; match "subsystem" "(ovpnc5)"; match "type" "LINK_UP"; action "/usr/local/bin/piaport/DelugePort_2.sh"; };
This no longer works on pfsense 2.4
I have also tride adding the belowe lines to OpenVPN -> Advanced Configuration -> Custom options
route-up /usr/local/bin/piaport/DelugePort_2.sh
is there any way to make this work on pfsense 2.4?
-
What happens if you try to run that script by hand?
-
Hello.
Running the script from ssh console works 100% -
It's possible the script takes some shortcuts like not specifying full paths to programs, so it may work from the shell but not when launched from other subsystems.
You may have to contact the author of the script and ask them for an updated version for pfSense 2.4.
-
Hi.
I found what is causing the problem.
the script below only works from ssh:
#!/bin/sh CONFFILE=/cf/conf/config.xml TMP_CONFFILE=/tmp/config.dp2 #Interface name of vpn connection INTERFACE='ovpnc5' #Delay for 5 seconds to ensure vpn is up sleep 5 #Generate a client ID. CLIENT_ID=`head -n 100 /dev/urandom | sha256 | tr -d " -"` #Get a forwarded port from PIA PORT=`curl --interface $INTERFACE "http://209.222.18.222:2000/?client_id=$CLIENT_ID"` #Cleanup port output PORTNUM=`echo $PORT | grep -oE "[0-9]+"` # Some error detection. If PORTNUM is not 5 characters, we know that # an error has been returned. We log it to syslog, and exit. if [ ${#PORTNUM} -ne 5 ]; then logger "Deluge-Port_2 - Error setting port" exit 0 fi logger "Deluge-Port_2 - Port number acquired: $PORTNUM" # Update the port forward rules in the config file. xml ed -u '//alias[name="DelugePort_2"]/address' -v $PORTNUM $CONFFILE > $TMP_CONFFILE # Put the config file in the correct location. cp $TMP_CONFFILE $CONFFILE # Force pfSense to re-read it's config rm /tmp/config.cache #Reload the filter /etc/rc.filter_configure logger "Deluge-Port_2 - New port number ($PORTNUM) inserted into config file."
This is the line where the problem is```
#Get a forwarded port from PIA
PORT=curl --interface $INTERFACE "http://209.222.18.222:2000/?client_id=$CLIENT_ID"
When removing``` --interface $INTERFACE ```from that line the VPN connects, and I can launch script from "OpenVPN -> Advanced Configuration -> Custom options"``` route-up /usr/local/bin/piaport/DelugePort_2.sh ``` but I get an error setting port. I need to specify the correct interface to make this work. Maybe some one knows of a workaround
-
At a guess the VPN interface is no longer called "ovpnc5" but something else and curl balks at a non-existent interface.
-
@kpa:
At a guess the VPN interface is no longer called "ovpnc5" but something else and curl balks at a non-existent interface.
Strange thing it does works from ssh.
-
That script is poorly written. It must specify full paths for all programs. For example, curl should be /usr/local/bin/curl and head should be /usr/bin/head
That is the most common reason a script would work when run by hand (from a full shell environment with a populated path) and not when executed from another daemon (with a bare or minimal environment)
-
Thank you jimp and kpa for taking time to reply to my post.
I think this script has to wait for the vpn to be up and running before it launches.
Anyway I have found the solution to launching the script correct over at https://forum.pfsense.org/index.php?topic=71725.msg756541#msg756541