How do I curl though an OpenVPN interface from a script.



  • How do I curl though an OpenVPN interface from a script? So far I can only get curl to go out through the WAN.





  • @Gertjan said in How do I curl though an OpenVPN interface from a script.:

    You want select the interface that curl uses ?
    If so, click.

    Thanks @Gertjan for the reply, unfortunately it doesn't seem to be working. Here is the output from my tests:

    --------------------------------------------------------------------------------
    OpenVPN interface info - Tested/Working 
    --------------------------------------------------------------------------------
    
    # ifconfig ovpnc1
    ovpnc1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
            options=80000<LINKSTATE>
            inet6 fe80::228:1aff:fee0:1004%ovpnc1 prefixlen 64 scopeid 0x27
            inet 10.26.10.6 --> 10.26.10.5 netmask 0xffffffff
            nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
            groups: tun openvpn
            Opened by PID 63812
    
    -------------------------------------------------------------------------------
    Working with no interface parameter 
    and 
    When WAN interface explicitly specified.
    -------------------------------------------------------------------------------
    # curl  http://ifconfig.me
    99.254.xxx.xxx
    
    # curl --interface em0 http://ifconfig.me
    99.254.xxx.xxx
    
    -------------------------------------------------------------------------------
    Does not work when OpenVPN interface explicitly specified
    ^C = Process hangs and ^C used to Kill after 30 seconds - 1 minute
    -------------------------------------------------------------------------------
    
    # curl --interface ovpnc1 http://ifconfig.me
    ^C
    
    # curl --interface 10.26.10.6 http://ifconfig.me
    ^C
    
    # curl --interface 10.26.10.5 http://ifconfig.me
    curl: (45) bind failed with errno 49: Can't assign requested address
    -------------------------------------------------------------------------------
    Verbose test 
    -Ping shows IP address of ifconfig.me successfully resolved
    -------------------------------------------------------------------------------
    # ping ifconfig.me
    PING ifconfig.me (216.239.32.21): 56 data bytes
    64 bytes from 216.239.32.21: icmp_seq=0 ttl=56 time=9.799 ms
    ^C
    # curl -v --interface ovpnc1 http://ifconfig.me
    * Expire in 0 ms for 6 (transfer 0x803a94000)
    * Expire in 1 ms for 1 (transfer 0x803a94000)
    * Expire in 0 ms for 1 (transfer 0x803a94000)
    ------------------------------------------------Many similar lines removed
    * Expire in 200 ms for 1 (transfer 0x803a94000)
    * Expire in 200 ms for 1 (transfer 0x803a94000)
    *   Trying 216.239.32.21...
    * TCP_NODELAY set
    * Local Interface ovpnc1 is ip 10.26.10.6 using address family 2
    * Local port: 0
    * Expire in 149659 ms for 3 (transfer 0x803a94000)
    * Expire in 200 ms for 4 (transfer 0x803a94000)
    ^C
    


  • @guardian Can anyon offer any suggestions as to why curl won't route through the VPN interface? I checked out the ideas in the links reference, but as can be seen by my tests, it didn't work.

    Are there any firewall rules that need to be changed?



  • @guardian said in How do I curl though an OpenVPN interface from a script.:

    Are there any firewall rules that need to be changed?

    Not the default ones.
    Did you create ones yourself ? In that case, maybe. Can't tell.

    Something like

    curl --interface ovpnc1 http://ifconfig.me
    

    will use port 80 by default (to be checked) and is using TCP.
    That's is exactly what a browsers uses.



  • @Gertjan said in How do I curl though an OpenVPN interface from a script.:

    curl --interface ovpnc1 http://ifconfig.me

    @Gertjan thanks for the reply -- that is exactly what I tried, but for some reason it doesn't work... the command just hangs. Any idea how to troubleshoot?



  • @Gertjan said in How do I curl though an OpenVPN interface from a script.:

    You want select the interface that curl uses ?
    If so, click.

    I checked this out... the test results are posted above.

    Any other ideas on possible steps to take to break down/troubleshoot what is going on wpi;d be very much appreciated.



  • I put this on the back burner because I'm stuck, but I'm still looking for a solution. Any assistance would be much appreciated.



  • Use curl like this :

    curl -v --interface em3 https://www.test-domaine.fr/phpinfo.php
    

    where --interface is the interface name , em3 in my case. To be replaced by 'ovpnc1 ' if that's your OpenVPN client interface name.

    You wind up having a lot of details - as the -v option means

    curl --help | grep 'verbose'
         --trace-time    Add time stamps to trace/verbose output
     -v, --verbose       Make the operation more talkative
    


  • @Gertjan Thanks for the reply... I'm wondering if the issue is a routing problem.

    Note that the system is working as intended, I have 2 VLANs that use policy routing to send all traffic out the VPN.

    All other VPNs go directly out the WAN directly. The VPNs function normally, the gateway pinger works fine. What confuses me is that there are no rules in the interface tab and I get this messge in the system log

    Jun 19 03:44:56 --------- php-fpm[78492]: /rc.start_packages: GATEWAYS: Group -------- did not have any gateways up on tier 1!
    

    This is nothing new, I've been getting this message for years!), but everything works except that I can't curl over the VPN. I assume the reason why I don't need any rules on gateway interface is that those rules must be for unsolicited (no open connection) incomming connections from the VPN.

    Here is my output from the tests:

    Test run on WAN Interface

    curl -v --interface em0 http://wttr.in
    *   Trying 5.9.243.187:80...
    * TCP_NODELAY set
    * Local Interface em0 is ip xxx.xxx.xxx.xxx using address family 2
    * Local port: 0
    * Connected to wttr.in (5.9.243.187) port 80 (#0)
    > GET / HTTP/1.1
    > Host: wttr.in
    > User-Agent: curl/7.67.0
    > Accept: */*
    > 
    * Mark bundle as not supporting multiuse
    < HTTP/1.1 200 OK
    < Server: nginx/1.10.3
    < Date: Fri, 19 Jun 2020 06:25:15 GMT
    < Content-Type: text/plain; charset=utf-8
    < Content-Length: 8940
    < Connection: keep-alive
    < Access-Control-Allow-Origin: *
    < 
    Weather report: ... Output as expected
    

    Test run on ovpnc1

    curl -v --interface ovpnc1 http://wttr.in
    *   Trying 5.9.243.187:80...
    * TCP_NODELAY set
    * Local Interface ovpnc1 is ip 10.28.10.10 using address family 2
    * Local port: 0
    * connect to 5.9.243.187 port 80 failed: Operation timed out
    * Failed to connect to wttr.in port 80: Operation timed out
    * Closing connection 0
    curl: (28) Failed to connect to wttr.in port 80: Operation timed out
    

    Any suggestions are much appreciated.


Log in to reply