Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
OENVPN / Issue with external script "could not execute external program"
« previous
next »
Print
Pages: [
1
]
2
Author
Topic: OENVPN / Issue with external script "could not execute external program" (Read 4035 times)
sator
Newbie
Posts: 15
Karma: 0
OENVPN / Issue with external script "could not execute external program"
«
on:
March 22, 2022, 04:38:36 pm »
Hello Everyone,
I'm facing to a problem, I tried to add scripts on the openvpn sections , Servers ->
Advanced configuration
I added 2 lines:
client-connect /root/openvpn-telegram.sh
client-disconnect /root/openvpn-telegram.sh
I chmod +x and chmod 755 the file, however, I have everytime the error:
WARNING: Failed running command (--client-connect): could not execute external program
the configuration show the security level at 3 which normaly means that I can execute externals scripts
root@firewall:/var/etc/openvpn # more server1.conf
dev ovpns1
verb 3
dev-type tun
dev-node /dev/tun1
writepid /var/run/openvpn_server1.pid
script-security 3 <<<
I tried to change it to 2 but, after saving, it become "3"
-rwxr-xr-x 1 root wheel 759 Mar 16 08:50 openvpn-telegram.sh*
thank you
Logged
Patrick M. Hausen
Hero Member
Posts: 6885
Karma: 578
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #1 on:
March 22, 2022, 06:49:45 pm »
What's the first line of your script(s)?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
sator
Newbie
Posts: 15
Karma: 0
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #2 on:
March 23, 2022, 08:16:42 am »
it begins with:
#!/bin/sh
thank you
Logged
sator
Newbie
Posts: 15
Karma: 0
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #3 on:
March 23, 2022, 08:52:46 am »
You are a genius !!!
when I hade a closer look, I saw that there was an empty line just before
I removed it, and it's working now
THANK YOU very much !!
Logged
sator
Newbie
Posts: 15
Karma: 0
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #4 on:
March 23, 2022, 07:06:21 pm »
New thing is happened now
the script is working very well, however, the client override parameters are not working ...
if I remove the script, they work again
very strange, I can't find from where it took the parameters, what I know, that it's not using the static ip which are configured on override ip
example on normal condition: ip client 1: 10.99.99.2, ip client 2 10.99.99.4, ip client 3 10.99.99.99
when I put the script
ip client 1: 10.99.99.6, ip client 2 10.99.99.10, ip client 3 10.99.99.14
thank you
Logged
sator
Newbie
Posts: 15
Karma: 0
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #5 on:
March 25, 2022, 03:01:02 pm »
Logged
sator
Newbie
Posts: 15
Karma: 0
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #6 on:
March 26, 2022, 01:56:34 pm »
I found something that may be the problem
on the server configuration file, I already have an client-connect
Quote
client-connect "/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php server1"
so how to add the secondary script with ?
thank you
Logged
sator
Newbie
Posts: 15
Karma: 0
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #7 on:
March 30, 2022, 10:42:53 pm »
does anyone know which file create /var/etc/openvpn/server1.conf. ?
each time I modify it, after the reload of openvpn, it remain the same (no change saved)
thank you
Logged
sator
Newbie
Posts: 15
Karma: 0
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #8 on:
March 31, 2022, 06:28:33 pm »
I found the file which create the file
it's /usr/local/etc/inc/plugins.inc.d/openvpn.inc
now I would like to understand how to run 2 scripts together
line 527
$conf .= "client-connect \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id}\"\n";
I tried something like that, but it's not working
$conf .= "client-connect \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id}";"/root/openvpn-telegram.sh\"\n";
any help please
Logged
sator
Newbie
Posts: 15
Karma: 0
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #9 on:
April 01, 2022, 01:51:02 am »
I tried
$conf .= "client-connect \'/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id}' && '/root/openvpn-telegram.sh'\ \n";
$conf .= "client-connect \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id}\" &&" /root/openvpn-telegram.sh" \n";
$conf .= "client-connect \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id}\" ;" /root/openvpn-telegram.sh" \n";
$conf .= "client-connect \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id} ; /root/openvpn-telegram.sh"\" \n";
$conf .= "client-connect \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id}" ; "/root/openvpn-telegram.sh"\" \n";
$conf .= "client-connect \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id} && /root/openvpn-telegram.sh\" \n";
$conf .= "client-connect \"/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php {$mode_id} ; /root/openvpn-telegram.sh\" \n";
no way ....
I feel like alone
Logged
PerpetualNewbie
Newbie
Posts: 30
Karma: 8
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #10 on:
April 01, 2022, 07:17:14 am »
If you have need to "run many scripts when vpn link comes up" the conventional method for this when only one script can be called is to make your own script which loads all of the passed variables/options passed to it, and then that one scripts calls all of the other scripts you want to call with the same args and options they need.
This is a variation on something called a "wrapper script" often used for debugging.
This can also apply to when a "script" would need to have the client visit multiple URL with args/options:
You can make a web service that accepts all of the required args/options and then that web service can call the other web services as needed.
Be careful with such scripts, as scripts are often brittle, relying on many other parts which when changed can break the script.
It does not sound like it, but if your interest is in making a dynamic configuration and have that configuration load other configuration files, then check out the openvpn configuration item "config" which is like an "include this file here, now" directive, and can appear multiple times in the same config, pulling in fragments of other configs.
My real reason in wanting to reply to this is the error message like "could not execute external program" can also appear when openvpn is configured with more strict security using the openvpn option "script-security" with value of 0 and sometimes 1. These settings for this option can break the calling of external programs.
I hope some part of this helps you find an answer that helps you solve your own problem.
If I cover details that you already know, I'm sorry: I write this response for you and anyone else that might read this in a public forum. I am unable to estimate the skills of everyone.
Thanks, and good luck!
«
Last Edit: April 01, 2022, 07:28:09 am by PerpetualNewbie
»
Logged
sator
Newbie
Posts: 15
Karma: 0
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #11 on:
April 04, 2022, 07:36:59 pm »
hello,
thank you very much for you update
I already tried to make a script to run my both scripts, but no luck
I modified like this:
$conf .= "client-connect /root/client-conn.sh \n";
and inside client-conn.sh
#/bin/sh
/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php server1
#the start of the second script
MYDATE=$(/bin/date +'%Y/%m/%d %H:%M:%S')
if [ "$script_type" = "client-connect" ]; then
Logged
PerpetualNewbie
Newbie
Posts: 30
Karma: 8
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #12 on:
April 04, 2022, 11:09:53 pm »
I do not see your script handling any arguments passed to it, then passing those arguments to each of the scripts it is calling.
Next, I do not see any PATH setting and export in your script. It is often a good idea for these kinds of scripts to set a PATH environmental variable and export it.
PATH isn't needed if you use the absolute path to each binary and confirm they don't change with upgrades.
Next, you should consider some debugging like adding:
date >> /tmp/client-conenct-script-called 2>&1
so that when it is actually run, if the date command can be found in your PATH or a full path to the date command is used, the STDOUT and STDERR are both dumped to the test temp file /tmp/client-conenct-script-called
All of these to see if your script is even being called.
Another point of debugging?
Try adding:
set > /tmp/lient-conenct-script-set_env.`date '+%s'`
maybe you can see what environmental variables actually in memory when your script is called before taking actions to act on variable that may or may not be in memory.
From the above, you should be able to gather enough debugging information to alter your script after you confirm it is being called.
Logged
sator
Newbie
Posts: 15
Karma: 0
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #13 on:
April 09, 2022, 03:49:14 am »
hello,
and thank you very much for your help
I tried to search how to do it, but can't, seems a litle hard
I thought that we just have to run the script from the location where it is
thank you again
Logged
PerpetualNewbie
Newbie
Posts: 30
Karma: 8
Re: OENVPN / Issue with external script "could not execute external program"
«
Reply #14 on:
April 09, 2022, 06:22:38 pm »
Here is an example. Review what is done here before you use it. Try to understand it.
New file:
/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso_wrapper.sh
=8<=============cut below here===============
#!/bin/sh
#
# Wrapper script example to call original and "my" scripts, too:
# Some variables to maybe use later:
myARGV="$@"
myScriptName="$0"
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin"
export PATH
myScriptBaseN=`basename "${myScriptName}" | tr -d '[[:space:]]'`
myPID="$$"
myTick=`date '+%s'`
myTmpFile=`mktemp /tmp/${myScriptBaseN}.${myTick}.${myPID}.XXXXXXXXXXXXXXX`
echo "Starting wrapper script: " >> ${myTmpFile}
date >> ${myTmpFile}
# Do you want to see the environment you are provided when called?
# Uncomment these and review the logged tmp file after this script is called:
#echo "BEGIN:My local environment when called:"
#set >> ${myTmpFile}
#echo "END:My local environment when called."
# Now, order doesn't really matter to me, but may matter to you. Call your scripts before the default or after?
# Here is an example default script to call based on what you showed before:
echo "Calling 'ovpn_setup_cso.php' with args passed: '${myARGV}'" >> ${myTmpFile}
/usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso.php $myARGV >> ${myTmpFile} 2>&1
myES1="$?"
date >> ${myTmpFile}
echo "Call to ovpn_setup_cso.php' resulted in exit status of '${myES1}'" >> ${myTmpFile}
echo "An exit status of zero '0' implies no errors encountered." >> ${myTmpFile}
echo "Non-zero implies error encountered." >> ${myTmpFile}
# Now maybe you have scripts to call
date >> ${myTmpFile}
echo "Now calling YOUR_SCRIPT_NAME" >> ${myTmpFile}
/path/to/your/script $myARGV >> ${myTmpFile} 2>&1
myES2="$?"
date >> ${myTmpFile}
echo "Call to YOUR SCRIPT' resulted in exit status of '${myES2}'" >> ${myTmpFile}
echo "An exit status of zero '0' implies no errors encountered." >> ${myTmpFile}
echo "Non-zero implies error encountered." >> ${myTmpFile}
# Repeat as needed
# Your choice on how to exit. You could save the exist status of the original script
# and exit with that value here, or always exist with happy exit status:
#exit $myES1
exit 0
=8<=============cut above here===============
chmod 755 /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso_wrapper.sh
chown SOMEUSER:SOMEGROUP /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso_wrapper.sh
(
The chown needs to be a user or group or both which the service calling the wrapper script would have access. or example, if openvpn is running as user "openvpn" group "openvpn" which is not a member of any other group, then the "chown" command can be to have the user and/or the group be the owner. Example:
chown openvpn:openvpn /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn_setup_cso_wrapper.sh
)
Once you understand the script and alter it, call the script to see if you introduced any errors, or failed to address addition of content for your customizations and look for errors.
Check out the resulting file it creates, each time it is called:
ls -lt /tmp/YourScriptBaseName* | head
choose one and review it.
Writing scripts can help you automate steps and diagnose bugs. Even if you do not use this, it could help you to understand what is being done, and then adapt it as needed for other purposes.
You will notice it is a bit verbose with what it logs, and logs to a new file each call. This is meant for debugging. In the final form, you would likely want to have your script send its logged output to systlog (see command "logger" man page instead of directing all output to a temp file)
This script is for illustrating a ways to use a wrapper script which can be be called instead of the "real" (original) and then call the original as well as do other work to try to debug issues, or overload the calling of other scripts with the calling of one script. I take no responsibility in how you use it.
Good luckl
«
Last Edit: April 09, 2022, 06:34:52 pm by PerpetualNewbie
»
Logged
Print
Pages: [
1
]
2
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
OENVPN / Issue with external script "could not execute external program"