In the RUTX11 with the most recent firmware, there is /etc/openvpn.user which contains the following:
#!/bin/sh
#
# This file is interpreted as shell script.
# Put your custom openvpn action here, they will
# be executed with each opevnp event.
#
# $ACTION
# <down> down action is generated after the TUN/TAP device is closed
# <up> up action is generated after the TUN/TAP device is opened
# $INSTANCE Name of the openvpn instance which went up or down
I have configured openvpn to execute scripts on “up” and “down” before, but I don’t understand how this is implemented here. Could someone explain what this is telling me? Does it mean, if I want to execute a command when any openvpn interface comes up, I should do something like this:
I’m replying to my own post, although I still don’t have an answer.
I have verified that /etc/openvpn/updown.sh is indeed executed when the openvpn link is brought up or down. But I am unable to see that /etc/openvpn.user is executed at all. In theory, it is called by /etc/hotplug.d/openvpn/01-user, but I don’t think this script is triggered when the vpn changes state. I have added echo $(env) > /test.txt to the top of the script but this never gets evaluated.
I have been trying to learn about hotplug and procd. I tried to parse through /etc/init.d/openvpn but I can’t sort out how it triggers procd to execute the hotplug script. Indeed, it seems like maybe it doesn’t.
Of course I can embed my user-space code in updown.sh but it’s clearly not what’s intended. Anyone’s thoughts are welcome.
I’ve edited /etc/openvpn/updown.sh and put my firewall additions and deletions there, which are applied when the link comes up and goes down respectively. I’ve tested it and so far it seems to work, although there’s an oddity in which, if I press the “connect/disconnect” button in luci openvpn page too rapidly to toggle the connection, it will fail to fully execute the removal of the rules. Something to look out for.