On Sun, 18 Feb 2024 06:50:06 +0000, Peter Davis via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote:
>> SOLUTION >> >> Just to follow up on my question >> --------------------------------- >> I have done the following and it seems to work: >> >> /etc/openvpn/server/serverlocal.conf: >> >> #Add logging of client connect/disconnect events: >> script-security 2 >> client-connect /etc/openvpn/scripts/serverlocal-events.sh >> client-disconnect /etc/openvpn/scripts/serverlocal-events.sh >> >> /etc/openvpn/scripts/serverlocal-events.sh: >> >> #!/bin/bash >> # Executed on the server side for client connect and disconnect events. >> # Log file path >> LOG_FILE="/etc/openvpn/log/serverlocal-events.log" >> # Log timestamp >> LOG_TIMESTAMP=$(date "+%Y-%m-%d %H:%M:%S") >> # Log client connect or disconnect event with IP address >> if [ "$script_type" == "client-connect" ]; then >> echo "$LOG_TIMESTAMP - $common_name connected with IP $trusted_ip" >> >> >> "$LOG_FILE" >> elif [ "$script_type" == "client-disconnect" ]; then >> echo "$LOG_TIMESTAMP - $common_name disconnected with IP $trusted_ip" >> >> >> "$LOG_FILE" >> fi >> >> >> And when I test this with a connect - disconnect cycle this is what I get: >> >> 2024-02-16 11:34:26 - BosseUbu connected with IP 217.213.74.168 >> 2024-02-16 11:34:32 - BosseUbu disconnected with IP 217.213.74.168 >> >> So it seems to work as expected... >> >> >> -- >> Bo Berglund >> Developer in Sweden >> >> >> >> _______________________________________________ >> Openvpn-users mailing list >> Openvpn-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openvpn-users > >Hi, >Thank you so much for your great reply. >What should script permission be? I got the following error: > >--client-connect script fails with '/etc/openvpn/scripts/script.sh': >Permission denied (errno=13) This is what I have: /etc/openvpn/scripts$ ls -la -rwxr-xr-x 1 root root 567 2024-02-16 11:47 server-events.sh -rwxr-xr-x 1 root root 572 2024-02-16 11:34 serverlocal-events.sh Created as follows: cd /etc/openvpn/scripts sudo touch server-events.sh sudo chmod +x server-events.sh sudo nano server-events.sh (add the text for the script as shown above) Then copy the script to use for the other service: sudo cp server-events.sh serverlocal-events.sh sudo nano serverlocal-events.sh (modify the script LOG_FILE entry to fit the other openvpn service) And of course add the call for the script to the conf files for the services: #Add logging of client connect/disconnect events: script-security 2 # This MUST be set in order for the scripts to execute client-connect /etc/openvpn/scripts/server-events.sh client-disconnect /etc/openvpn/scripts/server-events.sh #Add logging of client connect/disconnect events: script-security 2 client-connect /etc/openvpn/scripts/serverlocal-events.sh client-disconnect /etc/openvpn/scripts/serverlocal-events.sh My two scripts differ only by the name of the log file so one could use only a single script provided that the call from the two conf files are modified to supply the log file name as a argument #1 like this (note that my newsreader inserts line breaks on long lines...: script-security 2 client-connect /etc/openvpn/scripts/server-events.sh "/etc/openvpn/log/server-events.log" client-disconnect /etc/openvpn/scripts/server-events.sh "/etc/openvpn/log/server-events.log" And then use this in the now single script to read the log file name from the call argument: LOG_FILE="$1" -- Bo Berglund Developer in Sweden _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
