OpenVPN --up script - "could not execute external program"

After a few days on Google, I'm not able to find the right answer to my question. After reading a lot of scripting possibilities, then OpenVPN is up.

I have a client running Debian 7.8, with OpenVPN 2.2.1 x86_64-linux-gnu.

The connection is working great, and everything is fine. But - I need to mount some NFS-drives then the connection is initiated ("up" - I guess).

But - then I'm trying to start a script, I'm running into this error:

 Tue Jun 23 10:44:55 2015 /usr/share/openvpn/script-to-start.sh tun0 1500 1542 192.168.2.6 192.168.2.5 init
 Tue Jun 23 10:44:55 2015 WARNING: Failed running command (--up/--down): could not execute external program
 Tue Jun 23 10:44:55 2015 Exiting

I have added the settings in the config-file:

script-security 2
up /usr/share/openvpn/script-to-start.sh
down /usr/share/openvpn/script-to-stop.sh

See the full settings file here.

The script I'm trying to run (just for testing right now) is:

#/bin/bash

grep vpn /var/log/syslog > /home/USERNAME/test.txt

clear
echo "Good morning, world."

(Update 2017: - The "!" mark is missing in the #/bin/bash-line. Don't copy/paste above line, cause it was the problem)

I have tested with "#!/bin/sh" as well, just to be sure. After all, i tested the permissions and ownership:

As you can see, I have added "script-security 2" before the "up" and "down" commands. OpenVPN is running as root, and started by a init.d script, but even if I'm trying to run it with the full command, I get the same error.

Se the example below (with and without sudo):

sudo openvpn --remote SERVERDOMAIN --dev tun1 --ifconfig 192.168.2.2 192.168.2.1 --tls-client --ca /etc/openvpn/easy-rsa/keys/ca.crt --cert /etc/openvpn/easy-rsa/keys/TITLE.crt --key /etc/openvpn/easy-rsa/keys/TITLE.key --reneg-sec 60 --verb 5 --script-security 2 --up /usr/share/openvpn/script-to-start.sh

If I'm running the damn small script by myself, with both SU and Sudo, everything is going smooth without any issues.

The point is that I need to run this command, to mount a few NFS-drives, but right now I'm locked down. So I need some help here - I did try on a Danish forum with no luck.

sudo mount 192.168.2.1:/media/usb1/sync /home/USERNAME/sync

The online manuels is not that helpful - and now I need your help.

Using the system method shouldn’t be necessary. But checking whether the script is executable for the user is definitely worth a shot.

From here, all this stuff is correct. In this case, i just forgot the "!", and after copy/pasting the same code and a source with the same error, i did ran into the same issues every time. That's just stupid. Thanks for your help anyway. That's all useful information.

+1 for mentioning permissions. Ran into the same issue where group permissions were preventing script execution.

Related to using full binary paths, you can set PATH environment for OpenVPN with setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin (or add any directories you want in PATH) and then you don't need to change grep to /bin/grep.