OpenVPN --up script - "could not execute external program"
Solution 1
I ran into the same issue, luckily I found a solution.
Here are things I checked:
- permission of folder
- permission of openvpn to access script
- the script must list the full path of any commands used (ex.
grep
should be/bin/grep
; you can find the full path by typingwhich
in front of your command) - use
script-security 2 system
instead
Solution 2
Just to make it clear: I forgot the "!" (exclamation mark). That's explain everything.
#!/bin/bash
Related videos on Youtube
exetico
Updated on September 18, 2022Comments
-
exetico over 1 year
After a few days on Google, I'm not able to find the right answer to my question. After reading a lot of scripting possibilities, then OpenVPN is up.
I have a client running Debian 7.8, with OpenVPN 2.2.1 x86_64-linux-gnu.
The connection is working great, and everything is fine. But - I need to mount some NFS-drives then the connection is initiated ("up" - I guess).
But - then I'm trying to start a script, I'm running into this error:
Tue Jun 23 10:44:55 2015 /usr/share/openvpn/script-to-start.sh tun0 1500 1542 192.168.2.6 192.168.2.5 init Tue Jun 23 10:44:55 2015 WARNING: Failed running command (--up/--down): could not execute external program Tue Jun 23 10:44:55 2015 Exiting
I have added the settings in the config-file:
script-security 2 up /usr/share/openvpn/script-to-start.sh down /usr/share/openvpn/script-to-stop.sh
See the full settings file here.
The script I'm trying to run (just for testing right now) is:
#/bin/bash grep vpn /var/log/syslog > /home/USERNAME/test.txt clear echo "Good morning, world."
(Update 2017: - The "!" mark is missing in the #/bin/bash-line. Don't copy/paste above line, cause it was the problem)
I have tested with "#!/bin/sh" as well, just to be sure. After all, i tested the permissions and ownership:
As you can see, I have added "script-security 2" before the "up" and "down" commands. OpenVPN is running as root, and started by a init.d script, but even if I'm trying to run it with the full command, I get the same error.
Se the example below (with and without sudo):
sudo openvpn --remote SERVERDOMAIN --dev tun1 --ifconfig 192.168.2.2 192.168.2.1 --tls-client --ca /etc/openvpn/easy-rsa/keys/ca.crt --cert /etc/openvpn/easy-rsa/keys/TITLE.crt --key /etc/openvpn/easy-rsa/keys/TITLE.key --reneg-sec 60 --verb 5 --script-security 2 --up /usr/share/openvpn/script-to-start.sh
If I'm running the damn small script by myself, with both SU and Sudo, everything is going smooth without any issues.
The point is that I need to run this command, to mount a few NFS-drives, but right now I'm locked down. So I need some help here - I did try on a Danish forum with no luck.
sudo mount 192.168.2.1:/media/usb1/sync /home/USERNAME/sync
The online manuels is not that helpful - and now I need your help.
-
Admin almost 9 yearsMaybe just a typo: note that
#/bin/bash
is just a comment, as it's missing the exclamation mark that changes it into a shebang:#!/bin/bash
-
Admin almost 9 yearsDamn... I just forgot the "!"... That's explain everything.
-
Admin almost 9 yearsHmmm, I think it does not explain everything, unless you forgot it in
#!/bin/sh
as well? Your simple test script should run with that, I think.
-
-
Daniel B almost 9 yearsUsing the
system
method shouldn’t be necessary. But checking whether the script is executable for the user is definitely worth a shot. -
exetico almost 9 yearsFrom here, all this stuff is correct. In this case, i just forgot the "!", and after copy/pasting the same code and a source with the same error, i did ran into the same issues every time. That's just stupid. Thanks for your help anyway. That's all useful information.
-
Justin Ethier over 4 years+1 for mentioning permissions. Ran into the same issue where group permissions were preventing script execution.
-
Lirt almost 4 yearsRelated to using full binary paths, you can set PATH environment for OpenVPN with
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
(or add any directories you want in PATH) and then you don't need to changegrep
to/bin/grep
.