Establishing an OpenVPN connection from a Perl script

Hi,
I'm attempting to script an OpenVPN client connection from within a perl script.
That same perl script, needs to wait (fork and wait?), until the connection is established fully, and then continue the script (talking over the vpn).
After it's done, it will kill the fork, or leave the fork alive, and kill the parent.

I'm trying to figure out the best way to go about this; I'll try to outline the flow as simply as I can...

1. start of perl script...
2. execute some stuff, script determines it needs to talk to a server over the vpn
3. perl dials a vpn connection, either by forking or however method is best
4. child, or other method, signals the main script to continue, as the connection has been established (having it's own IP, and gateway ip, settings and such)
5. main script (parent), continues execution, does some talking over the connection, etc.
6. main script decides by means of conditional if the vpn connection should be left open, and allow the main script to exit; otherwise kill the connection and exit

I've started with this simple bash connect script, and just sleep()'ing for 180 seconds in the main script, after forking off a child which executes the bash script. - Of course, this is not reliable in any way; and I can't really get the connection details back to the main script. (I have to do a few subnet tests, and get the results from a remote server.)

#!/bin/bash
 
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi
 
ca="/home/user/keys/ca.crt"
cert="/home/user/keys/user.crt"
key="/home/user/keys/user.key"
remote="x.x.x.x"
port="4430"
proto="tcp-client"
 
echo "Connecting to $remote:$port using $proto..."
 
openvpn \
--up "/bin/echo Yay up" \
--remote $remote \
--nobind \
--dev tun \
--proto $proto \
--port $port \
--up-restart \
--persist-key \
--persist-tun \
--management 127.0.0.1 1194 \
--management-query-passwords \
--route-noexec \
--client \
--ca $ca \
--cert $cert \
--key $key \
--script-security 2

Open in new window

mtchsAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Adam314Connect With a Mentor Commented:
Sounds like there are 2 ways to go:

steps 1 and 2 will be the same either way.

Option 1)
    Step 3: Start openvpn with the name of a second script
    Have the second script do steps 4, 5, and 6

Option 2)
    Step 3: Start openvpn as a daemon
    wait until complete
    have script do steps 4, 5, and 6



I think either will work.  Option 1 will probably be easier to implement, but you end up with 2 scripts.  For the "wait until complete" part, if the vpn program does not give you a way to check it's status, you could probably ping one of the IPs in the VPN.  when you get a reply, the connection is complete.
0
 
Adam314Commented:
I don't see any reason to fork.  From your description, it sounds like you should be able to do everything in one process.

For steps 3 and 4.... I'm assuming the openvpn command creates the vpn connection.  Does it return only after the connection is complete, or does it return immediately?  If it returns immediately, how can you tell the connection is complete?

For step5, how do you communicate over the connection?  Do you just talk to IP addresses like normal, and the vpn handles it?
0
 
mtchsAuthor Commented:
Steps 3 and 4; openvpn does not exit from that command, unless you let it daemonize.

That's exactly what I'm trying to figure out; it either locks up the script (doesn't return) or it daemonizes. You can have it call a script after the connection is started up that's what the --up parameter does.


Step 5; it's just regular ip communication it's just basic linux routing table stuff.
0
 
mtchsAuthor Commented:
That's what I already came up with. I was hoping to see a better way to do this.
I resorted to just using a two script solution, the second one handling both the dial, and the what-to-do with the vpn once it's open. Based on the first parameter passed to the script.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.