?
Solved

Establishing an OpenVPN connection from a Perl script

Posted on 2009-05-14
4
Medium Priority
?
1,276 Views
Last Modified: 2012-05-07
Hi,
I'm attempting to script an OpenVPN client connection from within a perl script.
That same perl script, needs to wait (fork and wait?), until the connection is established fully, and then continue the script (talking over the vpn).
After it's done, it will kill the fork, or leave the fork alive, and kill the parent.

I'm trying to figure out the best way to go about this; I'll try to outline the flow as simply as I can...

1. start of perl script...
2. execute some stuff, script determines it needs to talk to a server over the vpn
3. perl dials a vpn connection, either by forking or however method is best
4. child, or other method, signals the main script to continue, as the connection has been established (having it's own IP, and gateway ip, settings and such)
5. main script (parent), continues execution, does some talking over the connection, etc.
6. main script decides by means of conditional if the vpn connection should be left open, and allow the main script to exit; otherwise kill the connection and exit

I've started with this simple bash connect script, and just sleep()'ing for 180 seconds in the main script, after forking off a child which executes the bash script. - Of course, this is not reliable in any way; and I can't really get the connection details back to the main script. (I have to do a few subnet tests, and get the results from a remote server.)

#!/bin/bash
 
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi
 
ca="/home/user/keys/ca.crt"
cert="/home/user/keys/user.crt"
key="/home/user/keys/user.key"
remote="x.x.x.x"
port="4430"
proto="tcp-client"
 
echo "Connecting to $remote:$port using $proto..."
 
openvpn \
--up "/bin/echo Yay up" \
--remote $remote \
--nobind \
--dev tun \
--proto $proto \
--port $port \
--up-restart \
--persist-key \
--persist-tun \
--management 127.0.0.1 1194 \
--management-query-passwords \
--route-noexec \
--client \
--ca $ca \
--cert $cert \
--key $key \
--script-security 2

Open in new window

0
Comment
Question by:mtchs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 39

Expert Comment

by:Adam314
ID: 24399286
I don't see any reason to fork.  From your description, it sounds like you should be able to do everything in one process.

For steps 3 and 4.... I'm assuming the openvpn command creates the vpn connection.  Does it return only after the connection is complete, or does it return immediately?  If it returns immediately, how can you tell the connection is complete?

For step5, how do you communicate over the connection?  Do you just talk to IP addresses like normal, and the vpn handles it?
0
 

Author Comment

by:mtchs
ID: 24409489
Steps 3 and 4; openvpn does not exit from that command, unless you let it daemonize.

That's exactly what I'm trying to figure out; it either locks up the script (doesn't return) or it daemonizes. You can have it call a script after the connection is started up that's what the --up parameter does.


Step 5; it's just regular ip communication it's just basic linux routing table stuff.
0
 
LVL 39

Accepted Solution

by:
Adam314 earned 1500 total points
ID: 24416999
Sounds like there are 2 ways to go:

steps 1 and 2 will be the same either way.

Option 1)
    Step 3: Start openvpn with the name of a second script
    Have the second script do steps 4, 5, and 6

Option 2)
    Step 3: Start openvpn as a daemon
    wait until complete
    have script do steps 4, 5, and 6



I think either will work.  Option 1 will probably be easier to implement, but you end up with 2 scripts.  For the "wait until complete" part, if the vpn program does not give you a way to check it's status, you could probably ping one of the IPs in the VPN.  when you get a reply, the connection is complete.
0
 

Author Closing Comment

by:mtchs
ID: 31581724
That's what I already came up with. I was hoping to see a better way to do this.
I resorted to just using a two script solution, the second one handling both the dial, and the what-to-do with the vpn once it's open. Based on the first parameter passed to the script.
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question