Linux – OpenVPN –up script – “could not execute external program”

debianlinuxopenvpnscriptvpn

After a few days on Google, I'm not able to find the right answer to my question. After reading a lot of scripting possibilities, then OpenVPN is up.

I have a client running Debian 7.8, with OpenVPN 2.2.1 x86_64-linux-gnu.

The connection is working great, and everything is fine. But – I need to mount some NFS-drives then the connection is initiated ("up" – I guess).

But – then I'm trying to start a script, I'm running into this error:

 Tue Jun 23 10:44:55 2015 /usr/share/openvpn/script-to-start.sh tun0 1500 1542 192.168.2.6 192.168.2.5 init
 Tue Jun 23 10:44:55 2015 WARNING: Failed running command (--up/--down): could not execute external program
 Tue Jun 23 10:44:55 2015 Exiting

I have added the settings in the config-file:

script-security 2
up /usr/share/openvpn/script-to-start.sh
down /usr/share/openvpn/script-to-stop.sh

See the full settings file here.

The script I'm trying to run (just for testing right now) is:

#/bin/bash

grep vpn /var/log/syslog > /home/USERNAME/test.txt

clear
echo "Good morning, world."

(Update 2017: – The "!" mark is missing in the #/bin/bash-line. Don't copy/paste above line, cause it was the problem)

I have tested with "#!/bin/sh" as well, just to be sure. After all, i tested the permissions and ownership:

Permissions

As you can see, I have added "script-security 2" before the "up" and "down" commands. OpenVPN is running as root, and started by a init.d script, but even if I'm trying to run it with the full command, I get the same error.

Se the example below (with and without sudo):

sudo openvpn --remote SERVERDOMAIN --dev tun1 --ifconfig 192.168.2.2 192.168.2.1 --tls-client --ca /etc/openvpn/easy-rsa/keys/ca.crt --cert /etc/openvpn/easy-rsa/keys/TITLE.crt --key /etc/openvpn/easy-rsa/keys/TITLE.key --reneg-sec 60 --verb 5 --script-security 2 --up /usr/share/openvpn/script-to-start.sh

If I'm running the damn small script by myself, with both SU and Sudo, everything is going smooth without any issues.

The point is that I need to run this command, to mount a few NFS-drives, but right now I'm locked down. So I need some help here – I did try on a Danish forum with no luck.

sudo mount 192.168.2.1:/media/usb1/sync /home/USERNAME/sync

The online manuels is not that helpful – and now I need your help.

Best Answer

I ran into the same issue, luckily I found a solution.

Here are things I checked:

  1. permission of folder
  2. permission of openvpn to access script
  3. the script must list the full path of any commands used (ex. grep should be /bin/grep; you can find the full path by typing which in front of your command)
  4. use script-security 2 system instead
Related Question