Networking – Run Script Automatically on tun0 Interface Up/Down Events

ifconfiginterfaceinternetnetworking

I use VPN client to connect to my corporate servers. It creates tun0 interface after starting the client. I've written script which install specific routes point to tun0 interface and rest to use normal wifi connection. So that, only my office related traffic goes via VPN and rest are goes via home internet connection. How do I make the script to run automatically when tun0 interface up/down events ?.

Best Answer

I am not sure about tun0, but I think the script in /etc/network/if-up.d/ and /etc/network/if-down.d/ are invoked when an interface goes up or down, respectively.

Inside the script you can determine which interface is interested from the content of the variable IFACE.

To be sure, add a simple script to /etc/network/if-up.d/ which content is

#!/bin/sh
# filename: tun-up

if [ "$IFACE" = tun0 ]; then
  echo "tun0 up" >> /var/log/tun-up.log
fi

make it executable

sudo chmod +x /etc/network/if-up.d/tun-up

then see if the up events are recorded in /var/log/tun-up.log

Related Solutions

Ubuntu – how to setup split-dns for vpn with network-manager

To get the D-Bus controlled dnsmasq that NetworkManager runs to use different DNS servers, there are the following options (obviously adjust domains and IP addresses in the examples):

Add a file to /etc/NetworkManager/dnsmasq.d that sets the DNS server for the subnet you want: myvpn-server.conf could contain server=/myvpn.domain.com/10.8.4.9. This will always be respected by dnsmasq even when not connected to the VPN, in which case queries for these domains should time out. Disadvantage is that you need to specify the IP address statically, advantage is simplicity
Use D-Bus to talk directly to dnsmasq to tell it to update the servers using something like sudo dbus-send --system --print-reply --dest=org.freedesktop.NetworkManager.dnsmasq /uk/org/thekelleys/dnsmasq uk.org.thekelleys.SetDomainServers "array:string:192.168.0.1,/myvpn.domain.com/10.8.4.9". This could be scripted when the vpn connects. You'd need to look up existing DNS servers (the 192.168.0.1 in my example) over D-Bus or using nm-cli
Use D-Bus to talk to Network Manager itself and tell it to update the servers. Here's an example of doing this using Python which would require some work to include the current servers.

I'm using the first option and have only tried preliminary versions of the other two

Ubuntu – How to enable OpenVPN access to ONLY the internal LAN

It is possible to just access the internal resources without internet connection, i think this is actually the usual scenario for using OpenVPN. So if you followed some guide to setup OpenVPN server, there were also some steps that allowed forwarding clients traffic to the internet, you'll need to undo those steps. I think you should start with commenting this line in server.conf

push "redirect-gateway def1 bypass-dhcp"

Then pushing a DNS server for clients should be disabled by commenting out lines that look like

    push "dhcp-option DNS xxx.xxx.xxx.xxx

Ofcourse you'll need to reload OpenVpn conf after making the changes.

    sudo service openvpn reload

And then disabling packet forwarding out to the internet

    echo 0 > /proc/sys/net/ipv4/ip_forward

And to make disabling forwarding permanent you'll also have to edit

    /etc/sysctl.conf

commenting line

    net.ipv4.ip_forward=1

By now i think clients shouldn't anymore be able to access the internet through VPN.

Best Answer

Related Solutions

Ubuntu – how to setup split-dns for vpn with network-manager

Ubuntu – How to enable OpenVPN access to ONLY the internal LAN

Related Question