Openvpn failing to send cURL request through user based script

0

I am trying to authenticate my OpenVPN clients (with a username and password) using a bash script. Here is part of my server side config:

client-to-client
username-as-common-name
client-cert-not-required
script-security 3
auth-user-pass-verify '/etc/openvpn/script/auth.sh' via-env

Here is my bash script:

#!/bin/bash
SECRET='mysecret'
RESPONSE=$(sudo /usr/bin/curl https://myvpn.com/somedir/auth.php -d"username=$1&password=$2&secret=$SECRET" --silent)
if [ "$RESPONSE" = "y" ]; then
    exit 0
else
    exit 1
fi

When I run it on the command line (./auth.sh) it runs fine and authenticates correctly. I have setup my php script on my webserver such that it generates a log everytime it is called, so I know if the request successfully reached. However, when OpenVPN calls the script, the curl request fails to send (authentication fails on client side). My guess is that for some reason OpenVPN doesn't have permission to use cURL? How do I give OpenVPN permission to use curl?

Note: I have tried putting exit 0 on top of my bash script, and it successfully authenticates the user and connects to the VPN.

RaghavJhavar

Posted 2019-12-29T14:37:15.257

Reputation: 1

Why are you calling sudo curl? You should be able to run curl as normal users, including the one ovpn is running as - this is likely why it fails. – djsmiley2k TMW – 2019-12-29T16:49:30.833

Answers

0

RESPONSE=$(sudo /usr/bin/curl https://myvpn.com/somedir/auth.php -d"username=$1&password=$2&secret=$SECRET" --silent)

Don't use sudo unless you specifically need to. I suspect the user running this script (openvpn user?) will have access to curl.

djsmiley2k TMW

Posted 2019-12-29T14:37:15.257

Reputation: 5 937

Asked: 2019-12-29T14:37:15.257

Viewed: 16 times

Active: 2019-12-29T18:30:12.323