[TUTORIAL] OpenVPN Connection/Disconnection Email Notifications

[Boy1979]

Hi,

i used some scripts to get an email if a client connect or disconnect from OpenVPN and so i would share my experience with you:

first of all you need 2 scripts which will be stored in /jffs/scripts:

connect script: /jffs/scripts/up.sh

#!/bin/sh
SMTP="<[B][COLOR="Red"]your SMTP address[/COLOR][/B]>"
FROM="<[B][COLOR="red"]email sender address[/COLOR][/B]>"
FROMNAME="<[B][COLOR="red"]from name[/COLOR][/B]>"
TO="<[B][COLOR="red"]recipient mail address[/COLOR][/B]>"

time=$(echo $(date +"%c"))

message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
$untrusted_ip<br><b>Virtual Address:</b> \
$ifconfig_pool_remote_ip<br><b>Common \
Name:</b> $common_name<br><br>")

echo "Subject: OpenVPN CONNECT" >/tmp/mail.txt
echo "Content-Type: text/html" >>/tmp/mail.txt
echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "Client has connected to <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "<br>$message" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---<br>" >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "<br>" >>/tmp/mail.txt

/usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt
rm /tmp/mail.txt

Fill in 'your SMTP address', 'email sender address', 'from name' and 'recipient mail address' with your own credentials.

disconnect script: /jffs/scripts/down.sh

#!/bin/sh
SMTP="<[B][COLOR="Red"]your SMTP address[/COLOR][/B]>"
FROM="<[B][COLOR="red"]email sender address[/COLOR][/B]>"
FROMNAME="<[B][COLOR="red"]from name[/COLOR][/B]>"
TO="<[B][COLOR="red"]recipient mail address[/COLOR][/B]>"

time=$(echo $(date +"%c"))

message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
$untrusted_ip<br><b>Virtual Address:</b> \
$ifconfig_pool_remote_ip<br><b>Common \
Name:</b> $common_name<br><br>")

echo "Subject: OpenVPN DISCONNECT" >/tmp/mail.txt
echo "Content-Type: text/html" >>/tmp/mail.txt
echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "Client has disconnected from <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "<br>$message" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---<br>" >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "<br>" >>/tmp/mail.txt

/usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt
rm /tmp/mail.txt

Fill in 'your SMTP address', 'email sender address', 'from name' and 'recipient mail address' with your own credentials.

Access your ROUTER via Browser and move to VPN --> VPN Details and add custom configuration:

script-security 2
--client-connect /jffs/scripts/up.sh
--client-disconnect /jffs/scripts/down.sh

and click apply.

Each time a client connects/disconnects, it will send an email notification to the recipient. You can play around with the message formatting in up.sh or down.sh if you want to customize the email.

The provided formatting will send a message looking like this:

connect:

Client has connected to [B]OpenVPN[/B]:

[B]Connected since:[/B] Wed Nov 19 19:53:20 2014
[B]Real Address:[/B] 192.168.1.102
[B]Virtual Address:[/B] 10.8.0.4
[B]Common Name:[/B] client5

---
Your friendly router.

disconnect:

Client has disconnected from [B]OpenVPN[/B]:

[B]Connected since:[/B] Wed Nov 19 19:53:20 2014
[B]Real Address:[/B] 192.168.1.102
[B]Virtual Address:[/B] 10.8.0.4
[B]Common Name:[/B] client5

---
Your friendly router.

Hope you find this useful. If anyone needs help they are welcome.

regards Boy1979

 

[ttgapers]

Boom

Nice work. Please see an updated version if you prefer using GMAIL and includes the authentication pieces.

Up

#!/bin/sh
# SMTP="<your SMTP address>"
# FROM="<email sender address>"
# FROMNAME="<from name>"
# TO="<recipient mail address>"

FROM="<your SMTP address>"
AUTH="<your gmail username>"
PASS="<your gmail password>"
FROMNAME="<your router name>"
TO="<recipient email address>"

time=$(echo $(date +"%c"))

message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
$untrusted_ip<br><b>Virtual Address:</b> \
$ifconfig_pool_remote_ip<br><b>Common \
Name:</b> $common_name<br><br>")

echo "Subject: OpenVPN CONNECT" >/tmp/mail.txt
echo "Content-Type: text/html" >>/tmp/mail.txt
echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "Client has connected to <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "<br>$message" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---<br>" >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "<br>" >>/tmp/mail.txt

# /usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt

cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp.gmail.com:587 -tls1 -starttls smtp" \
-f"$FROM" \
-au"$AUTH" -ap"$PASS" $TO 

rm /tmp/mail.txt

Down

#!/bin/sh
# SMTP="<your SMTP address>"
# FROM="<email sender address>"
# FROMNAME="<from name>"
# TO="<recipient mail address>"

FROM="<your SMTP address>"
AUTH="<your gmail username>"
PASS="<your gmail password>"
FROMNAME="<your router name>"
TO="<recipient email address>"

time=$(echo $(date +"%c"))

message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
$untrusted_ip<br><b>Virtual Address:</b> \
$ifconfig_pool_remote_ip<br><b>Common \
Name:</b> $common_name<br><br>")

echo "Subject: OpenVPN DISCONNECT" >/tmp/mail.txt
echo "Content-Type: text/html" >>/tmp/mail.txt
echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "Client has disconnected from <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "<br>$message" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---<br>" >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "<br>" >>/tmp/mail.txt

# /usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt

cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
-CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
-connect smtp.gmail.com:587 -tls1 -starttls smtp" \
-f"$FROM" \
-au"$AUTH" -ap"$PASS" $TO 

rm /tmp/mail.txt

Note, I also didn't need the .sh in the VPN details area. You will need to get the Equifax Secure Cert Authority cert and place it in the /jffs/configs folder prior to this working.

Cheers.

 

[GorkyVVV]

When using the following code:

#!/bin/sh
echo "Client connected!" | sendmail -H"exec openssl s_client -quiet -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem -connect smtp.gmail.com:587 -tls1 -starttls smtp" -f"FROM" -au"USER" -ap"PASS" TO

Saving it as up.sh with permissions 0777 in folder /jffs/scripts/

And putting the following in the custom configuration of OPENVPN on my RT-N66U running Asuswrt-Merlin 380.61:

script-security 2
--client-connect "/bin/sh /jffs/scripts/up.sh"

It gives me the following error in the system log when trying to connect an client:

WARNING: Failed running command (--client-connect): external program exited with error status: 2

The script executes just fine with PuTTY running the following command:

sh /jffs/scripts/up.sh

Any idea what the problem might be?

Thanks for the awesome script by the way!

 

[john9527]

script-security 2
--client-connect "/bin/sh /jffs/scripts/up.sh"

In the custom config section, take out the /bin/sh (it only expects a script name)
and you don't need the quotes

script-security 2
--client-connect /jffs/scripts/up.sh

 

[GorkyVVV]

In the custom config section, take out the /bin/sh (it only expects a script name)
and you don't need the quotes

Thanks for the reply! However when I do that the Export OpenVPN configuration file section of OpenVPN keeps displaying:

Initialinzing the settings of OpenVPN server now, please wait a few minutes to let the server to setup completed before VPN clients establish the connection.

The system logs also show:

Options error: --client-connect script fails with '/jffs/scripts/up.sh': No such file or directory
Options error: Please correct this error.

When I use the code mentioned above the OpenVPN server does boot and finds the file..

Any idea?

 

[john9527]

Any idea?

try running the following command

dos2unix /jffs/scripts/up.sh

if that works, it means you saved the file in DOS/WIN format instead of Linux.

 

[GorkyVVV]

it means you saved the file in DOS/WIN format instead of Linux.

Ha! That worked! Thank you soooo much!

Now I am on to tweaking the script. How would I use the following.

I am trying to display the data in Megabyte. However the Environmental Variables exports bytes_received.

I have tried a bit, this did not work: $(bytes_received / 1048576)

Any tips in the right direction, I am almost complete!

 

[john9527]

I am trying to display the data in Megabyte. However the Environmental Variables exports bytes_received.

I have tried a bit, this did not work: $(bytes_received / 1048576)

assuming you are embedding that within an echo, try
$(expr $bytes_received / 1048576)

 

[GorkyVVV]

assuming you are embedding that within an echo, try
$(expr $bytes_received / 1048576)

No joy, it returns 0.

This is the part of the script:

time=$(echo $(date +"%c"))

message=$(echo "<b>Username:</b> $username<br> <b>Time Down:</b> \
$time<br><b>Bytes Received:</b> \
$(expr $bytes_received / 1048576)<br><b>Bytes Sent:</b> \
$bytes_sent<br><b>Real Address:</b> \
$untrusted_ip<br><b>Virtual Address:</b> \
$ifconfig_pool_remote_ip<br> \
<br>")

 

[john9527]

No joy, it returns 0.

This is the part of the script:

time=$(echo $(date +"%c"))

message=$(echo "<b>Username:</b> $username<br> <b>Time Down:</b> \
$time<br><b>Bytes Received:</b> \
$(expr $bytes_received / 1048576)<br><b>Bytes Sent:</b> \
$bytes_sent<br><b>Real Address:</b> \
$untrusted_ip<br><b>Virtual Address:</b> \
$ifconfig_pool_remote_ip<br> \
<br>")

all bash math is integer.....have you transferred at least a megabyte? In other words, it will round down to the integer megabyte value.

 

[GorkyVVV]

all bash math is integer.....have you transferred at least a megabyte? In other words, it will round down to the integer megabyte value.

Sir! I am sorry, I did not transfer enough.

In the end this made it work as well: $((bytes_received / 1048576))

Thanks a bunch for all your help! Have a very good night!

 

[john9527]

At least on the right track

if you want to do the floating point math in bash.... include this routine near the top of your script.

calc ()
# Routine for fp math in scripts
{
    local in="$(echo "$@" | sed -e 's/\[/(/g' -e 's/\]/)/g')";
        awk 'BEGIN {print '"$in"'}' < /dev/null
        }

then use this expression for the megabytes

$(calc $bytes_received/1048576)

 

[Goobi]

Any suggestions on how to modify this script to send a email when one of the five openvpn clients on the router does down?

 

[amplatfus]

Hi,
After adding below lines to vpn config, VPN doesn't connect any more. Could you please help? Thank you for this thread and for help!

script-security 2
--client-connect /jffs/scripts/up.sh
--client-disconnect /jffs/scripts/down.sh

 

[amplatfus]

Hi again,

In my case I solve it only buy this version filled in custom VPN configuration:

script-security 2
up /jffs/scripts/up.sh
down /jffs/scripts/down.sh

All the best,
amplatfus

 

[amplatfus]

Please, I am looking for a list of variables available in order to customize these notifications. Appreciate any reply. Thank you!

 

[bennor]

Bumping this older thread. Ran into a number of issues attempting to use the code provided by the OP with OpenVPN server on an Asus-Merlin RT-AC68U router running firmware 384.13_0. Primarily among them trying to use an email provider who uses SMTP security and authentication.

Couple of other comments. Both the up.sh and down.sh scripts need to have permissions changed to 0755 after creating them. Note I used WinSCP to create the two sh files and to change the permissions to 0755. I also only used one "TO" email address, I assume more can be used by separating them with a coma or semi-colon (but not sure).

*** NOTE: PROCEED AT YOUR OWN RISK!!! ***

File on Asus router: /jffs/scripts/up.sh

#!/bin/sh

SMTP="<Outbound SMTP server address with security port>"
# Example SMTP: "smtp.xyz.com:465" or "smtp.xyz:587"
FROM="<The email address used for authorization and sending email>"
PWD="<Email Password Authentication>"
FROMNAME="<Put a from name here>"
TO="<Put the to email address name here>"

time=$(echo $(date +"%c"))

message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
$untrusted_ip<br><b>Virtual Address:</b> \
$ifconfig_pool_remote_ip<br><b>Common \
Name:</b> $common_name<br><br>")

echo "Subject: OpenVPN CONNECT" >/tmp/mail.txt
echo "Content-Type: text/html" >>/tmp/mail.txt
echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "Client has connected to <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "<br>$message" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---<br>" >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "<br>" >>/tmp/mail.txt

# /usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt
/usr/sbin/sendmail -f"$FROM" $TO -H"exec openssl s_client -quiet -tls1 -starttls smtp -connect $SMTP" < /tmp/mail.txt -au"$FROM" -ap"$PWD"

rm /tmp/mail.txt

File on Asus router: /jffs/scripts/down.sh

#!/bin/sh

SMTP="<Outbound SMTP server address with security port>"
# Example SMTP: "smtp.xyz.com:465" or "smtp.xyz:587"
FROM="<The email address used for authorization and sending email>"
PWD="<Email Password Authentication>"
FROMNAME="<Put a from name here>"
TO="<Put the to email address name here>"

time=$(echo $(date +"%c"))

message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
$untrusted_ip<br><b>Virtual Address:</b> \
$ifconfig_pool_remote_ip<br><b>Common \
Name:</b> $common_name<br><br>")

echo "Subject: OpenVPN DISCONNECT" >/tmp/mail.txt
echo "Content-Type: text/html" >>/tmp/mail.txt
echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
echo "Date: `date -R`" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "Client has disconnected from <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "<br>$message" >>/tmp/mail.txt
echo "" >>/tmp/mail.txt
echo "---<br>" >>/tmp/mail.txt
echo "Your friendly router." >>/tmp/mail.txt
echo "<br>" >>/tmp/mail.txt

# /usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt
/usr/sbin/sendmail -f"$FROM" $TO -H"exec openssl s_client -quiet -tls1 -starttls smtp -connect $SMTP" < /tmp/mail.txt -au"$FROM" -ap"$PWD"

rm /tmp/mail.txt

Next add the following code to the Asus-Merlin administration page VPN > VPN Server - OpenVPN > VPN Details: Advanced Settings > Custom Configuration, and select the Apply button:

script-security 2
--client-connect /jffs/scripts/up.sh
--client-disconnect /jffs/scripts/down.sh

With those changes one should be able to use any email SMTP server that requires the use of security and authentication to send email. Currently working on Yahoo/ATT email when an OpenVPN client logs in and logs out of the Asus router OpenVPN server.. Haven't tried it on other email services. Note if using Gmail one may have to enable "Less Secure Apps" to get email to send properly on the gmail system.

Note: Some information used in the above scripts was pulled from this thread: https://www.snbforums.com/threads/notifications-e-mail.8190/

 

[elorimer]

One small note. If one has configured Diversion to send email, then I think it is tons easier to use its email.conf file for the credentials and a separate email script that accepts the text you want to send as a parameter; use that for any notification you want to send. pixelserv - A Better One-pixel Webserver for Adblock

 

[lbradio]

One small downsize on adding the Custom Configuration is that OpenVPN connections does not show up anymore in the System Log. At least not in debug mode.

 

[JoGi]

Does somebody have any idea or solution.

my output give at Common Name: "client" and not the user name thats has logged in/out :-(