1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

[TUTORIAL] OpenVPN Connection/Disconnection Email Notifications

Discussion in 'Asuswrt-Merlin' started by Boy1979, Nov 19, 2014.

  1. Boy1979

    Boy1979 New Around Here

    Joined:
    Mar 7, 2014
    Messages:
    8
    Hi,

    i used some scripts to get an email if a client connect or disconnect from OpenVPN and so i would share my experience with you:

    first of all you need 2 scripts which will be stored in /jffs/scripts:

    connect script: /jffs/scripts/up.sh
    Code:
    #!/bin/sh
    SMTP="<[B][COLOR="Red"]your SMTP address[/COLOR][/B]>"
    FROM="<[B][COLOR="red"]email sender address[/COLOR][/B]>"
    FROMNAME="<[B][COLOR="red"]from name[/COLOR][/B]>"
    TO="<[B][COLOR="red"]recipient mail address[/COLOR][/B]>"
    
    time=$(echo $(date +"%c"))
    
    message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
    $untrusted_ip<br><b>Virtual Address:</b> \
    $ifconfig_pool_remote_ip<br><b>Common \
    Name:</b> $common_name<br><br>")
    
    echo "Subject: OpenVPN CONNECT" >/tmp/mail.txt
    echo "Content-Type: text/html" >>/tmp/mail.txt
    echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
    echo "Date: `date -R`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "Client has connected to <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "<br>$message" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "---<br>" >>/tmp/mail.txt
    echo "Your friendly router." >>/tmp/mail.txt
    echo "<br>" >>/tmp/mail.txt
    
    /usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt
    rm /tmp/mail.txt
    Fill in 'your SMTP address', 'email sender address', 'from name' and 'recipient mail address' with your own credentials.

    disconnect script: /jffs/scripts/down.sh
    Code:
    #!/bin/sh
    SMTP="<[B][COLOR="Red"]your SMTP address[/COLOR][/B]>"
    FROM="<[B][COLOR="red"]email sender address[/COLOR][/B]>"
    FROMNAME="<[B][COLOR="red"]from name[/COLOR][/B]>"
    TO="<[B][COLOR="red"]recipient mail address[/COLOR][/B]>"
    
    time=$(echo $(date +"%c"))
    
    message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
    $untrusted_ip<br><b>Virtual Address:</b> \
    $ifconfig_pool_remote_ip<br><b>Common \
    Name:</b> $common_name<br><br>")
    
    echo "Subject: OpenVPN DISCONNECT" >/tmp/mail.txt
    echo "Content-Type: text/html" >>/tmp/mail.txt
    echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
    echo "Date: `date -R`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "Client has disconnected from <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "<br>$message" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "---<br>" >>/tmp/mail.txt
    echo "Your friendly router." >>/tmp/mail.txt
    echo "<br>" >>/tmp/mail.txt
    
    /usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt
    rm /tmp/mail.txt
    Fill in 'your SMTP address', 'email sender address', 'from name' and 'recipient mail address' with your own credentials.

    Access your ROUTER via Browser and move to VPN --> VPN Details and add custom configuration:
    Code:
    script-security 2
    --client-connect /jffs/scripts/up.sh
    --client-disconnect /jffs/scripts/down.sh
    and click apply.

    Each time a client connects/disconnects, it will send an email notification to the recipient. You can play around with the message formatting in up.sh or down.sh if you want to customize the email.

    The provided formatting will send a message looking like this:

    connect:
    Code:
    Client has connected to [B]OpenVPN[/B]:
    
    [B]Connected since:[/B] Wed Nov 19 19:53:20 2014
    [B]Real Address:[/B] 192.168.1.102
    [B]Virtual Address:[/B] 10.8.0.4
    [B]Common Name:[/B] client5
    
    ---
    Your friendly router. 
    disconnect:
    Code:
    Client has disconnected from [B]OpenVPN[/B]:
    
    [B]Connected since:[/B] Wed Nov 19 19:53:20 2014
    [B]Real Address:[/B] 192.168.1.102
    [B]Virtual Address:[/B] 10.8.0.4
    [B]Common Name:[/B] client5
    
    ---
    Your friendly router. 
    Hope you find this useful. If anyone needs help they are welcome.

    regards Boy1979
     
    Last edited: Nov 19, 2014
  2. ttgapers

    ttgapers Senior Member

    Joined:
    Nov 20, 2014
    Messages:
    238
    Boom

    Nice work. Please see an updated version if you prefer using GMAIL and includes the authentication pieces.

    Up
    Code:
    #!/bin/sh
    # SMTP="<your SMTP address>"
    # FROM="<email sender address>"
    # FROMNAME="<from name>"
    # TO="<recipient mail address>"
    
    FROM="<your SMTP address>"
    AUTH="<your gmail username>"
    PASS="<your gmail password>"
    FROMNAME="<your router name>"
    TO="<recipient email address>"
    
    time=$(echo $(date +"%c"))
    
    message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
    $untrusted_ip<br><b>Virtual Address:</b> \
    $ifconfig_pool_remote_ip<br><b>Common \
    Name:</b> $common_name<br><br>")
    
    echo "Subject: OpenVPN CONNECT" >/tmp/mail.txt
    echo "Content-Type: text/html" >>/tmp/mail.txt
    echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
    echo "Date: `date -R`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "Client has connected to <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "<br>$message" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "---<br>" >>/tmp/mail.txt
    echo "Your friendly router." >>/tmp/mail.txt
    echo "<br>" >>/tmp/mail.txt
    
    # /usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt
    
    cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
    -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
    -connect smtp.gmail.com:587 -tls1 -starttls smtp" \
    -f"$FROM" \
    -au"$AUTH" -ap"$PASS" $TO 
    
    rm /tmp/mail.txt
    
    Down
    Code:
    #!/bin/sh
    # SMTP="<your SMTP address>"
    # FROM="<email sender address>"
    # FROMNAME="<from name>"
    # TO="<recipient mail address>"
    
    FROM="<your SMTP address>"
    AUTH="<your gmail username>"
    PASS="<your gmail password>"
    FROMNAME="<your router name>"
    TO="<recipient email address>"
    
    time=$(echo $(date +"%c"))
    
    message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
    $untrusted_ip<br><b>Virtual Address:</b> \
    $ifconfig_pool_remote_ip<br><b>Common \
    Name:</b> $common_name<br><br>")
    
    echo "Subject: OpenVPN DISCONNECT" >/tmp/mail.txt
    echo "Content-Type: text/html" >>/tmp/mail.txt
    echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
    echo "Date: `date -R`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "Client has disconnected from <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "<br>$message" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "---<br>" >>/tmp/mail.txt
    echo "Your friendly router." >>/tmp/mail.txt
    echo "<br>" >>/tmp/mail.txt
    
    # /usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt
    
    cat /tmp/mail.txt | sendmail -H"exec openssl s_client -quiet \
    -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem \
    -connect smtp.gmail.com:587 -tls1 -starttls smtp" \
    -f"$FROM" \
    -au"$AUTH" -ap"$PASS" $TO 
    
    rm /tmp/mail.txt
    
    Note, I also didn't need the .sh in the VPN details area. You will need to get the Equifax Secure Cert Authority cert and place it in the /jffs/configs folder prior to this working.

    Cheers.
     
  3. GorkyVVV

    GorkyVVV New Around Here

    Joined:
    Aug 25, 2016
    Messages:
    5
    When using the following code:

    Code:
    #!/bin/sh
    echo "Client connected!" | sendmail -H"exec openssl s_client -quiet -CAfile /jffs/configs/Equifax_Secure_Certificate_Authority.pem -connect smtp.gmail.com:587 -tls1 -starttls smtp" -f"FROM" -au"USER" -ap"PASS" TO
    Saving it as up.sh with permissions 0777 in folder /jffs/scripts/

    And putting the following in the custom configuration of OPENVPN on my RT-N66U running Asuswrt-Merlin 380.61:
    Code:
    script-security 2
    --client-connect "/bin/sh /jffs/scripts/up.sh"
    It gives me the following error in the system log when trying to connect an client:
    Code:
    WARNING: Failed running command (--client-connect): external program exited with error status: 2
    The script executes just fine with PuTTY running the following command:
    Code:
    sh /jffs/scripts/up.sh
    Any idea what the problem might be?

    Thanks for the awesome script by the way!
     
  4. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,332
    Location:
    United States
    In the custom config section, take out the /bin/sh (it only expects a script name)
    and you don't need the quotes

    Code:
    script-security 2
    --client-connect /jffs/scripts/up.sh
     
  5. GorkyVVV

    GorkyVVV New Around Here

    Joined:
    Aug 25, 2016
    Messages:
    5
    Thanks for the reply! However when I do that the Export OpenVPN configuration file section of OpenVPN keeps displaying:
    Code:
    Initialinzing the settings of OpenVPN server now, please wait a few minutes to let the server to setup completed before VPN clients establish the connection. 
    The system logs also show:
    Code:
    Options error: --client-connect script fails with '/jffs/scripts/up.sh': No such file or directory
    Options error: Please correct this error.
    When I use the code mentioned above the OpenVPN server does boot and finds the file..

    Any idea?
     
  6. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,332
    Location:
    United States
    try running the following command

    dos2unix /jffs/scripts/up.sh

    if that works, it means you saved the file in DOS/WIN format instead of Linux.
     
  7. GorkyVVV

    GorkyVVV New Around Here

    Joined:
    Aug 25, 2016
    Messages:
    5
    Ha! That worked! Thank you soooo much!

    Now I am on to tweaking the script. How would I use the following.

    I am trying to display the data in Megabyte. However the Environmental Variables exports bytes_received.

    I have tried a bit, this did not work: $(bytes_received / 1048576)

    Any tips in the right direction, I am almost complete!
     
  8. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,332
    Location:
    United States
    assuming you are embedding that within an echo, try
    $(expr $bytes_received / 1048576)
     
  9. GorkyVVV

    GorkyVVV New Around Here

    Joined:
    Aug 25, 2016
    Messages:
    5
    No joy, it returns 0.

    This is the part of the script:

    time=$(echo $(date +"%c"))

    message=$(echo "<b>Username:</b> $username<br> <b>Time Down:</b> \
    $time<br><b>Bytes Received:</b> \
    $(expr $bytes_received / 1048576)<br><b>Bytes Sent:</b> \
    $bytes_sent<br><b>Real Address:</b> \
    $untrusted_ip<br><b>Virtual Address:</b> \
    $ifconfig_pool_remote_ip<br> \
    <br>")
     
  10. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,332
    Location:
    United States
    all bash math is integer.....have you transferred at least a megabyte? In other words, it will round down to the integer megabyte value.
     
  11. GorkyVVV

    GorkyVVV New Around Here

    Joined:
    Aug 25, 2016
    Messages:
    5
    Sir! I am sorry, I did not transfer enough.

    In the end this made it work as well: $((bytes_received / 1048576))

    Thanks a bunch for all your help! Have a very good night!
     
  12. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,332
    Location:
    United States
    At least on the right track :)

    if you want to do the floating point math in bash.... include this routine near the top of your script.
    Code:
    calc ()
    # Routine for fp math in scripts
    {
        local in="$(echo "[email protected]" | sed -e 's/\[/(/g' -e 's/\]/)/g')";
            awk 'BEGIN {print '"$in"'}' < /dev/null
            }
    
    then use this expression for the megabytes
    Code:
    $(calc $bytes_received/1048576)
     
  13. Goobi

    Goobi Regular Contributor

    Joined:
    Dec 3, 2015
    Messages:
    147
    Any suggestions on how to modify this script to send a email when one of the five openvpn clients on the router does down?
     
  14. amplatfus

    amplatfus Senior Member

    Joined:
    Nov 25, 2016
    Messages:
    218
    Location:
    RO
    Hi,
    After adding below lines to vpn config, VPN doesn't connect any more. Could you please help? Thank you for this thread and for help!

    Code:
    script-security 2
    --client-connect /jffs/scripts/up.sh
    --client-disconnect /jffs/scripts/down.sh
    
     
  15. amplatfus

    amplatfus Senior Member

    Joined:
    Nov 25, 2016
    Messages:
    218
    Location:
    RO
    Hi again,

    In my case I solve it only buy this version filled in custom VPN configuration:
    Code:
    script-security 2
    up /jffs/scripts/up.sh
    down /jffs/scripts/down.sh
    
    All the best,
    amplatfus
     
  16. amplatfus

    amplatfus Senior Member

    Joined:
    Nov 25, 2016
    Messages:
    218
    Location:
    RO
    Please, I am looking for a list of variables available in order to customize these notifications. Appreciate any reply. Thank you!
     
  17. bennor

    bennor Regular Contributor

    Joined:
    Mar 26, 2018
    Messages:
    66
    Bumping this older thread. Ran into a number of issues attempting to use the code provided by the OP with OpenVPN server on an Asus-Merlin RT-AC68U router running firmware 384.13_0. Primarily among them trying to use an email provider who uses SMTP security and authentication.

    Couple of other comments. Both the up.sh and down.sh scripts need to have permissions changed to 0755 after creating them. Note I used WinSCP to create the two sh files and to change the permissions to 0755. I also only used one "TO" email address, I assume more can be used by separating them with a coma or semi-colon (but not sure).

    *** NOTE: PROCEED AT YOUR OWN RISK!!! ***

    File on Asus router: /jffs/scripts/up.sh
    Code:
    #!/bin/sh
    
    SMTP="<Outbound SMTP server address with security port>"
    # Example SMTP: "smtp.xyz.com:465" or "smtp.xyz:587"
    FROM="<The email address used for authorization and sending email>"
    PWD="<Email Password Authentication>"
    FROMNAME="<Put a from name here>"
    TO="<Put the to email address name here>"
    
    time=$(echo $(date +"%c"))
    
    message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
    $untrusted_ip<br><b>Virtual Address:</b> \
    $ifconfig_pool_remote_ip<br><b>Common \
    Name:</b> $common_name<br><br>")
    
    echo "Subject: OpenVPN CONNECT" >/tmp/mail.txt
    echo "Content-Type: text/html" >>/tmp/mail.txt
    echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
    echo "Date: `date -R`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "Client has connected to <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "<br>$message" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "---<br>" >>/tmp/mail.txt
    echo "Your friendly router." >>/tmp/mail.txt
    echo "<br>" >>/tmp/mail.txt
    
    # /usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt
    /usr/sbin/sendmail -f"$FROM" $TO -H"exec openssl s_client -quiet -tls1 -starttls smtp -connect $SMTP" < /tmp/mail.txt -au"$FROM" -ap"$PWD"
    
    rm /tmp/mail.txt
    File on Asus router: /jffs/scripts/down.sh
    Code:
    #!/bin/sh
    
    SMTP="<Outbound SMTP server address with security port>"
    # Example SMTP: "smtp.xyz.com:465" or "smtp.xyz:587"
    FROM="<The email address used for authorization and sending email>"
    PWD="<Email Password Authentication>"
    FROMNAME="<Put a from name here>"
    TO="<Put the to email address name here>"
    
    time=$(echo $(date +"%c"))
    
    message=$(echo "<b>Connected Since:</b> $time<br><b>Real Address:</b> \
    $untrusted_ip<br><b>Virtual Address:</b> \
    $ifconfig_pool_remote_ip<br><b>Common \
    Name:</b> $common_name<br><br>")
    
    echo "Subject: OpenVPN DISCONNECT" >/tmp/mail.txt
    echo "Content-Type: text/html" >>/tmp/mail.txt
    echo "From: $FROMNAME<$FROM>" >>/tmp/mail.txt
    echo "Date: `date -R`" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "Client has disconnected from <b>OpenVPN</b>:<br>" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "<br>$message" >>/tmp/mail.txt
    echo "" >>/tmp/mail.txt
    echo "---<br>" >>/tmp/mail.txt
    echo "Your friendly router." >>/tmp/mail.txt
    echo "<br>" >>/tmp/mail.txt
    
    # /usr/sbin/sendmail -S"$SMTP" -f"$FROM" $TO < /tmp/mail.txt
    /usr/sbin/sendmail -f"$FROM" $TO -H"exec openssl s_client -quiet -tls1 -starttls smtp -connect $SMTP" < /tmp/mail.txt -au"$FROM" -ap"$PWD"
    
    rm /tmp/mail.txt
    Next add the following code to the Asus-Merlin administration page VPN > VPN Server - OpenVPN > VPN Details: Advanced Settings > Custom Configuration, and select the Apply button:
    Code:
    script-security 2
    --client-connect /jffs/scripts/up.sh
    --client-disconnect /jffs/scripts/down.sh
    With those changes one should be able to use any email SMTP server that requires the use of security and authentication to send email. Currently working on Yahoo/ATT email when an OpenVPN client logs in and logs out of the Asus router OpenVPN server.. Haven't tried it on other email services. Note if using Gmail one may have to enable "Less Secure Apps" to get email to send properly on the gmail system.

    Note: Some information used in the above scripts was pulled from this thread: https://www.snbforums.com/threads/notifications-e-mail.8190/
     
    JoGi likes this.
  18. elorimer

    elorimer Very Senior Member

    Joined:
    Dec 16, 2013
    Messages:
    1,200
    One small note. If one has configured Diversion to send email, then I think it is tons easier to use its email.conf file for the credentials and a separate email script that accepts the text you want to send as a parameter; use that for any notification you want to send. pixelserv - A Better One-pixel Webserver for Adblock
     
    Last edited: Dec 13, 2019
  19. lbradio

    lbradio Regular Contributor

    Joined:
    Feb 1, 2014
    Messages:
    86
    Location:
    The Netherlands
    One small downsize on adding the Custom Configuration is that OpenVPN connections does not show up anymore in the System Log. At least not in debug mode.
     
  20. JoGi

    JoGi Occasional Visitor

    Joined:
    Dec 6, 2014
    Messages:
    16
    Location:
    The Netherlands
    Does somebody have any idea or solution.

    my output give at Common Name: "client" and not the user name thats has logged in/out :-(
     

    Attached Files:

    Last edited: Mar 7, 2020