How to execute script after openvpn connects and changes IP address

How to execute script after openvpn connects and changes IP address

I would like puppeteer in docker on google's cloud run and put the trafic through expressvpn (openvpn).

I faced a problem that if I run openvpn, the IP doesn't change:

~/d/docker-signin ❯❯❯ sudo openvpn --config my_expressvpn_usa_-_new_york_udp.ovpn --auth-user-pass credentials_expressvpn.txt --script-security 2 --up script_.sh
Sun Dec 27 07:07:48 2020 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Sun Dec 27 07:07:48 2020 WARNING: file 'credentials_expressvpn.txt' is group or others accessible
Sun Dec 27 07:07:48 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2019
Sun Dec 27 07:07:48 2020 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Sun Dec 27 07:07:48 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Sun Dec 27 07:07:48 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Dec 27 07:07:48 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Dec 27 07:07:48 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Dec 27 07:07:48 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]104.000.220.30:1195
Sun Dec 27 07:07:48 2020 Socket Buffers: R=[212992->425984] S=[212992->425984]
Sun Dec 27 07:07:48 2020 UDP link local: (not bound)
Sun Dec 27 07:07:48 2020 UDP link remote: [AF_INET]104.000.220.30:1195
Sun Dec 27 07:07:49 2020 TLS: Initial packet from [AF_INET]104.000.220.30:1195, sid=b6582f70 0864a05e
Sun Dec 27 07:07:49 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Dec 27 07:07:49 2020 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, [email protected]
Sun Dec 27 07:07:49 2020 VERIFY OK: nsCertType=SERVER
Sun Dec 27 07:07:49 2020 VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-3807-1a, [email protected]
Sun Dec 27 07:07:49 2020 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-3807-1a, [email protected]
Sun Dec 27 07:07:49 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Sun Dec 27 07:07:49 2020 [Server-3807-1a] Peer Connection Initiated with [AF_INET]104.000.220.30:1195
Sun Dec 27 07:07:50 2020 SENT CONTROL [Server-3807-1a]: 'PUSH_REQUEST' (status=1)
Sun Dec 27 07:07:50 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.00.0.1,comp-lzo no,route 10.00.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.00.0.234 10.00.0.233,peer-id 27,cipher AES-256-GCM'
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: timers and/or timeouts modified
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: compression parms modified
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: --ifconfig/up options modified
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: route options modified
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: peer-id set
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: adjusting link_mtu to 1629
Sun Dec 27 07:07:50 2020 OPTIONS IMPORT: data channel crypto options modified
Sun Dec 27 07:07:50 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Dec 27 07:07:50 2020 NCP: overriding user-set keysize with default
Sun Dec 27 07:07:50 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Dec 27 07:07:50 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Dec 27 07:07:50 2020 ROUTE_GATEWAY 172.00.144.1/255.255.240.0 IFACE=eth0 HWADDR=00:15:00:bc:a8:64
Sun Dec 27 07:07:50 2020 TUN/TAP device tun0 opened
Sun Dec 27 07:07:50 2020 TUN/TAP TX queue length set to 100
Sun Dec 27 07:07:50 2020 /sbin/ip link set dev tun0 up mtu 1500
Sun Dec 27 07:07:50 2020 /sbin/ip addr add dev tun0 local 10.00.0.234 peer 10.00.0.233
Sun Dec 27 07:07:50 2020 script_.sh tun0 1500 1557 10.00.0.234 10.00.0.233 init
67.000.252.253Sun Dec 27 07:07:52 2020 /sbin/ip route add 104.000.220.30/32 via 172.00.144.1
Sun Dec 27 07:07:52 2020 /sbin/ip route add 0.0.0.0/1 via 10.00.0.233
Sun Dec 27 07:07:52 2020 /sbin/ip route add 128.0.0.0/1 via 10.00.0.233
Sun Dec 27 07:07:52 2020 /sbin/ip route add 10.00.0.1/32 via 10.00.0.233
Sun Dec 27 07:07:52 2020 Initialization Sequence Completed
^C
Sun Dec 27 07:07:56 2020 event_wait : Interrupted system call (code=4)
Sun Dec 27 07:07:56 2020 /sbin/ip route del 10.00.0.1/32
Sun Dec 27 07:07:56 2020 /sbin/ip route del 104.000.220.30/32
Sun Dec 27 07:07:56 2020 /sbin/ip route del 0.0.0.0/1
Sun Dec 27 07:07:56 2020 /sbin/ip route del 128.0.0.0/1
Sun Dec 27 07:07:56 2020 Closing TUN/TAP interface
Sun Dec 27 07:07:56 2020 /sbin/ip addr del dev tun0 local 10.00.0.234 peer 10.00.0.233
Sun Dec 27 07:07:56 2020 SIGINT[hard,] received, process exiting

~/d/docker-signin ❯❯❯ cat script_.sh
#!/bin/bash
wget -qO- https://ipecho.net/plain
# xvfb-run --server-args="-screen 0 1024x768x24" node puppeeer_test.js

67.000.252.253 is my real IP address. it should be changed to 104.000.220.30 because i used --up which means the script was suppose to run after openvpn routed the traffic.

Why doesn't IP change and how to make it so that my script_.sh uses the vpn's IP?

答案1

because i used --up which means the script was suppose to run after openvpn routed the traffic.

No, that's not what --up means. It is executed as soon as OpenVPN creates the interface, but before the interface is configured (often its job is indeed to apply some custom configuration).

According to the openvpn(8) manual, you want the --route-up option instead.

相关内容