Hooking OpenVPN connection event

Dear all,

I’m interested in knowing if it’s possible to run a script when a user connects to the RoadWarrior. My final goal is to turn on his pc so I need to know the username he used to connect. You think is possible?

Thanks,
Marco

I did not find a hook but you may check the status including connected users (maybe with a cron job) with

/usr/libexec/nethserver/openvpn-status /var/spool/openvpn/host-to-net

See Devel Docs.

Alternatively you may use guacamole or meshcentral to turn on PCs by wake on lan before connecting to them.

There’s another WOL integration:

2 Likes

Thank you Markus for your interesting point of view. This could be a solution, I should just find a way to “remember” which clients has been turned on (maybe using the time the user connected?).
I’ll let you know.
Thanks again,

@mmaridev

Hi

Simple: create a special folder, same as the /var/run used for PIDs, and create files containing the username and having the timestamp of when the PC was WOLed on. That would give a second script enough info to turn off the PC and clean the PID file out of that directory.

There are samples on the 'net where a script can shut down a linux or windows pc.
example for windows (on windows):

shutdown -s -f -m \\srv001 -C "This is a TEST-Shutdown" -t 25

TIP:
Windows 10 comes with a SSH server. Autostart, and SSH Key auth are your friends…
Linux logs in remotely, calls the script, wait for finish (and return data/parameter) logs out, all without any password or interaction.

My 2 cents
Andy

Do you need to? Wouldn’t a ping be sufficient to see if a PC has already been turned on?

Hi Markus,

I finally decided to use your Guacamole package for NethServer. It works fine except for the fact that the WakeOnLan doesn’t work. Is this known? Is there any workaround?
I just ticked the “Send wol packet” and put the MAC address but Guacamole seems to be unable to start the pc. If I run ether-wake from the NethServer the client boots up.

For the record: just tried running guacd as root (since ether-wake requires root) but is still not working.

Thank you,

1 Like

Dear André,

thank you for your reply. I’m considering using it if someone won’t use Guacamole.

All the best,

1 Like

I found another discussion about not working WOL here.

I am going to check and try to reproduce the issue and report asap.

Dear @mrmarkuz,

just figured out the version of guacd in epel is still 1.1.0. Since your package depends on guacd the packaged version was needed… I try to summarize what I did:

  • yum install yum-utils rpm-build
  • yumdownloader --source guacd
  • rpm -ivh guacamole-server-1.1.0-1.el7.src.rpm
  • put 1.2.0 in SPECS/guacamole-server.spec
  • cd SOURCES && wget -O guacamole-server-1.2.0.tar.gz 'http://apache.org/dyn/closer.cgi?action=download&filename=guacamole/1.2.0/source/guacamole-server-1.2.0.tar.gz'
  • rpmbuild -bp guacamole-server.spec && rm guacamole-1server-1.1.0.tar.gz
  • rpmbuild -ba guacamole-server.spec
  • cd RPMS/x86_64/
  • rpm -i --force guacd-1.2.0-1.el7.x86_64.rpm libg*

Now guacd -v reports Guacamole proxy daemon (guacd) version 1.2.0
Unfortunately now it’s working time and all PCs are powered on and I can’t try to switch off and turn back on via Guacamole. Will try later and let you know.

1 Like

Thanks for your great work, I hope it works… If the epel guacd version 1.2.0 does not come soon, compiling guacd could be a solution even for the module.

Just tried… unfortunately is not working, even if I can now successfully see Sending Wake-on-LAN packet, and pausing for 15 seconds in the logs. Again, running ether-wake on the NethServer wakes the client successfully. :pensive:

Hm, maybe it wants the MAC address “Windows Style” with “-” instead of “:” or without separator?

@mrmarkuz

Try also without separator. Windows uses both. It displays MAC Adresses with a “-” separator, but in the DHCP Server itself, it requests MAC Adresses without any separator. And that all on the same platform…

My 2 cents
Andy

A final analysis of this issue and workaround proposal

I went through a serious debug of this issue during the last few hours. I landed on the topic @mrmarkuz cited and from there on this post on StackExchange. I tried sniffing packages going out from the NethServer and found out that

  1. When guacd says Sending Wake-on-LAN packet, and pausing for 15 seconds. a single package is sent out from the NethServer to the correct mac address BUT from some weird reason, another turned on host in the network listening for packages too doesn’t receive anything.
  2. If I run from the NethServer the ether-wake command, not one but two packages are sniffed both on the NethServer itself and on the other host. The (supposed to be) waked host turns on correctly.

It seems, therefore, to be a guacd issue. {No clue why}

Proposed solution/workaround

Since from the NethServer we’re able to catch outgoing (dead?) packets, we can sniff them and resend via ether-wake . I just copy-paste my current [working] configuration.

/usr/local/sbin/guacd_etherwake_wrapper.sh

#!/bin/bash


echo Started guacd etherwake wrapper


while true; do
	TOWAKE=$(tcpdump -c 1 -UlnXi eth0 ether proto 0x0842 or udp port 9 2>/dev/null | sed -nE 's/^.*20:  (ffff|.... ....) (..)(..) (..)(..) (..)(..).*$/\2:\3:\4:\5:\6:\7/p')
	echo Waking $TOWAKE
	ether-wake $TOWAKE
	sleep 10
done

/etc/systemd/system/guacd-etherwake-wrapper.service

[Unit]
Description=Wrap WOL requests made by guacd to etherwake
After=network.target

[Service]
ExecStart=/usr/local/sbin/guacd_etherwake_wrapper.sh
Restart=on-failure
User=root

[Install]
WantedBy=multi-user.target

The script simply listens for etherwake packages. After 1 package is received (-c 1) tcpdump exits and sed cleans the output to the simple mac address. The mac address is passed to ether-wake which is now supposed to wake the PC.

Final notes:

  • The mac address is saved in Guacamole in “UNIX” style (aa:bb:cc:dd:ee:ff)
  • If you need me to change this topic’s title to something more Guacamole-related just let me know

Best,

2 Likes