I wanted to be alerted via Pushover when a user connects and disconnects from the VPN server.
There are two different versions of this process. One for OpenVPN and one for Ubiquiti EdgeOS L2TP configs.
OpenVPN Server:
To accomplish this, we need two scrips. One script is called when a user connects and another when the user disconnects. Let’s call these up.sh and down.sh.
The scripts require wget.
sudo apt-get install wget
up.sh
sudo nano /etc/openvpn/up.sh # paste in the contents below. #!/bin/sh PUSHOVER_USER_KEY="ENTER_YOUR_USER_KEY" PUSHOVER_APP_KEY="ENTER_YOUR_API_APP_KEY" CLIENT="ENTER_YOUR_CLIENT_LOCATION" USE_HTML_FORMAT=1 # SET THIS TO 1 IF YOU ARE USING HTML IN YOUR MESSAGE BELOW. time=$(echo $(date +"%c")) TITLE="OpenVPN :: $common_name CONNECTED to $CLIENT" MESSAGE="User has connected to <b>$CLIENT</b>:<br> \ <b>Common Name:</b> $common_name<br> \ <b>Connected Since:</b> $time<br> \ <b>Real Address:</b>$untrusted_ip<br> \ <b>Virtual Address:</b> $ifconfig_pool_remote_ip<br> \ <b>Date:</b> `date -R`" wget https://api.pushover.net/1/messages.json --post-data="token=$PUSHOVER_APP_KEY&user=$PUSHOVER_USER_KEY&message=$MESSAGE&title=$TITLE&html=$USE_HTML_FORMAT" -qO- > /dev/null 2>&1 &
down.sh
sudo nano /etc/openvpn/down.sh #paste contents below #!/bin/sh PUSHOVER_USER_KEY="ENTER_YOUR_USER_KEY" PUSHOVER_APP_KEY="ENTER_YOUR_API_APP_KEY" CLIENT="ENTER_YOUR_CLIENT_LOCATION" USE_HTML_FORMAT=1 # SET THIS TO 1 IF YOU ARE USING HTML IN YOUR MESSAGE BELOW. time=$(echo $(date +"%c")) TITLE="OpenVPN :: $common_name DISCONNECTED from $CLIENT" MESSAGE="User has disconnected from <b>$CLIENT</b>:<br> \ <b>Common Name:</b> $common_name<br> \ <b>Connected For:</b> $time_duration seconds<br> \ <b>Real Address:</b>$untrusted_ip<br> \ <b>Virtual Address:</b> $ifconfig_pool_remote_ip<br> \ <b>Date:</b> `date -R`" wget https://api.pushover.net/1/messages.json --post-data="token=$PUSHOVER_APP_KEY&user=$PUSHOVER_USER_KEY&message=$MESSAGE&title=$TITLE&html=$USE_HTML_FORMAT" -qO- > /dev/null 2>&1 &
Adjust the permissions on the scripts.
sudo chmod 750 /etc/openvpn/up.sh /etc/openvpn/down.sh
Now we need to add these scripts to the OpenVPN conf file.
sudo nano /etc/openvpn/server.conf #paste in these lines script-security 2 client-connect /etc/openvpn/up.sh client-disconnect /etc/openvpn/down.sh
If this is an EdgeRouter you are configuring, you need to add these commands a different way.
configure set interfaces openvpn vtun0 openvpn-option "--script-security 2" set interfaces openvpn vtun0 openvpn-option "--client-connect /etc/openvpn/up.sh" set interfaces openvpn vtun0 openvpn-option "--client-disconnect /etc/openvpn/down.sh" commit;save
Restart OpenVPN service
sudo service openvpn restart
If you run into any issues, try monitoring the OpenVPN log by running
tail -f /var/log/openvpn.log