Leonid Isaev wrote:
> This depends on your distribution and VPN settings. For example, on my
> ArchLinux system which uses OpenVPN, I'd make this a systemd unit that binds
> to
> the tun network interface...
I know you said you are running Fedora but I imagine that Fedora has
something like this but in a different place. Doesn't Fedora have a
/etc/sysconfig/network-scripts/ directory where event scripts reside?
I am sure a Fedora knowledgeable person would be able to say.
On my Debian (and therefore Ubuntu, Mint, other derivatives) I would
add a script /etc/network/if-up.d/postfix-local (in addition to the
already existing "postfix" script there) that does this when the VPN
interface comes up, and a script /etc/network/if-down.d/postfix-local
for the other end.
The packaged "postfix" scripts there are complicated by needing to
deal with every possible situation such as being a conffile in the
package removed state with the rest of the package being gone. But
since this is your local script you don't need to worry about what
happens if Exim is actually installed instead or that someone has
diverted the directories to different locations. You can make the
local script much simpler and focused on your needs. But it is good
to look at the packaged scripts to get concepts and ideas.
Scripts in that directory are called when any interface changes
state. So check that the vpn is the interface being changed. Check
that it has gone up, or down, and perform the appropriate associated
action.
I create and debug those types of scripts by shear brute force rather
than documentation. I create a sample script. I put commands like
the following in it and whatever else I think I might need and no
actions. I then bring interfaces up and down and look in the file to
see what changes have happend to the environment variables.
#!/bin/sh
exec >> /var/tmp/foo.env.out 2>&1
echo ================================================================
echo "args: $*"
env
Then knowing that information I can write the script to trigger the
actions I want when the VPN device changes state and it will all work
event driven immediately and not need to be polled by cron. This is
what I would suggest. But with the Fedora paths not the ones I
mention above from Debian which I was writing simply as an example.
Bob
