Scratching my head /// $dev together with Curl

Installing and Using OpenWrt
1

I have scratching my head about this.

I have a script sending email eg when client connect/disconnect but I can't have environment variable to working ($dev) /etc/openvpn/scripts/vpn-notify.sh

I'm using --interface $dev together with curl.

If I for test use printf '%s' $dev I get eg tun11 but not together with curl.

EDIT: I'm getting the local interface specified for an outgoing connection could not be used.
it's CurlError 45
it's working fine if I remove --interface $dev

Any suggestion to get $dev working?

ENDPOINT_IP="$(/usr/bin/curl -4 -sS \
                --interface $dev \
                --connect-timeout 5 \
                --max-time 8 \
                https://api4.ipify.org 2>/dev/null)"
2

After more testing I have come to this:

+ sleep 2
+ ip link show tun11
+ /usr/bin/curl -4 -sS --interface tun11 --connect-timeout 5 --max-time 8 https://api4.ipify.org
+ endpoint_ip=
+ curlCode=28
+ '[' -z  ]
+ endpoint_ip=unknown

Seems $dev working but not possible inside script use dev environment variabel gives curl error 28.
But if i use eg wgc_vpn10 it's my wireguard client that seems working fine.

Is there any limitation to use environment variable inside a script?

3

A general note:
You do not explicitly state that you set and check variable $dev in your script that calls curl. If you are, then it seems strange that it does not work. If you set and checked $dev outside your script then you need to make sure the variable is available to your script and that it is not re-used and set to something else, especially if it is run by some other process than the one setting the variable.

4

$dev is a varables comes from openvpn client and give eg tun11-15 and server eg tun 21-22 or what you called those interfaces.

5

What happens if you enter this command manually?

6

That is what I use and working fine alone with eg MobaXterm

/usr/bin/curl -4 -sS --interface tun11 --connect-timeout 5 --max-time 8 https://api4.ipify.org
159.26.108.159
7

For me it works. Created a script in /tmp/, excecuted it, output shows IP of endpoint.

#!/bin/sh

set -x

dev=$(uci get network.wg_wan.device)

ENDPOINT_IP="$(/usr/bin/curl -4 -sS \
                --interface $dev \
                --connect-timeout 5 \
                --max-time 8 \
                https://api4.ipify.org 2>/dev/null)"

echo $ENDPOINT_IP

This gets the output:

+ uci get network.wg_wan.device
+ dev=wg0
+ /usr/bin/curl -4 -sS --interface wg0 --connect-timeout 5 --max-time 8 https://api4.ipify.org
+ ENDPOINT_IP=IP
+ echo IP
IP

Run on snapshot, curl-8.19.0-r1

8

Can you share the contents of the script? Also are you calling the script manually or is it called from a cron job or something else?

9

I think the dev variable is only available in the openvpn environment so if called from the openvpn config

10

I call script from vpn-client.

option route_up '/etc/openvpn/scripts/vpn-notify.sh'
option down '/etc/openvpn/scripts/vpn-notify.sh'
12

yes that's right

13

I believe there are limitations. (see more below)

Within a script you can set and use variables directly.
If you call (run) a script that starts a new shell then you need to share variables with the new shell to be seen inside the new shell process. Either pass the value as a command line argument or export the variable in the parent shell for it to be inherited by the new shell. There may be other options.

If this in new to you, do a search. Here is one reference: https://www.shellscript.sh/variables1.html

14

Does it work if you manually call the script?

sh /etc/openvpn/scripts/vpn-notify.sh

Also post the output of

cat /var/run/openvpn.*.conf

(redact sensitive information)

15

No as it called from vpn client and pased $dev parameter on route-up and down

option route_up '/etc/openvpn/scripts/vpn-notify.sh'
option down '/etc/openvpn/scripts/vpn-notify.sh'

my config are here: /etc/config/openvpn/

config openvpn 'Sthlmovpn'
	option client '1'
	option dev 'tun11'
	option proto 'udp'
	option nobind '1'
	option persist_tun '1'
	option reneg_sec '3600'
	option verb '3'
	option mute_replay_warnings '1'
	option replay_window '256'
	option auth_nocache '1'
	option cipher 'AES-256-GCM'
	option ca '/etc/openvpn/sthlmovpn/ca.crt'
	option tls_crypt '/etc/openvpn/sthlmovpn/tlsauth.key'
	option auth_user_pass '/etc/openvpn/sthlmovpn/user.pass'
	option remote_cert_tls 'server'
	option log '/var/log/openvpn-client2.log'
	option script_security '2'
	list pull_filter 'ignore "redirect-gateway"'
	list pull_filter 'ignore "redirect-gateway ipv6"'
	list pull_filter 'ignore "sndbuf"'
	list pull_filter 'ignore "rcvbuf"'
	list pull_filter 'ignore "socket-flags TCP_NODELAY"'
	list pull_filter 'ignore "tun-mtu 1500"'
	list data_ciphers 'AES-128-GCM'
	list data_ciphers 'AES-256-GCM'
	list data_ciphers 'CHACHA20-POLY1305'
	option remote_random '1'
	option resolv_retry 'infinite'
	option server_poll_timeout '20'
	option connect_retry '5'
	option connect_retry_max '3'
	list remote '169.150.208.246 51820'
	list remote '169.150.208.158 1194'
	list remote '149.50.216.205 4569'
	list remote '169.150.208.247 1194'
	list remote '169.150.208.187 1194'
	list remote '169.150.208.187 4569'
	list remote '169.150.208.247 5060'
	list remote '62.93.166.123 80'
	list remote '169.150.208.187 5060'
	list remote '169.150.208.187 80'
	list remote '169.150.208.187 51820'
	list remote '169.150.208.158 80'
	list remote '62.93.166.121 1194'
	list remote '62.93.166.123 4569'
	list remote '62.93.166.123 5060'
	list remote '169.150.208.158 51820'
	list remote '169.150.208.187 5060'
	list remote '62.93.166.123 4569'
	list remote '149.50.216.205 51820'
	list remote '169.150.208.187 1194'
	list remote '169.150.208.246 1194'
	list remote '169.150.208.245 1194'
	list remote '169.150.208.247 80'
	list remote '169.150.208.216 1194'
	list remote '62.93.166.123 80'
	list remote '62.93.166.123 5060'
	list remote '169.150.208.216 5060'
	list remote '62.93.166.121 80'
	list remote '169.150.208.247 4569'
	list remote '169.150.208.245 4569'
	list remote '169.150.208.158 5060'
	list remote '169.150.208.247 51820'
	list remote '169.150.208.216 4569'
	list remote '62.93.166.123 1194'
	list remote '62.93.166.121 4569'
	list remote '149.50.216.205 5060'
	list remote '169.150.208.187 80'
	list remote '169.150.208.187 4569'
	list remote '149.50.216.205 1194'
	list remote '149.50.216.205 80'
	list remote '169.150.208.216 51820'
	list remote '62.93.166.123 1194'
	list remote '169.150.208.245 80'
	list remote '169.150.208.246 4569'
	list remote '62.93.166.123 80'
	list remote '169.150.208.158 4569'
	list remote '62.93.166.123 1194'
	list remote '169.150.208.246 80'
	list remote '169.150.208.216 80'
	list remote '62.93.166.123 4569'
	list remote '62.93.166.121 51820'
	list remote '169.150.208.245 5060'
	list remote '62.93.166.123 5060'
	list remote '62.93.166.123 51820'
	list remote '62.93.166.123 51820'
	list remote '169.150.208.245 51820'
	list remote '169.150.208.246 5060'
	list remote '169.150.208.187 51820'
	list remote '62.93.166.121 5060'
	list remote '62.93.166.123 51820'
	option route_up '/etc/openvpn/scripts/vpn-notify.sh'
	option down '/etc/openvpn/scripts/vpn-notify.sh'
	option enabled '1'
16

If you want to get help, you will need to answer questions which are actually asked.

17

root@Defcon:~# sh -x /etc/openvpn/scripts/vpn-notify.sh

dev

The actual name of the TUN/TAP device, including a unit number if it exists. Set prior to --up or --down script execution.

+ LOGTAG=vpn-notify
+ /usr/bin/logger -st vpn-notify 'testing variables 1
script-type =
common-name =
trusted-port =
ifconfig-local =
Dev =
trusted-ip =
ifconfig-remote =
ifconfig-pool-remote-ip = '
vpn-notify: testing variables 1
script-type =
common-name =
trusted-port =
ifconfig-local =
Dev =
trusted-ip =
ifconfig-remote =
ifconfig-pool-remote-ip =
+ DEV=
+ TO=my@mail.com
+ FROM=mail address@gmail.com
+ uci -q get 'system.@system[0].hostname'
+ HOSTNAME=Defcon
+ date '+%Y-%m-%d %H:%M:%S'
+ DATE='2026-05-16 09:55:34'
+ ubus call network.interface.wan status
+ jsonfilter -e '@["ipv4-address"][0].address'
+ WAN_IP=100.69.117.12
+ '[' -z 100.69.117.12 ]
+ wget -6 -qO- https://ifconfig.me/ip
+ PUBLIC_IPipv6=2001:xxx:41::xxxx:2ec5
+ wget -4 -qO- https://ifconfig.me/ip
+ PUBLIC_IPipv4=98.xxx.xxx.58
+ '[' -z 2001:xxx:41::xxxx:2ec5 ]
+ '[' -z 98.xxx.xxx.58 ]
+ DEV_NUM=
+ SUBJECT=
+ MESSAGE=
+ /usr/bin/logger -st vpn-notify 'event= dev= cn='
vpn-notify: event= dev= cn=
+ /usr/bin/logger -st vpn-notify 'testing variables 2 1- 2- 3- 4- 5- 6- 7- 8-'
vpn-notify: testing variables 2 1- 2- 3- 4- 5- 6- 7- 8-
+ endpoint_ip=n/a
+ curlCode=
+ logger -st DEV1
DEV1:
+ logger -st DEV2
DEV2:
+ /usr/bin/logger -t endpointip 'dev= endpoint=n/a CurlCode='
+ /usr/bin/logger -t vpn-notify 'ignored event: '
+ exit 0
18

I do not think you can do that from a route-up script.

The curl command will time out as the tunnel is not fully up just use 2>&1 instead of 2>/dev/null and ENDPOINT_IP will show the resulting error

Place the curl command in a separate script and call it asynchronously (use &) and start the script with either sleep 10 or better add retry to the curl command e.g.:

ENDPOINT_IP="$(/usr/bin/curl -4 -sS --fail --retry 10 --retry-delay 20 --retry-max-time 1800 -retry-all-errors --interface "$dev" https://api4.ipify.org 2>&1)"
19

You still have not provided the info requested:

20

root@Defcon:~# cat /var/run/openvpn..conf
cat: can't open '/var/run/openvpn..conf': No such file or directory

21

You missed the asterisk.