Why hotplug (iface) script does not work?

Hi!
I am newby here, it is my first skill in router settings.
I have got router (ASUS RT-AX53U) with openwrt (5.15.134) as VPN OpenConnect server.
I want that on VPN connection (interface vpns0 creation) from client several routes were added.
What I did:

# cd /etc/hotplug.d/iface
# ls -l
-rw-r--r--    1 root     root           155 Oct 10  2023 00-netstate
-rw-r--r--    1 root     root           498 Oct 10  2023 20-firewall

I've created 20-vpns0-route (vi 20-vpns0-route)

# cat 20-vpns0-route
#!/bin/sh

[ "$ACTION" = "ifup" ] && [ "$INTERFACE" = "vpns0" ] && {
	logger -t vpns0-route "Adding routes to 192.168.51.0/24 and 192.168.50.0/24 through 192.168.93.0/24"
        ip route add 192.168.51.0/24 via 192.168.93.220
	ip route add 192.168.50.0/24 via 192.168.93.1

}

[ "$ACTION" = "ifdown" ] && [ "$INTERFACE" = "vpns0" ] && {
        logger -t vpns0-route "Removing routes to 192.168.51.0/24 and 192.168.50.0/24 through 192.168.93.0/24"
        ip route del 192.168.51.0/24 via 192.168.93.220
        ip route del 192.168.50.0/24 via 192.168.93.1

}

then reboot. and it does not work.

# ls -l /etc/hotplug.d/iface
-rw-r--r--    1 root     root           155 Oct 10  2023 00-netstate
-rw-r--r--    1 root     root           498 Oct 10  2023 20-firewall
-rw-r--r--    1 root     root           631 Oct  7 17:26 20-vpns0-route

logread shows nothing
# logread | grep vpns
#

As far as I understand, here attribute 'executable' is not necessary. I tried both on and off with the same result. Moreover, "default" scripts in this folder have no 'executable' attribute. At least, 20-firewall does something and writes to log.

May be some package or service(s) not installed? Which ones should be?
I received this router "as is" and did not install any packages and/or services.
So, please help me to solve this simpliest for you issue.

The simplest way to add client routes on the server.
https://openwrt.org/docs/guide-user/services/vpn/openvpn/extras#site-to-site
More information from OpenVPN.

Thank for your response but did I write about OpenVPN? (It was OpenConnect)
All info at your link related to OpenVPN but I do not use this service/server/package(s) and did not install ones.

Sorry I read it quickly.
Here is the correct one.
https://openwrt.org/docs/guide-user/services/vpn/openconnect/extras#split_gateway

You probably want $DEVICE, not $INTERFACE.

[ "$DEVICE" = "vpns0" ]

Do non-netifd interfaces emit events for hotplug at all?

No, as netifd's function call_hotplug is the one that invokes /sbin/hotplug-call. However, I don't know how his interface is being brought up or down, and its relationship with netifd.

Also note that nothing prevents other programs or scripts from invoking /sbin/hotplug-call, thus providing hotplug support by themselves.

the same result... doesn't work

it seems, neighbouring to my one script (20-firewall) does. at least, after reboot I can see:

# logread | grep firewall
Fri Oct 11 16:30:11 2024 user.notice ucitrack: Setting up /etc/config/luci-splash reload dependency on /etc/config/firewall
Fri Oct 11 16:30:11 2024 user.notice ucitrack: Setting up /etc/config/qos reload dependency on /etc/config/firewall
Fri Oct 11 16:30:11 2024 user.notice ucitrack: Setting up /etc/config/miniupnpd reload dependency on /etc/config/firewall
Fri Oct 11 16:30:12 2024 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Fri Oct 11 16:30:15 2024 user.notice firewall: Reloading firewall due to ifup of wan (wan)

just in case, here's the text of the script:

# cat /etc/hotplug.d/iface/20-firewall
#!/bin/sh

has_zone() {
	fw4 -q network "$INTERFACE" >/dev/null && return 0
	eval $(ubus call "network.interface.$INTERFACE" status | jsonfilter -e 'ZONE=@.data.zone')
	fw4 -q zone "$ZONE" >/dev/null
}

[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0

/etc/init.d/firewall enabled || exit 0

has_zone || exit 0

logger -t firewall "Reloading firewall due to $ACTION of $INTERFACE ($DEVICE)"
fw4 -q reload

If you insist on using a hotplug script, you should use the network-related events (/etc/hotplug.d/net/). Just change the action from ifup/ifdown to add/remove.

Here are the logged events when an OpenConnect client connects/disconnects to the server.

Mon Oct 14 14:55:53 2024 user.notice hotplug.net: USER=root ACTION=add SHLVL=1 HOME=/ SEQNUM=862 IFINDEX=28 HOTPLUG_TYPE=net DEVPATH=/devices/virtual/net/vpns0 LOGNAME=root DEVICENAME=vpns0 TERM=linux SUBSYSTEM=net PATH=/usr/sbin:/usr/bin:/sbin:/bin INTERFACE=vpns0 PWD=/
Mon Oct 14 14:55:59 2024 user.notice hotplug.net: USER=root ACTION=remove SHLVL=1 HOME=/ SEQNUM=867 IFINDEX=28 HOTPLUG_TYPE=net DEVPATH=/devices/virtual/net/vpns0 LOGNAME=root DEVICENAME=vpns0 TERM=linux SUBSYSTEM=net PATH=/usr/sbin:/usr/bin:/sbin:/bin INTERFACE=vpns0 PWD=/

Thank for your offer! I'll try.
By the way, what should I use $DEVICE or $INTERFACE?

I am just newby, it is only manner I've found. If there is/are other(s) one(s) which normally using by professionals please give me link(s). I will study.

In the network events, the variable name is DEVICENAME. You can use either $INTERFACE or $DEVICENAME, the value is the same (vpns0)

I was under the impression that @trendy provided you with a link with information on how to solve your problem another way (I haven't read the content).

To be honest I did not understand anything at that link. I'm afraid it is too complicated for me.

Ok, I try $DEVICENAME for beginning.
Thank you!

I'm not seeing any non-netifd interfaces in that log.

Yes! It works!
Thank you!!!!

Because I do not quite understand what is non-netifd interfaces. Sorry, I am newby.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.