Openvpn failing to send cURL request through user based script

Question

I am trying to authenticate my OpenVPN clients (with a username and password) using a bash script. Here is part of my server side config:

client-to-client
username-as-common-name
client-cert-not-required
script-security 3
auth-user-pass-verify '/etc/openvpn/script/auth.sh' via-env

Here is my bash script:

#!/bin/bash
SECRET='mysecret'
RESPONSE=$(sudo /usr/bin/curl https://myvpn.com/somedir/auth.php -d"username=$1&password=$2&secret=$SECRET" --silent)
if [ "$RESPONSE" = "y" ]; then
    exit 0
else
    exit 1
fi

When I run it on the command line (./auth.sh) it runs fine and authenticates correctly. I have setup my php script on my webserver such that it generates a log everytime it is called, so I know if the request successfully reached. However, when OpenVPN calls the script, the curl request fails to send (authentication fails on client side). My guess is that for some reason OpenVPN doesn't have permission to use cURL? How do I give OpenVPN permission to use curl?

Note: I have tried putting exit 0 on top of my bash script, and it successfully authenticates the user and connects to the VPN.

Answer 1

If you don't need sudo, you can do it with:

#!/usr/bin/env bash

SECRET='mysecret'
[ 'Y' = "$(
  /usr/bin/curl \
    --data "username=$1&password=$2&secret=$SECRET" \
    --silent \
    'https://myvpn.com/somedir/auth.php'
)" ]

No need to exit with explicit return code, since the test will take care of it?