Feature request: run a script on interface up/down

[Diaoul]

What's the feature 🧐

Run a shell script when interface is up (or down)

Extra information and references

It can be useful to set a dynamic ip in a whitelist somewhere (like here)

[joshhoughton]

Agreed, this would be extremely useful!

[soodoh]

+1, would love to have this as an option.

Does anyone have a work around for this scenario?

[soodoh]

Looks like this is currently only possible with a custom openvpn configuration file, set via the OPENVPN_CUSTOM_CONFIG environment variable (which is only used when VPN_SERVICE_PROVIDER is set to "custom"). If we did have the ability to pass additional options to openvpn, it would be as simple as adding something like this:

script-security 2
up /gluetun/tun_up.sh

(And just to be super clear) an example docker-compose.yml would be expected to include the following:

environment:
    VPN_SERVICE_PROVIDER=custom
    OPENVPN_CUSTOM_CONFIG=/gluetun/custom.conf
volumes:
    - /path/to/tun_up.sh:/gluetun/tun_up.sh
    - /path/to/custom.conf:/gluetun/custom.conf

Since this only works with the custom provider set, I believe the specific feature request here would be to allow for supported (non-custom) providers to pass additional openvpn options. Perhaps this could be achieved via environment variables like VPN_OPTIONS in the binhex/arch-delugevpn image, just to provide an example.

I understand this probably adds a lot of complexity and many of these additional options may be overwritten or cause an otherwise invalid configuration. At the very least, it would be awesome to expose just the up/down options for openvpn.

Idea for a temporary, hacky workaround:

Maybe this is dumb, but I'm thinking a temporary workaround could be to mount a shell script (to our liking), and configure this to be run on a cron every hour (or whatever interval makes sense).

If we take the OP's linked example, that endpoint does a rolling window rate limit of 1 call per hour. The shell script can be a "polite" by only making calls when deemed necessary, by checking if the public IP address has since changed.

Example:

#!/bin/bash

# File to store the last known public IP address
ip_file="/tmp/public_ip.txt"

# Command to fetch the current public IP address
current_ip=$(curl -s ifconfig.me/ip)

# Check if the IP has changed
if [ ! -f "$ip_file" ] || [ "$(cat "$ip_file")" != "$current_ip" ]; then
    echo "$current_ip" > "$ip_file"
    # Run your curl command here
    curl -X POST https://example.com/update_ip --data "ip=$current_ip"
fi

[mtfurlan]

For wireguard, we just need to set PostUp/PostDown in the config.

Given that the both openvpn and wireguard have support for this, I think a reasonable interface would be something along the lines of

environment:
    POST_INTERFACE_UP_SCRIPT=/gluetun/tun_up.sh
volumes:
    - /path/to/tun_up.sh:/gluetun/tun_up.sh

[qdm12]

Prioritizing this since it's kind of long overdued. Also it will be as a command to be cross-OS instead of a script path (but you could do /bin/sh -c "my shell commands" if you want.

This is also kind of needed to make sense of newly opened PR #2392 (more details why https://github.com/qdm12/gluetun/discussions/2393#discussioncomment-10288125)