up command , gives "script failed: could not execute external program"

[GoogleCodeExporter]

What steps will reproduce the problem?
1. update from version 3.0b24

What is the expected output? What do you see instead?

Dec 14 05:23:36 alumintel openvpn[2049]: ./tranq.up tun0 1500 1545 4.4.4.1
4.4.4.2 init
Dec 14 05:23:36 alumintel openvpn[2049]: MANAGEMENT: Client disconnected
Dec 14 05:23:36 alumintel openvpn[2049]: script failed: could not execute
external program

What version of Tunnelblick are you using? On what version of OS X? PPC or
Intel?
3.0b24, on Mac Intel , 10.5.8

Please provide any additional information below.

Before i was able to use custom routes on the [vpn].up file , and i still
can if i execute the openvpn from command line, but not from tunneblick it
always says "script failed: could not execute external program"

Original issue reported on code.google.com by diogo.se...@gmail.com on 14 Dec 2009 at 5:33

[GoogleCodeExporter]

If removing the ./ from the up command doesn't work:

What older version of Tunnelblick were you using successfully?

What is the full path to tranq.up?

Please post the first two lines from the OpenVPN Log window (Click 
"Details..."). They should be prefixed with 
the time and "*Tunnelblick:"

Original comment by jkbull...@gmail.com on 14 Dec 2009 at 10:26

[GoogleCodeExporter]

What older version of Tunnelblick were you using successfully?
i had 3.0b6 .

Please post the first two lines from the OpenVPN Log window (Click 
"Details...").
They should be prefixed with 
the time and "*Tunnelblick:"

2009-12-15 17:08:04 *Tunnelblick: OS X 10.5.8; Tunnelblick 3 (3.0b24 build 
1301);
OpenVPN 2 (2.1_rc20)
2009-12-15 17:08:07 *Tunnelblick: Attempting connection with tranq.conf; Set
nameserver = 1; not monitoring connection

Still not working,

2009-12-15 17:10:07 /sbin/ifconfig tun0 4.4.4.1 4.4.4.2 mtu 1500 netmask
255.255.255.255 up
2009-12-15 17:10:07 tranq.up tun0 1500 1545 4.4.4.1 4.4.4.2 init
2009-12-15 17:10:07 script failed: could not execute external program

What i have on the tranq.up is:
/sbin/route add -net 10.100.0.0 -netmask 255.255.0.0 -iface tun0
/sbin/route add -net 192.168.178.0 -netmask 255.255.255.0 -iface tun0

I tried it with sudo to call the /sbin/route too but no luck . It looks like 
from
Tunnelblick we can't call the command route. I tried to change the tranq.up 
chown to
root:wheel but no luck .

Original comment by diogo.se...@gmail.com on 15 Dec 2009 at 5:14

[GoogleCodeExporter]

Sorry for got to tell the full path to tranq.up is the same as for the 
tranq.conf, so :
/Users/digas/Library/Application Support/Tunnelblick/Configurations

Original comment by diogo.se...@gmail.com on 15 Dec 2009 at 5:16

[GoogleCodeExporter]

You have "Set nameserver" checked. That causes Tunnelblick to call OpenVPN with 
--up and --down options, 
specifying standard scripts supplied by Tunnelblick. In older versions of 
OpenVPN, that meant that any "up" 
and "down" options in your configuration file would be ignored. Perhaps that 
has changed (I can't test it at the 
moment). If that hasn't changed, I don't see how tranq.up is getting called at 
all -- perhaps OpenVPN is 
refusing to run tranq.up because of the --up option and that's the message 
you're getting?

In any case, take a look at the note about custom up/down scripts in the Known 
Issues wiki, at 
http://code.google.com/p/tunnelblick/wiki/KnownIssues

Original comment by jkbull...@gmail.com on 15 Dec 2009 at 6:44

[GoogleCodeExporter]

I belive this is not a Tunnelblick problem but an openvpn2 evrsion problem , i 
will
try to sort it out, if i find the answer i will report here thanks anyway

Original comment by diogo.se...@gmail.com on 15 Dec 2009 at 9:21

[GoogleCodeExporter]

Finally i found how to put my default routes working i just had to include on 
the
.conf file for the tunnel (tranq.conf):
route 10.100.0.0  255.255.0.0
route 192.168.178.0 255.255.255.0
i had tried before :
/sbin/route add -net 10.100.0.0 -netmask 255.255.0.0 -iface tun0
/sbin/route add -net 192.168.178.0 -netmask 255.255.255.0 -iface tun0
But it looks like the new openvpn have its own way to create the routes... 

Still i couldn't  figure who to use the --up cmd , always outputting "script 
failed:
could not execute external program" even with the same routes i had successfully
configured inside the .conf file. For what i have search around the web, i 
think this
problem have already append in other versions.
Thanks anyway 

Original comment by diogo.se...@gmail.com on 16 Dec 2009 at 3:37

[GoogleCodeExporter]

Not a Tunnelblick problem according to the original poster.

Original comment by jkbull...@gmail.com on 16 Dec 2009 at 11:50

• Changed state: WontFix
• Added labels: Type-Other
• Removed labels: Type-Defect

[GoogleCodeExporter]

I'm having the same problem. Unfortunately, the commands I want to run can't be
included in the conf file, so the 'fix' posted here won't work. And yes, this 
is a
Tunnelblick problem -- viscosity works fine.

To answer the above questions, I have tried executing the script with both the
relative path (./tap-up-down.sh) and the full path
("/Users/my_user_name/Library/Application
Support/Tunnelblick/Configurations/tap-up-down.sh")

Here are the first two lines of my log. As you can see, 'Set nameserver' is off.
2009-12-20 15:15:21 *Tunnelblick: OS X 10.6.2; Tunnelblick 3 (3.0b24 build 
1301);
OpenVPN 2 (2.1_rc20)
2009-12-20 15:15:23 *Tunnelblick: Attempting connection with openvpn.conf; Set
nameserver = 0; monitoring connection

Here are the relevant lines from the log regarding my script:
2009-12-20 15:23:55 TUN/TAP device /dev/tap0 opened
2009-12-20 15:23:55 /Users/my_user_name/Library/Application
Support/Tunnelblick/Configurations/tap-up-down.sh tap0 1500 1574   init
2009-12-20 15:23:55 script failed: could not execute external program

The whole reason I need these scripts is because Tunnelblick doesn't set the 
DHCP
parameter of the tap interface when using bridging. I get a whole, long list of
"write to TUN/TAP : Input/output error (code=5)" and the VPN doesn't work. I 
have to
manually run "sudo ipconfig set tap0 DHCP" to make it work. This script is a 
way to
getting around that egregious bug.

Original comment by magic...@gmail.com on 20 Dec 2009 at 11:30

[GoogleCodeExporter]

Have youchecke dot make sure the script has the proper execute bits set?

chmod 775 <file>

Original comment by batman...@gmail.com on 21 Dec 2009 at 12:40

[GoogleCodeExporter]

Yup, the file has been chmod'ed to +x. I can run the script fine on its own, but
Tunnelblick refuses to run it.

Original comment by magic...@gmail.com on 21 Dec 2009 at 1:09

[GoogleCodeExporter]

Try to find out if

(A) the script is not running at all (substitute a temporary script that just 
echos
to a file in /tmp), or

(B) the script is executing but some command within the script fails. If it is
failing at some command in the script (which is what I assume from your 
description),
exactly what is the command that is failing? (Note: don't include sudo in the 
script;
the script itself is running as root).

Original comment by jkbull...@gmail.com on 21 Dec 2009 at 7:09

[GoogleCodeExporter]

Yeah, the script has a "echo 'test' >> /tmp/example.txt" at the very start. The 
file
is created when I run the script manually, but not when Tunnelblick tries to 
run it.
I also tried directly substituing that command as the paramter to up:
up "echo 'test' >> /tmp/example.txt"

Same result there, too.

Original comment by magic...@gmail.com on 22 Dec 2009 at 2:02

[GoogleCodeExporter]

So you have a script file which consists of the following two lines:
     #!/bin/bash -e
     echo "test" >> /tmp/example.txt
and when that script is executed as a shell command it works, but when it is 
the target of an "up" option in 
your config file, it gets the "script failed: could not execute external 
program" error, and no addition to the 
example.txt file is made.

Does it work if you "sudo up.script", too?

I will look into this on Friday, when I get access to a (non-web-only) computer.

Original comment by jkbull...@gmail.com on 22 Dec 2009 at 2:31

• Changed state: New
• Added labels: Type-Defect
• Removed labels: Type-Other

[GoogleCodeExporter]

Up and down scripts work fine for me.

Maybe this is an ownership/permissions problem, or a path problem or something 
like that. The scripts should be owned by root, and have permissions of 700 or 
744, or something like that. (The standard scripts 
are owned by root and have 744 permissions.)

It is a bad idea for a script that is run by root to have permissions for 
anyone other than root to modify it and 
run it -- it allows someone to give themselves root privileges (they can just 
modify the script to do so).

If the scripts still give the same error when owned by root with 744 
permissions, please reply to the list with 
a copy/paste of the contents of the config file you are using (X out anything 
sensitive), and the full paths to 
the config file and the test script, and attach the test script (the two-line 
script in my prior message) that you 
are using.

Original comment by jkbull...@gmail.com on 24 Dec 2009 at 11:45

[GoogleCodeExporter]

Hi.
I'm having a similar issue.

my config says:
up "/Users/patrice/Library/Application 
Support/Tunnelblick/Configurations/test.sh"

where test.sh is owned by root and has rights 744 set.

But Tunnelblick never calls it:
2010-01-17 17:55:25 
/Applications/Tunnelblick.app/Contents/Resources/client.up.osx.sh
tap0 1500 1574   init

no line calling test.sh, and no echo to /tmp/test.txt written.

Original comment by patriceb...@gmail.com on 17 Jan 2010 at 4:59

[GoogleCodeExporter]

it will if you deactivate the "Set nameserver" option in the details of the
connection, but from my experience if you want to use it to execute any other 
command
line app it will not work. If it is to add specific route , add it directly on 
the
conf file like this as an example:

route 10.100.0.0  255.255.0.0
route 192.168.178.0 255.255.255.0

Original comment by diogo.se...@gmail.com on 17 Jan 2010 at 5:52

[GoogleCodeExporter]

ah. ok. Did work so far.

Now I have the same "script failed: could not execute external program" error
Even if I just have an "echo" command in there.

Even the original client.up.osx.sh won't start as "external" up script

Original comment by patriceb...@gmail.com on 17 Jan 2010 at 6:54

[GoogleCodeExporter]

Please try this with the latest version of Tunnelblick.

Original comment by jkbull...@gmail.com on 18 Oct 2010 at 10:57

[GoogleCodeExporter]

I actually just ran into this issue with what I believe is the latest 
tunnelblick (got it last night). After a tremendous amount of pain, I learnt 
that the scripts I used had CRLF line endings in them, and the #!/bin/sh 
initial line looks like #!/bin/sh^M to the shell and it simply breaks. The 
symptoms match exactly what  you guys describe above, hence google brought me 
to this page...

Not this first time this happened to me - but it clearly looks like a candidate 
problem for at least Mac OS X machines.

What tipped me off was nano telling me the file uses DOS formatting every time 
I opened it.

Original comment by benjav...@gmail.com on 18 Oct 2010 at 6:48

[GoogleCodeExporter]

I have verified that OS X won't execute a script that has lines terminated by 
CR-LF.

I've added this info to the "Common Problems" wiki at 
http://code.google.com/p/tunnelblick/wiki/wCommonProblems

Original comment by jkbull...@gmail.com on 19 Oct 2010 at 5:06

• Changed state: WontFix