TunSafe Forum

Welcome to the TunSafe Community Forum. This is open for discussions related to TunSafe and the WireGuard protocol.

You are not logged in.

#1 2018-06-15 12:05:49

forumuser
Member
Registered: 2018-06-14
Posts: 25

Request - Option to execute <command> on connect / disconnect

Sorry for all these feature requests...

<something> = Anything that can be executed, e.g. a .bat script, an .exe, etc.

I don't want to overcomplicate it by requesting pre-/post options for both (connect / disconnect),
so atm it would be sufficient if the connect script is executed after the connection was established
and the disconnect one after the connection is fully dropped.

Why do I request this?

I'm modifying the routing table to allow e.g. a game to bypass the VPN (Blizzard does check
if you are coming from a different ip block and forces you to confirm that you are really the
person you pretend to be...).

It would be enough if this is a global option (not attached to specific servers)...

Thanks,
forumuser

Last edited by forumuser (2018-06-16 09:38:27)

Offline

#2 2018-06-18 20:09:07

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: Request - Option to execute <command> on connect / disconnect

This could potentially lead to privilege escalation if somehow an untrusted config file gets loaded into TunSafe... Then you could execute any random program. Need to think about how to reduce that risk first.

Offline

#3 2018-06-20 20:32:03

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: Request - Option to execute <command> on connect / disconnect

I've implemented this. Will be in next version.

Offline

#4 2018-06-20 22:37:00

forumuser
Member
Registered: 2018-06-14
Posts: 25

Re: Request - Option to execute <command> on connect / disconnect

Thanks a lot! Can't wait to try it big_smile

Offline

#5 2018-06-20 22:46:43

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: Request - Option to execute <command> on connect / disconnect

I've uploaded 1.3-rc3

Offline

#6 2018-06-21 00:40:17

forumuser
Member
Registered: 2018-06-14
Posts: 25

Re: Request - Option to execute <command> on connect / disconnect

Thank you, ludde!

Tried the PostUp command in the .conf file. Works fine. Although I would expect TunSafe to show the green icon state before the command is executed. Just a visual glitch or does the icon change just occur later in that process?

Neither the /minimize nor the /minimize_on_connect option works here

I'm invoking TunSafe from a command prompt (with admin privileges) to test this:
TunSafe.exe "Romania - Bucharest.conf" /minimize

It connects fine but the main window stays visible all the time, no "minimization" here...

It would be nice when calling TunSafe.exe (while it is already running), that the current
instance is feed with the given command line options.
E.g. TunSafe is minimized to the tray but not connected
Executing TunSafe.exe "Romania - Bucharest.conf"
would then use the running instance and let this one connect

Atm nothing happens when TunSafe is called a second time with e.g. a .conf file

Regards,
Forumuser

Last edited by forumuser (2018-06-21 00:41:06)

Offline

#7 2018-06-21 08:53:57

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: Request - Option to execute <command> on connect / disconnect

You have to specify the flags BEFORE the filenames. i.e. tunsafe /minimize foo.conf

Telling the running instance to execute the command sounds like a good idea.

Offline

#8 2018-06-21 08:58:41

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: Request - Option to execute <command> on connect / disconnect

The icon change happens after the PostUp commands have been run.

PostUp runs right after the interface has been setup, but before a successful connection to the VPN server.

The icon turns green when the VPN connection is established.

Offline

#9 2018-06-21 12:52:23

forumuser
Member
Registered: 2018-06-14
Posts: 25

Re: Request - Option to execute <command> on connect / disconnect

You have to specify the flags BEFORE the filenames. i.e. tunsafe /minimize foo.conf

Ah, ok, the changelog didn't mention this specifically wink
They work fine when they are in the correct position

PostUp runs right after the interface has been setup, but before a successful connection to the VPN server

Mh, not exactly what I intended...

For example: You use a PostUp = <some .bat script>
to play a .wav file for a (succesful) connection to a server
But at this state it is unknown if the connection will be successful or is this guarantied that when the interface is up, the connection will succeed?
Maybe it would make sense to add one additional option: Up
Up will only fire after the connection to the vpn server is established successfully

A "Down" option wouldn't probably be necessary because PostDown should only fire after the connection was dropped AND the interface was brought down, correct?

Last edited by forumuser (2018-06-21 12:53:02)

Offline

#10 2018-06-21 13:01:17

ludde
Administrator
Registered: 2018-03-09
Posts: 128

Re: Request - Option to execute <command> on connect / disconnect

How does the regular WireGuard handle PostUp ? is it called when the interface is brought up or when the connection is established?

Offline

#11 2020-01-14 14:23:37

pickles
Member
Registered: 2020-01-12
Posts: 3

Re: Request - Option to execute <command> on connect / disconnect

forumuser wrote:

You have to specify the flags BEFORE the filenames. i.e. tunsafe /minimize foo.conf

Ah, ok, the changelog didn't mention this specifically wink
They work fine when they are in the correct position

PostUp runs right after the interface has been setup, but before a successful connection to the VPN server

Mh, not exactly what I intended...

For example: You use a PostUp = <some .bat script>
to play a .wav file for a (succesful) connection to a server
But at this state it is unknown if the connection will be successful or is this guarantied that when the interface is up, the connection will succeed?
Maybe it would make sense to add one additional option: Up
Up will only fire after the connection to the vpn server is established successfully

A "Down" option wouldn't probably be necessary because PostDown should only fire after the connection was dropped AND the interface was brought down, correct?

I fully agree with this. PreUP will do just fine for any task that needs to be done (generally) just in that case, before everything is really up - whereas PostUP to me should be a fully functional connection.

The most useful thing about PostUP is probably to add some more functions/apps or other stuff that needs that connection with flowing traffic.

There are now three different threads bumped to the top about this, hopefull that someone with access to making changes to TunSafe is reading.

/P

Offline

Board footer

Powered by FluxBB