OpenVpn Client Config location?

Discussion in 'Tomato Firmware' started by francis lene, Oct 31, 2018.

  1. francis lene

    francis lene Network Newbie Member

    Hy,
    Where is the location of the Openvpn client confiiguration files what are they named? I want to modify them via a script.
    Thanks
     
  2. rs232

    rs232 Network Guru Member

    Why don't you use the Custom Configuration field instead?
     
  3. cloneman

    cloneman LI Guru Member

    They are in the NVRAM e.g. nvram show | grep vpn
     
  4. francis lene

    francis lene Network Newbie Member

    thanks, thats cool. so i just have to set all variables i need to change and commit? :)
    i have to feed openvpn config files to the router. depending on the load of the vpn endpoints i choose a different gateway, see here i.e. *ttps://nordvpn.com/api/server/stats
     
  5. rs232

    rs232 Network Guru Member

    I see what you want to do now. Before else, can I ask you what performance you get out of your openvpn client? I use tomato on an ASUS AC56U (dual core 800MHz) on a 200Mb connection and with Windscribe I can't get past the 2MB/s as openVPN is single threaded and my router CPU hits 100% with 1 core at that point. So the issue is not the VPN provider but the router performance instead. On my setup if I use the Windscribe VPN client on a windows box though I get easily 10MB+. What I'm trying to say is: is it worthy what you are wanting to do?

    Regardless going back to your question: You are not going to be able to just feed an .ovpn file to tomato but you can work out one by one what variableas are linked to what parameter. In your specific case it's the server address. For OpenVPN client1 this is currently set to:
    vpn_client1_addr
    However this might also change in future releases.

    Beside this I would also expect the openvpn service to be restarted after any config change.

    If you want my opinion (not that you asked for) dynamic behaviour in routers never work well. I personally prefer a saturated but predictable device/link to any sort of not-so-AI like decision making.
     
  6. francis lene

    francis lene Network Newbie Member

    hy, performance is ok for my purpose, which is streaming, i get ~7mbps, but i suppose thats the vpn server limited. perofrmance was an issue on my wrt54g..
     
  7. francis lene

    francis lene Network Newbie Member

    :) in the sourcecode of the tomato webinterface all the parameters are listed :)

    /
    nvram = {
    'vpn_client_eas': '1,',
    'vpn_client1_poll': '0',
    'vpn_client1_if': 'tun',
    'vpn_client1_bridge': '1',
    'vpn_client1_nat': '1',
    ...
     
  8. rs232

    rs232 Network Guru Member

    nvram show | grep vpn_client1

    is also a good command
     
  9. francis lene

    francis lene Network Newbie Member

    hy, thanks i am almost there :)

    one question arised:
    nvram variables with multiple values:
    how to terminate a line? a carriage return?
    example:
    vpn_client2_custom=remote-cert-tls server remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key ....

    nvram show just prints them with a space between every word and every line, that cant be how it is to be saved, so which character to use to end a line? i.d. tun-mtu 1500 has one space and one end of line.

    my findings so far (for FreshTomato Version 2018.4 by FreshTomato team):

    nvram show | grep vpn_client1 #show all settings of vpn_client1, use 2 for 2
    nvram set="" # write new value, will be used by restarted vpn daemon, to safe use "nvram commit"
    nvram commit -- safe changes
    service vpnclient1 stop #stops vpn daemon
    service vpnclient1 start #starts vpn daemon
    most relevant parameters when changing vpn server for me (as all other values stay the same with my vpn provider)
    vpn_client1_addr=
    vpn_client1_ca= #"certificate authority" in the web ui
    vpn_client1_static= #"static key" in the web ui

    i also tried to just start openvpn with a full .vpn config file (saved to home/root) which works, BUT if the vpn daemon is down there is no tun device, so i dropped this way, as i dont know how to have the vpn daemon running but not connect to a vpn. this would be another way - just scp a ovpn config file to the router and fire up openvpn.
     
  10. rs232

    rs232 Network Guru Member

    I'm not sure how you're doing this, but show will display (for some reason) only the first line of your multilined custom config. If you go and get the variable though, it should all be split in lines.

    e.g.

    #nvram get vpn_client1_custom
    verb 2
    mute-replay-warnings
    remote-cert-tls server
    persist-key
    persist-tun


    HTH
     
  11. francis lene

    francis lene Network Newbie Member

    BTW I realized that the WebUI awaits Certificate and Static Key including line breaks ("\n") - just as they are in file format. pasting cert and key stripped of line breaks brings error on connect: cant finde ca.crt
     
  12. francis lene

    francis lene Network Newbie Member

    hey, got it working :)
    this only changes an existing nordvpn config

    Code:
    #!/usr/bin/python
    
    import requests
    import json
    import os
    import re
    import paramiko
    import sys
    
    #zielvars
    openvpnserverip=""
    openvpnserverport=""
    openvpnstatickey=""
    openvpncertificate=""
    
    #startvars
    filepath='<path>'
    routerip="<ip>"
    user="<user>"
    password="<pass>"
    
    
    def getserverloadinfo(maxload):
        uebergabe=""
        url ='https://api.nordvpn.com/server/stats'
        result=requests.get(url)
        ergebnis=json.loads(result.content)
       
        count=0
       
        for key, value in ergebnis.iteritems():
    
            for k2,v2 in value.iteritems():
                if v2<maxload:
                    if "us" in key:
                       
                        uebergabe=key
       
        return (uebergabe)
    
    def extractvpnstuff(filename):
        global openvpnserverip
        global openvpnserverport
        global openvpnstatickey
        global openvpncertificate
        file=open(filename,"r")
        textinline=""
        text=""
        result=""
        match_string=''
        for line in file:
            text+=line
            if "remote " in line:
                textinline=line.replace('remote ','').split(" ")
                openvpnserverip=textinline[0]
                openvpnserverport=textinline[1]
                print openvpnserverip,openvpnserverport
        #NOTE: TOMATO GUI and nvram set WANT THE KEY AND CERTIFCATE INLUDING LINE BREAKS AS IN THE CONFIG FILES (\N)!
        #following block c by https://gist.github.com/seebk/bb94a7fd70d4cc454aaa
        ovpn_config=text
       
        regex_tls = re.compile("-----BEGIN OpenVPN Static key V1-----(.*)-----END OpenVPN Static key V1-----", re.IGNORECASE|re.DOTALL)
        match_string = regex_tls.search(ovpn_config)
    
        if match_string is not None:
            match_string = regex_tls.search(ovpn_config)
            result="-----BEGIN OpenVPN Static key V1-----"
            result+=match_string.group(1)
            result+="-----END OpenVPN Static key V1-----"
            #router awaits including cr
            #result=result.replace('\n',"")
            openvpnstatickey=result
            print openvpnstatickey
            print
        result=""
       
        #same c as above
        regex_cert = re.compile("-----BEGIN CERTIFICATE-----(.*)-----END CERTIFICATE-----", re.IGNORECASE|re.DOTALL)
        match_string = regex_cert.search(ovpn_config)
        if match_string is not None:
            match_string = regex_cert.search(ovpn_config)
            result="-----BEGIN CERTIFICATE-----"
            result+=match_string.group(1)
            result+="-----END CERTIFICATE-----"
            #router awaits including cr
            #result=result.replace('\n',"")
            openvpncertificate=result
            print openvpncertificate
            print
       
       
        return()
    
    def routerthing():
        #connect to tomatousb router FreshTomato Version 2018.4 by FreshTomato team via ssh
        print
        print
        print ' router nvram write..'
       
        #c by answer 2 https://stackoverflow.com/questions/10745138/python-paramiko-ssh  
        cmd='service vpnclient1 stop'
        print cmd
        ssh=paramiko.SSHClient()
        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        ssh.connect(routerip,22,user,password)
       
        stdin,stdout,stderr=ssh.exec_command(cmd)
        outlines=stdout.readlines()
        resp=''.join(outlines)
        print(resp)
       
        #write static key
        cmd='nvram set vpn_client1_static="'+openvpnstatickey+'"'
        print cmd
        stdin,stdout,stderr=ssh.exec_command(cmd)
        outlines=stdout.readlines()
        resp=''.join(outlines)
        print(resp)
       
        #write cert
        cmd='nvram set vpn_client1_ca="'+str(openvpncertificate)+'"'
        print cmd
        stdin,stdout,stderr=ssh.exec_command(cmd)
        outlines=stdout.readlines()
        resp=''.join(outlines)
        print(resp)
       
       
        #write openvpn ip
        cmd='nvram set vpn_client1_addr='+openvpnserverip
        print cmd
        stdin,stdout,stderr=ssh.exec_command(cmd)
        outlines=stdout.readlines()
        resp=''.join(outlines)
        print(resp)
       
        #write openvpn port
        cmd='nvram set vpn_client1_port='+openvpnserverport
        print cmd
        stdin,stdout,stderr=ssh.exec_command(cmd)
        outlines=stdout.readlines()
        resp=''.join(outlines)
        print(resp)
       
       
        cmd='nvram commit'
        stdin,stdout,stderr=ssh.exec_command(cmd)
        outlines=stdout.readlines()
        resp=''.join(outlines)
        print(resp)
       
       
        cmd='service vpnclient1 start'
        stdin,stdout,stderr=ssh.exec_command(cmd)
        outlines=stdout.readlines()
        resp=''.join(outlines)
        print(resp)
    
    
        #router cheatsheet tomato
        #nvram show
        #nvram set=""
        #nvram commit -- safe changes
        #service vpnclient1 start
        #scp **.udp1194.ovpn root@
        #values to change if config is already set up for a nordvpn server in router
        #vpn_client1_addr=
        #vpn_client1_ca=
        #vpn_client1_static=
       
        return
    
    #get servers with load < number specified (%) - only us server as hardcoded in function
    serverselected=getserverloadinfo(1)
    
    #open server config on local drive (nordvpn.zip extracted - only use udp config files)
    filename=filepath+serverselected+'.udp1194.ovpn'
    print filename
    
    #parse config file content
    file=extractvpnstuff(filename)
    
    #DEBUG ** replace
    #file=extractvpnstuff("**.udp1194.ovpn")
    
    #program router
    routerthing()
    
    
     
    Last edited: Dec 8, 2018
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice