OpenVpn Client Config location?

Discussion in 'Tomato Firmware' started by francis lene, Oct 31, 2018.

  1. francis lene

    francis lene Network Newbie Member

    Hy,
    Where is the location of the Openvpn client confiiguration files what are they named? I want to modify them via a script.
    Thanks
     
  2. rs232

    rs232 Network Guru Member

    Why don't you use the Custom Configuration field instead?
     
  3. cloneman

    cloneman Addicted to LI Member

    They are in the NVRAM e.g. nvram show | grep vpn
     
  4. francis lene

    francis lene Network Newbie Member

    thanks, thats cool. so i just have to set all variables i need to change and commit? :)
    i have to feed openvpn config files to the router. depending on the load of the vpn endpoints i choose a different gateway, see here i.e. *ttps://nordvpn.com/api/server/stats
     
  5. rs232

    rs232 Network Guru Member

    I see what you want to do now. Before else, can I ask you what performance you get out of your openvpn client? I use tomato on an ASUS AC56U (dual core 800MHz) on a 200Mb connection and with Windscribe I can't get past the 2MB/s as openVPN is single threaded and my router CPU hits 100% with 1 core at that point. So the issue is not the VPN provider but the router performance instead. On my setup if I use the Windscribe VPN client on a windows box though I get easily 10MB+. What I'm trying to say is: is it worthy what you are wanting to do?

    Regardless going back to your question: You are not going to be able to just feed an .ovpn file to tomato but you can work out one by one what variableas are linked to what parameter. In your specific case it's the server address. For OpenVPN client1 this is currently set to:
    vpn_client1_addr
    However this might also change in future releases.

    Beside this I would also expect the openvpn service to be restarted after any config change.

    If you want my opinion (not that you asked for) dynamic behaviour in routers never work well. I personally prefer a saturated but predictable device/link to any sort of not-so-AI like decision making.
     
  6. francis lene

    francis lene Network Newbie Member

    hy, performance is ok for my purpose, which is streaming, i get ~7mbps, but i suppose thats the vpn server limited. perofrmance was an issue on my wrt54g..
     
  7. francis lene

    francis lene Network Newbie Member

    :) in the sourcecode of the tomato webinterface all the parameters are listed :)

    /
    nvram = {
    'vpn_client_eas': '1,',
    'vpn_client1_poll': '0',
    'vpn_client1_if': 'tun',
    'vpn_client1_bridge': '1',
    'vpn_client1_nat': '1',
    ...
     
  8. rs232

    rs232 Network Guru Member

    nvram show | grep vpn_client1

    is also a good command
     
  9. francis lene

    francis lene Network Newbie Member

    hy, thanks i am almost there :)

    one question arised:
    nvram variables with multiple values:
    how to terminate a line? a carriage return?
    example:
    vpn_client2_custom=remote-cert-tls server remote-random nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key ....

    nvram show just prints them with a space between every word and every line, that cant be how it is to be saved, so which character to use to end a line? i.d. tun-mtu 1500 has one space and one end of line.

    my findings so far (for FreshTomato Version 2018.4 by FreshTomato team):

    nvram show | grep vpn_client1 #show all settings of vpn_client1, use 2 for 2
    nvram set="" # write new value, will be used by restarted vpn daemon, to safe use "nvram commit"
    nvram commit -- safe changes
    service vpnclient1 stop #stops vpn daemon
    service vpnclient1 start #starts vpn daemon
    most relevant parameters when changing vpn server for me (as all other values stay the same with my vpn provider)
    vpn_client1_addr=
    vpn_client1_ca= #"certificate authority" in the web ui
    vpn_client1_static= #"static key" in the web ui

    i also tried to just start openvpn with a full .vpn config file (saved to home/root) which works, BUT if the vpn daemon is down there is no tun device, so i dropped this way, as i dont know how to have the vpn daemon running but not connect to a vpn. this would be another way - just scp a ovpn config file to the router and fire up openvpn.
     
  10. rs232

    rs232 Network Guru Member

    I'm not sure how you're doing this, but show will display (for some reason) only the first line of your multilined custom config. If you go and get the variable though, it should all be split in lines.

    e.g.

    #nvram get vpn_client1_custom
    verb 2
    mute-replay-warnings
    remote-cert-tls server
    persist-key
    persist-tun


    HTH
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice