Autostart openvpn

Installing and Using OpenWrt
1

Hi guys, i've hit a wall on this issue too.
Ive created the following scripts:

  1. cat /usr/bin/vpn

cd /etc/openvpn
openvpn newserver.conf &

  1. cat /etc/init.d/vpn

#!/bin/sh /etc/rc.common
START=96
STOP=30
start(){
cd /etc/openvpn
openvpn newserver.conf &
var=$$ 
let var++ 
echo $var > vpn.pid
}

stop(){
cd /etc/openvpn
kill -15 `cat vpn.pid`
rm vpn.pid
}

and then:

# /etc/init.d/vpn enable
# ls -latrh /etc/rc.d/| grep vpn
lrwxrwxrwx    1 root     root          13 Dec 28 20:18 S96vpn -> ../init.d/vpn
lrwxrwxrwx    1 root     root          13 Dec 28 20:18 K30vpn -> ../init.d/vpn

So, if i type:
/etc/init.d/vpn start
my service starts normally and if i type
/etc/init.d/vpn stop
it stops too.

But there is NO WAY it starts on boot. I can't figure out why. Any tips?

2

The OpenVPN package ships with /etc/init.d/openvpn you don't have to write your own to start up on boot. This init will load a UCI based configuration (/etc/config/openvpn) however you can have a very simple UCI configuration which just loads your own file in native format.
Delete the /etc/config/openvpn which comes with the package and replace it with this:

config openvpn vpn
    option enabled '1'
    option config '/etc/openvpn/vpn.ovpn'

The reason the file is named vpn.ovpn is that when OpenVPN runs, it will load and attempt to parse every file named *.conf in /etc/openvpn. For that reason it is not recommended to have any files named *.conf in /etc/openvpn unless you want a very simple single configuration. Conventionally OpenVPN native config files are named .ovpn instead, so you can have multiple .ovpn files scattered around and only one will be used.

1 Like
3

Yeah, i've tried that but i don't know why (years of negligence and workarounds on my router, maybe) my vpn configuration doesn't show up on Luci (i'm guessing i wrote in manually back then and maybe it isn't somewhere on its database or something like that). Anyway, when I add the configuration to that file, it show on Luci as enabled, but it's never started. And it can't be started by clicking the "start" button either. That's why i'm trying the startup script.

4

You can post the file here (remove the sensitive part) and we can have a look why it doesn't start.

5

All the involved files are posted in the #1 post. The issue is it doesn't start on boot.
I can start it manually or using a cronjob, but not as a init script.

6

This is not in the first post.

7

It's irrelevant. The configuration file works fine, the VPN is up and running. The problem is restricted to the init script.
Even if i run manually /etc/init.d/vpn start (this is my init script) it works like a charm.
when i type /etc/init.d/vpn enable i can see the symlinks on rc.d too.

8

The init script works fine for many users, including myself. So if you want to get some help post the newserver.conf and while you're at it a

ubus call system board; uci export openvpn; ls -la /etc/openvpn/
9 
{
	"kernel": "3.18.20",
	"hostname": "OpenWrt",
	"system": "Atheros AR9344 rev 2",
	"model": "TP-Link TL-WDR4300 v1",
	"release": {
		"distribution": "OpenWrt",
		"version": "15.05",
		"revision": "r46767",
		"codename": "chaos_calmer",
		"target": "ar71xx\/generic",
		"description": "OpenWrt Chaos Calmer 15.05"
	}
}
package openvpn

config openvpn 'vpn'
	option enabled '1'
	option config '/etc/openvpn/newserver.conf'

drwxr-xr-x    2 root     root             0 Dec 28 21:34 .
drwxr-xr-x    1 root     root             0 Dec 29 15:08 ..
-rw-r--r--    1 root     root          1399 Apr 23  2020 ca.crt
-rw-------    1 root     root           916 Apr 23  2020 ca.key
-rw-r--r--    1 root     root           245 Apr 23  2020 dh1024.pem
-rw-r--r--    1 root     root          9812 Apr 23  2020 newserver.conf
-rw-r--r--    1 root     root          4159 Apr 23  2020 newserver.crt
-rw-------    1 root     root           916 Apr 23  2020 newserver.key
-rw-------    1 root     root           636 Apr 23  2020 ta.key
-rw-r--r--    1 root     root             5 Dec 29 03:48 vpn.pid

#newserver.conf:

port 1194
proto udp
dev tun
ca ca.crt
cert newserver.crt
key newserver.key  
dh dh1024.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
tls-auth ta.key 0
key-direction 0
cipher AES-256-CBC
auth SHA512
persist-key
persist-tun
verb 3
10

Very old, vulnerable, and unsupported version. Your device is capable of running the latest version of OpenWrt, so please do so before you try to troubleshoot any further.

2 Likes
11

Another thing: specify full paths to your ca key etc files. The working directory is uncertain during auto start. And what I said before name the config file .ovpn or anything but .conf and make sure there are no files named *.conf in /etc/openvpn.

OpenVPN is very verbose to the log it should show why it did not start.

1 Like
12

Guys, you are missing the point here. The VPN is working just fine. It's not possible to be an issue about openvpn, since it's simply working.

13

I just flashed the upgrade and openvpn autostarted as expected with its default init script.
Solved. :slight_smile:

14

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

15

I can't edit the title :frowning:

16

(if you can not edit the topic title, jump to step #5 below)

1 Like
17

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.