How to start openvpn client from the command line?


on my router (19.07.7) I have an openvpn client installed and I can configure, start and stop it via the web-interface.

But I cannot figure out how to start it from the command line.

I would have expected something like "sudo /etc/init.d/openvpn start" (yes - I treat my router a bit like a linux-system and log in via a non-root user and have sudo installed) but that does not seem to do anything (it does not throw any error either).

So with everything in place, openvpn installed and working via lucy with a valid opvn-file in /etc/openvpn/ovpn1: How do I start the client from the command line?

Many thanks!

Remove the sudo. Openwrt runs with the root user.

This will look to the openvpn.conf file for the config to start.

See the section "Starting the client"

First of all (as I explained above) I do (ususally) not log into my router as root. I have created a non-root user and have setup sudo for it. With this user I evidently need to use sudo.

I have now tried to log in as root and run the command without sudo and the behaviour (as expected) is identical. No error - but no started client either.

This is not working for me.

If I run (as root) "openvpn /etc/openvpn/ovpn1/myfile.ovpn" an openvpn process is started but it does not work properly - I lose all internet access until I kill it again.

You might ask on the OpenVPN forum -

Ok, but it works in principal (via lucy).

Is there no way to figure out what lucy is doing when I press the "connect" button?

Check the Troubleshooting sections on the OpenVPN page posted above, and the OpenWRT wiki.

Run logread | grep openvpn and look for clues.

All I see when I connect via the GUI is this:

Tue May  3 01:10:34 2022 : 1246: gl-vpn-client>> Start, vpnpath=/etc/openvpn/ovpn1, serverfile=Windscribe-London-Crumpets-GNS.ovpn
Tue May  3 01:10:34 2022 : 1323: gl-vpn-client>> glconfig.openvpn.ovpn=/etc/openvpn/ovpn1/Windscribe-London-Crumpets-GNS.ovpn, glconfig.openvpn.clientid=ovpn1

That indicates that the proper ovpn-file is used but it does not show me the command line...

It looks like you are using the GL-inet firmware, which is based on OpenWrt, but is different. Can you confirm if you have loaded an official version of OpenWrt or if you are using the stock firmware?

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

ubus call system board

Running top or htop will show the command line of the running process.

The log should show why it failed on the command line.

logread | grep 'warn\|err'

At least on the official OpenWrt builds, the LuCI OpenVPN app triggers /etc/init.d/openvpn start -- and when it does this, it will look for the OpenVPN configuration that is enabled in /etc/config/openvpn -- it's as simple as that.

As I mentioned in my previous post, you may be running a GL-inet version of OpenWrt which may operate differently. Please confirm the version you are running.

ubus call system board
        "kernel": "4.14.221",
        "hostname": "GL-AR300M",
        "system": "Qualcomm Atheros QCA9533 ver 2 rev 0",
        "model": "GL.iNet GL-AR300M (NAND)",
        "board_name": "glinet,gl-ar300m-nand",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.7",
                "revision": "r11306-c4a6851c72",
                "target": "ath79/nand",
                "description": "OpenWrt 19.07.7 r11306-c4a6851c72"

ok... good. So that looks like it is probably the official OpenWrt build. I would recommend upgrading to 19.07.10 (which is the latest, but the 19.07 series is now officially EOL), or better yet 21.02.3.

Let's take a look at your config files (as mentioned below -- please redact any sensitive info:

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/openvpn

Then, try to start the VPN by issuing:
/etc/init.d/openvpn start
and provide the log that results from that (again, redact any private details)