OpenVPN Client Won't Stop Running via LuCI

So I'm using the latest version of ROOter, which as I understand is a packaged version of LEDE. So far so good -- I'm using a Raspberry Pi 2 and it configured easily with my USB Modem using the ROOter image. I'm now working on getting an OpenVPN Client up-and-running which is also working, but has a couple of quirks I'd like to fix:

First, I was only able to edit the sample client configuration in the LuCI GUI, any attempts to use one of the OpenVPN Client templates in the dropdown resulted in an "Invalid" message popping up just below and to the left of the dropdown.

Second, once I got the OpenVPN client running and verified connection in the System Log, I tried to stop the VPN using the "Stop" button in the GUI. It appeared to work, but if I refreshed the page it would show as running again and the System Log confirmed it had reconnected. I tried a few things, but ultimately a reboot was the only fix I found.

I posted these same questions on the ROOter forum, and the developer suggested that I might have better luck getting feedback on these particular issues here. According to him, the OpenVPN implementation is just stock LEDE.

This was an issue under OpenWrt too. Search OpenWrt for "openvpn AND stop" for my user name and you will find refs to this.

If you have just one config you can enable disable it from the system\startup, but not sure that the OpenVPN gui reflects this correctly or not.

There also is a pkg call "luci-app-commands" which gives you a gui window that allows you to run predefined scripts on demand by clicking a button.

1 Like

Thanks for the feedback.

I found your posts in the OpenWRT forum, but nothing specific about how to actually kill a running OpenVPN Client process. The ROOter distro includes a way to execute commands and scripts from the GUI already -- but I've tried everything I can think of and the OpenVPN process just keeps restarting with a new PID. A tad frustrating. What command have you found to work from the CLI?

I've figured out how to create additional OpenVPN client profiles by editing /etc/config/openvpn, which is fine especially using WinSCP. I haven't been able to get any pre-defined profiles to import by putting them in /etc/openvpn, which would be nice, but not mandatory.

My VPN is connecting, but I'm not actually seeing any traffic move through the tunnel. I can ping the router on the server side but nothing else. Once I can start and stop the client without rebooting, I'll tackle that issue!

Looks like I found it -- finally, in the OpenWRT Init Script Wiki:

I added the following to "Custom Commands" in the ROOter GUI:

/etc/init.d/openvpn stop

It seems to do the trick. I can stop and start at will now. I thought there might be a second argument to shutdown a specific VPN, but couldn't get that to work.

Looks like I still need to configure a tun0 interface, firewall and DNS to start passing data through the tunnel if I'm reading the various guides correctly.

This is really way out of my wheel house, but there is a difference between start\stop of a service and running a script (which I assume you can also do with the tool) with more in it.

The script would stop\disable the service and then edit the parameter for enabled for the particular instance of the OpenVpn, and the enable\start Open VPN again. In reality it's what the OpenVPN control panel should be doing, but I think is not.

I use cli for debugging etc, but if I have to use it for day to day operations it's not a viable option for me. I do use winSCP for most of my editing.

I also do not think that you can mix approaches to OpenVPN config files. I think they all need to be in the /etc/config/openvpn or in the /etc/openvpn folder.

When I set mine up, I missed that there were 2 ways to do this. I used the former, but think that the later is more compatible with the opvn config files one gets from third parties.

I did a post over at SNBForums on setting up a Raspberry Pi running ROOter for use as an OpenVPN Client with Private Internet Access (PIA). The concept can be adapted to other VPN services, of course. My focus was on minor tweaks that would stop OpenVPN from respawning (making it impossible to kill by PID and therefore stop individually) and creating a PIA "recipe". New PIA client instances are now as easy as naming, adding and changing the value of "remote" in an OpenVPN basic configuration. Clients can be successfully started and stopped using the buttons in the GUI.