OpenVPN questions

I'm using OpenVPN (with VPN Policy Routing) to make use of Trust.Zone. As with other VPN's, TZ offers multiple servers to make use of. With the exception of one line, each of the ovpn files are the same, with that one line being the VPN server to connect to (and the port number).

So here's the main question - is there a way to make use of only one ovpn file, but have the entry in the OpenVPN configuration use a different server per entry?

Let's say, for arguments sake, that there are three to choose from. us.vpn.com, ca.vpn.com, and uk.vpn.com (fake addresses). Instead of three files, one file, but the settings for the entries in OpenVPN (US, CA, UK) specify the remote address (and port) to use. I've tried looking at the options (advanced) and looking at the choices for adding settings, but I don't see any that say "remote" (which is what is listed in the ovpn files), and when I try server, it suggests IP and subnet mask.

Along the same lines, if it can be done this way, are there other option filters within the openvpn config file? Like "option remote 'address port'" or something similar?

One other thing, when I try to add a client from the main OpenVPN page, it gives me a blank configuration screen. I mean Luci loads up and there is the option to go to advanced settings (and in that, to view the different pages), but there are no options listed. Does this mean that I FUBAR'd my OpenVPN install, or is it a bug that is affecting others? If I FUBAR'd, is there an easy fix other than uninstall/reinstall, or is that the only way to fix it?

TIA for any help.

I'm not really sure if this is what you're asking but you can comment out (ignore) lines by placing "#" before the line in question in the configuration file for OpenVPN. For all I know the OpenVPN LuCI plugin is more or less broken unless that changed recently.

Yeah I know about that, but in the OpenVPN config files, where there is "config openvpn 'name'" and then the options for that config, I'm hoping to do the server and port information in there. An example of that info from the ovpn file is "remote us.vpn.com 443" and I'd like the openvpn config file to keep a list of that information, so I can point to a single ovpn file, but still benefit from multiple servers.

Sounds like you're using the UCI config? I dropped that years ago because I found it to be more of a hassle so can't help, sorry.

https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

--config file
Load additional config options from file where each line corresponds to one command line option, but with the leading '--' removed.

Apparently I wasn't clear about the issue I'm having. (I mean that legitimately, not being snarky.)

I have OpenVPN installed, and in the /etc/config/openvpn file, I have different entries listed, which each entry pointing to a /etc/openvpn/*.ovpn file. In that ovpn file, there are various settings done (without the leading '--'), with the only difference between the files being the "remote" setting.

So not trying to make additional files, whichis what the --config file option would entail. Instead, trying to reduce the number of files.

After my initial post, I tried adding "option remote 'us.vpn.com 443'" (but using a legit server entry) but when trying to use it, it won't work. It will show up in the settings via Luci, but when applied, it treats it differently than when it reads the same information from the file. Maybe I'm doing something wrong, but it seems like OpenVPN ignores the config settings.

You are missing the point.
It's possible to move all the common options into one file and link it with option config.

Option remote should be defined as list in UCI-syntax.

I don't think you can mix uci options with a native .ovpn file. When you use the regular UCI config, it parses those options to generate a temporary .ovpn file. When you use option config to tell UCI to use your already prepared .ovpn style file, it launches OpenVPN with that file without generating any additional file.

You can set multiple servers in an .ovpn file and have OpenVPN use one at random and/or fail over to one of the others if it can't connect. But it sounds like you don't want that because they are in different countries and do different things.

So what you're saying is I would need to try it with all of the options as part of the main config file, without it calling on an ovpn file at all?

You can't by default, but it's possible:

sed -i -r \
-e 's/^\tconfig_get config /#\0/' \
-e 's/openvpn.options$/\0; OPENVPN_PARAMS="${OPENVPN_PARAMS}config"/' \
/etc/init.d/openvpn

Would that basically be like adding "config" as an entry in the options file, just added after it's loaded?

It makes possible to merge options from /etc/config/openvpn and file defined by option config:

uci set openvpn.vpnclient1="openvpn"
uci set openvpn.vpnclient1.config="/etc/openvpn/vpnclient.ovpn"
uci add_list openvpn.vpnclient1.remote="vpnserver1.provider.com"

uci set openvpn.vpnclient2="openvpn"
uci set openvpn.vpnclient2.config="/etc/openvpn/vpnclient.ovpn"
uci add_list openvpn.vpnclient2.remote="vpnserver2.provider.com"

uci commit openvpn

I get that part, but is it essentially adding a "config" option to the openvpn.options file?

Manually performed the edit for the config_get line, then added 'config' to the list of params in openvpn.options file. Working like a charm. Best of both worlds, default settings in a single file, with the VPN to connect to as an option in the openvpn config file, instead of tons of lines of the same stuff or tons of files.

Great solution!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.