[simi22]

I am using a TP LINK ARCHER C9 version 3 with DD-WRT v3.0-r33986 std (12/04/17)

The open VPN client works well. However, sometimes the router crashes or I have to restart it for other reasons and it does not re-connect automatically to the VPN. I have to go into the web interface and manually restart the openVPN client for it to re-connect.

I have tried to run a start up script through the administration --> command tab.
I turn the open VPN client off and just save the start up script.

This is the script from my VPN provider that I used in the command

#!/bin/sh
USERNAME="removed"
PASSWORD="removed"

PROTO="udp"
TUN="tun1"
REMOTE="removed"

CA_CRT=' -----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----'

TLS_AUTH=' -----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----'

if [ `nvram get openvpncl_enable` != 0 ]; then
nvram set openvpncl_enable=0
nvram commit
sleep 10
fi

mkdir /tmp/vpncl; cd /tmp/vpncl

echo -e "$USERNAME\n$PASSWORD" > userpass.txt

echo "#!/bin/sh
iptables -t nat -I POSTROUTING -o $TUN -j MASQUERADE" > route-up.sh

echo "#!/bin/sh
iptables -t nat -D POSTROUTING -o $TUN -j MASQUERADE" > route-down.sh

echo "$CA_CRT" > ca.crt
echo "$TLS_AUTH" > tls-auth.key
sleep 10

echo "client
dev $TUN
proto $PROTO

$REMOTE
resolv-retry infinite
nobind

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

persist-key
persist-tun
keepalive 5 30

comp-lzo
mute 20
verb 3
log-append vpn.log
fast-io

auth-user-pass userpass.txt
script-security 2
remote-cert-tls server
cipher AES-256-CBC
# if the server is relatively new and uses sha512, uncomment the line below
auth sha512

ca ca.crt
tls-auth tls-auth.key 1

daemon" > openvpn.conf

chmod 600 ca.crt tls-auth.key userpass.txt openvpn.conf; chmod 700 route-up.sh route-down.sh

(killall openvpn ; openvpn --config openvpn.conf --route-up /tmp/vpncl/route-up.sh --down-pre /tmp/vpncl/route-down.sh) &

exit 0

The settings and IP etc in the script are exactly the same as those used in the openVPN client GUI. However, it does not connect to the VPN after I restart the router.

When I run the 'cat /tmp/vpn.log' command I get the following output,
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: down-pre (2.4.4)
Use --help for more information.

Speaking to the technical team from the VPN provider they say the firmware is not reading the script.

Any ideas how to resolve this.

The aim is the get the router to automatically re-connect to the VPN after it has been re-started and to not have to keep logging in manually to do this.

[simi22]

[simi22]

So things were working well with the script change

#!/bin/sh
USERNAME=""
PASSWORD=""

PROTO="udp"
TUN="tun1"
REMOTE="remote uk332.nordvpn.com 1194"

CA_CRT='-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----'

TLS_AUTH='-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----'

if [ `nvram get openvpncl_enable` != 0 ]; then
nvram set openvpncl_enable=0
nvram commit
sleep 10
fi

mkdir /tmp/vpncl; cd /tmp/vpncl

echo -e "$USERNAME\n$PASSWORD" > userpass.txt

echo "#!/bin/sh
iptables -t nat -I POSTROUTING -o $TUN -j MASQUERADE" > route-up.sh

echo "#!/bin/sh
iptables -t nat -D POSTROUTING -o $TUN -j MASQUERADE" > route-down.sh

echo "$CA_CRT" > ca.crt
echo "$TLS_AUTH" > tls-auth.key
sleep 10

echo "client
dev $TUN
proto $PROTO

$REMOTE
resolv-retry infinite
nobind

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

persist-key
persist-tun
keepalive 5 30

comp-lzo
mute 20
verb 3
log-append vpn.log
fast-io

auth-user-pass userpass.txt
script-security 2
remote-cert-tls server
cipher AES-256-CBC
# if the server is relatively new and uses sha512, uncomment the line below
auth sha512

ca ca.crt
tls-auth tls-auth.key 1

daemon" > openvpn.conf

chmod 600 ca.crt tls-auth.key userpass.txt openvpn.conf; chmod 700 route-up.sh route-down.sh

(killall openvpn ; openvpn --config openvpn.conf --route-up /tmp/vpncl/route-up.sh --route-pre-down /tmp/vpncl/route-down.sh) &

exit 0

But now the router wont connect to the VPN and I'm getting this output in the VPN log

Sat Apr 14 01:20:39 2018 OpenVPN 2.4.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 4 2017
Sat Apr 14 01:20:39 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.09
Sat Apr 14 01:20:39 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Apr 14 01:20:39 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Apr 14 01:20:39 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Apr 14 01:20:40 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]89.34.99.103:1194
Sat Apr 14 01:20:40 2018 Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Apr 14 01:20:40 2018 UDP link local: (not bound)
Sat Apr 14 01:20:40 2018 UDP link remote: [AF_INET]89.34.99.103:1194
Sat Apr 14 01:21:10 2018 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sat Apr 14 01:21:10 2018 SIGUSR1[soft,ping-restart] received, process restarting
Sat Apr 14 01:21:10 2018 Restart pause, 5 second(s)
Sat Apr 14 01:21:15 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Apr 14 01:21:15 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]89.34.99.103:1194
Sat Apr 14 01:21:15 2018 Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Apr 14 01:21:15 2018 UDP link local: (not bound)
Sat Apr 14 01:21:15 2018 UDP link remote: [AF_INET]89.34.99.103:1194

Any ideas whats happen?

Thanks again[/i]