Posted: Sat Apr 07, 2018 18:02 Post subject: Open VPN startup script
I am using a TP LINK ARCHER C9 version 3 with DD-WRT v3.0-r33986 std (12/04/17)
The open VPN client works well. However, sometimes the router crashes or I have to restart it for other reasons and it does not re-connect automatically to the VPN. I have to go into the web interface and manually restart the openVPN client for it to re-connect.
I have tried to run a start up script through the administration --> command tab.
I turn the open VPN client off and just save the start up script.
This is the script from my VPN provider that I used in the command
auth-user-pass userpass.txt
script-security 2
remote-cert-tls server
cipher AES-256-CBC
# if the server is relatively new and uses sha512, uncomment the line below
auth sha512
The settings and IP etc in the script are exactly the same as those used in the openVPN client GUI. However, it does not connect to the VPN after I restart the router.
When I run the 'cat /tmp/vpn.log' command I get the following output,
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: down-pre (2.4.4)
Use --help for more information.
Speaking to the technical team from the VPN provider they say the firmware is not reading the script.
Any ideas how to resolve this.
The aim is the get the router to automatically re-connect to the VPN after it has been re-started and to not have to keep logging in manually to do this.
Regarding the script, there is no OpenVPN directive called --down-pre that takes a script/command as an argument. Rather, --down-pre takes no argument, and its sole purpose it to tell the OpenVPN client to call the script associated w/ the --down directive *before* the tunnel is closed rather than after (the default).
I've see this error w/ many other VPN provider scripts. Not sure why so many keep making this mistake other than they just keep blindly copying each other.
auth-user-pass userpass.txt
script-security 2
remote-cert-tls server
cipher AES-256-CBC
# if the server is relatively new and uses sha512, uncomment the line below
auth sha512
But now the router wont connect to the VPN and I'm getting this output in the VPN log
Sat Apr 14 01:20:39 2018 OpenVPN 2.4.4 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 4 2017
Sat Apr 14 01:20:39 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.09
Sat Apr 14 01:20:39 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Apr 14 01:20:39 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Apr 14 01:20:39 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Apr 14 01:20:40 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]89.34.99.103:1194
Sat Apr 14 01:20:40 2018 Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Apr 14 01:20:40 2018 UDP link local: (not bound)
Sat Apr 14 01:20:40 2018 UDP link remote: [AF_INET]89.34.99.103:1194
Sat Apr 14 01:21:10 2018 [UNDEF] Inactivity timeout (--ping-restart), restarting
Sat Apr 14 01:21:10 2018 SIGUSR1[soft,ping-restart] received, process restarting
Sat Apr 14 01:21:10 2018 Restart pause, 5 second(s)
Sat Apr 14 01:21:15 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Apr 14 01:21:15 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]89.34.99.103:1194
Sat Apr 14 01:21:15 2018 Socket Buffers: R=[180224->180224] S=[180224->180224]
Sat Apr 14 01:21:15 2018 UDP link local: (not bound)
Sat Apr 14 01:21:15 2018 UDP link remote: [AF_INET]89.34.99.103:1194