OpenVPN: Random Server with changing ca.crt

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 261

PostPosted: Wed Sep 19, 2018 7:21    Post subject: OpenVPN: Random Server with changing ca.crt Reply with quote
Implementing a random server selection with some VPN providers like TorGuard is easy...
* Use remote-random command to select server from a list given on the same script.
* Ca.crt file is same for all servers - so just load the same file always

With NordVPN, this is complicated since all servers use separate ca.crt and auth-key.
* Random server can be selected from a list (say xy12.nordvpn.com is chosen)
* Next the script needs to select the certificate file for same server (xy12_nordvpn_com_ca.crt) and also the auth-key (xy12_nordvpn_com_tls.key)

Problem: How to make the script select the correct ca.crt and Auth-key from a folder where all the certificates and auth-key are stored. Naming convention is as shown in the examples above. I have a USB drive where I can store the all the certificate and auth-key files permanently

The script will need to first select the random server, then use the random server name to select the correct certificate file and auth-key file. Is this possible in the script? Anyone who can help please...
Sponsor
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 261

PostPosted: Thu Sep 20, 2018 13:11    Post subject: Reply with quote
No responses ...
so maybe that was a very stupid question which I asked?
My problem remains, though ... Sad
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 261

PostPosted: Sat Sep 22, 2018 11:33    Post subject: Reply with quote
Would have been nice to be able to load the files via script, but that is beyond my level of knowledge. Anyways ... turnaround found, in case any other person is interested.

I manually checked and compared the ca.crt and tls-auth key files of several servers of NordVPN. Some of the newer servers have the same ca.crt and tls-auth key.

User needs to manually (and painstakingly) open selected server-configs and compare the relevant files to make a master list. Remote-Random can be done with the common ca.crt and auth key files and a sub-set of servers from this master list.

I have asked NordVPN support for help (list of servers with common ca.crt and tls-auth key files). If they help me, I will post here for other's benefit.
buffalo0207
DD-WRT User


Joined: 30 Apr 2014
Posts: 88
Location: UK

PostPosted: Sat Sep 22, 2018 12:11    Post subject: Reply with quote
I think this answers your question for NordVPN...

https://tobsetobse.github.io/DD-WRT_NordVPN/
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 261

PostPosted: Sun Sep 23, 2018 2:26    Post subject: Reply with quote
buffalo0207 wrote:
I think this answers your question for NordVPN...

https://tobsetobse.github.io/DD-WRT_NordVPN/


Thanks.
That's a starting point for gathering further knowledge. It's nice to see an expert working on the same issue and still improving his script (last change was yesterday)

Often, just a small pointer from experts (like your short comment here) puts people on the right track. Multiple google searches did not take me to this page ... maybe I was using the wrong keywords.
WizKrish
DD-WRT Novice


Joined: 01 Jul 2019
Posts: 2

PostPosted: Mon Jul 01, 2019 0:21    Post subject: Reply with quote
I was looking for a similar solution and finally found this solution from tobse which did an excellent job of automating NordVPN server changes. The only drawback I found was the need to load up my router with all the NordVPN server config files which slows down the server selection and also has a lot of slow servers to go through before it finds a decent server to connect to.

I however wanted to only have a subset of servers that were fast and downloads the config from NordVPN site to the router. My solution was to build this in Python3 (I am not a bash expert, sorry), so it works across OS (Windows/Linux...)

Here is the link to download the script:

https://github.com/wizkrish921/NordVPN_Parser



@m0eb@ wrote:
buffalo0207 wrote:
I think this answers your question for NordVPN...

https://tobsetobse.github.io/DD-WRT_NordVPN/


Thanks.
That's a starting point for gathering further knowledge. It's nice to see an expert working on the same issue and still improving his script (last change was yesterday)

Often, just a small pointer from experts (like your short comment here) puts people on the right track. Multiple google searches did not take me to this page ... maybe I was using the wrong keywords.
d0ug
DD-WRT Guru


Joined: 31 Jul 2015
Posts: 753

PostPosted: Mon Jul 01, 2019 16:35    Post subject: Reply with quote
Simpler solution is using a vpn provider that uses the same certs across all endpoints. PIA is such a vpn provider. All I have to do to change my endpoint is change the host name that I am connecting to.
WizKrish
DD-WRT Novice


Joined: 01 Jul 2019
Posts: 2

PostPosted: Mon Jul 01, 2019 22:19    Post subject: Reply with quote
I am curious how you would automate the endpoint changes? You still need to change the openvpn.conf to update remote server changes, right? Also you need to know the list of valid (and least loaded) remote servers to connect to...

I am not a networking expert and would like to know if there are better solutions out there.

Thanks
d0ug
DD-WRT Guru


Joined: 31 Jul 2015
Posts: 753

PostPosted: Tue Jul 02, 2019 4:16    Post subject: Reply with quote
WizKrish wrote:
I am curious how you would automate the endpoint changes? You still need to change the openvpn.conf to update remote server changes, right? Also you need to know the list of valid (and least loaded) remote servers to connect to...

I am not a networking expert and would like to know if there are better solutions out there.

Thanks


I really dont have issues with loaded servers. I just put multiple remote entries into my openvpn config if by chance a server isn't responding or drops off, it just rolls to the next server in the list of remote entries until it establishes a connection.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum