Shell script to shuffle VPN

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Goto page 1, 2  Next
Author Message
JediMaster666
DD-WRT User


Joined: 04 Apr 2017
Posts: 56

PostPosted: Wed Jun 22, 2022 8:09    Post subject: Shell script to shuffle VPN Reply with quote
I have a Linksys WRT1200AC. My ISP has been hassling me lately and banning my VPN's servers a couple times a day. Changing it manually has become cumbersome. I've come up with a shell script to do so and I'm just curios as to how bad an idea you think this is. I have all the original info from openvpn.conf before and after the line with the connection info in the designated text files. I'm basically generating two pseudo random digits to hit a new server.

Code:

#!/bin/sh
SECONDS=`date "+%S"`
FIRST_DIGIT=`expr $SECONDS % 10`
SECOND=`expr $FIRST_DIGIT + $SECONDS`
SECOND_DIGIT=`expr $SECOND % 10`
cat /tmp/openvpncl/head.txt > /tmp/openvpncl/openvpn.conf
echo "remote [vpn specific info]$FIRST_DIGIT$SECOND_DIGIT[vpn specific info]" >> /tmp/openvpncl/openvpn.conf
cat /tmp/openvpncl/tail.txt >> /tmp/openvpncl/openvpn.conf
sleep 10
reboot
[/code]
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Jun 22, 2022 8:25    Post subject: Reply with quote
You can enter multiple servers in the VPN GUI and if you enable Random then it will randomly choose one.

Run a Cron job to restart the OpenVPN Client (no need to reboot the router) regularly.

See the "OpenVPN Client setup guide" how to set multiple servers.

A simple script to change server from CLI or with an app on your phone is described under:
"How to run multiple OpenVPN clients"

See: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
JediMaster666
DD-WRT User


Joined: 04 Apr 2017
Posts: 56

PostPosted: Wed Jun 22, 2022 9:12    Post subject: Reply with quote
egc wrote:
You can enter multiple servers in the VPN GUI and if you enable Random then it will randomly choose one.


Unfortunately, they still haven't fixed the WRT1200ACv2 wireless security bug. I'm stuck on r36247 so I don't have that feature.

egc wrote:
Run a Cron job to restart the OpenVPN Client (no need to reboot the router) regularly.


Is there a safe way to do this or just kill the process and re-invoke with:

Code:

openvpn --config /tmp/openvpncl/openvpn.conf --route-up /tmp/openvpncl/route-up.sh --route-pre-down /tmp/openvpncl/route-down.sh
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Jun 22, 2022 9:33    Post subject: Reply with quote
Well I cannot say much about such an old build (was from before I was born LoL )

What I can say is that there are a lot of security issues with older builds which should be solved in the new builds.

I do not see Marvell guys and gals complaining in the build threads but maybe they are not the complaining kind Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
JediMaster666
DD-WRT User


Joined: 04 Apr 2017
Posts: 56

PostPosted: Wed Jun 22, 2022 9:48    Post subject: Reply with quote
egc wrote:
I do not see Marvell guys and gals complaining in the build threads but maybe they are not the complaining kind Smile


When I tried, I was ignored. I can see why.
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Wed Jun 22, 2022 11:35    Post subject: Reply with quote
JediMaster666 wrote:
egc wrote:
You can enter multiple servers in the VPN GUI and if you enable Random then it will randomly choose one.


Unfortunately, they still haven't fixed the WRT1200ACv2 wireless security bug. I'm stuck on r36247 so I don't have that feature.

Which security bug? This one? The reason nobody is complaining is because of all of the fixes applied to wifi, including MAC filtering. You should upgrade to the current release (now 49289) ...

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
JediMaster666
DD-WRT User


Joined: 04 Apr 2017
Posts: 56

PostPosted: Wed Jun 22, 2022 11:45    Post subject: Reply with quote
dale_gribble39 wrote:
Which security bug? This one?


That's the one. I've tried 44715 (most recent stable build) and at least up to 46788 according to that thread. I know I tried a 48*** and it was still broken a few months back. Are you sure?
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Wed Jun 22, 2022 12:29    Post subject: Reply with quote
Update to the current, do a hard reset (nvram erase && reboot), re-configure manually, and test. I have MAC filtering set up on a different device altogether that I just flashed to the last build yesterday and just updated to current this morning and it is working flawlessly. That part of the firmware is common across the board from what I understand, so it should work. The only way it won't work is if it is a Marvell-specific issue, which I doubt that is the case. If you run into issues, reply to your thread on the subject and someone may be kind enough to forward your findings after all possible anomalies are ruled out.
_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Wed Jun 22, 2022 14:04    Post subject: Reply with quote
So let me see if I understand this properly.

You are or were running r36247 because of some WiFi security issue, that presumably doesnt exist in r36247.

But in the meanwhile far more serious known exploits that some are actively being targeted, which have been patched in DD-WRT since that build, including kernel, 3rd party libraries e.g. openssl (but not exclusive to that lib) and untold amount of 3rd party components also patched known exploits.

Makes sense. Rolling Eyes secure one leave a million and one open.

FYI, MAC Filter has worked for a long time and works just fine with current advised build.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
JediMaster666
DD-WRT User


Joined: 04 Apr 2017
Posts: 56

PostPosted: Wed Jun 22, 2022 17:45    Post subject: Reply with quote
the-joker wrote:
You are or were running r36247 because of some WiFi security issue, that presumably doesnt exist in r36247.


why would it not exist?

the-joker wrote:
But in the meanwhile far more serious known exploits that some are actively being targeted, which have been patched in DD-WRT since that build, including kernel, 3rd party libraries e.g. openssl (but not exclusive to that lib) and untold amount of 3rd party components also patched known exploits.


Why wouldn't I be more worried about securing my wi-fi using basic things shat should just work?

the-joker wrote:
FYI, MAC Filter has worked for a long time and works just fine with current advised build.


This just isn't true. Troll harder.
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Wed Jun 22, 2022 18:14    Post subject: Reply with quote
JediMaster666 wrote:
the-joker wrote:
FYI, MAC Filter has worked for a long time and works just fine with current advised build.


This just isn't true. Troll harder.

Please provide undeniable proof that wifi MAC filtering doesn't work in the current release.

There are probably other commits involved besides these; also the one associated issue/PR was already handled.

If you are referring to anything else, please clarify.

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
JediMaster666
DD-WRT User


Joined: 04 Apr 2017
Posts: 56

PostPosted: Fri Jun 24, 2022 15:50    Post subject: Reply with quote
Since I've finished generating material for the other thread, I've come back to working on this. Over the past few days there have been some interesting developments.

First, I found out that I was trying to write the data to the wrong place. There is a command to set persistent nvram I'm not sure what models require this. 1200ACv2 certainly does.

Code:

nvram set VARIABLE="VALUE"



Second, in an ideal situation you can shut down the openvpn service with stopservice and start it with startservice but that is not always guaranteed. I never got the command I copied from using ps to work. So good ol reboot is always a possibility when other stuff doesn't get things to restart properly.

This seems to change between versions so your best bet is to see what it looks like using the ps command. Trying this will likely not bring your VPN back up if startservice does not work.
Code:

openvpn --config /tmp/openvpncl/openvpn.conf --daemon


Finally, I went deep into the random number generation rabbit hole but I'm going to talk about that in a more generalized forum.
dale_gribble39
DD-WRT Guru


Joined: 11 Jun 2022
Posts: 1899

PostPosted: Fri Jun 24, 2022 15:58    Post subject: Reply with quote
JediMaster666 wrote:
First, I found out that I was trying to write the data to the wrong place. There is a command to set persistent nvram I'm not sure what models require this. 1200ACv2 certainly does.

Code:

nvram set VARIABLE="VALUE"

JediMaster666 wrote:
I've been using DD-WRT for over 5 years. I know how to use the software.

The nvram set command applies to all supported devices; what persistent values are you trying to manipulate, anyway?

_________________
"The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost

"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio

<fact>code knows no gender</fact>

This is me, knowing I've ruffled your feathers, and not giving a ****
Some people are still hard-headed.

--------------------------------------
Mac Pro (Mid 2012) - Two 2.4GHz 6-Core Intel Xeon E5645 processors 64GB 1333MHz DDR3 ECC SDRAM OpenSUSE Leap 15.5
the-joker
DD-WRT Developer/Maintainer


Joined: 31 Jul 2021
Posts: 2146
Location: All over YOUR webs

PostPosted: Fri Jun 24, 2022 18:18    Post subject: Reply with quote
JediMaster666 wrote:
[This just isn't true. Troll harder.

I would advise you to refrain posting little snips of inflammatory taunts which are now noticeable across your latest threads against anyone who doesn't echo your faulty assumptions.

Being part of this community is not a right, it is a privileged. Our community is one of volunteers who contribute to support and helping improve a product and enrich the community we are part of by imparting factual information and skills which is used by all at the grand price of free, while sacrificing the most valuable resource of all, time -- our free time.

I also do not have to remind you of this, and only am doing so with the hope you will self correct.

I have tried reaching you via PM but did not have any luck there.

Your friendly neighborhood Jokerman.

_________________
Saving your retinas from the burn!🔥
DD-WRT Inspired themes for routers
DD-WRT Inspired themes for the phpBB Forum
DD-WRT Inspired themes for the SVN Trac & FTP site
Join in for a chat @ #style_it_themes_public:matrix.org or #style_it_themes:discord

DD-WRT UI Themes Bug Reporting and Discussion thread

Router: ANus RT-AC68U E1 (recognized as C1)
JediMaster666
DD-WRT User


Joined: 04 Apr 2017
Posts: 56

PostPosted: Fri Jun 24, 2022 20:41    Post subject: Reply with quote
dale_gribble39 wrote:
what persistent values are you trying to manipulate, anyway?


It was openvpncl_remoteip on the old firmware. I haven't looked into what it is now. I've been focusing on generating true randomness.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum