OK Heres my script and technique for using OpenVPN client on pCP.
First you will need to install openvpn from the extensions in pCP >From your OpenVPN server you will have your openvpn config for your connection, rename this VPN.conf Edit VPN.conf and to the line "auth-user-pass" "/home/tc/PSK.key" giving "auth-user-pass /home/tc/PSK.key" also add the line "auth-nocache" (A small security improvement) Create a file called "PSK.key" and add to this your username and password on separate lines. Download these to /home/tc on the pCP and change permissions to 400 for both. Download "Services.sh" "SendReports.sh" and "SendEmail" to /home/tc on the pCP and change permissions to 700 for all 3. Make sure you "pcp br" to backup once downloaded You can then test with openvpn --config /home/tc/VPN.conf to check the vpn is initiated The script "Services.sh" has two functions 1) Monitors the connectivity to the internet by "pinging" an internet host and sending reports of connection breaks 2) Connect OpenVPN and reconnects it after a network failiure You will need to edit "services.sh" to suit your "local" (IE VPN server internal network not pCP network) network There are 4 variables that need to be checked # Internet host to ping to check connectivity (8.8.8.8 is google's DNS Server) TestHost="8.8.8.8" # Number of pings to send Pings=2 # Set this to the ip address of a device on your LOCAL network that can be pinged only when the VPN is up VPNTestHost="10.44.4.2" # Set this to the subnet of your LOCAL network LocalSubnet="10.44.4" When Services.sh is run it will wait 60 seconds then ping the Testhost to see whether there is internet access and write any changes of state to a file After 60 seconds it will test for the VPN being up bypinging a host you set behind the VPN server (IE no VPN no ping) If there is no connection AND the pCP is not on the network behind the VPN server the OpenVPN client will be started. After this the Internet is checked every 60 seconds and the VPN every 30 minutes. Start the Services.sh script from the "Tweaks" page "User Command #1" The results of the connection tests can be emails with the SendReports.sh script using the cron command. In the example the pCP is set to reboot once a wekk at 0400 the sendreports is set to run 2 minutes before reboot Hope this all makes sense ! Any improvements are welcome (My coding is not great !) sendEmail webpage is here http://caspian.dotconf.net/menu/Software/SendEmail/ The attachment VPN_Stuff.zip contains the scripts and sendEmail pluse empty VPN.conf and PSK.key Jeff Services.sh Code: -------------------- #!/bin/sh ######################################################################################## # # # This script performs two tasks :- # # 1) Monitors the connectivity to the internet by "pinging" an internet host (NETTest) # # 2) Connects an OpenVPN VPN and reconnects it after a network failiure (VPNTest) # # "Local" Network is "Server" Network # # "Remote" Network is "pCP" Network # ######################################################################################## ## Setup files and variables ## For NETTest # Internet host to ping to check connectivity TestHost="8.8.8.8" # Number of pings to send Pings=2 # Clear old NettestReport files (If existing) from /home/tc if [ -f /home/tc/NettestReport.txt ] ; then rm /home/tc/NettestReport.txt ; fi # Clear old WAN_Up files (If existing) from /home/tc if [ -f /home/tc/WAN_Up ] ; then rm /home/tc/WAN_Up ; fi # Clear old WAN_Up files (If existing) from /home/tc if [ -f /home/tc/WAN_Down ] ; then rm /home/tc/WAN_Down ; fi # Start with WAN down in /home/tc touch /home/tc/WAN_Down # Create empty NettestReport file in /home/tc touch /home/tc/NettestReport.txt ## For VPNTest # Set this to the ip address of a device on your LOCAL network that can be pinged only when the VPN is up VPNTestHost="10.44.4.2" # Set this to the subnet of your LOCAL network LocalSubnet="10.44.4" # Clear old TestingVPN files (If existing) from /home/tc if [ -f /home/tc/TestingVPN ] ; then rm /home/tc/TestingVPN ; fi # Clear old VPN_Retries files (If existing) from /home/tc if [ -f /home/tc/VPN_Retries ] ; then rm /home/tc/VPN_Retries ; fi # Clear old VPN_Retry_Details files (If existing) from /home/tc if [ -f /home/tc/VPN_Retry_Details.txt ] ; then rm /home/tc/VPN_Retry_Details.txt ; fi # Zero retries let retries=0 # Create empty VPN_Retries file in /home/tc touch /home/tc/VPN_Retries # Create empty VPN_Retry_Details.txt file in /home/tc touch /home/tc/VPN_Retry_Details.txt NETTest() { # Continuous loop while true do # Wait 60 seconds sleep 60 # Ping chosen host with chosen No of pings returns=$(ping -c $Pings $Host | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }') # If 2 echos are returned from pings and WAN was previously down then WAN is up if [ $returns -eq 2 ] && [ -f /home/tc/WAN_Down ]; then # Write WAN_Up touch /home/tc/WAN_Up # Remove WAN_Down rm /home/tc/WAN_Down # Echo status change and time to /home/tc/NettestReport.txt echo $(date +%d/%m/%Y" "%H:%M:%S) "Status change - $Host is now reachable. WAN is Up" >> /home/tc/NettestReport.txt fi # If 2 echos are not returned from pings and WAN was previously up then WAN is down if [ $returns -eq 0 ] && [ -f /home/tc/WAN_Up ]; then # Write WAN_Down touch /home/tc/WAN_Down # Remove WAN_Up rm /home/tc/WAN_Up # Echo status change and time to /home/tc/NettestReport.txt echo $(date +%d/%m/%Y" "%H:%M:%S) "Status change - $Host is now unreachable. WAN is Down" >> /home/tc/NettestReport.txt fi done } VPNTest() { # Continuous loop while true do # Wait 60 seconds sleep 60 # Check whether a VPN test is running if [ -f /home/tc/TestingVPN ]; then echo "VPN is already being tested" else # Write /home/tc/TestingVPN to show VPN is being tested touch /home/tc/TestingVPN # Find our Remote subnet homenet=$(/sbin/ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){2}[0-9]*' | grep -v '127.0.0') # If we are not on Local network ping the VPNTesthost to see if VPN is up if [ "$homenet" != "$LocalSubnet" ]; then count=$(ping -c 4 $VPNTestHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }') if [ $count -eq 4 ]; then sleep 1 else $(( retries++ )) # If VPNTestHost is not pingable (VPN Down) then kill and restart OpenVPN if pgrep openvpn &> /dev/null ; then sudo killall openvpn ; fi sleep 10 sudo openvpn --config /home/tc/VPN.conf > /dev/null 2>&1 & echo $retries > /home/tc/VPN_Retries echo $(date +%d/%m/%Y" "%H:%M:%S) "Retry " $retries >> /home/tc/VPN_Retry_Details.txt fi else sleep 1 fi rm -f /home/tc/TestingVPN fi #Sleep for 29 Minutes sleep 1740 done } # Run Netest and detach NETTest & # Run VPNTest and detach VPNTest & -------------------- SendReports.sh Code: -------------------- /home/tc/sendEmail -q -t <TO ADDRESS> -u "SUBJECT" -m "MESSAGE BODY" -s <SMTP SERVER> -f <FROM ADDRESS> -o tls=no -o fqdn=<FQDN OF SENDING pCP> -a /home/tc/VPN_Retry_Details.txt -a /home/tc/NettestReport.txt -------------------- 27089 27088 +-------------------------------------------------------------------+ |Filename: 2019-04-02 20_39_09-pCP - Tweaks.jpg | |Download: http://forums.slimdevices.com/attachment.php?attachmentid=27089| +-------------------------------------------------------------------+ *Players:* SliMP3,Squeezebox3 x3,Receiver,SqueezeLite-X,PiCorePlayer x3 *Server:* LMS Version: Latest Nightly on Centos 7.5 VM on ESXi 6.5.0U2 on Dell T320 *Plugins:* AutoRescan/BBCiPlayer/PowerSave/PowerSwitchIII/Squeezecloud/Spotty/Player Groups *Remotes:* iPeng9/Orangesqueeze/PC/Jivelite/SqueezeLite-X *Music:* 522GB,1660 albums with 23087 songs by 5204 artists mostly FLACs *Want a webapp ?* See http://forums.slimdevices.com/showthread.php?104305-Webapp-for-LMS ------------------------------------------------------------------------ Jeff07971's Profile: http://forums.slimdevices.com/member.php?userid=49290 View this thread: http://forums.slimdevices.com/showthread.php?t=110407 _______________________________________________ unix mailing list unix@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/unix
