Home of the Squeezebox™ & Transporter® network music players.
Page 2 of 2 FirstFirst 12
Results 11 to 12 of 12
  1. #11
    Senior Member Jeff07971's Avatar
    Join Date
    Aug 2011
    Location
    London, England
    Posts
    1,300
    OK Heres my script and technique for using OpenVPN client on pCP.

    First you will need to install openvpn from the extensions in pCP

    From your OpenVPN server you will have your openvpn config for your connection, rename this VPN.conf

    Edit VPN.conf and to the line "auth-user-pass" "/home/tc/PSK.key" giving "auth-user-pass /home/tc/PSK.key" also add the line "auth-nocache" (A small security improvement)

    Create a file called "PSK.key" and add to this your username and password on separate lines.

    Download these to /home/tc on the pCP and change permissions to 400 for both.

    Download "Services.sh" "SendReports.sh" and "SendEmail" to /home/tc on the pCP and change permissions to 700 for all 3.

    Make sure you "pcp br" to backup once downloaded

    You can then test with openvpn --config /home/tc/VPN.conf to check the vpn is initiated

    The script "Services.sh" has two functions
    1) Monitors the connectivity to the internet by "pinging" an internet host and sending reports of connection breaks
    2) Connect OpenVPN and reconnects it after a network failiure

    You will need to edit "services.sh" to suit your "local" (IE VPN server internal network not pCP network) network
    There are 4 variables that need to be checked

    # Internet host to ping to check connectivity (8.8.8.8 is google's DNS Server)
    TestHost="8.8.8.8"
    # Number of pings to send
    Pings=2

    # Set this to the ip address of a device on your LOCAL network that can be pinged only when the VPN is up
    VPNTestHost="10.44.4.2"
    # Set this to the subnet of your LOCAL network
    LocalSubnet="10.44.4"

    When Services.sh is run it will wait 60 seconds then ping the Testhost to see whether there is internet access and write any changes of state to a file
    After 60 seconds it will test for the VPN being up bypinging a host you set behind the VPN server (IE no VPN no ping)
    If there is no connection AND the pCP is not on the network behind the VPN server the OpenVPN client will be started.
    After this the Internet is checked every 60 seconds and the VPN every 30 minutes.

    Start the Services.sh script from the "Tweaks" page "User Command #1"
    The results of the connection tests can be emails with the SendReports.sh script using the cron command.
    In the example the pCP is set to reboot once a wekk at 0400 the sendreports is set to run 2 minutes before reboot

    Hope this all makes sense !
    Any improvements are welcome (My coding is not great !)

    sendEmail webpage is here http://caspian.dotconf.net/menu/Software/SendEmail/

    The attachment VPN_Stuff.zip contains the scripts and sendEmail pluse empty VPN.conf and PSK.key

    Jeff





    Services.sh
    Code:
    #!/bin/sh
    ########################################################################################
    #                                                                                      #
    # This script performs two tasks :-                                                    #
    # 1) Monitors the connectivity to the internet by "pinging" an internet host (NETTest) #
    # 2) Connects an OpenVPN VPN and reconnects it after a network failiure (VPNTest)      #
    # "Local" Network is "Server" Network												   #
    # "Remote" Network is "pCP" Network                                                    #
    ########################################################################################
    
    ## Setup files and variables
    
    ## For NETTest
    # Internet host to ping to check connectivity
    TestHost="8.8.8.8"
    # Number of pings to send
    Pings=2 
    # Clear old NettestReport files (If existing) from /home/tc
    if [ -f /home/tc/NettestReport.txt ] ; then rm /home/tc/NettestReport.txt ; fi
    # Clear old WAN_Up files (If existing) from /home/tc          
    if [ -f /home/tc/WAN_Up ] ; then rm /home/tc/WAN_Up ; fi
    # Clear old WAN_Up files (If existing) from /home/tc                                 
    if [ -f /home/tc/WAN_Down ] ; then rm /home/tc/WAN_Down ; fi
    # Start with WAN down in /home/tc                             
    touch /home/tc/WAN_Down
    # Create empty NettestReport file in /home/tc                                                                  
    touch /home/tc/NettestReport.txt  
    
    ## For VPNTest
    # Set this to the ip address of a device on your LOCAL network that can be pinged only when the VPN is up
    VPNTestHost="10.44.4.2"
    # Set this to the subnet of your LOCAL network
    LocalSubnet="10.44.4"
    # Clear old TestingVPN files (If existing) from /home/tc
    if [ -f /home/tc/TestingVPN ] ; then rm /home/tc/TestingVPN ; fi
    # Clear old VPN_Retries files (If existing) from /home/tc
    if [ -f /home/tc/VPN_Retries ] ; then rm /home/tc/VPN_Retries ; fi
    # Clear old VPN_Retry_Details files (If existing) from /home/tc
    if [ -f /home/tc/VPN_Retry_Details.txt ] ; then rm /home/tc/VPN_Retry_Details.txt ; fi
    # Zero retries
    let retries=0
    # Create empty VPN_Retries  file in /home/tc                                                                
    touch /home/tc/VPN_Retries
    # Create empty VPN_Retry_Details.txt file in /home/tc                                                               
    touch /home/tc/VPN_Retry_Details.txt
    
    
    NETTest() {
    # Continuous loop
    while true                                                                
      do
    # Wait 60 seconds
    sleep 60                                                                                 
    # Ping chosen host with chosen No of pings
    returns=$(ping -c $Pings $Host | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')  
    # If 2 echos are returned from pings and WAN was previously down then WAN is up
        if [ $returns -eq 2 ] && [ -f /home/tc/WAN_Down ]; then
    # Write WAN_Up
          touch /home/tc/WAN_Up                                      
    # Remove WAN_Down
          rm /home/tc/WAN_Down
    # Echo status change and time to /home/tc/NettestReport.txt
          echo $(date +%d/%m/%Y"  "%H:%M:%S)  "Status change - $Host is now reachable. WAN is Up" >> /home/tc/NettestReport.txt 
        fi
    # If 2 echos are not returned from pings and WAN was previously up then WAN is down
        if [ $returns -eq 0 ] && [ -f /home/tc/WAN_Up ]; then
    # Write WAN_Down
    	  touch /home/tc/WAN_Down
    # Remove WAN_Up
          rm /home/tc/WAN_Up
    # Echo status change and time to /home/tc/NettestReport.txt
          echo $(date +%d/%m/%Y"  "%H:%M:%S)  "Status change - $Host is now unreachable. WAN is Down"  >> /home/tc/NettestReport.txt	
        fi
      done
    }
    
    VPNTest() {
    # Continuous loop
    while true
      do
    # Wait 60 seconds
        sleep 60
    # Check whether a VPN test is running
        if [ -f /home/tc/TestingVPN ]; then
          echo "VPN is already being tested"
        else
    # Write /home/tc/TestingVPN to show VPN is being tested
        touch /home/tc/TestingVPN
    	
    # Find our Remote subnet	
        homenet=$(/sbin/ifconfig | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){2}[0-9]*' | grep -v '127.0.0')
    
    # If we are not on Local network ping the VPNTesthost to see if VPN is up	
          if [ "$homenet" != "$LocalSubnet" ]; then
              count=$(ping -c 4 $VPNTestHost | grep 'received' | awk -F',' '{ print $2 }' | awk '{ print $1 }')
                if [ $count -eq 4 ]; then
                  sleep 1
                else
           			  $(( retries++ ))
    # If VPNTestHost is not pingable (VPN Down) then kill and restart OpenVPN				  
                  if pgrep openvpn &> /dev/null ; then sudo killall openvpn ; fi
                  sleep 10            
                  sudo openvpn --config /home/tc/VPN.conf > /dev/null 2>&1 &
                  echo $retries > /home/tc/VPN_Retries
    			        echo $(date +%d/%m/%Y"  "%H:%M:%S) "Retry " $retries >> /home/tc/VPN_Retry_Details.txt
              fi  
    	    else
            sleep 1
          fi
    
    rm -f /home/tc/TestingVPN
    
        fi
    #Sleep for 29 Minutes  
    sleep 1740
    
      done
    }
    
    # Run Netest and detach    
    NETTest &
    # Run VPNTest and detach
    VPNTest &
    SendReports.sh
    Code:
    /home/tc/sendEmail -q -t <TO ADDRESS> -u "SUBJECT" -m "MESSAGE BODY" -s <SMTP SERVER> -f <FROM ADDRESS> -o tls=no -o fqdn=<FQDN OF SENDING pCP> -a /home/tc/VPN_Retry_Details.txt -a /home/tc/NettestReport.txt

    Name:  2019-04-02 20_39_09-pCP - Tweaks.jpg
Views: 95
Size:  64.1 KB



    VPN_Stuff.zip
    Players: SliMP3,Squeezebox3 x3,Receiver,SqueezeLite-X,PiCorePlayer x3
    Server: LMS Version: Latest Nightly on Centos 7.5 VM on ESXi 6.5.0U2 on Dell T320
    Plugins: AutoRescan/BBCiPlayer/PowerSave/PowerSwitchIII/Squeezecloud/Spotty/Player Groups
    Remotes: iPeng9/Orangesqueeze/PC/Jivelite/SqueezeLite-X
    Music: 522GB,1660 albums with 23087 songs by 5204 artists mostly FLACs

    Want a webapp ? See http://forums.slimdevices.com/showth...Webapp-for-LMS

  2. #12
    Senior Member mr-b's Avatar
    Join Date
    Feb 2007
    Location
    UK
    Posts
    341
    Thanks that's great info. I wonder how it compares with the one in the OP ...

    I've ordered a RPI so will post back how I get on with the hosted VPN install, but at least I know that I have OpenVPN as a fall back option. :-)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •