Solved How to modify the custom configuration of OpenVPN through the terminal?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Yota

Senior Member
I have some OpenVPN configurations and I want to modify them through scripts. But I can't find the stored configuration in nvram and /jffs. These configurations only exist in /tmp/etc/openvpn/clientX/config.ovpn after I start the OpenVPN client. I want to know where this configuration is saved before OpenVPN is started? How to modify it before starting?
 

ColinTaylor

Part of the Furniture
Everything is stored in nvram apart from certificates IIRC. What are you trying to change?
 

john9527

Part of the Furniture
These configurations only exist in /tmp/etc/openvpn/clientX/config.ovpn

Most of this is generated dynamically by the firmware from individual nvram vars whenever you start the Openvpn client (there isn't any other saved config). Rather than hunt down all the individual vars, it may be easier to use a openvpnvpnclientx.postconf script to modify it (see the wiki on using scripts).
 

Yota

Senior Member
Most of this is generated dynamically by the firmware from individual nvram vars whenever you start the Openvpn client (there isn't any other saved config). Rather than hunt down all the individual vars, it may be easier to use a openvpnvpnclientx.postconf script to modify it (see the wiki on using scripts).
Yes, I entered some configurations in the GUI "custom configuration", I need to modify them every time to start the client, so I want to use a script to help me complete the modify -> start. But I can't found these configurations because I checked NVRAM, nothing, only show in the GUI.

So my question is, how do I modify these configurations with scripts?
 
Last edited:

Yota

Senior Member
Everything is stored in nvram apart from certificates IIRC. What are you trying to change?
For example, here are some settings, I want to know where they are saved?
pic.png

pic2.PNG



My question is not four configurations in the image above, but all save locations for custom configurations. I can't find any "custom configuration" in my NVRAM and JFFS.
 
Last edited:

ColinTaylor

Part of the Furniture
Code:
nvram get vpn_client1_custom
 

Yota

Senior Member
Code:
nvram get vpn_client1_custom
Nothing to reply

In fact, I have checked all the outputs of this nvram show | grep -i vpn, but I didn't found any custom configuration.
I also think they exist in NVRAM, because I tested the backup router config, then restore config, these custom configurations are restored. (Certificate will not be restored because they are stored in JFFS) But I can't find any clues in NVRAM.
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Custom configuration portion is Base64 encoded, to avoid nvram storage trashing the carriage returns.
 

Yota

Senior Member
Custom configuration portion is Base64 encoded, to avoid nvram storage trashing the carriage returns.
Cool, then what is the NVRAM variable name?

I found it!
Code:
nvram get vpn_client1_cust2
 
Last edited:

Yota

Senior Member
Last edited:

Yota

Senior Member
Code:
[email protected]:/tmp/home/root# echo "AgMAAAAAAAAADzE0OS4xNTQuMTUzLjE1MyA-GhoPbFPz6XpJLVcIS1uYBwWe4FerFQWHb9g_2j24OBhhZGZyZWUudXNhYmxlcHJpdmFjeS5uZXQKL2Rucy1xdWVyeQ" | openssl enc -a -d
[email protected]:/tmp/home/root#

This is not standard Base64, but URL safe Base64, encoding is simple:
replace + with -
replace / with _
and delete trailing =
Decoding is more difficult, because the = need to be reconstructed.
Below I will post my PHP solution, witch could be rewritten for Shell script:

Code:
//  +------------------------------------------------------------------------+
//  | base64url encode                                                       |
//  +------------------------------------------------------------------------+
function base64url_encode($string) {
    // http://www.ietf.org/rfc/rfc4648.txt
    return rtrim(strtr(base64_encode($string), '+/', '-_'), '=');
}


//  +------------------------------------------------------------------------+
//  | base64url decode                                                       |
//  +------------------------------------------------------------------------+
function base64url_decode($string) {
    // Thanks gutzmer at usa dot net
    // http://php.net/manual/en/function.base64-encode.php#103849
    return base64_decode(str_pad(strtr($string, '-_', '+/'), strlen($string) % 4, '=', STR_PAD_RIGHT));
}

For anyone who searches for this thread, here is how to decode it: Use OpenSSL
Code:
value="$({ nvram get vpn_client1_cust2; nvram get vpn_client1_cust21; nvram get vpn_client1_cust22; } | tr -d '\n')" && echo $value | openssl enc -a -d

Recode your changes and save:
Code:
value1="your changes" && value="$(echo $value1 | openssl enc -a -e)" && nvram set vpn_client1_cust2="$(echo "$value" | cut -c 1-255)" && nvram set vpn_client1_cust21="$(echo "$value" | cut -c 256-511)" && nvram set vpn_client1_cust22="$(echo "$value" | cut -c 512-767)" && nvram commit
 
Last edited:

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top