Posted: Thu Nov 23, 2006 17:05 Post subject: openvpn.conf being overwritten / ignored?
I'm trying to get openvpn client going ... the remote server requires
cipher DES-EDE-CBC
so I followed the wiki in regards to a custom configuration file ... I copy and pasted the example, changed things to be correct, and hit save startup
the router reboots, openvpn connects, but fails to open a tunnel ... cipher failed
checking /tmp/openvpn/openvpn.conf, I see the default configuration file, not the one echo'd by the startup script
Code:
echo "client
proto udp
dev tun
ca /tmp/openvpn/ca.crt
cert /tmp/openvpn/client.crt
key /tmp/openvpn/client.key
remote xxxxxxxxxxxxx.net 1194
cipher DES-EDE-CBC
comp-lzo
verb 3
mute 20
keepalive 10 120
persist-key
persist-tun
resolv-retry infinite
nobind" > /tmp/openvpn/openvpn.conf
to make sure the startup script is actually being run, I put a touch /tmp/openvpn/hello.world as the first line ... reboot ... sure enough hello.world is there!
so there must be something wrong with my ECHO or openvpn.conf is being overwritten after the startup script?
as far as I know, the only writeable portion of the filesystem would be the jffs forlder with jffs2 running (or an smb mounted folder). Everything else is loaded from the ROM at bootup. If you saved your script to that and called lled it/configured openVPN to run it via a nvram setting, that would work. V24 will have a writeable file system but that's a ways off.
sorry, the cipher failed pushed me in the wrong direction.
I tried to recreate your problem, seems that I was unable to write to the openvpn subdir, however I was able to write to /tmp directly, so if you would echo it there, it should work... _________________ EA6900 DD-WRT v3.0-r48305 std
EA6900 FreshTomato 2022.1
DIR825 B1 DD-WRT v3.0-r30949 std
retired:
WRT54GL v1.1 DD-WRT v24-SP2 vpn - build 10550
WRT610N v1 DD-WRT v24-preSP2 - build 14929 mega
this from bcmnvram.h:
/*
* Inversely match an NVRAM variable.
* @param name name of variable to match
* @param match value to compare against value of variable
* @return TRUE if variable is defined and its value is not string
* equal to invmatch or FALSE otherwise
*/
...
nvram_invmatch(char *name, char *invmatch)
So if the openvpn_enable is set to anything at all besides "1", you'll overwrite your config....since thats the only place that openvpn.conf is written to, I'd assume that your openvpn_enable is not set to 1. Try: