Persistant OpenVPN Connection

Post#1 by **Zeze21** » 04 Mar 2023, 13:31

Hi,
i have a question:
Is there a way to "save" my OpenVPN Connection?
Maybe like remmina where i have to import the configuration file via run command?
Any help is greatly appreciated
Thank you all

Post#2 by **AcnapyxoB** » 04 Mar 2023, 13:59

Zeze21 wrote: ↑
04 Mar 2023, 13:31
OpenVPN Connection?

You can use OpenVPN client.conf:

Code: Select all

# Sample OpenVPN config file 
client
dev tun0
proto udp
remote my-server 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /path_of/cert_export_CA.crt
cert /path_of/cert_export_CLIENT.crt
key /path_of/cert_export_CLIENT.key
remote-cert-tls server
cipher AES-256-CBC
auth SHA1
pull
auth-user-pass /path_of/auth.cfg
auth-nocache
mute-replay-warnings
mute 20
float

https://github.com/OpenVPN/openvpn/blob ... erver.conf

Of course you can even start vpn by terminal:

Code: Select all

su
openvpn client.conf

Post#3 by **Zeze21** » 04 Mar 2023, 14:28

Thank you for your answer but either i don't understand or i didn't make myself clear enough. I want a persistent VPN connection. I do have three client included in the setup (in the network manager)
But how do I add a persistent connection there? So that the connection is available every time I start the client?

Post#4 by **AcnapyxoB** » 04 Mar 2023, 15:55

May be you can try "Automatically connect to VPN" in Network Manager General configuration tab
Can You explain, step by step, how You use that OpenVPN!

Post#5 by **fanthom** » 04 Mar 2023, 18:31

Zeze21,

All connections are saved in /etc/NetworkManager folder which is persistent in the custom build which I have created.

Unless you are doing a PXE boot?
If yes then use 'run_command=' to download required files to /etc/NetworkManager folder (make sure you preserve a correct path for cert, etc).

Thanks

Post#6 by **Zeze21** » 19 Apr 2023, 16:48

Ok so to make this a bit more complicated I would like to add 2 remmina and 1 openvpn to the computer.
I don't want remmina to automatically start.

Would this be correct:

Code: Select all

run_command=su - guest -c "mkdir -p /home/guest/.config/remmina; wget http://mysite.com/files/remmina.pref -O /home/guest/.config/remmina/remmina.pref; wget http://mysite.com/files/connection1.remmina;  wget http://mysite.com/files/connection1.remmina; mkdir -p /etc/NetworkManager; wget http://mysite.com/files/profile.ovpn -O /etc/NetworkManager/profile.ovpn; &"

?
Also to i need to have the session persistence switched on or can I have (preferably) no persistence at all?

Post#7 by **fanthom** » 19 Apr 2023, 17:18

1) Please login to your kiosk over SSH and run the commands which you intend to execute using 'run_command=' parameter to find the errors. (I believe guest is not allowed to write to /etc/NetworkManager folder). Once you have working commands then you can use them in the kiosk config.

2) You do not need full persistence for this. You could even pack all files into a module (its better than .zip as it preserves ownership/permissions) then download it, mount and copy files from it to the filesystem using 'run_command='.

Thanks

Post#8 by **Zeze21** » 22 Apr 2023, 22:23

I figured out how to achive this by the following command:

Code: Select all

run_command=mkdir -p /etc/NetworkManager; wget http://mysite.com/files/vpn.ovpn -O /etc/NetworkManager/vpn.ovpn; nmcli connection import type openvpn file /etc/NetworkManager/vpn.ovpn; su - guest -c "mkdir -p /home/guest/.config/remmina; wget http://mysite.com/files/remmina.pref -O /home/guest/.config/remmina/remmina.pref; wget http://mysite.com/files/1.remmina -O /home/guest/.config/remmina/1.remmina;  wget http://mysite.com/files/2.remmina -O /home/guest/.config/remmina/2.remmina;"

This works in theory (via ssh)....
When the computer starts... the files all have 0 bytes...

after a couple of reboots the vpn connection has been downloaded correctly but unfortunately not the rdp connections....
I get the message sometime that the server is not ready/accessible now i was wondering since I want to carry my laptop with me and use in future new unseen wifi networks:
Is there an option to wait in the run_command until the laptop has a wireless connection?

EDIT
1.) DO NOT(!) try to have the run command check wether there is a connection established.... if you have no connection established during the first boot -> the computer will not continue loading and you will have to reinstall everything (at least i couldn't get it to work.
2.) I AM STUPID
the .remmina files have to go into /home/guest/.local/share/remmina/ ....then the rdp connections will show up
3.) I am not sooo stupid...
The files somehow still only have 0 bytes for whatever reason
If i execute the commands in ssh, it works perfectly fine.... I am at a loss

Post#9 by **fanthom** » 24 Apr 2023, 06:38

"DO NOT(!) try to have the run command check wether there is a connection established.... if you have no connection established during the first boot -> the computer will not continue loading and you will have to reinstall everything (at least i couldn't get it to work."
You may have the network check enabled, just send it to the background.
This way remmina/VPN files will be downloaded as soon as network is available (e.g. you manually connect to the Access Point).

See documentation:
https://porteus-kiosk.org/parameters.html#run_command

Thanks

Post#10 by **Zeze21** » 24 Apr 2023, 07:09

how could i send it to the background?
I tried
while ! nmcli -t device show | grep -q "IP4.ADDRESS\[1\]:"; do
sleep 5
done

And why do the files always end up having 0 Bytes?

Post#11 by **fanthom** » 24 Apr 2023, 08:00

1) read documentation which I linked
2) there must be no network available when 'run_command=' operates

Post#12 by **Zeze21** » 24 Apr 2023, 10:31

1) I am sorry i don't understand. To quote the documentation:

Description:

Run custom command during system startup. Your commands will be executed once network is established so utilities like rsync, wget and also graphical ones could work. Linux shell syntax is supported so its possible to execute commands one after another, send them to the background, perform tests, use pipes, etc ...
NOTE: Use following syntax to execute the command with a delay: ( sleep 10; your-command; ) &
If the parameter is not present then system will not execute any custom commands during startup.

This to my understanding means, that the commands will only be executed if there is an actual connection established. So how can 2) even be possible? If the commands are executed when a connection is established why are they apparently executed before?

I tried the following:
run_command=while ! nmcli -t device show | grep -q "IP4.ADDRESS\[1\]:"; do sleep 5 done &; mkdir -p /etc/NetworkManager; wget -q http://mysite.com/files/server.conf -O /etc/NetworkManager/server.conf; nmcli connection import type openvpn file /etc/NetworkManager/server.conf; su - guest -c "mkdir -p /home/guest/.config/remmina; wget http://mysite.com/files/remmina.pref -O /home/guest/.config/remmina/remmina.pref; mkdir -p /home/guest/.local/share/remmina; wget -q http://mysite.com/files/1.remmina -O /home/guest/.local/share/remmina/1.remmina; wget -q http://mysite.com/files/2.remmina -O /home/guest/.local/share/remmina/2.remmina;"
(I hoped that this would send the command to the background)
But no luck

Post#13 by **fanthom** » 24 Apr 2023, 10:57

This to my understanding means, that the commands will only be executed if there is an actual connection established.
This is the case for standard kiosk ISO.
This is not the case for your custom build with Network Manager included.

I redirected you to documentation to find how sending processes to background works.
Your code has incorrect syntax and is also not reliable (nmcli reports IP4 address also for loopback interface so you always get true and thats why you always got 0 size files).

Here is ready to go solution:

Code: Select all

run_command= ( while true; do [ `route -n | grep -c " UG "` = 1 ] && { dunstify "Connection established"; break; } || { dunstify  "Network not ready yet"; sleep 5; }; done; mkdir -p /etc/NetworkManager; wget -q http://mysite.com/files/server.conf -O /etc/NetworkManager/server.conf; nmcli connection import type openvpn file /etc/NetworkManager/server.conf; su - guest -c "mkdir -p /home/guest/.config/remmina; wget http://mysite.com/files/remmina.pref -O /home/guest/.config/remmina/remmina.pref; mkdir -p /home/guest/.local/share/remmina; wget -q http://mysite.com/files/1.remmina -O /home/guest/.local/share/remmina/1.remmina; wget -q http://mysite.com/files/2.remmina -O /home/guest/.local/share/remmina/2.remmina"; ) &

Thanks

Post#14 by **Zeze21** » 24 Apr 2023, 12:04

Thank you for the ready to go solution, unfortuantely i only get "Network not ready yet" even though i have a connection and can for example browse the internet

Post#15 by **fanthom** » 24 Apr 2023, 12:07

Please provide output of following command:

Code: Select all

route -n