Forewarned: Currently, I'm storing the VPN password in plain text (not an issue on my system), and I will update this exposure at a later point. Even nicer if I knew ASUSTOR's key and could decrypt the password already stored in their .conf file. (Obviously I DO know the password, but a generic decryption would allow anybody to plug and play, as well as only having to change the password in a single place).
- Add a VPN configuration via ADM -> Settings -> VPN. Name it mycxn. For OpenVPN, ASUSTOR will create 3 files in /usr/builtin/etc/vpnclient [list=i]
- mycxn.ovpn - an OpenVPN configuration file which includes the line
Code: Select all
auth-user-pass /usr/builtin/etc/vpnclient/mycxn - mycxn.conf - an ASUSTOR file containing connection details (including an encrypted password string)
- mycxn.crt - the public certificate you uploaded
Code: Select all
#!/bin/sh
MYCXN="/usr/builtin/etc/vpnclient/mycxn"
echo myusername 1>"$MYCXN"
echo mypassword 1>>"$MYCXN"
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
/usr/builtin/bin/openvpn --config "${MYCXN}.ovpn" --remote-cert-tls server --auth-nocache --resolv-retry 86400 --ping-restart 300 &
sleep 2
rm "$MYCXN"
- Note that MYCXN is set the same as auth-user-pass. It is based on whatever name you specify for your VPN connection
- ASUSTOR deletes the TUN/TAP adapter on every reboot and recreates it only if you manually Connect your VPN. The mknod does the same thing.
- Refer to openvpn.net for details on the options specified in addition to ASUSTOR's rather sparse config file
Code: Select all
chmod +x ~admin/vpnlaunch.sh Code: Select all
ln -s ~admin/vpnlaunch.sh /usr/local/etc/init.d/S99vpnlaunch- This means that the script is easily editable from any client that mounts using that user's credentials with no further need for SSH
- I've indexed my init script as #99 to ensure all dependencies are met. The VPN will connect by the time your NAS beeps on reboot.
--
