switching OpenVPN Client from device in local net?

[Mike65]

Hi everyone.

I'm on 380.57 RT-AC87U.

all traffic is routed through a vpnclient.
I'm searching for a way to de/activate a certain vpnclient from within my local network without login in to the router.
sometimes the bandwidth drops to somewhere around 1 Mbit because of vpnservice overload. Then it's best practice to change the vpn server or the protocol or the port. no problem when i'm at home. but if i'm away the rest of my family "suffer" from the bad internet connection.
it would be very helpful if one can start a script on the desktop of the laptop/PC which changes the (preconfigured) vpnclient.

is there a way to do that? what is the "term" to search for? and where? any help/idea would be very appreciated.

Thanks,

Mike

 

[Martineau]

Hi everyone.

I'm on 380.57 RT-AC87U.

all traffic is routed through a vpnclient.
I'm searching for a way to de/activate a certain vpnclient from within my local network without login in to the router.
sometimes the bandwidth drops to somewhere around 1 Mbit because of vpnservice overload. Then it's best practice to change the vpn server or the protocol or the port. no problem when i'm at home. but if i'm away the rest of my family "suffer" from the bad internet connection.
it would be very helpful if one can start a script on the desktop of the laptop/PC which changes the (preconfigured) vpnclient.

is there a way to do that? what is the "term" to search for? and where? any help/idea would be very appreciated.

Thanks,

Mike

On the PC a .bat file calling plink.exe over SSH can execute a server script such as VPN_Switch.sh

e.g. RT-AC87U.bat file.....

::Requires PLINK.EXE C:\Program Files (x86)\PUTTY> and Notepad++

set rHOST=rt-ac87u
set rPORT=22
set rUSER=admin
set rPASS=xxxxxxxxx
set rARGS=

set cCommand="/jffs/scripts/VPN_Switch.sh"

@plink.exe -ssh %rHOST% -P %rPORT% -l %rUSER% -pw %rPASS% -batch `%cCommand% %rARGS%` 2>&1

so it will execute whatever commands you need to perform the VPN switch etc.

 

[Mike65]

On the PC a .bat file calling plink.exe over SSH can execute a server script such as VPN_Switch.sh

e.g. RT-AC87U.bat file.....

::Requires PLINK.EXE C:\Program Files (x86)\PUTTY> and Notepad++

set rHOST=rt-ac87u
set rPORT=22
set rUSER=admin
set rPASS=xxxxxxxxx
set rARGS=

set cCommand="/jffs/scripts/VPN_Switch.sh"

@plink.exe -ssh %rHOST% -P %rPORT% -l %rUSER% -pw %rPASS% -batch `%cCommand% %rARGS%` 2>&1

so it will execute whatever commands you need to perform the VPN switch etc.

Great, thnks alot.
i know exactly what to do now except for the vpn_switch.sh.

Beg your pardon, but i'm new to this router scripting. is there a tutorial about what commands are available?
i looked here : https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts
to no evail. maybe i'm just blind. can someone point me to the right direction please?
thnks in advance.

MIke

 

[Martineau]

Great, thnks alot.
i know exactly what to do now except for the vpn_switch.sh.

Beg your pardon, but i'm new to this router scripting. is there a tutorial about what commands are available?
i looked here : https://github.com/RMerl/asuswrt-merlin/wiki/User-scripts
to no evail. maybe i'm just blind. can someone point me to the right direction please?
thnks in advance.

MIke

Yes the Wiki https://github.com/RMerl/asuswrt-merlin/wiki taught me everything I needed to know!

so VPN_Switch.sh should have logic along the lines of....

#!/bin/sh

logger -s -t "($(basename $0))" $$ "Starting....." [$@]

# Switch between VPN Clients
#
#   e.g.   VPN_Switch   [ 1 | 2 | 3 | 4 | 5 ]    [ 1 | 2 | 3 | 4 | 5 ]

#          VPN_Switch   1  5
#

ACTIVE_VPN=$1            # Current ACTIVE VPN client to terminate
NEW_VPN=$2               # VPN client to use for NEW connection


# If no args supplied assume we should simply bounce VPN Client 1
if [ "X$ACTIVE_VPN" = "X" ]; then
   logger -s -t "($(basename $0))" $$ "Restarting VPN Client 1"
   service restart_vpnclient1
else

   logger -s -t "($(basename $0))" $$ "Stopping VPN Client" $ACTIVE_VPN
   service stop_vpnclient$ACTIVE_VPN

   sleep 15

   logger -s -t "($(basename $0))" $$ "Starting VPN Client" $NEW_VPN
   service start_vpnclient$NEW_VPN

fi

logger -s -t "($(basename $0))" $$ "Complete."

exit

...clearly it doesn't validate the args supplied; nor does it check which is the current ACTIVE VPN Client by retrieving the relevant NVRAM variable ( might be 'vpn_client?_state=2' but not 100% sure? ), but for a quick and dirty cut'n'paste script it should give you a helping hand!

EDIT: Typo in the variable

 

[Mike65]

Yes the Wiki taught me everything I needed to know!

so VPN_Switch.sh should have logic along the lines of....

#!/bin/sh

logger -s -t "($(basename $0))" $$ "Starting....."

# Switch between VPN Clients
#
#   e.g.   VPN_Switch   [ 1 | 2 | 3 | 4 | 5 ]    [ 1 | 2 | 3 | 4 | 5 ]

#            VPN_Switch   1  5
#        

ACTIVE_VPN=$1            # Current ACTIVE VPN client to terminate
NEW_VPN=$2               # VPN client to use for NEW connection


# If no args supplied assume we should simply bounce VPN Client 1
if [ "X$VPNID_ACTIVE" = "X" ]; then
   logger -s -t "($(basename $0))" $$ "Restarting VPN Client 1"
   service restart_vpnclient1
else

   logger -s -t "($(basename $0))" $$ "Stopping VPN Client" $ACTIVE_VPN
   service stop_vpnclient$ACTIVE_VPN

   sleep 15

   logger -s -t "($(basename $0))" $$ "Starting VPN Client" $NEW_VPN
   service start_vpnclient$NEW_VPN

fi

logger -s -t "($(basename $0))" $$ "Complete."

exit

...clearly it doesn't validate the args supplied; nor does it check which is the current ACTIVE VPN Client by retrieving the relevant NVRAM variable 'vpc_client?_status=2', but for a quick and dirty cut'n'paste script it should give you a helping hand!

That's fantastic. Great and unbelievable fast response.
Thank god it's friday. so i have time to try and learn.
(shellscripting is something i've done a looooong time ago. time to relearn some stuff)

Thanks,

Mike

 

[Mike65]

That's fantastic. Great and unbelievable fast response.
Thank god it's friday. so i have time to try and learn.
(shellscripting is something i've done a looooong time ago. time to relearn some stuff)

Thanks,

Mike

Hello,

one more question. (i hope the last one)

sorry if i sound dumb. (but i guess thats the way it is right now)

how can i use a counter-variable in a nvram variable-name?

this is a little code-snippet i used just for testing.

#!/bin/sh
# Switch between VPN Clients
#
# e.g. VPN_Switch [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ]

# VPN_Switch 1 5
#

#ACTIVE_VPN=$1 # Current ACTIVE VPN client to terminate
NEW_VPN=$2 # VPN client to use for NEW connection


for i in 1 2 3 4 5
do

VPN_STATE=$(nvram get vpn_client1_state)

if [ $VPN_STATE == "2" ]
then ACTIVE_VPN="$i"
fi

done


exit

--------------------------------

how can i do something like: VPN_STATE=$(nvram get vpn_client$i_state)

i tried somekind of string concatinating and other stuff but had no success.

some advice?
Thank you,
Mike

 

[Mike65]

#!/bin/sh
# Switch between VPN Clients
#
# e.g. VPN_Switch [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ]

# VPN_Switch 1 5
#

#ACTIVE_VPN=$1 # Current ACTIVE VPN client to terminate
NEW_VPN=$2 # VPN client to use for NEW connection




VPN_STATE1=$(nvram get vpn_client1_state)
VPN_STATE2=$(nvram get vpn_client2_state)
VPN_STATE3=$(nvram get vpn_client3_state)
VPN_STATE4=$(nvram get vpn_client4_state)
VPN_STATE5=$(nvram get vpn_client5_state)

for i in 1 2 3 4 5
do
if [ $VPN_STATE$i == "2" ]
then ACTIVE_VPN="$i"
fi

echo "value: $i"
echo "vpn_state: $VPN_STATE$i"
echo "active_vpn: $ACTIVE_VPN"

done
exit
------------------------------------------------------------

I tried something different.
This works if there is only one active VPNClient (like in my case).


Mike

 

[Martineau]

#!/bin/sh
# Switch between VPN Clients
#
# e.g. VPN_Switch [ 1 | 2 | 3 | 4 | 5 ] [ 1 | 2 | 3 | 4 | 5 ]

# VPN_Switch 1 5
#

#ACTIVE_VPN=$1 # Current ACTIVE VPN client to terminate
NEW_VPN=$2 # VPN client to use for NEW connection




VPN_STATE1=$(nvram get vpn_client1_state)
VPN_STATE2=$(nvram get vpn_client2_state)
VPN_STATE3=$(nvram get vpn_client3_state)
VPN_STATE4=$(nvram get vpn_client4_state)
VPN_STATE5=$(nvram get vpn_client5_state)

for i in 1 2 3 4 5
do
if [ $VPN_STATE$i == "2" ]
then ACTIVE_VPN="$i"
fi

echo "value: $i"
echo "vpn_state: $VPN_STATE$i"
echo "active_vpn: $ACTIVE_VPN"

done
exit
------------------------------------------------------------

I tried something different.
This works if there is only one active VPNClient (like in my case).


Mike

...or this

Get_ActiveVPN(){

VPNS=`nvram show | grep vpn_client | grep -v client0 | grep state | sort`

for VPN in $VPNS
do

   if [ "${VPN:18:1}" = "2" ]; then
      ACTIVE_VPN=${VPN:10:1}
   fi

done
}

As you say, for multiple concurrently connected VPN Clients, you could use the instance as a 'priority' so change the 'sort' to 'sort -r' to return the numerically lowest ACTIVE VPN number!

EDIT: Tweak VPNS grep filter.

 

[Mike65]

...or this

Get_ActiveVPN(){

VPNS=`nvram show | grep vpn_client | grep state`

for VPN in $VPNS
do

   if [ "${VPN:18:1}" = "2" ]; then
      ACTIVE_VPN=${VPN:10:1}
   fi

done
}

As you say, for multiple concurrently connected VPN Clients, using my technique, the value returned may not be the numerically highest VPN Client ID, as the VPNS list isn't always (seemingly) created in ascending numerical order.

Hi,
that's cool. Not sure if i fully understand what's going on.

The whole thing is a function/subroutine without a return value.
but i sets the variable ACTIVE_VPN.

seems like:
VPNS=`nvram show | grep vpn_client | grep state`
declares and allocate an array variable with the nvram show output ? ( i forgot how much magic "grep" can do)

and "${VPN:18:1}" looks like a substring (1 char long starting with 19th char if i start counting from 1) from the actual array field determined by the loop counter.?

that's some stuff i didn't know about. but cool.

thnx Martineau. i learned a lot from this thread.

This is how it works right now on my router:

#!/bin/sh
#---------------------------------------------------
# Switch between VPN Clients
# works only with one active client in the router.
#
#   e.g.   VPN_Switch   [ 1 | 2 | 3 | 4 | 5 ]   
#
#          VPN_Switch 5
#---------------------------------------------------        

logger -s -t "($(basename $0))" $$ "Starting....." [$@]
          
NEW_VPN=$1              # VPN client to use for NEW connection

#Function to get current ACTIVE VPN client to terminate
Get_ActiveVPN(){

VPNS=`nvram show | grep vpn_client | grep state`

for VPN in $VPNS
do

   if [ "${VPN:18:1}" = "2" ]; then
      ACTIVE_VPN=${VPN:10:1}
   fi

done
}


# If no args supplied assume we should simply bounce VPN Client 1
if [ "X$NEW_VPN" = "X" ]; then
   logger -s -t "($(basename $0))" $$ "Restarting VPN Client 1"
   service restart_vpnclient1
else
   Get_ActiveVPN
   logger -s -t "($(basename $0))" $$ "Stopping VPN Client" $ACTIVE_VPN
   service stop_vpnclient$ACTIVE_VPN

   sleep 7

   logger -s -t "($(basename $0))" $$ "Starting VPN Client" $NEW_VPN
   service start_vpnclient$NEW_VPN

fi

logger -s -t "($(basename $0))" $$ "Complete."

exit

Now comes the Windows part. (Android would be cool too. but first things first)


Mike

Edit: some typos

 

[Mike65]

Hi everyone.

I hope someone can point me in the right direction.

How can i set "start with wan" in den Openvpnclient settings to "yes"? (yeah, use the gui. i know)
Or better: what nvram variable to set?

i tried "nvram show | grep vpn" but found nothing that sounds right.

there are some differences between activ/inactiv clients.
May it be: vpn_client?_bridge ?

thnks in advance.

Mike

 

[Martineau]

Hi everyone.

I hope someone can point me in the right direction.

How can i set "start with wan" in den Openvpnclient settings to "yes"? (yeah, use the gui. i know)
Or better: what nvram variable to set?

i tried "nvram show | grep vpn" but found nothing that sounds right.

there are some differences between activ/inactiv clients.
May it be: vpn_client?_bridge ?

thnks in advance.

Mike

I think the following code

<th>Start with WAN</th>
<td>
<input type="radio" name="vpn_client_x_eas" class="input" value="1"><#checkbox_Yes#>
<input type="radio" name="vpn_client_x_eas" class="input" value="0"><#checkbox_No#>
</td>

sets the variable

vpn_clientx_eas

e.g.

vpn_clientx_eas=2,4,

means VPN Clients 2 and 4 are started when the WAN is UP

 

[Mike65]

I think the following code

<th>Start with WAN</th>
<td>
<input type="radio" name="vpn_client_x_eas" class="input" value="1"><#checkbox_Yes#>
<input type="radio" name="vpn_client_x_eas" class="input" value="0"><#checkbox_No#>
</td>

sets the variable

vpn_clientx_eas

e.g.

vpn_clientx_eas=2,4,

means VPN Clients 2 and 4 are started when the WAN is UP

hmm, i can set the variable (nvram set vpnclientx_eas="2,4,") (with or without trailing comma and/or quotation marks)
but didn't see any difference in the Gui afterwards. (after reloading the page and/or logout/login)
WAN off/on makes no difference as well.

maybe there is something else that must be done/set ?

thnx,

Mike

 

[john9527]

nvram set vpnclientx_eas="2,4,")

forgot an underscore....

vpn_clientx_eas

 

[Mike65]

forgot an underscore....

vpn_clientx_eas

ahhh man. (me performing a facepalm)
thnx.

Here's now the version i use. (Maybe someone can use it)
This works for one active VPN-Client only.
The new client will be started with WAN.

Use the above script from Martineu to start this from a Windows-PC via plink.exe over ssh.
For me it works when the router-ip is assigned to rHOST.

Thanks to Martineu who did the majority of the work and to john9527.

Mike

#!/bin/sh
#---------------------------------------------------
# Switch between VPN Clients
# works only with one active client in the router.
#
#  e.g.  VPN_Switch  [ 1 | 2 | 3 | 4 | 5 ]  
#
#  VPN_Switch 5
#---------------------------------------------------  

logger -s -t "($(basename $0))" $$ "Starting....." [$@]
  
NEW_VPN=$1  # VPN client to use for NEW connection

#Function to get current ACTIVE VPN client to terminate
Get_ActiveVPN(){

VPNS=`nvram show | grep vpn_client | grep state`

for VPN in $VPNS
do

  if [ "${VPN:18:1}" = "2" ]; then
  ACTIVE_VPN=${VPN:10:1}
  fi

done
}

Get_ActiveVPN
# If no args supplied assume we should simply bounce the active VPN Client
if [ "X$NEW_VPN" = "X" ]; then
  logger -s -t "($(basename $0))" $$ "Restarting VPN Client" $ACTIVE_VPN
  service restart_vpnclient$ACTIVE_VPN
else
  logger -s -t "($(basename $0))" $$ "Stopping VPN Client" $ACTIVE_VPN
  service stop_vpnclient$ACTIVE_VPN

# wait until service is stopped
  sleep 10

  logger -s -t "($(basename $0))" $$ "Starting VPN Client" $NEW_VPN
  service start_vpnclient$NEW_VPN
# start new vpnclient with WAN
  nvram set vpn_clientx_eas="$NEW_VPN",
fi

logger -s -t "($(basename $0))" $$ "Complete."

exit