VPN Switch?


#1

Hey,

I tried a while back and attempted some of the solutions on the forum regarding the use of the switch to turn on / off the VPN and just wanted to check if anyone has successfully managed to get a VPN switch function on the MT300N and how one would go about this?

Many thanks (:


#2

Hey Zimo,

I have a MT300A

I do using the following script

Obviously change the location of your OpenVPN config

 

#!/bin/sh

logger “Button: $BUTTON ; State: ${ACTION}”;

 

if [ “${ACTION}” == “pressed” ]; then

uci set glconfig.openvpn.enable=0;/etc/init.d/openvpn stop;killall openvpn;

else

uci set glconfig.openvpn.enable=1;/usr/sbin/openvpn --config /etc/openvpn/BRO-RTR-01-UDP-1194.ovpn #/etc/init.d/openvpn start

fi

echo “$BUTTON ${ACTION}” > /dev/console


#3

I should probably say this is BTN_1 script. I then have the middle LED (green) on when the tun interface is up ( as I have my vpn connect on boot/Internet connection) and off when the tun interface is down.


#4

Thanks @Jimlad, I’ve tried putting this in BTN_1 but it’s not having the desired effect on MT300N (I’ve got an MT300A somewhere so will try it with that device also).

Is there documentation showing how to configure the LED? or is it pretty simple?


#5

Hi wifird,

It definitely works on MT300A.

 

If you want the middle LED to work do the following.

In the LuCI Web Interface (Advanced Settings)

  1. System > LED Configuration

  2. Click the Add button

Fields:

Name: OpenVPN

LED Name: gl-mt300a:wan

Default State: unticked

Trigger: netdev

Device: tun0 (the OpenVPN needs to be up otherwise it will not show)

Trigger Mode: Tick all (or atleast Link On)

 

Hope that helps

JAmes


#6

Thanks @Jimlad, the LED worked great.

I feel that the VPN script is almost working for me, when I look at the OpenVPN section in the GLI UI I can see the switch checks the ‘Enable’ and ‘Force VPN’ options but OpenVPN remains not connected with the Last Log showing ‘/usr/sbin/ip route del 0.0.0.0/1 /usr/sbin/ip route del 128.0.0.0/1 Closing TUN/TAP interface /usr/sbin/ip addr del dev tun0 10.3.0.10/24 SIGTERM[hard,] received, process exiting’

The internet also gets disabled at this point showing that Force VPN has been applied successfully. Do you have any idea what the issue may be?

 


#7

Change a little bit. If still cannot, post your full log

if [ “${ACTION}” == “pressed” ]; then

uci set glconfig.openvpn.enable=0; uci commit glconfig; /etc/init.d/startvpn stop;killall openvpn;

else

uci set glconfig.openvpn.enable=1; uci commit glconfig; /etc/init.d/startvpn start

fi


#8

Thanks @alzhao although I’m having the same issue.

Also when I connect the VPN manually, the switch turns off the VPN (but I think force VPN stays connected as there is still no connection until manually disabling).

Where would I find the full log?


#9

OK. Add this: /usr/bin/setvpnfirewall --disable

 

uci set glconfig.openvpn.enable=0; uci commit glconfig; /etc/init.d/startvpn stop;killall openvpn; /usr/bin/setvpnfirewall --disable

uci set glconfig.openvpn.enable=1; uci commit glconfig; /etc/init.d/startvpn start; /usr/bin/setvpnfirewall --force


#10

I’m still having no luck and tested on two MT300N devices on v2.25 and tested with different profiles in case that’s a factor.

Not sure what I’m doing wrong :frowning:


#11

@wifird I also wasn’t having any luck but above is discussing the MT300A not MT300N, which uses BTN_0


#12

I’m also having an issue with this on a AR300M

I have the script in BTN_1 and it works great for turning the VPN on. But when I turn the VPN off, I loose all internet access. It seems like the default route is gone or screwed up…

This is in my script:

#!/bin/sh

logger “Button: $BUTTON ; State: ${ACTION}”;

if [ “${ACTION}” == “pressed” ]; then

uci set glconfig.openvpn.enable=0;uci commit glconfig; /etc/init.d/startvpn stop;killall openvpn;/usr/bin/setvpnfirewall –disable;

else

uci set glconfig.openvpn.enable=1; uci commit glconfig; /etc/init.d/startvpn start;/usr/bin/setvpnfirewall –force

fi

echo “$BUTTON ${ACTION}” > /dev/console

 


#13

If I use setvpnfirewall –enable instead of force it works fine… So it’s not unsetting the force connection through VPN when setting it to disabled…


#14

@Msan2000 do you have a working VPN Switch now?

I’m struggling having tried all options above, it seems very hit and miss.

Sometimes it works, then when I have connected from the GLI UI it seems to break the switch function.

It also seems not to recognise each switch action and I have to toggle it forward and back again, would be such a cool feature to enable / disable with just the switch.


#15

I am using the switch to enable/disable the VPN, set custom DNS servers, and update the status of the LED configuration. My solution works exactly how I want it to. I will post instructions in the next day or two. My functionality is as follows:

When the router is already powered on and running

  • Moving the switch to the RIGHT calls a script to enable the VPN and set custom DNS servers
  • Moving the switch to the LEFT calls a script to disable the VPN and use DHCP for DNS
  • LED status syncs with switch position
When the router reboots
  • A script detects the position of the switch
  • If the switch is to the RIGHT a script is called to enable the VPN and set custom DNS servers
  • If the switch is to the LEFT a script is called to disable the VPN and use DHCP for DNS
  • LED status syncs with switch position
LED status
  • Whenever the switch is toggled or the router reboots the LED status updates to sync with the switch position
  • The LED for wan (green, on the left) is always on whenever the router has power
  • The LED for lan (green, in the middle) is only on whenever the switch is to the RIGHT
  • The LED for wlan (red, on the right) is only on whenever the switch is to the LEFT
  • The middle LED (lan) and right LED (wlan) are never on at the same time
This works flawlessly on my AR150 and the same solution will work on other GLI models also.

I will provide the full configuration soon for anyone who needs it.


#16

@moonspore that would be amazing if you could provide that configuration, thank-you :slight_smile:


#17

Sure thing. I’m going to make a .tar.gz with an extract script that will copy everything to the correct locations. You’ll just need to copy the tar file to the router and chmod the .sh script and run it. Give me til tonight and I’ll put it up for you.


#18

Thanks @moonspore, looking forward to having this functionality


#19

Using the switch to also set custom DNS servers and update the LED would be a big improvement, would be great if you could post instructions for this moonspore.


#20

I’m also excited by this when you get chance to upload…