Versions Compared

Old Version 32

changes.mady.by.user BrightSign TechDocs

Saved on

compared with

New Version 33

changes.mady.by.user BrightSign TechDocs

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

OpenVPN (BrightSign currently uses OpenVPN 2.4.7) can be used to create a connection to your servers. The OpenVPN "configuration" interface is a path to a complete configuration file and (optionally) the passphrase needed to decrypt the private key. The process is limited by —script-security=1 for the entire duration of that process. 

The configuration is extracted to flash, meaning that it will persist across device reboots and/or if the SD card is reformatted. If the device is configured for OpenVPN, it will automatically run on startup of the BrightSign application.

When configuring output files, you should use the applicable attached storage device (for example, /storage/sd/).

Note

Note that:

  • archive_file (for BrightScript) or archiveFile (for JavaScript) must point to a zip archive containing a valid OpenVPN configuration file named client.conf in the top level directory (see the Appendix for an example client.conf file).
  • All paths configured in client.conf are assumed to be absolute. In order to refer to files extracted on the player after running installAndRun, the following directory path should be assumed /var/lib/brightsign/openvpn/


roOpenVpn (BrightScript API)

The roOpenVpn BrightScript API ensures that the files can be placed correctly, and with the right ownership, without making them accessible to everyone. 


OpenVpnParams

archive_file as string

Path to configuration zip

obfuscated_secret as string

Encrypted passphrase for protected certificates

InstallAndRun(params as OpenVpnParams) as Boolean

Install configuration and run

openvpn Uninstall() as Boolean

Stop and uninstall configuration


Example:

Code Block
languagejs
 ovpn = CreateObject("roOpenVpn")
params = {}
params.archive_file = "openvpn.zip"
ovpn.InstallAndRun(params)
ovpn.Uninstall()


OpenVpn (JavaScript API)

The OpenVpn JavaScript API ensures that the files can be placed correctly, and with the right ownership, without making them accessible to everyone. 


OpenVpn()

Code Block
languagejs
void OpenVpn()


installAndRun()

Code Block
languagejs
Promise<void> installAndRun(params: OpenVpnParams)

Install the configuration and run OpenVPN.


uninstall()

Code Block
languagejs
Promise<void> uninstall()

Stop and uninstall the configuration

OpenVpnParams

  • [String] archiveFile: Path to the configuration zip
  • [String] obfuscatedSecret: Encrypted passphrase for protected certificates

Example:

Code Block
languagejs
var openvpn = require('@brightsign/openvpn');
var ovpn = new openvpn();
var params = {
   archiveFile: '/storage/sd/openvpn.zip'
};
ovpn.installAndRun(params)
.then(function() {
   console.log('success');
})
.catch(function(err){
   console.log('err: ' + JSON.stringify(err));
});
ovpn.uninstall()
.then(function() {
   console.log('success');
})
.catch(function(err){
   console.log('err: ' + JSON.stringify(err));
});


Appendix

An example In addition to other configuration information, client.conf file should contain the absolute path format of the configured artifacts. For example:

Code Block
languagejs
client
dev tun
proto udp

remote 192.168.86.52 1194

ca /var/lib/brightsign/openvpn/ca.crt
cert /var/lib/brightsign/openvpn/client1.crt
key /var/lib/brightsign/openvpn/client1.key

log /storage/sd/openvpn.log

cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256

resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3