Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 32 Next »

Overview

OpenVPN (BrightSign currently uses OpenVPN 2.4.7) can be used to create a connection to your servers. The OpenVPN "configuration" interface is a path to a complete configuration file and (optionally) the passphrase needed to decrypt the private key. The process is limited by —script-security=1 for the entire duration of that process. 

The configuration is extracted to flash, meaning that it will persist across device reboots and/or if the SD card is reformatted. If the device is configured for OpenVPN, it will automatically run on startup of the BrightSign application.

When configuring output files, you should use the applicable attached storage device (for example, /storage/sd/).

Note that:

  • archive_file (for BrightScript) or archiveFile (for JavaScript) must point to a zip archive containing a valid OpenVPN configuration file named client.conf in the top level directory (see the Appendix for an example client.conf file).
  • All paths configured in client.conf are assumed to be absolute. In order to refer to files extracted on the player after running installAndRun, the following directory path should be assumed /var/lib/brightsign/openvpn/


roOpenVpn (BrightScript API)

The roOpenVpn BrightScript API ensures that the files can be placed correctly, and with the right ownership, without making them accessible to everyone. 


OpenVpnParams

archive_file as string

Path to configuration zip

obfuscated_secret as string

Encrypted passphrase for protected certificates

InstallAndRun(params as OpenVpnParams) as Boolean

Install configuration and run

openvpn Uninstall() as Boolean

Stop and uninstall configuration


Example:

 ovpn = CreateObject("roOpenVpn")
params = {}
params.archive_file = "openvpn.zip"
ovpn.InstallAndRun(params)
ovpn.Uninstall()


OpenVpn (JavaScript API)

The OpenVpn JavaScript API ensures that the files can be placed correctly, and with the right ownership, without making them accessible to everyone. 


OpenVpn()

void OpenVpn()


installAndRun()

Promise<void> installAndRun(params: OpenVpnParams)

Install the configuration and run OpenVPN.


uninstall()

Promise<void> uninstall()

Stop and uninstall the configuration

OpenVpnParams

  • [String] archiveFile: Path to the configuration zip
  • [String] obfuscatedSecret: Encrypted passphrase for protected certificates

Example:

var openvpn = require('@brightsign/openvpn');
var ovpn = new openvpn();
var params = {
   archiveFile: '/storage/sd/openvpn.zip'
};
ovpn.installAndRun(params)
.then(function() {
   console.log('success');
})
.catch(function(err){
   console.log('err: ' + JSON.stringify(err));
});
ovpn.uninstall()
.then(function() {
   console.log('success');
})
.catch(function(err){
   console.log('err: ' + JSON.stringify(err));
});


Appendix

An example client.conf file:

client
dev tun
proto udp

remote 192.168.86.52 1194

ca /var/lib/brightsign/openvpn/ca.crt
cert /var/lib/brightsign/openvpn/client1.crt
key /var/lib/brightsign/openvpn/client1.key

log /storage/sd/openvpn.log

cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256

resolv-retry infinite
compress lz4
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3






  • No labels