Overview
OpenVPN (BrightSign currently uses OpenVPN 2.4.7) can be used to create a connection to your servers. The OpenVPN "configuration" interface is a path to a complete configuration file and (optionally) the passphrase needed to decrypt the private key. The process is limited by —script-security=1
for the entire duration of that process.
The configuration is extracted to flash, meaning that it will persist across device reboots and/or if the SD card is reformatted. If the device is configured for OpenVPN, it will automatically run on startup of the BrightSign application.
When configuring output files, you should use the applicable attached storage device (for example, /storage/sd/).
Note that:
archive_file
(for BrightScript) orarchiveFile
(for JavaScript) must point to a zip archive containing a valid OpenVPN configuration file named client.conf in the top level directory (see the Appendix for an example client.conf file).- All paths configured in client.conf are assumed to be absolute. In order to refer to files extracted on the player after running installAndRun, the following directory path should be assumed /var/lib/brightsign/openvpn/
roOpenVpn (BrightScript API)
The roOpenVpn BrightScript API ensures that the files can be placed correctly, and with the right ownership, without making them accessible to everyone.
OpenVpnParams
archive_file as string
Path to configuration zip
obfuscated_secret as string
Encrypted passphrase for protected certificates
InstallAndRun(params as OpenVpnParams) as Boolean
Install configuration and run
openvpn Uninstall() as Boolean
Stop and uninstall configuration
Example:
ovpn = CreateObject("roOpenVpn") params = {} params.archive_file = "openvpn.zip" ovpn.InstallAndRun(params) ovpn.Uninstall()
OpenVpn (JavaScript API)
The OpenVpn JavaScript API ensures that the files can be placed correctly, and with the right ownership, without making them accessible to everyone.
OpenVpn()
void OpenVpn()
installAndRun()
Promise<void> installAndRun(params: OpenVpnParams)
Install the configuration and run OpenVPN.
uninstall()
Promise<void> uninstall()
Stop and uninstall the configuration
OpenVpnParams
[String] archiveFile:
Path to the configuration zip[String]
obfuscatedSecret:
Encrypted passphrase for protected certificates
Example:
var openvpn = require('@brightsign/openvpn'); var ovpn = new openvpn(); var params = { archiveFile: '/storage/sd/openvpn.zip' }; ovpn.installAndRun(params) .then(function() { console.log('success'); }) .catch(function(err){ console.log('err: ' + JSON.stringify(err)); }); ovpn.uninstall() .then(function() { console.log('success'); }) .catch(function(err){ console.log('err: ' + JSON.stringify(err)); });
Appendix
An example client.conf file:
client dev tun proto udp remote 192.168.86.52 1194 ca /var/lib/brightsign/openvpn/ca.crt cert /var/lib/brightsign/openvpn/client1.crt key /var/lib/brightsign/openvpn/client1.key log /storage/sd/openvpn.log cipher AES-256-CBC auth SHA512 auth-nocache tls-version-min 1.2 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 resolv-retry infinite compress lz4 nobind persist-key persist-tun mute-replay-warnings verb 3