Has anyone know of a script that will convert an OVPN-formatted settings file:
client
dev tun
proto udp
remote ca.torguardvpnaccess.com 1912
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-auth ta.key 1
auth SHA256
cipher AES-128-CBC
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
fast-io
# Uncomment these directives if you have speed issues
;sndbuf 393216
;rcvbuf 393216
;push "sndbuf 393216"
;push "rcvbuf 393216"
to one that is compatible with OpenWRT’s UCI system?
config openvpn net_torguard_ca_toronto_udp
# Set to 1 to enable this instance:
option enabled 1
# TCP or UDP server?
# option proto tcp
option proto udp
# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
# option dev tap
option dev tun
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.
list remote "ca.torguardvpnaccess.com 1912"
# list remote "my_server_2 1194"
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
option resolv_retry infinite
# Most clients don't need to bind to
# a specific local port number.
option nobind 1
# SSL/TLS root certificate (ca), certificate
# (cert), and private key (key). Each client
# and the server must have their own cert and
# key file. The server and all clients will
# use the same ca file.
#
# See the "easy-rsa" directory for a series
# of scripts for generating RSA certificates
# and private keys. Remember to use
# a unique Common Name for the server
# and each of the client certificates.
#
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
option ca /etc/net.torguard/udp/ca.crt
# option cert /etc/openvpn/server.crt
# This file should be kept secret:
# option key /etc/net.torguard/udp/ta.key
# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
# This file is secret:
option tls_auth "/etc/net.torguard/udp/ta.key 1"
# Select a cryptographic cipher.
# This config item must be copied to
# the client config file as well.
# Blowfish (default):
# option cipher BF-CBC
# AES:
option cipher AES-128-CBC
# Triple-DES:
# option cipher DES-EDE3-CBC
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
option persist_key 1
option persist_tun 1
# option user nobody
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
option verb 1
I don’t really need to have the comments, just the settings.
Currently, I’m converting this manually.