TomatoUSB

Hi..
I'm using Shiibby 1.28.0000 MIPSR2-115 K26 Max on an Asus RT-N12D1. I use the OpenVPN capabilty for several of my remote virtual servers, which I back up over the VPN link. Due to this I MUST have the same IP address pair for each tunnel each time the vpn server restarts. I use the /tmp/etc/openvpn/server1/ccd directory with files named for each server link, with "ifconfig-push" and the remote and local link ips. I have these entries in the firewall script, such that I was led to believe would be run each time the firewall restarts.. Apparently this isnt the case, as each time I restart the firewall, after the firewall restarts, the ccd directory is empty.. To work around this, I have a copy of the "ccd filler script" in /cifs1, which I run manually, which then populates the ccd directory, then I have to restart all of the client links to get them to grab the correct ip addresses, since they don't take the correct ones, that are listed in each affected system's /etc/hosts.. Way back when I was using Tomato 1.27vpn on an old WRT54GL router and first needed the Openvpn capability I asked about how to force clients to get the same address pairs each time they connected to the server and I was told to put something like this in the firewall custom script..

sleep 2
mkdir -p /tmp/etc/openvpn/server1/ccd
echo "ifconfig-push 10.10.10.6 10.10.10.5" > /etc/openvpn/server1/ccd/host1
echo "ifconfig-push 10.10.10.10 10.10.10.9" > /etc/openvpn/server1/ccd/host2
...

The ip address pairs are taken from the Openvpn documentation for the correct 4th-octet. This script snippet does not seem to work, as I can check the
/tmp/etc/openvpn/server1/ccd directory prior to restarting the server, with all of the named files there and again after restarting the server and the directory is then empty.. I have to then run
the script manually from an ssh session, then restart each client to get the ip addresses needed (and that are listed in everybody's host file)… I've been having to restart the firewall a lot to
add entries to DROP a bunch of skriptkiddies trying to hit my ssh (which is on another port)

Unfortunately when OpenVPN was integrated into tomato, they didn't take into account the client configuration directory. It actually would be a little difficult I think to integrate into the gui.
This is how I would take care of this if I were in your place
I would enable jffs and create a directory called ccd. In there place your client configuration files.
Then in the Custom Configutation box for OpenVPN, put 'client-config-dir /jffs/ccd'.

Everything in /etc is stored in ram, so is lost on reboots. The openvpn config isn't even there until openvpn starts. It then pulls all the information it needs from nvram, then created the openvpn folder structure.
/jffs will survive reboots, and mounts long before openvpn starts, so will always be there dependably.

ok… did not know jffs survived reboots.. I've got jffs enabled, and it appears to have plenty of space (1.7mb), I'll move the ccd directory over there.. I assume it will override the "client-config-dir ccd" that resides in the config.ovpn file when the vpn is running??

Update: if you uncheck the "manage client-specific options" box, it removes the "client-config-dir ccd" entry from the config.ovpn… This works great!! THANK YOU!!

/jffs is pretty useful for cases like this. Glad you got it going.