Rascal thanks!,
The problem was indeed what you suggested. Yesterday I couldn’t stop to find a solution until night hours, but in the end I found a solution for the whole mess.
Most important things i learned while frustrating myself over and over…;
Thanks to Rascal; in a systemctl .service file, never use for the ExecStart= part a nested or piped command! It will give you a [unit] error, but don’t let it throw you. You think there is a config error in the [unit] part, but it in fact it can’t handle the command. Takes a lot of time to sort it out if you don’t know. Keep commands simple as possible.
In coreelec linux, delete first all iptable script commands out of the storage/.config/autostart.sh file before you start to determine the cause of a speed or vpn related problem. In fact I think it is best to use no autostart.sh file at all.
in .service files never refer to ~/.config/… It doesn’t work.
Use /storage/.config/…
test the speed of your vpn first at another pc or device with the same client protocol.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Ok, here is what I did to solve this annoying thing in my case:
CORELEC SOLUTION:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Instead of trying to direct the openvpn command to execute in the directory where the certificates are located, find a solution the other way around. Edit the .ovpn and add the right paths to the .ovpn file itself.
(I’m not sure this works for all providers the same, but I guess it is a default client file concept:
let’s say your .ovpn file has these parts included:)
auth-user-pass vpn_userpass.txt
ca vpn_ca.crt
crl-verify vpn_crl.pem
tun-ipv6
script-security 2
up update-resolv-conf
down update-resolv-conf
When your file has these lines modificate them to these:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
auth-user-pass /storage/.config/(…whatever…)/vpn_userpass.txt
ca /storage/.config/(…whatever…)/vpn_ca.crt
crl-verify /storage/.config/(…whatever…)/vpn_crl.pem
tun-ipv6
script-security 2
up /storage/.config/(…whatever…)/update-resolv-conf
down /storage/.config/(…whatever…)/update-resolv-conf
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
After, save this .conf file to .ovpn (if not .ovpn before)
result: openvpn can be started directly without complex commands:
/usr/sbin/openvpn --config /storage/.config/vpn.config/vpn.ovpn
Run this manually. with a ssh console terminal, check if it works.
Now modificate the .service file to what Rascal said in the beginning of this topic and save it;
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[Unit]
Description=OpenVPN Autorun Service
[Service]
Type=forking
Requires=network-online.service
After=network-online.service
ExecStart= /usr/sbin/openvpn --daemon --config /storage/.config/…(your path)…/vpn.ovpn
Restart=always
RestartSec=15
[Install]
WantedBy=kodi.target
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
now in your SSH console, stop an eventually running openvpn .service file with this command:
(In my example I call it: MYOPENVPN.service)
A:
systemctl stop MYOPENVPN.service
disable it from starting after booting the device:
systemctl disable MYOPENVPN.service
enable booting the modified .service file:
systemctl enable MYOPENVPN.service
Now most important, check if it works manually:
systemctl start MYOPENVPN.service
If your setup is correct this command should give you a prompt back after executing it.
to test vpn works (and the .service) enter this command: curl ipinfo.io/ip
It should give you your recent (WAN) ip address, which should be the vpn’s address.
if you see you ip providers address in this step, it doesn’t work, you should recheck the config again…
To see where it could go wrong use this command:
systemctl status MYOPENVPN.service
It could give you the output of the openvpn command in the service. Correct the .service file when needed. (afterwards start again the commands from “A.” )
note: for a detailed systemctl manual go here:
http(s)://www.digitalocean.com/community/tutorials/how-to-use-systemctl-to-manage-systemd-services-and-units
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ok.
Your .service file works. Good. Again, check your storage/.config/autostart.sh
file before testing. In case of doubt rename it temporary. You can test whatever you like, but in my case I had some iptable (firewall) rules there that screwed up everything in fact. It is easy to forget those after time, it will give you hell…
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
After testing:
-restart you system and log in again with ssh on the box.
-see if it works. Execute a Ping to the WAN ip address:
curl --silent ipinfo.io/ip
-Check the speed of your connection by installing a speedtest app in kodi.
-Secondly install the WanIP app in Kodi, this gives your WAN ip with a push. Handy.
-Contact your vpn if the vpn speed is too low. 11Mbit/second is enough for most people.
-Consider this: VPN works in both directions…Most people using kodi vpn manager do not realize this.
Might be a good idea to change the password of your ssh login on your box. Use this command after logged in on ssh: passwd
Choose new password and retype + enter.
DO NOT FORGET YOUR NEW PASSWORD OR FACE A RE-INSTALL OF YOUR BOX!
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
last sharings:
Beware the --daemon option in the command :
/usr/sbin/openvpn --daemon --config /storage/.config/vpn.config/vpn.conf
the --daemon parameter works only when executed from a “working” .service script (systemctl),
not when used as a manual command…So don’t get fooled by that.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
So the situation yesterday in my case:
-bad configured .autostart.sh file.
-old vpn certificate in use.
-The.ovpn file was not adapted for coreelec use. no exact paths to other vpn provider files.
-MYOPENVPN.service had a nested ExecStart: command, it couldn’t be handled. (unit error)
-I kept on testing --deamon by running the command manually, no result.
-I kept restarting the box without testing the MYOPENVPN.service in a ssh console.
pfeeew…
But it works now…
last note:
Save yourself all this trouble and get a modem/router with opensource firmware. if you can configure a openvpn connection in it , let the router solve it all…
Make sure the that router is singlecore . openvpn doesn’t use multicore as far as i know…
Hope somebody can use this!