VPN Client

Used VPN client is OpenVPN. For inclusion in work it is necessary to load files of keys and certificates, to adjust the client VPN, to adjust work of Watchdog Ping.

Wathdog Ping provides a network availability check and, if it fails, responds by reconnecting the VPN client, and if necessary, reconnecting the LTE connection and resetting the modem.

The following URIs are used to load key files:

• upload-vpn-crt.htm - client certificate;
• upload-vpn-ca.htm - CA certificate;
• upload-vpn-key.htm - client key.

To configure the VPN client, use a query with querytype = setvpn, with fields:

• enable - enabling / disabling the client;

• iface - the interface through which the client works, can be "ethernet" or "modem";

• gateway - name or address of the VPN server;

• port - port of the VPN server, numeric value;

• auth_type - type of client authorization on the server, can be the following (currently only PASS_TLS is supported):
  • TLS - certificates (TLS);
  • PASS - password;
  • PASS_TLS - password and certificates (TLS).
• user - username, can be empty;
• pass - user password, may be empty;
• cipher_type - the encryption mode (currently only AES-256-CBC);
• hmac_type - HMAC authentication (currently only SHA512);
• verify_type - way to verify the server certificate (so long as only "name" is supported, by name);
• verify_str - the string on which the server certificate is collated is entered by the user at will;
• dns1 - DNS server address 1, can be empty;
• dns2 - DNS server address 2, can be empty.

To read the VPN client settings, use the query with querytype = getvpn, the response contains the following fields:

• status - characterizes the current state of the client;
• connect_time - time in UnixTimeStamp format showing the moment of connection, "0" if there is no data;
• enable - enabled or disabled client;
• iface - the interface through which the client works, can be "ethernet" or "modem";
• gateway - name or address of the VPN server;
• port - port of the VPN server, numeric value;
• auth_type - type of client authorization on the server;
• user - username, can be empty;
• pass - user password, may be empty;
• cipher_type - the encryption mode (currently only AES-256-CBC);
• hmac_type - HMAC authentication (currently only SHA512);
• verify_type - way to verify the server certificate (so long as only "name" is supported, by name);
• verify_str - the string on which the server certificate is collated is entered by the user at will;
• dns1 - DNS server address 1, can be empty;
• dns2 - DNS server address 2, can be empty.

To configure Watchdog Ping, use a query with querytype = setwdogping, with fields:

• enable - enabling / disabling;

• ping_addr - ping address;

• ping_time - ping frequency, in seconds, from 10 seconds to 5 minutes;
• ping_errors1 - the number of errors for the first action, if 0 is not used;
• ping_errors2 - the number of errors for the second action, if 0 is not used;
• ping_errors3 - the number of errors for the third action, if 0 is not used.

Actions that are performed when the number of errors is reached:

• ping_errors1 - reboot the VPN connection;
• ping_errors2 - transfer of connection via LTE modem and VPN connection;
• ping_errors3 - reset the modem and all connections, the error count starts anew.

To read the Watchdog Ping parameters, use the query with querytype = getwdogping, the response contains the following fields:

• enable - enabling / disabling;
• ping_addr - ping address;
• ping_time - ping frequency, in seconds;
• ping_errors1 - the number of errors for the first action - reboot the VPN connection;
• ping_errors2 - the number of errors for the second action - transfer of connection via LTE modem and VPN connection;
• ping_errors3 - the number of errors for the third action - reset the modem and all connections.