OpenVPN on Voxl/Seeker
-
Two days in on this one with some successes and some fails. I've successfully attached and controlled the seeker using QGC with a USB joystick through the 4gLTE modem using nothing more than port forwarding on my router. This is possible because the drone can initiate the mavlink connection from it's end (the LTE modem side) thus negating the carrier's NAT/subnet etc. However, getting fpv video requires RTSP, and RTSP has to be initiated fron the GC and it needs an internet accessible IP/URL to acheive that. You knew this, so someone equipped the Voxl with OpenVPN. Hooray! Except.. I can't (after a day, and I'm not putting another day into it..) get it to connect to a perfecly working (as in I can connect multiple laptops/phones to my OpenVPN server using only the generated .ovpn files in the native windows and android clients) server. Can someone outline, in detail, the hoops I need to jump through to accomplish this? I'd be happy to provide you (privately) with a working .ovpn file to try for yourself! Thanks!
-
@Bulldog357
I have over 30 days invested in this and still no luck. You can study the silly image provided for hours but the openvpn stuff is not available on either end. when you put together your instructions I would be very interested. At one point I had 2 devices and communication but that was 6 months ago. I gave up but started trying 3 weeks back only this time there is an openvpn cloud option not just the local server. The modalai referances cloud but then says server so I don't think they mean the openvpn cloud. I useally put 8 or 10 hours of brain into it then give up. Right now I cant get the new ver2 controller to talk to voxl. want to see some confusion look at the cable instructions and updating the firmware -
@Bulldog357 @jconk With OpenVPN, we've always built / hosted our own server on a GCP VM.
Here's an example of the settings we use in one of our
.ovpn
key files:proto udp tun-mtu 1300 mssfix 1260 comp-lzo no client nobind dev tun remote-cert-tls server remote $SERVER_IP 1194 udp
-
And this is what we used to setup our server: https://hub.docker.com/r/kylemanna/openvpn/
-
@tom This is the top of the auto-generated .opvn file created by my OpenVPN server running on a Pi. I've generated 4 separate files, and used them on 2 different laptops tethered to phones (thus not on my local network at all) and the two phones themselves and those 4 devices connect flawlessly.
I have placed this voxl.ovpn file in /etc/openvpn/
When I execute openvpn with the file as the argument, I get this:
I briefly looked at your server link and it looks like it's set up not to require a password for the public key, which is required by my server when creating the user and generating the .ovpn. Is this the issue? When using the Windows and Android OpenVPN GUI clients, they prompt me for the password I created to go with the file. I don't get that far on the Voxl command line. Is there something about the OpenVPN installation on the Voxl that won't let it do the initial TLS handshake for the password? Like I said this stuff works like butter on two laptops and two phones... -
@Bulldog357 It looks as though your key is using a param that isn't available in the version installed on VOXL by default (tls-version-min 1.2). You could try removing this line from the key.
You could also try building a newer version of OpenVPN via. the instructions at the bottom of this page: https://docs.modalai.com/voxl-vpn/#openvpn-client-on-voxl
-
@tom Well... I lied. I actually did spend most of the day on it again, but I learned a lot so it's ok. I have been 90% successfull in my efforts, with most of the success attibuted to .. Uh.. Following the instructions? LOL! I compiled the 2.5.1 version of OpenVPN on the Voxl. It connected to my server after properly prompting me for the password. I have full use of my subnet from the Voxl through the VPN. I can connect the Voxl to QGC on any machine (IP) on my network that I point the Voxl to. I need two things from you: Using this line does not keep it running as a daemon after I exit the shell: "openvpn --daemon --script-security 2 --config voxl.ovpn" As soon as I exit adb it drops the link. I need to make it persistent. Secondly, I need to know how to make the system clock setting utility persistent as well. Thanks!
-
@Bulldog357 Glad you're having some success!
We have some helper scripts that we can take advantage of to get things going on boot:
First, enable the
voxl-time-sync
service which will run on boot and then exit once the date/time is correct:systemctl enable voxl-time-sync
Next, we can take advantage of the
vpn-start
system service to get openvpn running on boot.This service file lives in
/etc/systemd/system/vpn-start.service
and by default looks like this:[Unit] After=voxl-time-sync.service Requires=voxl-time-sync.service [Service] Type=forking ExecStartPre=/bin/sleep 2 ExecStart=/usr/sbin/openvpn --script-security 2 --daemon --config /etc/openvpn/KEY_FILE [Install] WantedBy=default.target
What you will want to do is modify this file so that it points to your key file instead of the default path.
Once you do that you can run
systemctl daemon-reload
to tell systemd to pull from this updated file.Lastly, you can enable this service to run on boot with
systemctl enable vpn-start
, as you'll notice thisvpn-start
service depends on thevoxl-time-sync
service and therefore won't start until the system clock time is correct.After all this, do a reboot and you should see the VPN come up on boot.
-
@tom Omg. This is golden. Not only that, but it would have been NEARLY IMPOSSIBLE to dig up by myself! A while back, I asked you folks if there was a dictionary/glossary/document etc. of all the proprietory utilities, commands, scripts, config files et.al. that are contained on this Voxl (Voxl2 if you like) with at least a brief description and perhaps an example for each. Searchable by keyword. With that and a day or two, I probably could have figured it out. Where is this document? Clearly, this vpn info, exactly as you put it, should be in the docs under "VPN" considering how absolutely crucial it is to making it work. I started in IT in the late 80's and was a DOS guru on through Windows (as were most people back then that didn't work for SCO or IBM) I remember now what made me that way. Long nights without sleep pounding out commands on a keyboard to see what they'd do. I also remember why I got out of it. Learning new software daily but then realizing that all those brain cells I burned on Lotus and Dbase3 and Wordperfect and how to configure stuff to make it work was just a never-ending story because when the next new version comes out, you start over. And the brain cells storing that knowledge will never be used again. To this day I find myself scouring the available info for 2 days only to find the hidden treasure of some undocumented commands or switches that magically make some non-working thing work. Like today. And now it's just a hobby! Enough ranting... Sorry just food for thought. Anyway, Tom, just for clarification, which file is in your picture? Is it the config file for the service? Also, IS there a document somewhere for the commands and switches and configs?? I'll try this on the drone when I get home. Thank you!
-
@Bulldog357 The file output that I posted is
/etc/systemd/system/vpn-start.service
, you can look in/etc/systemd/system
and see all of the systemd service files that VOXL uses.The high level description for the VOXL SDK is here: https://docs.modalai.com/voxl-sdk/
voxl-suite info here: https://docs.modalai.com/voxl-suite/
The VPN info for example is under the utilities subsection of voxl-suite: https://docs.modalai.com/sdk-utilities/
Other high level feature descriptions here: https://docs.modalai.com/high-level-features/
If you want to look at the actual code, you can explore here: https://gitlab.com/voxl-public/voxl-sdk
-
@tom Tom, Thank you, but I feel like an idiot. I say that because I just clicked on all of the links you just posted in that reply, gave it 30 minutes worth of clicks, and for the life of me, I can't find any reference to: voxl-time-sync or vpn-start.service or any of the instruction you provided in your short post. Is it me? I really and truly appreciate your help, but I feel like everyone on your end feels like we're all at your level but we're not. We need hand holding sometimes.. even though we're pretty clever guys (and gals.. or whatever letters you use..) or we probably wouldn't be messing with this stuff. Honestly.. a concise, 2-3 page document for the currently released products containing commands, file locations, syntax and switches, configs (with included defaults) and an example or two would go a LONG ways toward keeping you guys busy at what you do best instead of answering my stupid questions..