top of page
Search
unilspeltansalzfan
Aug 20, 20236 min read

Read Linksys Config File



The Backup and Restore configuration feature in the Linksys Smart Wi-Fi Router allows you to backup all configurations made to the router. In cases when you need to reset the router to factory default settings, you will be able to restore your previous configuration using the backup configuration file. This will save you time by not going through the process of reconfiguring the router manually.




Read Linksys Config File




I'm looking for a way to extract a plain-text/human readable listing of the configuration information for my router. I can do the "backup" to send the configuration to a .cfg file, but that file is in some binary and/or encrypted form, so is not much use. In particular I would like to export the reserved addresses (the part that takes the most time to do every time I have to do a hard-reset). Unfortunately can't use these to do a command-line reconfiguration, but at least I could have a clean file to list what I have to manually re-do.


A Cisco device needs to use the configuration file to do its work. Cisco devices have random-access memory (RAM) to store data from the configuration file while Cisco IOS is using it, but the RAM loses its contents when the device loses power. In order to load all configuration data back after the device loses power, Cisco use several types of more permanent memory. The following list explains the four main types of memory found in Cisco switches or Cisco routers, as well as the most common use of each type:


Use the command copy running-config startup-config (copy run start) to overwrite the current startup config file with what is currently in the running configuration file.


The copy command can be used to copy files on a Cisco device, such as a configuration file or a new version of the Cisco IOS. Files can be copied between RAM, NVRAM and a TFTP server. The syntax for the copy commands is as follows:


You can use three different commands to erase NVRAM: write erase, erase startup-config and erase nvram. All of them erase the contents of the NVRAM configuration file, so if the device is then reloaded, there is no initial configuration and you have to begin initial device configuration.


Note that Cisco IOS does not have a command that erases the contents of the running configuration file. To clear out the running config file, simply erase the startup config file and then reload the device.


This often appears to be down to filesystem corruption. When the filesystem is mounted as read only it is possible to use the fsck filesystem check/repair tool - provided you have already installed it (e.g. for the ext2/3/4 based filesystems it is package e2fsprogs):


  • Once running in a command prompt window, OpenVPN can be stopped by the F4 key.Run OpenVPN as a service by putting one or more .ovpn configuration files in \Program Files\OpenVPN\config and starting the OpenVPN Service, which can be controlled from Start Menu -> Control Panel -> Administrative Tools -> Services.

Additional Windows install notes.


If you are using Windows, open up a Command Prompt window and cd to \Program Files\OpenVPN\easy-rsa. Run the following batch file to copy configuration files into place (this will overwrite any preexisting vars.bat and openssl.cnf files):


Note that on Linux, BSD, or unix-like OSes, the sample configuration files are named server.conf and client.conf. On Windows they are named server.ovpn and client.ovpn.


The sample server configuration file is an ideal starting point for an OpenVPN server configuration. It will create a VPN using a virtual TUN network interface (for routing), will listen for client connections on UDP port 1194 (OpenVPN's official port number), and distribute virtual addresses to connecting clients from the 10.8.0.0/24 subnet.


Before you use the sample configuration file, you should first edit the ca, cert, key, and dh parameters to point to the files you generated in the PKI section above.


The sample client configuration file (client.conf on Linux/BSD/Unix or client.ovpn on Windows) mirrors the default directives set in the sample server configuration file.


As in the server configuration, it's best to initially start the OpenVPN server from the command line (or on Windows, by right-clicking on the client.ovpn file), rather than start it as a daemon or service:


If you install OpenVPN via an RPM or DEB package on Linux, the installer will set up an initscript. When executed, the initscript will scan for .conf configuration files in /etc/openvpn, and if found, will start up a separate OpenVPN daemon for each file.


When started, the OpenVPN Service Wrapper will scan the \Program Files\OpenVPN\config folder for .ovpn configuration files, starting a separate OpenVPN process on each file.


Use the writepid directive to write the OpenVPN daemon's PID to a file, so that you know where to send the signal (if you are starting openvpn with an initscript, the script may already be passing a --writepid directive on the openvpn command line).


While most configuration changes require you to restart the server, there are two directives in particular which refer to files which can be dynamically updated on-the-fly, and which will take immediate effect on the server without needing to restart the server process.


client-config-dir -- This directive sets a client configuration directory, which the OpenVPN server will scan on every incoming connection, searching for a client-specific configuration file (see the the manual page for more information). Files in this directory can be updated on-the-fly, without restarting the server. Note that changes in this directory will only take effect for new connections, not existing connections. If you would like a client-specific configuration file change to take immediate effect on a currently connected client (or one which has disconnected, but where the server has not timed-out its instance object), kill the client instance object by using the management interface (described below). This will cause the client to reconnect and use the new client-config-dir file.


For the purpose of this example, we will assume that the server-side LAN uses a subnet of 10.66.0.0/24and the VPN IP address pool uses 10.8.0.0/24 as cited in the server directive in the OpenVPN server configuration file.


In the above directive, ccd should be the name of a directory which has been pre-created in the default directory where the OpenVPN server daemon runs. On Linux this tends to be /etc/openvpn and on Windows it is usually \Program Files\OpenVPN\config. When a new client connects to the OpenVPN server, the daemon will check this directory for a file which matches the common name of the connecting client. If a matching file is found, it will be read and processed for additional configuration file directives to be applied to the named client.


Shared object or DLL plugins are usually compiled C modules which are loaded by the OpenVPN server at run time. For example if you are using an RPM-based OpenVPN package on Linux, the openvpn-auth-pam plugin should be already built. To use it, add this to the server-side config file:


Note that client-cert-not-required will not obviate the need for a server certificate, so a client connecting to a server which uses client-cert-not-required may remove the cert and key directives from the client configuration file, but not the ca directive, because it is necessary for the client to verify the server certificate.


Next, edit your Samba configuration file (smb.conf). Make sure the hosts allow directive will permit OpenVPN clients coming from the 10.8.0.0/24 subnet to connect. For example:


The simplest approach to a load-balanced/failover configuration on the server is to use equivalent configuration files on each server in the cluster, except use a different virtual IP address pool for each server. For example:


OpenVPN automatically supports any cipher which is supported by the OpenSSL library, and as such can support ciphers which use large key sizes. For example, the 256-bit version of AES (Advanced Encryption Standard) can be used by adding the following to both server and client configuration files:


The revoke-full script will generate a CRL (certificate revocation list) file called crl.pem in the keyssubdirectory. The file should be copied to a directory where the OpenVPN server can access it, then CRL verification should be enabled in the server configuration:


  • This will block clients from connecting to any server which lacks the nsCertType=server designation in its certificate, even if the certificate has been signed by the ca file in the OpenVPN configuration file.Use the tls-remotedirective on the client to accept/reject the server connection based on the common name of the server certificate.

  • Use a tls-verifyscript or plugin to accept/reject the server connection based on a custom test of the server certificate's embedded X509 subject details.

  • Sign server certificates with one CA and client certificates with a different CA. The client configuration ca directive should reference the server-signing CA file, while the server configuration cadirective should reference the client-signing CA file.

Updates & Announcements OpenVPN Cloud 2ff7e9595c


0 views0 comments

Recent Posts

See All

Comments

bottom of page