-
Notifications
You must be signed in to change notification settings - Fork 80
07. Advanced Options
This tab has a bunch of options that can be used to help track down any problems encountered or change some of the default behaviours.
An option that will output debug data for VPN Manager without having to increase the overall Kodi debug level. Useful for avoiding all the general noise that comes with increased debug.
If the debug option is enabled this option will be available. It can be used to trace all HTTP requests, which can include IP addresses, user names and passwords. It should be used only when debugging an HTTP problem, and any logs that are produced should not be shared.
Displays the Kodi log file in a window.
Copies log files to a source, such as a network attached drive or USB key.
Displays the OpenVPN output in a window
The setup wizard is only offered to initially get a VPN connected. Once this has happened, it's disabled and all setup is managed directly via the Settings menu. You can re-enable the setup wizard by using this option. The wizard will then run if no connections are validated.
You can also disable this option to stop the nagging at boot time if you want to leave the add-on installed but not set up a connection.
Change the OpenVPN logging level. The .ovpn files will need to be reset using reset the VPN provider in the Utilities tab when this option is changed.
Adds an addition parameter to the .ovpn files which will stop DNS calls outside of the VPN connections. This is a Windows only option, and the .ovpn files will need to be reset using reset the VPN provider when this option is changed.
Generally the add-on knows when to use sudo (general Linux installs, OSMC) and when not to use sudo (LibreELEC, OpenELEC). This option allows you to define whether or not sudo is used.
If you've added the openvpn directory to an external class path, select this option to run openvpn without a path.
The path to the openvpn executable. The previous option must be false for this option to become available. For Linux the default path is /usr/sbin/ and for Windows it's c:\Program Files\OpenVPN\bin\. You can change this path if you've installed openvpn in a different location.
Determines how the openvpn task is killed. -15 is much more friendly whereas -9 is more forceful. -15 seems to work well, but if there are issues with VPN connections not being disconnected then it's worth changing this setting.
Alters the behaviour of how a running openvpn task is detected. If you're running a full Linux install and seeing some weirdness (connections being restarted or active connections not being detected as running maybe) then change this setting to true. For LE this should be left as false.
Adds up and down parameters to the .ovpn files which will allow users to run a script after a connection has been established. If this option is enabled and up.bat (for Windows), or up.sh or down.sh (for Linux) exists in the user data directory then the parameters will be written to the .ovpn files. The .ovpn files will need to be reset using reset the VPN provider when this option is changed.
As an example when using the User Defined provider on LibreELEC, you could create a file called /storage/.kodi/userdata/addon_data/service.vpn.manager/UserDefined/up.sh and fill it with :
#!/bin/bash
iptables -F
iptables -A INPUT -i tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i tun0 -j DROP
This will block unexpected incoming traffic when the VPN is connected. You can check the routing after connection by looking at the openvpn.log file (via the GUI, in the /run directory or in the Kodi log directory) and using route and iptables -S on the command line. However, you should google the use of iptables and understand them in the context of your network and requirements.
If you're using a default VPN (ie not User Defined), then you'll need to locate the up and down scripts in the directory for that provider (e.g. /storage/.kodi/userdata/addon_data/service.vpn.manager/PIA/up.sh)
If the previous option is enabled, then this option will use the default up script if the user hasn't supplied one (there isn't a down one currently...). The default up script is basically the same as the example above. For the time being this is disabled as default as I'm not sure what effect it'll have across all of the providers.
If you choose to use the default up script then you should validate that it's working for you, on your network, with your ISP and VPN provider.
Uses the openvpn parameters of ping (to check the connection is alive) and ping-exit (to exit the openvpn task if the connection is not working) to the check the connection is still alive. If the openvpn task exits, then it'll be restarted according to the settings in the monitor tab. If it's a UDP connection the default is ping 5 and ping-exit 30. If it's a TCP connection the default is ping 10 and ping-exit 60. If a VPN provider (including User Defined) uses any of the ping parameters then this option is ignored. If this option is changed, the .ovpn files will need to be reset using reset the VPN provider.
When openvpn generates or receives a SIGUSR1, the default behaviour is to do nothing. This can mean that network down events won't restart openvpn and the network just won't work. Remapping SIGUSR1 to SIGTERM will cause openvpn to exit and let the add-on restart it.
The openvpn log is by default written to /run with the assumption that it's a RAM drive in order to minimise media wear. Some platforms/operating systems will have a problem with this and therefore the standard Kodi log directory can be used instead.
If the system time is obviously in the past (before the Kodi build year) then this option will adjust the clock to a more recent date so that VPN connections have more chance of working (if the clock is far adrift from reality this can cause the VPN connection to fail). It will not help with connections that are made before Kodi boots (LE only).
This is a work around for people who've not set the system date or enabled NTP, or NTP is failing. This will generally be a bigger issue on systems that don't have clocks (like the Raspberry Pi). A better answer to this option is to enable NTP or get a real time clock module.
This option will use the APPEND.txt file to add additional VPN parameters to the ovpn files to ensure that the DNS is updated when the VPN connection changes.
It will work if you have the update-resolv-conf script in /etc/openvpn/ or in the userdata directory, creating a file with the following contents :
dhcp-option DNSSEC allow-downgrade
dhcp-option DOMAIN-ROUTE .
script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
down-pre
Or for systemd enabled Linux distros, it will work if you have the update-systemd-resolved in /etc/openvpn/scripts/ or in the userdata directory, creating a file with the following contents :
script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/scripts/update-systemd-resolved
down /etc/openvpn/scripts/update-systemd-resolved
down-pre
It will also disable the up and down options to avoid the contents of APPEND.txt conflicting with existing up and down scripts.
Any existing APPEND.txt or TEMPLATE.txt file will be renamed so that they're not used. If the fix fails and the APPEND.txt is removed, then it's up to the user to reinstate the previous versions of APPEND.txt and TEMPLATE.txt if necessary.
For LibreELEC installs, then user Gijs Withagen suggested using these up and down scripts. You may need to refer to using up and down scripts. I have not tested these and can't provide support on them.
If the issue with your connection is not related to DNS not being set, or your version of Linux requires a different set of magic commands then this option will not help you and you'll need to create your own APPEND.txt or trouble shoot your own problems.
The userdata directory is located in different places depending on the Kodi build you're using. For LibreELEC, it's in /storage/.kodi/userdata/addon_data/service.vpn.manager/
Adds a option to the add-on menu to display a bunch of information about the VPN and the general system. You can also call this up using a keymap.
Enabling this option will also display the VPN server on the large connection dialog (but not within the small notification). You will also see this information in the enhanced information screen (see previous option)
This determines whether the connection table that can be displayed to change the current connection will display a list of validated connections or a list of all connections. If your provider has 100s of connections, then it's probably best to use the validated connections list.
Fills up the VPN connection notification will a lot of extra information that's generally not interesting.
When a VPN connection is made external services are used to determine where the greater internet thinks that connection is coming from (note that these services aren't always accurate). 'Auto select' will cause the add-on to try and use the service with most information, and if that's not available it'll use the next available one. Over time it'll do some retrying of the previous system in order to deliver the best information. If you want to use a particular service (or maybe you know a VPN doesn't work with a service you want to avoid), then select the service you want to use. If it fails, a connection info box displays lots of "unknown"s, but your VPN connection should still have been established.