Skip to content

07. Advanced Options

Zomboided edited this page Jul 8, 2018 · 39 revisions

This tab has a bunch of options that can be used to help track down any problems encountered or change some of the default behaviours.

Enable debug just for VPN Manager

An option that will output debug data for VPN Manager without having to increase the overall Kodi debug level. Useful for avoiding all the general noise that comes with increased debug.

Enable HTTP tracing

If the debug option is enabled this option will be available. It can be used to trace all HTTP requests, which can include IP addresses, user names and passwords. It should be used only when debugging an HTTP problem, and any logs that are produced should not be shared.

View Kodi log file

Displays the Kodi log file in a window.

Copy log files

Copies log files to a source, such as a network attached drive or USB key.

View OpenVPN log file

Displays the OpenVPN output in a window

Enable setup wizard

The setup wizard is only offered to initially get a VPN connected. Once this has happened, it's disabled and all setup is managed directly via the Settings menu. You can re-enable the setup wizard by using this option. The wizard will then run if no connections are validated.

You can also disable this option to stop the nagging at boot time if you want to leave the add-on installed but not set up a connection.

OpenVPN verb level

Change the OpenVPN logging level. The .ovpn files will need to be reset using reset the VPN provider in the Utilities tab when this option is changed.

Force block-outside-dns (Windows only)

Adds an addition parameter to the .ovpn files which will stop DNS calls outside of the VPN connections. This is a Windows only option, and the .ovpn files will need to be reset using reset the VPN provider when this option is changed.

Use sudo with openvpn and killall (Linux only)

Generally the add-on knows when to use sudo (general Linux installs, OSMC) and when not to use sudo (LibreELEC, OpenELEC). This option allows you to define whether or not sudo is used.

Use openvpn with no path (Linux only)

For Linux the fully qualified path used to call openvpn is /usr/sbin/openvpn. Setting this option on will see openvpn called without a path, allowing the path to the openvpn executable to be set externally to the add-on.

openvpn path (Linux only)

Shows the path that's being used with the openvpn command. If you don't want to update the class path and use the no path option, then switching on debug will allow this option to be editted with an alternative path to the openvpn command. The openvpn command will be appended to the end so the path will need to end with a / character.

Stop openvpn with killall -9 instead of -15 (Linux only)

Determines how the openvpn task is killed. -15 is much more friendly whereas -9 is more forceful. -15 seems to work well, but if there are issues with VPN connections not being disconnected then it's worth changing this setting.

Alternative running openvpn task detection (Linux only)

Alters the behaviour of how a running openvpn task is detected. If you're running a full Linux install and seeing some weirdness (connections being restarted or active connections not being detected as running maybe) then change this setting to true. For LE this should be left as false.

Enable up/down scripts

Adds up and down parameters to the .ovpn files which will allow users to run a script after a connection has been established. If this option is enabled and up.bat (for Windows), or up.sh or down.sh (for Linux) exists in the user data directory then the parameters will be written to the .ovpn files. The .ovpn files will need to be reset using reset the VPN provider when this option is changed.

As an example when using the User Defined provider on LibreELEC, you could create a file called /storage/.kodi/userdata/addon_data/service.vpn.manager/UserDefined/up.sh and fill it with :

#!/bin/bash
iptables -F
iptables -A INPUT -i tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i tun0 -j DROP

This will block unexpected incoming traffic when the VPN is connected. You can check the routing after connection by looking at the openvpn.log file (via the GUI, in the /run directory or in the Kodi log directory) and using route and iptables -S on the command line. However, you should google the use of iptables and understand them in the context of your network and requirements.

If you're using a default VPN (ie not User Defined), then you'll need to locate the up and down scripts in the directory for that provider (e.g. /storage/.kodi/userdata/addon_data/service.vpn.manager/PIA/up.sh)

Use default up/down scripts (Linux only)

If the previous option is enabled, then this option will use the default up script if the user hasn't supplied one (there isn't a down one currently...). The default up script is basically the same as the example above. For the time being this is disabled as default as I'm not sure what effect it'll have across all of the providers.

If you choose to use the default up script then you should validate that it's working for you, on your network, with your ISP and VPN provider.

Check connection with ping

Uses the openvpn parameters of ping (to check the connection is alive) and ping-exit (to exit the openvpn task if the connection is not working) to the check the connection is still alive. If the openvpn task exits, then it'll be restarted according to the settings in the monitor tab. If it's a UDP connection the default is ping 5 and ping-exit 30. If it's a TCP connection the default is ping 10 and ping-exit 60. If a VPN provider (including User Defined) uses any of the ping parameters then this option is ignored. If this option is changed, the .ovpn files will need to be reset using reset the VPN provider.

Always use Kodi log directory for OpenVPN log

The openvpn log is by default written to /run with the assumption that it's a RAM drive in order to minimise media wear. Some platforms/operating systems will have a problem with this and therefore the standard Kodi log directory can be used instead.

Evaluate and adjust system time (Linux only)

If the system time is obviously in the past (before the Kodi build year) then this option will adjust the clock to a more recent date so that VPN connections have more chance of working (if the clock is far adrift from reality this can cause the VPN connection to fail). It will not help with connections that are made before Kodi boots (LE only).

This is a work around for people who've not set the system date or enabled NTP, or NTP is failing. This will generally be a bigger issue on systems that don't have clocks (like the Raspberry Pi). A better answer to this option is to enable NTP or get a real time clock module.

Potential DNS fix (Linux only)

This option will use the APPEND.txt file to add additional VPN parameters to the ovpn files to ensure that the DNS is updated when the VPN connection changes.

It will work if you have the update-resolv-conf script in /etc/openvpn/ or in the userdata directory, creating a file with the following contents :

dhcp-option DNSSEC allow-downgrade\
dhcp-option DOMAIN-ROUTE .
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Or for systemd enabled Linux distros, it will work if you have the update-systemd-resolved in /etc/openvpn/scripts/ or in the userdata path, creating a file with the following contents :

script-security 2
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
up /etc/openvpn/scripts/update-systemd-resolved
down /etc/openvpn/scripts/update-systemd-resolved
down-pre

It will also disable the up and down options to avoid the contents of APPEND.txt conflicting with existing up and down scripts.

Any existing APPEND.txt or TEMPLATE.txt file will be renamed so that they're not used. If the fix fails and the APPEND.txt is removed, then it's up to the user to reinstate the previous versions of APPEND.txt and TEMPLATE.txt if necessary.

If the issue with your connection is not related to DNS not being set, or your version of Linux requires a different set of magic commands then this option will not help you and you'll need to trouble shoot your own problems.

Locating the userdata directory

The userdata directory is located in different places depending on the Kodi build you're using. For LibreELEC, it's in /storage/.kodi/userdata/addon_data/service.vpn.manager/

Enable enhanced information menu option

Adds a option to the add-on menu to display a bunch of other information about the system. You can also call this up using a keymap.

Popup connection table display

This determines whether the connection table that can be displayed to change the current connection will display a list of validated connections or a list of all connections. If your provider has 100s of connections, then it's probably best to use the validated connections list.

Display IP, location and Service Provider in VPN cycle notification.

Fills up the VPN connection notification will a lot of extra information that's generally not interesting.

Change IP location service

When a VPN connection is made external services are used to determine where the greater internet thinks that connection is coming from (note that these services aren't always accurate). 'Auto select' will cause the add-on to try and use the service with most information, and if that's not available it'll use the next available one. Over time it'll do some retrying of the previous system in order to deliver the best information. If you want to use a particular service (or maybe you know a VPN doesn't work with a service you want to avoid), then select the service you want to use. If it fails, a connection info box displays lots of "unknown"s, but your VPN connection should still have been established.

Clone this wiki locally