I wanted to be able to send commands from Vera to my Asus Merlin router to control the VPN client connection.
After a lot of trial and error I now have it working, these are the steps.
- Vera needs to be able to communicate with the router via SSH without prompting for login authentication.
Following steps 1 and 2 on this post I was able to generate a public key from Vera.
To do this I used Putty SSH client on my Windows laptop and connected to Vera’s command terminal.
Run these two commands:
a) Generate SSH key
dropbearkey -t rsa -f ~/.ssh/id_dss
b) View SSH public key
dropbearkey -y -f ~/.ssh/id_dss
- I then copied the key to my clipboard and then went to the Asus routers admin page in a browser, go to the Administration menu, then the System tab. Scroll down to the section titled: Authorized Keys and paste in your key into the box.
Under advisement from one of the guys I was talking too on Facebook he recommended to also set:
Allow Password Login = NO
Enable SSH Brute Force Protection = YES
I have also set SSH access on the router to LAN ONLY
- Test it works, go back to Putty and the SSH connection to the Vera command terminal and type the following command:
ssh -i ~/.ssh/id_dss -l admin 192.168.1.1 service stop_vpnclient5
Note: My VPN Client connection is on number 5, yours maybe on 1,2,3 or 4 so check that. The IP address is the LAN IP address of your router.
If the command works it should say DONE and your VPN client on the router should then be turned OFF.
This is the command to turn it back on:
ssh -i ~/.ssh/id_dss -l admin 192.168.1.1 service start_vpnclient5
When prompted in Putty to save the router as a known device, select Yes.
- Make a change to Vera so the commands work via LUA code in your scenes or in PLEG.
First I had to do what was suggested here
Basically in Putty connected to the Vera command terminal run these two commands:
rm -rf /.ssh
ln -s /root/.ssh /.ssh
- Test your commands in the Vera UI7 web GUI - Go to the Apps menu then Develop Apps then Test Luup code (Lua)
In the code test window using these commands:
VPN OFF -
os.execute("ssh -y -i ~/.ssh/id_dss email@example.com service stop_vpnclient5")
VPN ON -
os.execute("ssh -y -i ~/.ssh/id_dss firstname.lastname@example.org service start_vpnclient5")
If the commands successfully work in the Vera code test window and control your VPN client connection on your router ON / OFF then you can proceed.
- Create two Vera scenes one for VPN Off and one for VPN On use the correct os.execute command as above in your scene, paste the command in the “Also, execute the following Luup code:” section of the scene and click the Save Lua button.
Test your scenes work by running them, does the VPN client connect / disconnect OK on your router?
- (Optional) I didn’t create Vera scenes as in step 6. I instead created a Virtual binary light device in Vera and tied that virtual switch being on or off in to some PLEG logic (triggers) and then had my PLEG actions send the SSH commands to the router via LUA code. I won’t cover the full details of how I did that now.
I then added the Virtual switch for the VPN in to the Imperihome mobile app as well.
Issues: The only thing I haven’t figured out now, is since adding Vera’s public key on to the router and turning off “Allow Password Login” for the SSH on the router, on my Windows laptop I can no longer connect to the router via Putty or WinWCP. Perhaps I need to add another public key from those clients on my laptop also to the router.
EDIT: Seems if I turn back on the router the option “Allow Password Login” I can once again login to SSH from my Windows laptop using Putty or WinSCP and the VPN On / Off still works OK via Vera, so maybe you can do both.