I wanted to be able to send commands from Vera to my Asus Merlin router to control the VPN client connection.
Thanks to the posters in this thread and a couple of guys on the UK Smart Home Automation Group on Facebook who pointed me in the right direction.
After a lot of trial and error I now have it working, these are the steps.
- Vera needs to be able to communicate with the router via SSH without prompting for login authentication.
Following steps 1 and 2 on this post I was able to generate a public key from Vera.
To do this I used Putty SSH client on my Windows laptop and connected to Veraâs command terminal.
Run these two commands:
a) Generate SSH key
dropbearkey -t rsa -f ~/.ssh/id_dss
b) View SSH public key
dropbearkey -y -f ~/.ssh/id_dss
- I then copied the key to my clipboard and then went to the Asus routers admin page in a browser, go to the Administration menu, then the System tab. Scroll down to the section titled: Authorized Keys and paste in your key into the box.
Example:
ssh-rsa Axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxE=
Under advisement from one of the guys I was talking too on Facebook he recommended to also set:
Allow Password Login = NO
Enable SSH Brute Force Protection = YES
I have also set SSH access on the router to LAN ONLY
- Test it works, go back to Putty and the SSH connection to the Vera command terminal and type the following command:
ssh -i ~/.ssh/id_dss -l admin 192.168.1.1 service stop_vpnclient5
Note: My VPN Client connection is on number 5, yours maybe on 1,2,3 or 4 so check that. The IP address is the LAN IP address of your router.
If the command works it should say DONE and your VPN client on the router should then be turned OFF.
This is the command to turn it back on:
ssh -i ~/.ssh/id_dss -l admin 192.168.1.1 service start_vpnclient5
When prompted in Putty to save the router as a known device, select Yes.
- Make a change to Vera so the commands work via LUA code in your scenes or in PLEG.
First I had to do what was suggested here
Basically in Putty connected to the Vera command terminal run these two commands:
rm -rf /.ssh
ln -s /root/.ssh /.ssh
- Test your commands in the Vera UI7 web GUI - Go to the Apps menu then Develop Apps then Test Luup code (Lua)
In the code test window using these commands:
VPN OFF -
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 service stop_vpnclient5")
VPN ON -
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 service start_vpnclient5")
If the commands successfully work in the Vera code test window and control your VPN client connection on your router ON / OFF then you can proceed.
- Create two Vera scenes one for VPN Off and one for VPN On use the correct os.execute command as above in your scene, paste the command in the âAlso, execute the following Luup code:â section of the scene and click the Save Lua button.
Test your scenes work by running them, does the VPN client connect / disconnect OK on your router?
- (Optional) I didnât create Vera scenes as in step 6. I instead created a Virtual binary light device in Vera and tied that virtual switch being on or off in to some PLEG logic (triggers) and then had my PLEG actions send the SSH commands to the router via LUA code. I wonât cover the full details of how I did that now.
I then added the Virtual switch for the VPN in to the Imperihome mobile app as well.
Issues: The only thing I havenât figured out now, is since adding Veraâs public key on to the router and turning off âAllow Password Loginâ for the SSH on the router, on my Windows laptop I can no longer connect to the router via Putty or WinWCP. Perhaps I need to add another public key from those clients on my laptop also to the router.
EDIT: Seems if I turn back on the router the option âAllow Password Loginâ I can once again login to SSH from my Windows laptop using Putty or WinSCP and the VPN On / Off still works OK via Vera, so maybe you can do both.
