What is a dot cube file?
A dot cube file (e.g. config.cube) is a single configuration file containing all of the necessary settings and keys for connecting an Internet Cube to a remote VPN server. This file can be used on the web interface of VPN Client, under the Automatic tab. It should be provided ready to use, by the VPN access provider.
A dot cube file is just a Json file. The following sections are intended to explain to VPN providers how to create dot cube files for their members.
Json example
{
"server_name": "vpn.ldn-fai.net",
"server_port": "1194",
"server_proto": "udp",
"ip6_net": "2001:db8:c42::",
"ip4_addr": "203.0.113.42",
"crt_server_ca": "-----BEGIN CERTIFICATE-----|MIIFFXAJjzZhAZJ+JHA…eRte6K|-----END CERTIFICATE-----",
"crt_client": "-----BEGIN CERTIFICATE-----|MIIFbUHHQjauIUoiUAA5ax…4T3As=|-----END CERTIFICATE-----",
"crt_client_key": "-----BEGIN PRIVATE KEY-----|MIIEvM/JsSAmledzvE…i8kAMj|-----END PRIVATE KEY-----",
"crt_client_ta": "",
"login_user": "",
"login_passphrase": "",
"dns0": "89.234.141.66",
"dns1": "2001:913::8",
"openvpn_rm": [ ],
"openvpn_add": [ "topology subnet" ]
}
Json settings
| Key | Value Type | Required? | Comment |
|---|---|---|---|
| server_name | Domain name | Required | Remote VPN server address |
| server_port | Port number | Required | Remote VPN server port |
| server_proto | "udp" or "tcp" | Required | L4 protocol to use |
| ip6_net | IPv6 network address | Optional | IPv6 delegated prefix (please, provide IPv6 to your members) |
| ip4_addr | IPv4 address | Recommended | Static IPv4 address (highly recommended for enabling the HyperCube service to generate DNS configurations) |
| crt_server_ca | ASCII certificate (new lines replaced by pipes) | Required | Public server CA (.crt) |
| crt_client | ASCII certificate (new lines replaced by pipes) | Optional (required if crt_client_key is defined) | Public client certificate (.crt) |
| crt_client_key | ASCII certificate (new lines replaced by pipes) | Optional (required if crt_client is defined) | Private client certificate (.key) |
| crt_client_ta | ASCII certificate (new lines replaced by pipes) | Optional | Shared-secret (ta.key) |
| login_user | Username | Optional (required if login_passphrase is defined) | Username |
| login_passphrase | Passphrase | Optional (required if login_user is defined) | Password |
| dns0 | IPv6 or IPv4 address | Required | First public DNS resolver (will be set on the host) |
| dns1 | IPv6 or IPv4 address | Required | Second public DNS resolver (will be set on the host) |
| openvpn_rm | Array of strings or PCRE regexes | Optional | OpenVPN options to remove from the default configuration (remove all lines containing one of the strings/regexes — non case-sensitive) |
| openvpn_add | Array of "key value" pairs | Optional | OpenVPN options to add to the default configuration |
Note1: You have to define either a public/private certificates couple, either a user/passphrase couple, either both.
Note2: You also have to set the same IPv6 Delegated Prefix in the web interface of Wifi Hotspot, for delivering IPv6 to wifi clients.
Command-line
VPN Client can be configured with a dot cube file, directly in command-line:
% yunohost app config set vpnclient --args "config_file=/tmp/config.cube"