Dot Cube Files

What is a dot cube file?

A dot cube file (e.g. config.cube) is a single configuration file containing all of the necessary settings and keys for connecting an Internet Cube to a remote VPN server. This file can be used on the web interface of VPN Client, under the Automatic tab. It should be provided ready to use, by the VPN access provider.

Automatic Tab

A dot cube file is just a Json file. The following sections are intended to explain to VPN providers how to create dot cube files for their members.

Json example

{
  "server_name": "vpn.ldn-fai.net",
  "server_port": "1194",
  "server_proto": "udp",
  "ip6_net": "2001:db8:c42::",
  "ip4_addr": "203.0.113.42",
  "crt_server_ca": "-----BEGIN CERTIFICATE-----|MIIFFXAJjzZhAZJ+JHAeRte6K|-----END CERTIFICATE-----",
  "crt_client": "-----BEGIN CERTIFICATE-----|MIIFbUHHQjauIUoiUAA5ax4T3As=|-----END CERTIFICATE-----",
  "crt_client_key": "-----BEGIN PRIVATE KEY-----|MIIEvM/JsSAmledzvEi8kAMj|-----END PRIVATE KEY-----",
  "crt_client_ta": "",
  "login_user": "",
  "login_passphrase": "",
  "dns0": "89.234.141.66",
  "dns1": "2001:913::8",
  "openvpn_rm": [ ],
  "openvpn_add": [ "topology subnet" ]
}

Json settings

Key Value Type Required? Comment
server_name Domain name Required Remote VPN server address
server_port Port number Required Remote VPN server port
server_proto "udp" or "tcp" Required L4 protocol to use
ip6_net IPv6 network address Optional IPv6 delegated prefix (please, provide IPv6 to your members)
ip4_addr IPv4 address Recommended Static IPv4 address (highly recommended for enabling the HyperCube service to generate DNS configurations)
crt_server_ca ASCII certificate (new lines replaced by pipes) Required Public server CA (.crt)
crt_client ASCII certificate (new lines replaced by pipes) Optional (required if crt_client_key is defined) Public client certificate (.crt)
crt_client_key ASCII certificate (new lines replaced by pipes) Optional (required if crt_client is defined) Private client certificate (.key)
crt_client_ta ASCII certificate (new lines replaced by pipes) Optional Shared-secret (ta.key)
login_user Username Optional (required if login_passphrase is defined) Username
login_passphrase Passphrase Optional (required if login_user is defined) Password
dns0 IPv6 or IPv4 address Required First public DNS resolver (will be set on the host)
dns1 IPv6 or IPv4 address Required Second public DNS resolver (will be set on the host)
openvpn_rm Array of strings or PCRE regexes Optional OpenVPN options to remove from the default configuration (remove all lines containing one of the strings/regexes — non case-sensitive)
openvpn_add Array of "key value" pairs Optional OpenVPN options to add to the default configuration

Note1: You have to define either a public/private certificates couple, either a user/passphrase couple, either both.
Note2: You also have to set the same IPv6 Delegated Prefix in the web interface of Wifi Hotspot, for delivering IPv6 to wifi clients.

Command-line

VPN Client can be configured with a dot cube file, directly in command-line:

% ynh-vpnclient-loadcubefile.sh -h
-u YunoHost username (user with permissions on VPN Client)
-p User password
-c Dot cube file path
-h This help

% ynh-vpnclient-loadcubefile.sh -u jdoe -p AAaxRjLAyU4CU -c /tmp/config.cube
[VPN] Configuration updated and service successfully reloaded

The script ynh-vpnclient-loadcubefile.sh is provided with VPN Client.

The user jdoe:AAaxRjLAyU4CU must be a valid YunoHost user (SSO), allowed to access to the VPN Client web interface. When Wifi Hotspot is detected and if there is only one SSID defined, the IPv6 Delegated Prefix is also configured for this SSID and Wifi Hotspot is restarted.