Connect Players and Servers Through a VPN

OpenVPN (BrightSign currently uses OpenVPN 2.4.7) can be used to create a connection to your servers. The OpenVPN "configuration" interface is a path to a complete configuration file and (optionally) the passphrase needed to decrypt the private key. The process is limited by —script-security=1 for the entire duration of that process. 

The configuration is extracted to flash, meaning that it will persist across device reboots and/or if the SD card is reformatted. If the device is configured for OpenVPN, it will automatically run on startup of the BrightSign application.

When configuring output files, you should use the applicable attached storage device (for example, /storage/sd/).

Note that:

  • archive_file (for BrightScript) or archiveFile (for JavaScript) must point to a zip archive containing a valid OpenVPN configuration file named client.conf in the top level directory (see the Appendix for an example client.conf file).

  • All paths configured in client.conf are assumed to be absolute. In order to refer to files extracted on the player after running installAndRun, the following directory path should be assumed /var/lib/brightsign/openvpn/

To establish the connection, reference the roOpenVpn BrightScript API or the openvpn JavaScript API.

Appendix

In addition to other configuration information, client.conf should contain the absolute path format of the configured artifacts. For example:

ca /var/lib/brightsign/openvpn/ca.crt cert /var/lib/brightsign/openvpn/client1.crt key /var/lib/brightsign/openvpn/client1.key log /storage/sd/openvpn.log