Use my own VPN Locations on InvizBox Go!

Let’s do this!

I’m finally taking the time to show you how use your own VPN Location as well as adding/changing/removing VPN Locations on your InvizBox Go (Go). This should help you if you have VPN setup requirements that are not available by default in our firmware to match your everyday use.
In this exercise, I’m explain a bunch of things so you get a feel for it:

  • Remove all the VPN Locations from Brazil
  • Rename Brussels to Bruxelles in the Belgian VPN Locations
  • Add my own VPN Location with my work VPN

For each step, I’ll propose 3 ways which are identical in results, you only need to use the one that suits you most. I’ll show manual editing of files, using the UCI commands from shell and using the Lua programming language.

SSH Access

First, I need to set up SSH access to my Go. To do so, I use the following technote:
Since I’m planning to access this quite a bit, I decided to paste my public key in the SSH-Keys section of the SSH-Access area.
As a side note, I use a simple alias (in my .bash_aliases file) to get my public-key:

alias getpublickey='cat ~/.ssh/ | xclip'

You don’t have to do this but then depending on your ssh client, you may have to enter the root password each time you connect.
By the way, if you are a Windows user, you may want to consider putty for ssh access.
I’m also connected to my normal network over Ethernet during this, so I can’t use the address as it doesn’t resolve to my Go. That means I have to use the IP address when connecting:

ssh root@
SSH as root
Actually, sometimes one does!

Get the latest version

Before we get going, we need to make sure that we are running a version at least as new as 3.0.9.
First, leave the Go running (and connected) for a couple of hours. You can also manually trigger an update from the button in the Update Log page (Expert Mode – System – Update Log) and make sure there is no update available (don’t worry about the errors in that page see: Errors in Update Log).

VPN Settings structure

Once I’m in, I can start by looking at the VPN settings that are used in the VPN Location page. I can interact with them by editing the /etc/config/vpn file or using the UCI interface (Reference Documentation is here: I’m going to use UCI here as it makes things simpler to script.

uci show vpn


From here, we can see that the structure is listing VPN Locations with:

  • a type – server
  • a name – vpn.zurc02
  • and 4 options:
    • country
    • city
    • name
    • template

So to add/remove/edit them, we’ll have to deal with these 5 elements.
You can also look at them in the config file where they look nicely organised:

tail /etc/config/vpn


    option city 'Zurich'
    option name 'zur-c01'
    option template='/etc/openvpn/templates/invizbox.ovpn.template'
config server 'zurc02'
    option country 'CH'
    option city 'Zurich'
    option name 'zur-c02'
    option template='/etc/openvpn/templates/invizbox.ovpn.template'

Remove Brazilian VPN Locations

So, now that we know the structure (and have checked how to use UCI from the reference, we can work on removing the Brazilian locations).
A quick

grep BR- /etc/config/vpn

shows that I have 20 VPN Locations in Brazil, one of them is called grua01 (Sao Paulo – server a01).

uci show vpn.grua01

will display the properties of one of that particular named configuration entry.

VPN Location - Brazil
Nothing personal against Brazil!

Manual Editing

The simplest here is most probably to edit the /etc/config/vpn file if you have vi skills.
Just find and delete all entries related to Brazil (each entry is made of 5 lines).

UCI command line (shell script)

You can also remove all the entries from UCI one by one by checking all Brazilian entries:

grep BR- /etc/config/vpn

This will give you a list of filenames and you can see there are two patterns (“gig” for Rio de Janeiro servers and “gru” for Sao Paulo servers)
You can then remove them by explicitely deleting each entry in UCI as follow:

uci delete vpn.giga01
uci delete vpn.giga02
uci delete vpn.giga03
uci delete vpn.giga04
uci delete vpn.grua01
uci delete vpn.grua02
uci delete vpn.grua03
uci delete vpn.grua04
uci delete vpn.grua14
uci commit

If you want to keep this handy, drop these lines into a shell script. The first line of that script becomes #!/bin/sh and don’t forget to make the script executable.


If you are familiar with Lua as a programming language, there is a nice interface to UCI in Lua.
You can then run the following in the Lua console or as a script:

uci = require("uci").cursor()
uci:foreach("vpn", "server", function(s)
    if == 'BR' then
        uci:delete("vpn", s['.name'])

Rename Brussels to Bruxelles

grep BE- /etc/config/vpn

will give you a list of Belgian VPN Locations

VPN Location - Brussels
All roads lead to Brussels?

Manual Editing

Use vi and change Brussels to Bruxelles in the city field only (if you change the ovpn file, you need to go and rename the file as well otherwise you have a mismatch)

UCI command line (shell script)

You can also remove all the entries from UCI one by one as such:

uci set
uci commit vpn


You can then run the following in the Lua console or as a script:

uci = require("uci").cursor()
uci:foreach("vpn", "server", function(s)
    if == 'Brussels' then
        uci:set("vpn", s['.name'], "city", "Bruxelles")

Add my own VPN Location

Set up DNS when connected to VPN

The Go is setup to use a specific set of DNS servers when connected (to avoid DNS leaking). Those servers are only accessible when connected to the InvizBox VPN. Since this is not going to be the case on your own VPN connection, you will have to set your own DNS servers.
The file with the DNS servers is /etc/resolv.conf.vpn. It’s a standard resolv.conf file that gets used when connected.
You can edit this file and slot in your DNS servers (either recommended by your DNS provider or your favourite ones).
You can use the following command to modify the file (using OpenDNS servers in this example – replace IPs with yours):

echo -e "search lan\nnameserver\nnameserver" > /etc/resolv.conf.vpn

If you want to revert to the original file, you can run:

cp /rom/etc/resolv.conf.vpn /etc/resolv.conf.vpn

Important Note about modifying the DNS servers:
Since you are modifying the DNS servers, they are now going to be used for all your VPN locations.
So if you use one of the original VPN Location from your InvizBox subscription after that change, you will not be using the recommended DNS servers for these connections anymore.
Let’s be clear, you are doing these modifications at your own risk. If you don’t understand the impact this has on your privacy, I would recommend that you do not add your own VPN Locations! Or at least that you set up all VPN Locations from the same VPN subscription.

Copy ovpn file and dependencies

First, you have to have a functional ovpn file (usable by openvpn).
That files is either self contained (certificate and credentials included) or links to a certificate file or a credentials file (or both).
You then need to copy that file to the /etc/openvpn directory. If needed, you will also need to copy your certificate file and/or credentials file to the /etc/openvpn directory.
In my case, the ovpn file is self contained so I copied it to /etc/openvpn/office.ovpn

VPN Location - Youtube
hmm, really?

Manual Editing

Here, once more, I’ll trust vi and add the following to the /etc/config/vpn file. Notice how I use “filename” as opposed to “template” in the options as this file is self contained.

config server 'work'
option country 'Work'
option city 'office'
option name 'work'
option filename '/etc/openvpn/configs/office.ovpn'

UCI command line (shell script)

You can add an entry from UCI as such:

uci set’server’
uci set’Work’
uci set’office’
uci set’work’
uci set’/etc/openvpn/configs/office.ovpn’
uci commit vpn


You can then run the following in the Lua console or as a script:

uci = require("uci").cursor()
uci:set("vpn", "work", "server")
uci:set("vpn", "work", "country", "Work")
uci:set("vpn", "work", "city", "office")
uci:set("vpn", "work", "name", "work")
uci:set("vpn", "work", "filename", "/etc/openvpn/configs/office.ovpn")

My final script

So, considering I only wanted to patch my box to add my office VPN, here is what my final script looks like:

# change DNS servers
echo -e "search lan\nnameserver\nnameserver" > /etc/resolv.conf.vpn
# create new UCI entry
uci set'server'
uci set'Work'
uci set'office'
uci set'work'
uci set'/etc/openvpn/office.ovpn'
uci commit vpn

And to use that script, I do the following:

  • Set up SSH as described above
  • Run on my local desktop (linux):
chmod +x
scp root@
scp office.ovpn root@
  • SSH to the Go:
ssh root@
  • Run my script on the Go:
  • That’s it! I just need to go to the VPN Location page and select my new Work Location.

Once more, after running that script, if I use one of the InvizBox VPN Locations, I’m going to be using the OpenDNS servers.


Once the above has been done, you should see the changes that you have made in the VPN Location page in the Administration UI.
VPN Location - Success

This didn’t work :'(

Have a look at your changes and figure out what you did wrong (most likely a typo or a missing option).
And after, that, … well…, the simplest way to get back to a working device is to reset it.
From the command line, you can reset with the following:

firstboot # and say yes (y) to the "Are you sure?" question