disable VPN on device

hi,

I am trying to disable the VPN connection on my device itself (not the dashboard).
In the documentation is stated that VPN can be enabled and disabled programmatically.

using the supervisor API to post a target-state with SUPERVISOR_VPN_CONTROL:“false” results in the message that this is only possible in local mode. Is there a way to change the VPN state without using the dashboard?

TARGET_STATE=‘{“local”:{“config”:{“SUPERVISOR_VPN_CONTROL”:“true”}}}’

curl -X POST --header “Content-Type:application/json” “$BALENA_SUPERVISOR_ADDRESS/v2/local/target-state?apikey=$BALENA_SUPERVISOR_API_KEY” -d $TARGET_STATE

{“status”:“failed”,“message”:“Target state can only set when device is in local mode”}

Hi there, you could make a couple of requests to the API from you container to achieve this:

# https://www.balena.io/docs/reference/api/resources/device/
device_id=$(curl "${BALENA_API_URL}/v6/device?\$filter=uuid%20eq%20'${BALENA_DEVICE_UUID}'" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${BALENA_API_KEY}" | jq -r .d[].id)


# https://www.balena.io/docs/reference/api/resources/device_config_variable/
curl -X POST "${BALENA_API_URL}/v6/device_config_variable" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${BALENA_API_KEY}" \
  --data \
"{
  \"device\": ${device_id},
  \"name\": \"RESIN_SUPERVISOR_VPN_CONTROL\",
  \"value\": \"false\"
}"

Thanks,
After some tinkering I got it working with curl -X PATCH ... since I can change that at any time.
as a side question, this seems to make a connection with the balena server. Does the balena server / Dashboard have the option to enable the VPN at any situation? (asking for privacy reasons)

Hello,
Glad to see you got it working. Can you reiterate on what you mean above when you say enabling VPN in any situation by the balena server/dashboard? Do you mean to ask if the balena server/dashboard could enable the VPN if you have disabled it?

Yes, after I disabled the VPN locally, can I enable it again from the dashboard?

Yes, you should be able to enable VPN again from the dashbaord as when you execute the API call above the VPN should be reflected as off on the dashboard. You can try toggling it back on and that should do enable the VPN on your device.