OPNsense Forum

English Forums => Virtual private networks => Topic started by: Christian1998 on January 26, 2024, 08:06:26 am

Title: Advanced configuration on new openVPN instances
Post by: Christian1998 on January 26, 2024, 08:06:26 am
Good morning,

before the new openVPN I was using the "advanced configuration" field to run a script with the "client-connect" param.
Now this field is not existing anymore, is there a way to set this parameter?

Christian
Title: Re: Advanced configuration on new openVPN instances
Post by: cs1 on February 08, 2024, 10:51:30 am
There's no way to set this option in a server instance and I also wouldn't recommend it. Can you share what you're trying to do with the script? Maybe there's an easy workaround.
Title: Re: Advanced configuration on new openVPN instances
Post by: kozistan on April 19, 2024, 08:44:02 pm
hi, will step in this node. Yes i have a script for updating bind backend for samba-ad-dc. On legacy it's working, so i can share it to see if there is a way. Nothing mus, just collecting ip and hostname and with those variables calling different one:

Code: [Select]
#!/usr/local/bin/bash

# Optional: Explicitly set PATH
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/etc:/usr/local/bin:/usr/local/sbin:/sbin:/root/bin

# Path to the DNS update script
DNS_UPDATE_SCRIPT="/usr/local/bin/update_dns_script.sh"

# Fetch client IP and Common Name
client_ip="$ifconfig_pool_remote_ip"
client_cn="$common_name"

# Call the DNS update script
"$DNS_UPDATE_SCRIPT" "$client_ip" "$client_cn"

Any suggestion?
Title: Re: Advanced configuration on new openVPN instances
Post by: cs1 on April 22, 2024, 06:53:01 am
Yes: Do it differently.  ;)

Joking aside, there're good reasons to not use "client-connect" scripts for OpenVPN. For one, OpenVPN is single-threaded and using a client-connect script will freeze traffic for all (!) connected clients until the script returns / terminates. The impact is low for up to 10 clients but for more clients the impact is 100% notable and gets really annoying for more than that, especially if the script runs for ~1s or more. Clients experience packet losses / interrupted streams etc..

A good approach that doesn't involve putting stuff on the OPNsense box itself is using the API: https://docs.opnsense.org/development/api/core/openvpn.html you can get all the information you need from the API and it's reasonably quick. I use the core/openvpn endpoint for a similar scenario and it works like a charme.
Title: Re: Advanced configuration on new openVPN instances
Post by: davide on June 29, 2024, 10:37:13 am
I use the following parameters in legacy configuration. What is the equivalent in the new openVPN instances?

Quote
auth-gen-token 43200 3600
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"

Any suggestion will pbe appreciated.