OPNsense Forum
English Forums => Virtual private networks => Topic started by: Christian1998 on January 26, 2024, 08:06:26 am
-
Good morning,
before the new openVPN I was using the "advanced configuration" field to run a script with the "client-connect" param.
Now this field is not existing anymore, is there a way to set this parameter?
Christian
-
There's no way to set this option in a server instance and I also wouldn't recommend it. Can you share what you're trying to do with the script? Maybe there's an easy workaround.
-
hi, will step in this node. Yes i have a script for updating bind backend for samba-ad-dc. On legacy it's working, so i can share it to see if there is a way. Nothing mus, just collecting ip and hostname and with those variables calling different one:
#!/usr/local/bin/bash
# Optional: Explicitly set PATH
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/etc:/usr/local/bin:/usr/local/sbin:/sbin:/root/bin
# Path to the DNS update script
DNS_UPDATE_SCRIPT="/usr/local/bin/update_dns_script.sh"
# Fetch client IP and Common Name
client_ip="$ifconfig_pool_remote_ip"
client_cn="$common_name"
# Call the DNS update script
"$DNS_UPDATE_SCRIPT" "$client_ip" "$client_cn"
Any suggestion?
-
Yes: Do it differently. ;)
Joking aside, there're good reasons to not use "client-connect" scripts for OpenVPN. For one, OpenVPN is single-threaded and using a client-connect script will freeze traffic for all (!) connected clients until the script returns / terminates. The impact is low for up to 10 clients but for more clients the impact is 100% notable and gets really annoying for more than that, especially if the script runs for ~1s or more. Clients experience packet losses / interrupted streams etc..
A good approach that doesn't involve putting stuff on the OPNsense box itself is using the API: https://docs.opnsense.org/development/api/core/openvpn.html you can get all the information you need from the API and it's reasonably quick. I use the core/openvpn endpoint for a similar scenario and it works like a charme.
-
I use the following parameters in legacy configuration. What is the equivalent in the new openVPN instances?
auth-gen-token 43200 3600
sndbuf 393216
rcvbuf 393216
push "sndbuf 393216"
push "rcvbuf 393216"
Any suggestion will pbe appreciated.