Is it possible to manually customize the configuration of an OpenVPN server instance?
Gladly also in a custom file via SSH. I would like to add additional options.
I have tried to edit the file /var/etc/openvpn/instance-<SERVER_ID>.conf, but this is overwritten every time the OpenVPN server is restarted.
Under Servers [legacy] there was still the "Advanced" field where you could add your own options, which unfortunately no longer exists under the new "Instances". I want to set up a future-oriented system and I assume that the "legacy" menus will no longer be available in the future.
Why do I have to edit the configuration manually?
My plan is to use the OpenVPN server plugin openvpn-auth-oauth2 (https://github.com/jkroepke/openvpn-auth-oauth2 (https://github.com/jkroepke/openvpn-auth-oauth2)) for OAuth2 authentication. For this, the options management-client-auth and auth-user-pass-optional must also be set for the OpenVPN server. However, the option auth-user-pass-verify must not be set. Depending on the configuration, other options may also need to be set.
Of course, it would be great if the OpenVPN plugin openvpn-auth-oauth2 could be integrated directly into OPNsese in the future, but this is certainly nothing that can be realized in the short term.
Hello,
I need custom options as well.
tun-mtu in my case.
Where can I set it?
I rolled back to OpenVPN legacy for now.
I agree 100% with this post. I have written a topic recently about my OPNsense VM that I want to use to grant external users access to locally hosted video game servers. My configuration works really well with high throughput for dev tun however I need dev tap. I can browse the web connected using dev tap however cannot ping my home network (or host machine) where the game server(s) will reside.
OPNsense seems like a nice all-in-one package until you start to use it. Now rather than look at one simple server.conf file I have to look in a tree of webpages. It's a lot more difficult. As a matter of fact I have done something very similar in the past and I could essentially modify my existing server.conf however I cannot simply copy/paste it to OPNsense.
+1 for option to specify custom config lines
+1 for option to prowide custom config file
Quote from: Kamislav on November 02, 2024, 02:06:57 PM+1 for option to specify custom config lines
+1 for option to prowide custom config file
After more investigation I have found, that this functionality is beeing removed from OPNSense for security reasons (user with GUI access can abuse some config to run privileged commands and thus bypass security - based on real security issue from the past).
So what you can do is to implement needed options/configurations to be set using the GUI. It is not so hard, you need to modify few files under the /usr/local/opnsense/mvc/app/ path. Actualy there are still legacy blocks of code, so it is a bit messy. I think enyone with average knowledge about php and MVC frameworks can do this for you. Also consider of providing it as a patch for comunity.