OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: andreab on December 11, 2018, 04:52:43 am
-
Hi,
Background story
I'm half way through setting up an OpenVPN multi site setup.
Site1 is running the OpenVPN server (on OPNsense), while site2 and site3 are running some linux/openVPN clients.
The key to make this setup to work, is to add the openVPN "iroute" config for each client (site2 & site3), so that the openVPN server knows the subnets those clients/sites are providing.
OpenVPN settings
This setting is added in a client specific config file (defined by client-config-dir) which, in a normal linux environment, is normally somewhere like "/etc/openvpn/ccd/".
It took me a little while to find where OPNsense stores this (maybe just because I'm not used to freeBSD), and I found it to be in "/var/etc/openvpn-csc/3/" for some reason.
The number "3" is because this is the third openVPN I setup.
The config files for site2 would be "/var/etc/openvpn-csc/3/site2":
iroute 192.168.100.0 255.255.255.0
and for site3 would be /var/etc/openvpn-csc/3/site3:
iroute 192.168.110.0 255.255.255.0
Issue
I noticed that these configs/files do not get backed up by the standard OPNsense backup utility.
I've also noticed that when I cloned the VPN (as I changed listening port for some reason), these client specific config files were left behind.
Can someone please suggest the best practice here for either:
- including these client specific settings in the OPNsense web UI, so that they get backed up automatically with everything else;
- suggest a way to make sure these files/directories are backed up with the rest of the configs in some other ways.
Any advice would be much appreciated.
Regards,
Andrea
PS: of course I understand I could rsync the configs/directory at the same time I take the OPNsense backup, but I'm looking for the best practice/OPNsense way