Messages

1

Virtual private networks / Manually customize the OpenVPN server configuration

« on: May 04, 2024, 02:18:40 pm »

Is it possible to manually customize the configuration of an OpenVPN server instance?
Gladly also in a custom file via SSH. I would like to add additional options.

I have tried to edit the file /var/etc/openvpn/instance-<SERVER_ID>.conf, but this is overwritten every time the OpenVPN server is restarted.

Under Servers [legacy] there was still the “Advanced” field where you could add your own options, which unfortunately no longer exists under the new “Instances”. I want to set up a future-oriented system and I assume that the “legacy” menus will no longer be available in the future.

Why do I have to edit the configuration manually?
My plan is to use the OpenVPN server plugin openvpn-auth-oauth2 (https://github.com/jkroepke/openvpn-auth-oauth2) for OAuth2 authentication. For this, the options management-client-auth and auth-user-pass-optional must also be set for the OpenVPN server. However, the option auth-user-pass-verify must not be set. Depending on the configuration, other options may also need to be set.


Of course, it would be great if the OpenVPN plugin openvpn-auth-oauth2 could be integrated directly into OPNsese in the future, but this is certainly nothing that can be realized in the short term.

2

23.7 Legacy Series / Re: OpenVPN-Instance: UNDEF instead of username / Option --username-as-common-name

« on: December 27, 2023, 09:01:40 am »

Thank you for pointing out the "Advanced" mode switch.
Hidden behind it was exactly the option I needed.

3

23.7 Legacy Series / OpenVPN-Instance: UNDEF instead of username / Option --username-as-common-name

« on: December 24, 2023, 04:18:38 am »

I have created an OpenVPN server in OPNsense 23.7.10 via the new "Instance" page.
I am using user authentication without user certificates (Verify Client Certificate = none).

The connection establishment from the client works without problems, but the server only states that UNDEF is connected instead of the user name.

In order for the user name to be displayed instead of UNDEF, the option --username-as-common-name must be set for the OpenVPN server, but I cannot find an option for this.

How can I define this so that I can see in the OpenVPN server which users are connected instead of just UNDEF?

I would have expected the selection for this under "Options", but unfortunately there is nothing there.


In previous versions of OPNsense, when I defined the OpenVPN server via the "Server" page, I know that it worked to display the user names. I don't know if this option was implicitly set, by configuring with user authentication and without user certificate. But it worked.